Thursday, August 30, 2007

Yes, It's A Surveillance State

By Cernig

Yesterday, Wired ran an important piece on the depth and breadth of the FBI's surveillance operations.
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.

It's a "comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems," says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

...The $10 million DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information -- primarily the numbers dialed from a telephone -- but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)

DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.

A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists.

What DCSNet Can Do

Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.
Today, Sean-Paul at the Agonist posted a whistleblower's email which has immediate bearing on the above, and opens up further questions not only about the scale and scope of government surveillance inside the U.S. but also questions the truthfulness of administration officials on the subject.
You should be aware that various Bush officials are lying or misdirecting the public when they say that none of their domestic suveillance programs includes widespread data-mining.

CIA director Stephen Hadley has said "it is not a driftnet" and John Negroponte has said the NSA was "absolutely not" monitoring domestic calls (link). Both are lying.

Domestic surveillance isn't just about call logs and although the calls themselves aren't sifted, recordings of those calls are. Despite the claims of NSA Director McConnell, the programs run by the NSA are neither surgical (link) nor "limited to 100 wiretaps" (link). Certain aspects of the NSA programs may be as they describe them, but they aren't describing the whole thing.

A company called Nexidia, developed the software used by NSA and offers a commercial version to call center companies. Nexidia admits in it's in-person pitch to those call centers (but not on its website) that it provided the NSA software. On its website it simply says - during a promo video - that "Nexidia is also used in the government marketplace." Watch the video for yourself. Those words are at the end between 1:35 and 1:40.

Nexidia's software basically takes recorded audio and indexes it the way Google does text on a page. Type in your search string, wait a while for the database search to compile, and all the calls with that instance come up with the audio passage itself marked. You can isolate every instance of "ass hole" and "damn you" and "shut the hell up", for example. When used by the NSA on recorded phone calls, that constitutes data-mining and a "driftnet" approach, to my view. These officials need to be exposed as the liars they are.

Gen. Hayden and the rest are lying to the public. They talk as if these "alleged keyword searches" are some fantasy, pie-in-the-sky approach to data mining, when in fact they are publicly available technologies that corporations are already using. This is not about the people at Nexidia who have developed this technology nor the call centers using it for legal commercial purposes. It may even be true that being able to audit large swaths of audio recordings for particular keywords, when such auditing is done within the law, can be a powerful tool to help protect the people of the United States from threats like terrorism.

This is strictly about administration officials' treatment of this technology. It is not fanciful, it is not myth, and it is not some dreamland of computer technology. It is in use today and has been used by NSA. It may still be in use by NSA. When NSA threatens action against the nation's largest cellular telephone providers unless they provide data, and technology such as Nexidia's software is in use by them, the public has a right to know about the ease with which their government can listen in on their personal communications.
(I've cleaned up the links in Sean-Paul's original post some, for ease of reading.)

Hopping over to Nexidia's site, you will find that they are happy to acknowledge their software's power and its use in "homeland security".
Audio intelligence and the ability to analyze communications in multiple languages is mission critical for organizations fighting against crime and drugs. Today over 50% of the world’s voice traffic is recorded for security purposes. Over 600 radio and television feeds are manually monitored in 40 languages from around the world with 1,500 analysts and linguists. Manually translating, transcribing and searching these communications can take up to 5 times real time, costing precious time, money and manpower. Nexidia Enterprise Speech Intelligence 6.0 enables timely identification of threats and trends contained within voice recordings, empowering an organization's ability to immediately respond with preventive/protective action.

...Our solutions lead the transformation of defense and intelligence, assure homeland security, enhance decision-making, and help government to work smarter, faster, and more responsively.
Now the argument could well be made - and doubtless will be - that such data-mining power is a useful tool in the fight against terrorism. However, at the very least it skirts the boundaries of what is legal and constitutional. The administration may well claim that such technology, while available to U.S. intelligence agencies, is never turned upon U.S. citizens. But just how credible would that claim be when they've already lied and misled about the very existence and official use of such technology in the first place?

Time for some very hard questions to be asked of Hadley, Negroponte and others by the Congressional committees charged with oversight of surveillance matters.

No comments: