NSA - Eacesdropping

8/6/2019 NSA - Eacesdropping

1/4

T

he recent revelations about illegaleavesdropping on American citizens by

the U.S. National Security Agency haveraised many questions about just what theagency is doing. Although the facts are justbeginning to emerge, information that hascome to light about the NSAs activities andcapabilities over the years, as well as the recentreporting by the New York Times and others,allows us to discern the outlines of what theyare likely doing and how they are doing it.

The NSA is not only the worlds largest spyagency (far larger than the CIA, for example),but it possesses the most advanced technol-ogy for intercepting communications. We

know it has long had the ability to focus pow-erful surveillance capabilities on particularindividuals or communications. But the cur-rent scandal has indicated two new and sig-nificant elements of the agencyseavesdropping:

The NSA has gained direct access to thetelecommunications infrastructure throughsome of Americas largest companiesThe agency appears to be not only targetingindividuals, but also using broad data min-ing systems that allow them to intercept andevaluate the communications of millions of

people within the United States.

The ACLU has prepared a map (see page 2)illustrating how all this is believed to work. Itshows how the military spying agency hasextended its tentacles into much of the U.S.civilian communications infrastructure,including, it appears, the switches throughwhich international and some domestic com-munications are routed, Internet exchangepoints, individual telephone company centralfacilities, and Internet Service Providers(ISP). While we cannot be certain about thesesecretive links, this chart shows a represen-

tation of what is, according to recent reports,the most likely picture of what is going on.

CORPORATE BEDFELLOWS

One major new element of the NSAs spyingmachinery is its ability to tap directly into themajor communications switches, routing sta-tions, or access points of the telecommunica-tions system. For example, according to theNew York Times, the NSA has worked withthe leading companies in the telecommuni-cations industry to collect communicationspatterns, and has gained access to switches

that act as gateways at some of the mainarteries for moving voice and some Internet

traffic into and out of the United States.1

This new level of direct access apparentlyincludes both some of the gateways throughwhich phone calls are routed, as well as otherkey nodes through which a large proportionof Internet traffic passes. This new programalso recognizes that todays voice andInternet communications systems areincreasingly converging, with a rising propor-tion of even voice phone calls moving to theInternet via VOIP, and parts of the old tele-phone transmission system being convertedto fiber optic cable and used for both data and

voice communications. While data and voicesometimes travel together and sometimes donot, and we do not know exactly whichswitches and other access points the NSAhas tapped, what appears certain is that theNSA is looking at both.

And most significantly, access to theseswitches and other network hubs give theagency access to a direct feed of all the com-munications that pass through them, and theability to filter, sift through, analyze, read, orshare those communications as it sees fit.

DATA MINING

The other major novelty in the NSAs activitiesappears to be the exploitation of a new con-cept in surveillance that has attracted a lot ofattention in the past few years: what is com-monly called data mining. Unlike theagencys longstanding practice of spying onspecific individuals and communicationsbased upon some source of suspicion, datamining involves formula-based searchesthrough mountains of data for individualswhose behavior or profile is in some way sus-piciously different from the norm.

Data mining is a broad dragnet. Instead oftargeting you because you once received atelephone call from a person who received atelephone call from a person who is a sus-pected terrorist, you might be targetedbecause the NSAs computers have analyzedyour communications and have determinedthat they contain certain words or word com-binations, addressing information, or otherfactors with a frequency that deviates fromthe average, and which they have decidedmight be an indication of suspiciousness. The

NSA has no prior reason to suspect you, andyou are in no way tied to any other suspicious

individuals you have just been plucked outof the crowd by a computer algorithms analy-sis of your behavior.

Use of these statistical fishing expeditionshas been made possible by the access tocommunications streams granted by key cor-porations. The NSA may also be engaging ingeographic targeting, in which they listen inon communications between the UnitedStates and a particular foreign country orregion. More broadly, data mining has beengreatly facilitated by underlying changes intechnology that have taken place in the past

few years (see page 3).

This dragnet approach is not only bad for civilliberties it is also a bad use of our scarcesecurity and law enforcement resources. Infact, the creation of large numbers of waste-ful and distracting leads is one of the primaryreasons that many security experts say datamining and other dragnet strategies are apoor way of preventing crime and terrorism.TheNew York Times confirmed that point, withits report that the NSA has sent the FBI aflood of tips generated by mass domesticeavesdropping and data mining, virtually all

of which led to dead ends that wasted theFBIs resources. Wed chase a number, findits a schoolteacher with no indication theyveever been involved in international terrorism,one former FBI agent told the Times. After youget a thousand numbers and not one is turningup anything, you get some frustration.2

COMBINING TELECOMMUNICATIONS

AND OTHER PRIVATE DATA?

The NSA has historically been in the businessof intercepting and analyzing communica-tions data. One question is whether or notthis communications data is being combined

with other intimate details about our lives. Afew years ago, the Pentagon began work onan breathtaking data mining program calledTotal Information Awareness, which envi-sioned programming computers to trawlthrough an extensive list of information onAmericans (including, according to the pro-grams own materials, Financial, Education,Travel, Medical, Veterinary, Country Entry,Place/Event Entry, Transportation, Housing,Critical Resources, Government,Communications) in the hunt for suspiciouspatterns of activity. Congress decisively

EAVESDROPPING 101:

WHAT CAN THE NSA DO?


2/4

NSA UNDERSCABLE TA

ISP INTERNETEXCHANGE

NSATAPN

SA

TAP

INTERNET

EXCHANGENSATAP

NSA

NSA

INTERNET

EXCHANGE

CENTRAL

SWITCH

NSATAP

CENTRAL

SWITCH

NSA

TAP

NSA

HQ

NSA

TAP

INTERNET

EXCHANGE

TELCONSATAP

NSA UNDERSEASCABLE TAP

NSATAP

civilian

communications

NSA facilities

Schematic diagram -

facilities shown are

representational only

TELCO

THE NSA SURVEILLANCE OCTOPUS

NSATAP

NSADATA HUB NSA

NSA

HQ

CENTRAL

SWITCH

NSA UNDERSEAS

CABLE TAP

Yakima listening post One way that telephone callsand other communications are sent from the UnitedStates to Asia and other destinations is via satellite andmicrowave transmissions. This NSA satellite facility ona restricted Army firing range in Yakima, Washington

sweeps in millions of communications an hour frominternational communications satellites.

Sugar Grove listening post One way that telephonecalls and other communications are sent from theUnited States to Europe and other destinations is viasatellite and microwave transmissions. This NSA satel-lite facility, located in an isolated valley in Sugar Grove,West Virginia, sweeps in millions of communications anhour from international communications satellites.

Internet Service Provider (ISP) The NSA may beforcing ISPs to provide it with information in the form ofa computer tap (similar to a controversial FBI devicedubbed Carnivore) that scans all the communications

that reach that ISP.

Central switch These facilities, one in New York andone in Northern California, are operated by majortelecommunications companies. They are a primarymeans by which a mix of voice and data communica-tions, including those that travel over transoceanicundersea fiber optic cables, are routed (switched)toward their proper destination. Because they serve ascentral switching points, they offer the NSA access to alarge volume of communications.

Internet exchange These publicly or privately ownedInternet exchanges are where Internet traffic isexchanged between the sub-networks that make up the

Internet. These public or privately owned facilities are

divided into Tier 1, Tier 2, and Tier 3 exchanges. The Tier 1exchanges, typically located in big cities, are the ones thahave national and global reach and are likely to be of mosinterest to the NSA.

Underseas cable tap According to published reportsAmerican divers were able to install surveillancedevices onto the transoceanic cables that carry phonecalls and data across the seas. One of these taps wasdiscovered in 1982, but other devices apparently contin-ued to function undetected. The advent of fiber-opticcables posed challenges for the NSA, but there is noreason to believe that that problem remained unsolvedby the agency.

The NSAs headquarters Tens of thousands of people, including intelligence analysts, linguists and computer professionals, work at this complex in Fort MeadeMaryland outside of Washington, DC. NSA headquartersis where the millions of intercepted communications are

processed and analyzed.

Telco: Domestic telephone company The NSA isapparently hooking in to U.S. telephone companieswhich have not only networks that can be tapped into, bualso records of customer communications.

NSA Data Hub: Domestic Warning Hub and DataWarehouse, Aurora, CO The NSA is reportedly building a massive data storage facility in this Denver suburband also operates a reconaissance satellite dish hereThis may be where the agencys data mining operationstake place. A CIA facility and the militarys NorthernCommand (NORTHCOM) are also located here.

ISP

INTERNET

EXCHANGE

NSA

HQ

NSA

HQ

TELCO

NSA

DATA HUB

EAVESDROPPING 101 2


3/4

EAVESDROPPING 1 0

rejected this approach, voting to shut downthe program, at least for domestic use butwe know Congress allowed elements of theprogram to be moved undercover, into thebowels of the Pentagon, while supposedlybeing restricted to non-Americans. We alsoknow that the NSA is sharing its information

with other security services. What we do notknow is whether any of information from TIA-like enterprises is being combined with theNSAs communications intercepts.

