Warning: Constant ABSPATH already defined in /home/public/wp-config.php on line 27
NSA — Why Now?
On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

NSA

NSA insigniaMy first thought when I saw the PRISM slides was “WTF – contractors?” The classification of the slides was a dead giveaway that they weren’t part of the core NSA mission. I won’t get into why I say that, but anyone else who really worked in the Agency would know what I mean.

NSA was founded because of problems that resulted in a warning about the attack on Pearl Harbor sitting in a State Department in-basket from Friday, December 5th until Monday, December 8th. Military analysts had broken the Japanese diplomatic code, and since is was a diplomatic code, the State Department was the agency notified.

The Agency had two main missions – insuring that US communications were secure, and making sure that the communications of adversaries weren’t. Because it was a military organization, it avoided anything that involved US civilians in the United States. The communications security mission covers all US military installations and all US government installations outside the United States.

The two largest groups of employees in the Agency were mathematicians and linguists, with multiple other specialties. Because of the classified nature of everything the Agency did, the military guards and even the housekeeping staff were Agency employees.

The Agency has managed to stay ‘under the radar’ because mathematicians and enlisted rank linguists don’t attend cocktail parties in Georgetown, or hang around with the media.

That’s what things were like when NSA worked, but things have changed.

EFF version of NSA insigniaDonald Rumsfeld had a vision of a military made up of nothing but ‘trigger-pullers’. Over the course of his reign he moved everything the military did that wasn’t directly connected to combat into the Reserves, the National Guard, or privatized it. He and Robert McNamara are neck and neck for the worst Secretary of Defense in history.

The current mess goes back to his hiring of John Poindexter [of Iran-Contra fame] as a contractor on intelligence. Poindexter was responsible for “Total Information Awareness”, a concept so bad that Congress actually acted to kill it. But it didn’t die, it just went underground and festered.

Digby had a piece about two former linguists complaining about monitoring private telephone conversations coming out of the Green Zone in Iraq that included this from an official:

Asked for comment about the ABC News report and accounts of intimate and private phone calls of military officers being passed around, a US intelligence official said “all employees of the US government” should expect that their telephone conversations could be monitored as part of an effort to safeguard security and “information assurance.”

I assume that the linguists had never bothered to read the signs posted at the entrance to all military installations telling people that they are voluntarily waiving their Fourth Amendment rights if they enter the installation. That has been the case since World War II when all communications were censored. All communications to and from military installations, and any US facility overseas are subject to monitoring as part of Communications Security.

The change was that they didn’t waste linguists on that job when I was in, although we were told at spook school, we might have to do it. It was to ensure people weren’t leaking operational details on the telephone.

One of the linguists, Adrienne Kinne, a 31-year old US Army Reserves Arab linguist, made the point:

Kinne says the success stories underscored for her the waste of time spent listening to innocent Americans, instead of looking for the terrorist needle in the haystack.

“By casting the net so wide and continuing to collect on Americans and aid organizations, it’s almost like they’re making the haystack bigger and it’s harder to find that piece of information that might actually be useful to somebody,” she said. “You’re actually hurting our ability to effectively protect our national security.”

I note that the ‘needle in the haystack’ metaphor is quite popular among linguists. An Arab linguist should be on a career track in the regular Army, given the obvious long term need, but Rumsfeld didn’t want them cluttering up his military.

The whistleblower was Edward Snowden, contractor with Booz Allen Hamilton. He talked about using a copier in the office to obtain what he passed along to the media. A copier in an NSA facility?! NSA banned Furbys because they parroted short phrases, and now they allow copiers?! Don’t these people know anything about security.

What NSA has become is nothing I recognize. It can’t possibly do anything useful with all of the crap it is hoovering up, and, no, it didn’t have anything to do with the New York subway bombing, or the Mumbai terrorist attack. In the subway bombing it got three beauty salon operators hassled, and it was tracking an informant in Mumbai, but the attack occurred anyway – those aren’t successes, those are expensive wastes of resources.

Back in May Badtux came up with an estimate of what it would take to store all of the phone conversations in the US for an entire year: 15 milliom 4TB drives for 60 Exabytes of storage. If you were looking for one conversation in that data, the statute of limitations would run out before you found it.

You want to trace networks with the metadata – one call to a pizza delivery place and you’re screwed. The professionals assume we are monitoring this stuff, so they are not going to show up. If this system was going it work, it should have caught incompetents like the Brothers Tsarnaev, who used the same telephones, posted on social media, were tagged by foreign governments – they were carrying more flags than a cruise ship, but they pulled it off anyway.

This is Hedgemony ‘philosopher’s stone’ crap. There is no easy way of doing this. We should be putting our money into things that work, not ‘magic beans’.

9 comments

1 hipparchia { 06.10.13 at 1:41 am }

My first thought when I saw the PRISM slides was “WTF – contractors?”

yeah, me too.

2 paintedjaguar { 06.10.13 at 11:15 am }

Seems to me what you’re talking about here applies to all sorts of institutions. Mission creep and overreach combined with the religion of outsource and automate.

3 Steve Bates { 06.10.13 at 11:23 am }

Bryan, thanks for elaborating. AP et al weren’t exactly wrong in their articles, but I understand matters a lot better after reading your post.

4 Comrade Misfit { 06.10.13 at 1:37 pm }

Analyzing all that data is a real problem.. Which is why I suspect that the majority of the research funding for the development of quantum computers is coming from the NSA.

5 Bryan { 06.10.13 at 3:09 pm }

Hipparchia. when I was in contractors were never allowed in any NSA facility. There was no way they could get a clearance, so it is very disturbing to see them being used.

