NSA's domestic metadata collection going unused, could be ended permanently
The U.S. National Security Agency has allegedly left its metadata collection system -- first exposed by Edward Snowden in 2013 -- unused for months, and it could vanish completely in the near future.
An NSA data center in Utah.
The NSA "hasn't actually been using it for the past six months," said Luke Murry, an adviser for Republican Rep. Kevin McCarthy of California, the House minority leader. Murry's comments were made during an episode of the podcast "Lawfare," noticed by the New York Times.
"I'm actually not certain that the [Trump] administration will want to start that back up," he added.
Initiated under President George W. Bush in 2001, the program collected phone and text messaging logs from carriers en masse, nominally with the goal of identifying links to terrorism suspects. At first companies like AT&T voluntarily complied with an order by Bush, but by 2006 the Foreign Intelligence Surveillance Court began issuing secret orders making that data mandatory under an interpretation of the Patriot Act. One of those orders, sent to Verizon, was the first of many documents exposed by Snowden and The Guardian.
Snowden and others attacked the program as a potential tool of mass surveillance, and possibly even more damaging than analyzing the actual contents of messages, since metadata can be collated to identify a person's location and habits. Pressure mounted until the Obama administration helped usher in a scaled-back version of the program under the 2015 Freedom Act.
The modified program kept records in the hands of carriers, though the logs of suspects and their contacts could be rapidly retrieved with a court order. The NSA's internal records dropped dramatically -- as recently as 2017 however, it had 534 million records and just 40 targets.
In 2018 the NSA claimed it deleted its entire database of records created since the Freedom Act system launched, a way of coping with glitches that caused carriers to send logs with both accurate and inaccurate information. That resulted in the NSA collecting data from people unconnected to targets, and it supposedly decided it would be easier to wipe records entirely rather than scrub the people it didn't have authority to monitor.
The Freedom Act is due to expire at the end of 2019. If the NSA's system remains unused, the Trump administration may have no incentive to push for renewal, especially since even the pre-2015 program never prevented an attack.
Apple CEO Tim Cook quickly became involved after Snowden's revelations, meeting with President Obama and putting pressure on Congress. The company eventually began disclosing government data requests, if only in the vague manner allowed by U.S. law.
Less is known about the state of PRISM, an NSA program collecting data from internet-based tech companies. Apple became a participant in 2012, but following the Snowden leaks it insisted that it had "never heard of PRISM" and didn't "provide any government agency with direct access to our servers," despite that sort of access being mentioned in NSA briefing documents.
An NSA data center in Utah.
The NSA "hasn't actually been using it for the past six months," said Luke Murry, an adviser for Republican Rep. Kevin McCarthy of California, the House minority leader. Murry's comments were made during an episode of the podcast "Lawfare," noticed by the New York Times.
"I'm actually not certain that the [Trump] administration will want to start that back up," he added.
Initiated under President George W. Bush in 2001, the program collected phone and text messaging logs from carriers en masse, nominally with the goal of identifying links to terrorism suspects. At first companies like AT&T voluntarily complied with an order by Bush, but by 2006 the Foreign Intelligence Surveillance Court began issuing secret orders making that data mandatory under an interpretation of the Patriot Act. One of those orders, sent to Verizon, was the first of many documents exposed by Snowden and The Guardian.
Snowden and others attacked the program as a potential tool of mass surveillance, and possibly even more damaging than analyzing the actual contents of messages, since metadata can be collated to identify a person's location and habits. Pressure mounted until the Obama administration helped usher in a scaled-back version of the program under the 2015 Freedom Act.
The modified program kept records in the hands of carriers, though the logs of suspects and their contacts could be rapidly retrieved with a court order. The NSA's internal records dropped dramatically -- as recently as 2017 however, it had 534 million records and just 40 targets.
In 2018 the NSA claimed it deleted its entire database of records created since the Freedom Act system launched, a way of coping with glitches that caused carriers to send logs with both accurate and inaccurate information. That resulted in the NSA collecting data from people unconnected to targets, and it supposedly decided it would be easier to wipe records entirely rather than scrub the people it didn't have authority to monitor.
The Freedom Act is due to expire at the end of 2019. If the NSA's system remains unused, the Trump administration may have no incentive to push for renewal, especially since even the pre-2015 program never prevented an attack.
Apple CEO Tim Cook quickly became involved after Snowden's revelations, meeting with President Obama and putting pressure on Congress. The company eventually began disclosing government data requests, if only in the vague manner allowed by U.S. law.
Less is known about the state of PRISM, an NSA program collecting data from internet-based tech companies. Apple became a participant in 2012, but following the Snowden leaks it insisted that it had "never heard of PRISM" and didn't "provide any government agency with direct access to our servers," despite that sort of access being mentioned in NSA briefing documents.
Comments
Huawei's suggestion that standardized, international guidelines on spying be established starts to make more and more sense.
If it’s being “used” there’s a bunch of paperwork involved and things that require “approval”. The end result is that the usage shows up to congress.
But, if you’re just “testing” the system it’s “unused” but oddly useful to the NSA... with no red tape.
I’m sure somewhere that it’s continuation will be attached to some meanless bill (that no one reads) and the program will continue “just in case” after all it could be useful in the future. Additionally, most of the program is sunk costs... So, why not?
I agree, government sponsored IP theft is a huge problem with China. But, they’re not going to hinder their growth and reputation by using Huawei to do so. That would be shortsighted... and that’s one thing China isn’t.
Going after Huawei is more about maintaining technological dominance, and at the same time smacking down anyone that deals with Iran.