HOW THE NSA SEARCHES

FOR TARGETS

There are a range of techniques that areprobably used by the NSA to sift through thesea of communications it steals from theworlds cables and airwaves:

Keywords. In this longstanding technique, theagency maintains a watch list or dictionary

of key words, individuals, telephone numbersand presumably now computer IP addresses.It uses that list to pick out potentially relevantcommunications from all the data that it gath-ers. These keywords are often provided tothe NSA by other security agencies, and theNSA passes the resulting intelligence takeback to the other agencies or officials.According to the law, the NSA must strip outthe names and other identifying informationof Americans captured inadvertently, aprocess called minimization. (According topublished reports, those minimization proce-dures are not being properly observed.) In

the 1990s, it was revealed that the NSA hadused the word Greenpeace and Amnesty(as in the human rights group AmnestyInternational) as keywords as part of itsEchelon program (see below).

Link analysis. It is believed that another man-ner in which individuals are now being addedto the watch lists is through a process oftencalled link analysis. Link analysis can worklike this: the CIA captures a terrorists com-puter on the battlefield and finds a list ofphone numbers, including some U.S. num-bers. The NSA puts those numbers on their

watch list. They add the people that are calledfrom those numbers to their list. They couldthen in turn add the people called from thosenumbers to their list. How far they carry thatprocess and what standards if any govern theprocess is unknown.

Other screening techniques. There may beother techniques that the NSA could be usingto pluck out potential targets. One example isvoice pattern analysis, in which computerslisten for the sound of, say, Osama BinLadens voice. No one knows how accurate

the NSAs computers may be at such tasks,but if commercial attempts at analogousactivities such as face recognition are anyguide, they would also be likely to generateenormous numbers of false hits.

A THREE-STAGE PROCESS

So how are all these new techniques andcapabilities being put into practice?Presumably, The Program (as insidersreportedly refer to the illegal practices) con-tinues to employ watch lists and dictionaries.We do not know how the newer and moresophisticated link analysis and statistical datamining techniques are being used.

But, a good guess is that the NSA is followinga three-stage process for the broadest por-tion of its sweep through the communicationsinfrastructure:

1.The Dragnet: a search for targets. In thisstage, the NSA sifts through the data coursingthrough the arteries of our telecom systems,making use of such factors as keywordsearches, telephone number and IP addresstargeting, and techniques such as link analy-sis, and data mining. At this stage, thecommunications of millions of people may bescrutinized.

2.Human review: making the target list.Communications and individuals that areflagged by the system for one reason oranother are presumably then subject to

human review. An analyst looks at the origin,destination and content of the communicationand makes a determination as to whetherfurther eavesdropping or investigation isdesired. We have absolutely no idea whatkind of numbers are involved at this stage.

3.The Microscope: targeting listed individuals.Finally, individuals determined to be suspi-cious in phase two are presumably placed ona target list so that they are placed under thefull scrutiny of the NSAs giant surveillancemicroscope, with all their communicationscaptured and analyzed.

EXPANDING SURVEILLANCE AS

TECHNOLOGY CHANGES

Todays NSA spying is a response to, and hasbeen made possible by, some of the funda-mental technological changes that havetaken place in recent years. Around the endof 1990s, the NSA began to complain privately and occasionally publicly that they werebeing overrun by technology as communica-tions increasingly went digital. One change inparticular was especially significant: elec-tronic communications ranging from email to

voice conversations were increasingly usingthe new and different protocols of the Internet.

The consequence of this change was that theNSA felt it was forced to change the points in thecommunications infrastructure that it targeted but having done that, it gained the ability to

analyze vastly more and richer communications.

The Internet and technologies that rely uponit (such as electronic mail, web surfing andInternet-based telephones known as Voiceover IP or VOIP) works by breaking informa-tion into small packets. Each packet is thenrouted across the network of computers thatmake up the Internet according to the mostefficient path at that moment, like a drivertrying to avoid traffic jams as he makes hisway across a city. Once all the packets which are labeled with their origin, destina-tion and other header information have

arrived, they are then reassembled.

An important result of this technology is thaton the Internet, there is no longer a meaning-ful distinction between domestic andinternational routes of a communication. Itwas once relatively easy for the NSA, which bylaw is limited to foreign intelligence, to aimits interception technologies at purely for-eign communications. But now, an e-mailsent from London to Paris, for example,might well be routed through the west coastof the United States (when, for example, it is abusy mid-morning in Europe but the middle

of the night in California) along the same pathtraveled by mail between Los Angeles andSan Francisco.

That system makes the NSA all the moreeager to get access to centralized Internetexchange points operated by a few telecom-munications giants. But because of the waythis technology works, eavesdropping on anIP communication is a completely differentballgame from using an old-fashioned wire-tap on a single line. The packets of interestto the eavesdropper are mixed in with all theother traffic that crosses through that path-

way domestic and international.