PJ, NSA was never an ’empire builder’. Most of the directors were set for retirement, not great future employment anywhere. Once you add contractors, they want more and bigger contracts, and they offer jobs to the people at the top. They are a corrupting influence.

Steve, they have totally perverted the purpose of NSA, and it’s integrity, which is why it is now being talked about. NSA didn’t keep a low profile, ideally it was naturally low profile – that’s the best way to do the job.

CM, NSA has always pushed for faster computers, and probably has the largest grouping of supercomputers in the world, but that has nothing to do with the collection side, that’s for the mathematicians. I don’t doubt that they actually play 11-dimensional chess in that area of the building to clear their minds for the hard stuff.

Faster processors aren’t much help with wading through oceans of data. You need high capacity replacements for disk drives and faster IO buses to speed the process. Badtux deals with huge amounts of data and has a truer feel for what something like this entails, but what they are talking about dwarfs the combined capacity of Amazon, Google, and Microsoft. This is an insane waste of resources for a project that hasn’t been proven to produce any results.

6 Badtux { 06.10.13 at 11:01 pm }

Indeed, processor speed is decidedly not the limitation in finding things in this mass of data. Even with massively parallel distributed algorithms there comes a time when I/O bandwidth swamps everything. We get around this a bit with 10 gigabit switched infrastructures that look like a web rather than a star or ring, but even that reaches its limits long before you reach the size of this pile of data. People like Google get around the limitations via clever pre-partitioning of data — something not useful when you’re trolling through massive amounts of data looking for a needle in a haystack.

One thing I want to point out is that it is extremely unlikely that today’s NSA is any better at searching for that needle in a haystack than Google is. The collapse of the Soviet Union sent a wave of ex-Soviet mathematicians fleeing to the West, and those people are a) as smart as anybody the NSA ever hired, and b) since they do not qualify for NSA security clearances they have settled en masse here in the Silicon Valley where they have access to the latest and greatest technologies with budgets that dwarf the NSA’s. And yes, the ones I know probably play 11 dimensional chess in their heads for fun :). The top six technology companies in the Silicon Valley collectively spend $40B/year on R&D, or roughly four times what the NSA’s budget is thought to be, and remember that most of the NSA’s budget goes to things other than R&D. Google’s R&D budget alone is probably larger than the NSA’s R&D budget.

In other words, the NSA comes to the Silicon Valley for technology today, not the other way around. I keep my ear to the ground so I hear rumors about NSA involvement in a number of companies involved in mining massive data piles. The likelihood that they would be doing this if they had anything better than we have here in the Valley is somewhere between none, and none. Just sayin’.

In other words, they’re collecting this pile of data because they can, not because it’s of any use. Maybe someday technology will catch up with their aspirations. But today? Nah. The only terrorist this fishing expedition will catch is a stupid one, and even there the fishing expedition turns up so many false positives as to make it a worthless enterprise. Not that this stops empire-builders with delusions of grandeur from carrying on, of course…

7 Bryan { 06.10.13 at 11:40 pm }

At this point I seriously doubt anyone is on the same level as Google when it comes to search algorithms. They started out at the top and continue to push the envelop, but even their system doesn’t consistently produce satisfactory results without careful parsing of the search criteria. “Where be terrorists?” really isn’t useful for finding what they are looking for, and the lists of keywords that get released by various agencies are generally subjected to the ridicule they deserve.

If you don’t know what a terrorist’s pattern looks like, how do you know when you find it. When you do analysis you are looking at the raw data and trying to find the pattern. Once you determine the pattern, you can predict what the next action will be. The key to this is knowing with great certainty that most, if not all, of the data is connected to the target. They want the data to point to the target, but that is only possible if you limit the data, and select it by specific criteria, as in the search for a serial criminal. If you have a pattern you can find the target, or if you have a target you can determine the pattern. If you have neither, you just have a lot of data.

Building this huge mass of data without knowing if any of it is actually pertinent to a target is senseless. You have a gargantuan haystack, but aren’t even sure that there is a needle in there.

Who exactly is going to spend their R&D money on a product which only really has a single customer?

8 Badtux { 06.11.13 at 1:41 am }

Of course, the scary thing is that while this pile of data is not of any use in catching unknown terrorists, it is quite useful in smearing known opponents of whatever the current regime is. Almost everyone has something they’d be embarrassed to have exposed to the world, and chances are that this massive dragnet has hauled in some of those embarrassing facts. So oppose whatever the Hegemony has decided we’re supposed to do next, and now you risk having your most personal and private thoughts and data leaked to the press. This pile of data is a gold mine for future tyrants who want to take out known dissidents (that is, those of us who have expressed opposition to rule by the Hegemons), and that’s the main reason we should be upset about it.

In short, the stated reason for collecting this pile of data — to catch unknown terrorists — makes no sense. Google-style analytics work fine for associating data with known people (that’s their whole business model after all, to associate your browsing patterns with ads that might interest you in order to maximize click-thru revenue) but useless for finding unknown people. The only thing this pile of data makes sense to mine for given its structure is facts about *known* people. And if you know who you’re targeting you can just get a warrant and get the data legally. Unless you’re wanting the data for illegal purposes… hrm.

-Badtux the Analytics Penguin

9 Bryan { 06.11.13 at 4:58 pm }

It is certainly convenient for blackmail and character assassination, but not much use beyond that. That is essentially how they got rid of Eliot Spitzer, who was viewed as a threat to Wall Street, and I’m sure they are working on others as we talk. This was designed for oppo research, not terrorism investigations. This was designed to increase the intel budget and the contracts that handed out to companies like Booz Allen.