This administration has an Iran fixation, probably due to its ties to Saudi Arabia. I’m not saying Iran are “good guys” but they are far from the only country with nuclear aspirations. Pakistan (for example) already has nukes and we still maintain relations with them. Ideologically, we’re just as far apart...
Our problem with Iran should be about them sponsoring terrorist groups and instigating proxy wars. Isolating Iran haven’t been effective, economic ties are more effective in influencing Iran’s future...
/sorry got off topic ; )
The issue of this is location data for a landline is only who owns the location that a phone call is coming from.
Cell phones by the nature tell a bigger story. They tell where YOU are calling/texting from. This can be used to track someone's day to day location.
Before cell phones if you traveled away you would use a payphones and hotel phone's making it hard to track someone. Now with cell phones you make one enquiry to a cell prodiver and you can get history information that allows you to track someone. This is bad, can be used for suppression and it needs challenged. This data needs laws so that it is protected and not stored for long periods of time. It should be hard for the government to get this data and only access on special cases, not whenever they want.
https://www.theguardian.com/technology/2019/jan/11/huawei-employee-arrested-in-poland-over-chinese-spy-allegations
Then there is the case of the African Union headquarters;
https://www.aspistrategist.org.au/the-african-union-headquarters-hack-and-australias-5g-network/
"The AU’s grand and sprawling complex was the focus of intrigue and controversy earlier this year—controversy that sheds light on reported ‘national security concerns’ in Australia about which companies should be involved in our 5G network and other critical infrastructure projects.
In January 2018, France’s Le Monde newspaper published an investigation, based on multiple sources, which found that from January 2012 to January 2017 servers based inside the AU’s headquarters in Addis Ababa were transferring data between 12 midnight and 2 am—every single night—to unknown servers more than 8,000 kilometres away hosted in Shanghai. Following the discovery of what media referred to as ‘data theft’, it was also reported that microphones hidden in desks and walls were detected and removed during a sweep for bugs.
The Chinese government refuted Le Monde’s reporting. Chinese state media outlet CGTN (formerly CCTV) reported that China’s foreign ministry spokesperson called the Le Mondeinvestigation ‘utterly groundless and ridiculous’. China’s ambassador to the AU said it was ‘ridiculous and preposterous’. The BBC also quoted the ambassador as saying that the investigation ‘is not good for the image of the newspaper itself’.
Other media outlets, including the Financial Times, confirmed the data theft in reports published after the Le Monde investigation. It’s also been reported on by think tanks and private consultancies from around the world.
One AU official told the Financial Times that there were ‘many issues with the building that are still being resolved with the Chinese. It’s not just cybersecurity’.
Huawei isn't in a position to deserve the trust of any Western country, whatever the mitigations that are in place to provide "security".
The discussion above is wrt the actual Chinese law that requires that companies comply. In reality, the Chinese Government has the ability to do whatever they want, and change the law ex post facto.
The "Patriot Act".....
What I found funny is that "unused" could just mean no one is going into the building or no one is paying attention to it. How does that stop the automated process of data collection?
I drive by that facility in the pic once a week on the way home from our family's music lessons and band practice and the local cops have parked cars with flashing lights on the driveways leading to it. Every night. Definitely seems to be activity there.
And, because a building was bugged is not proof of who did the bugging. Trump has said he assumes every Russian hotel is bugged.
And, our own NSA is the grandfather of a government using private corporations to spy on people.
The LeMonde story had the usual 'anonymous' sources. Can you see a pattern here?
In other news...
Huawei has stated again and again that all data it manages in Europe never ever leaves Europe. All data from carriers that use Huawei gear in Europe is managed by the carriers. They run the networks.
There are Huawei security centres in the UK, Germany and Belgium where officials have access to Huawei source code. As a result of this access, governments can (and do) recommend changes. As a result of the recommendations, Huawei is investing billions into security.
Can you name any other company that finds itself open to that level of scrutiny?
All the while the US is touring the world (literally) telling foreign governments to not do deals with Huawei and not providing ANY evidence to support its claims.
It is now widely accepted that the real reasons for this attitude towards Huawei are not security related at all but related to US protectionism and a fear of being overtaken technologically in this field.
Now Huawei has grown tired and the latest rumours point to Huawei taking legal action against the US government. It has also publicly called out the US government on its slur campaign and some industry watchers claim foreign governments may decide to ignore US warnings as it has not been able to back up its claims.
https://wap.business-standard.com/article/international/prism-prism-on-the-wall-huawei-turns-witty-to-fight-us-spying-charges-119022800121_1.html
https://asia.nikkei.com/Opinion/US-must-learn-from-anti-Huawei-campaign-struggle
https://www.politico.eu/article/huawei-telecoms-mobile-world-congress-fair-how-huawei-won-barcelona/
https://www.marketplace.org/2019/03/01/tech/heres-why-theres-no-us-telecom-giant-huawei
https://techcrunch.com/2019/03/04/huawei-reportedly-plans-to-sue-us-government-over-ban/
https://www.forbes.com/sites/zakdoffman/2019/03/05/huawei-is-planning-to-go-on-the-warpath-to-defeat-the-u-s-government/#5c7873fb48ad
Etc
""The issue isn't whether this or that company will spy on you--it is whether *your technological infrastructure is provided by a source that is hostile to things you hold dear* or not."
Next you'll be telling the world that having the NSA in their soup is for its own good.
The US needs to wake up. The world's technological communications infrastructure is already provided by a 'hostile' source!
Along with a ton of other stuff.
Nokia and Ericsson offer alternatives to the Huawei/ZTE narrative, and each is definitely not state sponsored, nor "hostile to the things we hold dear". Seems like a win/win for Europe, as well as any of the Five Eyes intelligence partners.