ECHELON

Much of what we know about the NSAs spyingprior to the recent revelations comes fromthe late 1990s, when a fair amount of infor-mation emerged about a system popularlyreferred to by the name Echelon a code-name the NSA had used at least at one time(although their continued use of the term, if atall, is unknown). Echelon was a system formass eavesdropping on communicationsaround the world by the NSA and its allies

3


4/4

among the intelligence agencies of othernations. The best source of information onEchelon was two reports commissioned bythe European Parliament (in part due to suspi-cions among Europeans that the NSA was car-rying out economic espionage on behalf ofAmerican corporations). Other bits of informa-

tion were gleaned from documents obtainedthrough the U.S. Freedom of Information Act,as well as statements by foreign governmentsthat were partners in the program (the UK,Australia, Canada, and New Zealand).

As of the late 1990s/early 2000s, Echelonswept up global communications using twoprimary methods:

1.The interception of satellite and microwavesignals. One way that telephone calls andother communications are sent from theUnited States to Europe and other destina-

tions is via satellite and microwave transmis-sions. ECHELON was known to usenumerous satellite receivers (dishes) located on the east and west coasts of theUnited States, in England, Australia,Germany, and elsewhere around the globe to vacuum up the spillover broadcasts fromthese satellite transmissions.

2.Transoceanic cable tapping. ECHELONsother primary eavesdropping method was totap into the transoceanic cables that alsocarry phone calls across the seas. Accordingto published reports, American divers were

able to install surveillance devices onto thesecables. One of these taps was discovered in1982, but other devices apparently continuedto function undetected. It is more difficult totap into fiber-optic cables (which unlike othercables do not leak radio signals that can bepicked up by a device attached to the outsideof the cable), but there is no reason to believethat that problem remained unsolved by theagency.

We do not know the extent to which thesesources of data continue to be significant forthe NSA, or the extent to which they have

been superseded by the agencys new directaccess to the infrastructure, including theInternet itself, over which both voice and datacommunications travel.

UNANSWERED QUESTIONS

The bottom line is that the NSA appears to becapable not only of intercepting the interna-tional communications of a relatively smallnumber of targeted Americans, but also ofintercepting a sweeping amount of U.S. com-munications (through corporate-grantedaccess to communications pipes and

boxes), and of performing mass analysis onthose communications (through data miningand other techniques).

Despite the fuzzy picture of The Programthat we now possess, the current spyingscandal has highlighted many unanswered

questions about the NSAs current activities.They include:

Just what kinds of communicationsarteries has the NSA tapped into?

What kinds of filters or analysis is the NSAapplying to the data that flows throughthose arteries? How are data mining andother new techniques are being used?

Which telecom providers are cooperatingwith the NSA?

How are subjects selected for targetedintercepts?

What kinds of information exchange aretaking place between the NSA and othersecurity agencies? We know they probablyturn over to other agencies any data turnedup by watch list entries submitted by thoseother agencies, and they are alsoapparently passing along datamining-generated cold hits to the FBIand perhaps other security agencies forfurther investigation. Does informationflow the other way as well are other

agencies giving data to the NSA for help inthat second phase of deciding who gets putunder the microscope?

Is data that NSA collects, under whateverrubric, being merged with other data,either by NSA or another agency? Iscommunications data being merged withother transactional information, such ascredit card, travel, and financial data, in thefashion of the infamous Total InformationAwareness data mining program? (TIA,while prohibited by Congress from engagingin domestic activities, still exists within the

Pentagon and can be used for foreignintelligence purposes.) Just how manyschoolteachers and other innocentAmericans have been investigated as aresult of The Program? And just howmuch privacy invasion are they subject tobefore the FBI can conclude they are notinvolved in international terrorism?

Rarely if ever in American history has a gov-ernment agency possessed so much powersubject to so little oversight. Given that situa-tion, abuses were inevitable and any limits

to those abuses a matter of mere good fortune.If our generation of leaders and citizens doesnot rise to the occasion, we will prove ourselvesto be unworthy of the heritage that we havebeen so fortunate to inherit from our Founders.

ENDNOTES

1 Eric Lichtblau and James Risen, SpyAgency Mined Vast Data Trove, OfficialsReport, New York Times, December 24,2005;http://select.nytimes.com/search/restricted/article?res=FA0714F63E540C778EDDAB099DD404482

2 Lowell Bergman, Eric Lichtblau, Scott Shaneand Don Van Natta Jr., Spy Agency Data AfterSept. 11 Led F.B.I. to Dead Ends, New YorkTimes, January 17, 2006;http://www.nytimes.com/2006/01/17/poli-tics/17spy.html.

2EAVESDROPPING 101

Documents

NSA - Eacesdropping