Selasa, 08 Januari 2019

Section 702 Faa Expires: What Are The Problems Alongside Prism In Addition To Upstream?

(UPDATED: Jan 20, 2018)

Two of import NSA programs, PRISM in addition to Upstream, are based upon department 702 of the legal authority.

Although PRISM became almost synonymous for NSA's alleged mass surveillance, it's actually, only similar the Upstream program, targeted collection aimed at specific unusual targets. Still, many people think that these programs clit inward way also many information (incidental collection) to endure later queried inward an illegal way (backdoor searches).

Here we'll exhibit some of the complexities of these ii collection programs in addition to that at that spot are diverse internal procedures in addition to methods inward companionship to maintain collection in addition to analysis equally focussed equally possible.



Slide from the PRISM presentation that for the get-go fourth dimension revealed PRISM
in addition to Upstream equally business office of department 702 FAA collection.


Until recently, US lawmakers were also involved amongst president Trump's taxation reform to devote plenty attending to department 702 FAA. Therefore, on Dec 21, Congress extended the ascendancy of this law through Jan 19, 2018. Lawyers from the Trump direction fifty-fifty concluded that the intelligence agencies tin lawfully cash inward one's chips along to operate nether the FAA through belatedly Apr (because the electrical flow FISA Court certification for the computer program genuinely expires belatedly Apr 2018).

This leaves Congress some extra months to either reform or strengthen this of import authority. There are several proposals, spanning from making the existing law permanent without changes, to imposing pregnant novel limits to safeguard the privacy rights of Americans.

Meanwhile, the Office of the Director of National Intelligence (ODNI) came amongst additional information nigh information collection nether department 702 FAA, in addition to published for instance a Section 702 Overview, which includes some prissy infographics:



Diagram from ODNI nigh department 702 FAA collection. Click to enlarge.


702 FAA collection

The Snowden-revelations have got shown that nether the legal ascendancy of department 702 FAA, NSA conducts ii types of information collection:

- Upstream collection, for both mesh in addition to telephone communications, which are filtered out based upon specific selectors at major telephone in addition to mesh backbone switches. This takes house nether the collection programs FAIRVIEW in addition to STORMBREW.

- Downstream collection, only for mesh (including mesh telephony) communications, based upon specific selectors, which are acquired from at to the lowest degree nine major American mesh companies. This takes house nether the collection computer program PRISM.

The Upstream in addition to Downstream programs are dissimilar from eachother inward many ways, but the affair they have got inward mutual is that collection accept house inside the United States, spell beingness aimed at foreign targets, although only i destination of their communications has to endure foreign. This agency these programs also clit inward communications betwixt targeted foreigners in addition to Americans - which is i of the principal purposes of these programs: finding connections betwixt terrorists within in addition to exterior the US.



Slide showing the principal differences betwixt PRISM in addition to Upstream
Published on Oct 22, 2013. Click to enlarge.


Upstream filtering

Although Upstream collection is based upon specific selectors, the American Civil Liberties Union (ACLU) presents it equally "bulk surveillance", because inward their opinion, the automated filtering genuinely agency that NSA is "searching the contents of essentially everyone’s communications." Therefore they telephone retrieve these searches extraordinarily far-reaching in addition to unprecedented in addition to unlawful.

The Electronic Frontier Foundation (EFF) has a similar seat in addition to says that splitting mesh cables is "unconstitutional seizure", spell the subsequent search for selectors is an "unconstitutional search."

These judgements seem based upon comparison digital filtering amongst intercepting letters or telegrams (like what happened nether projection SHAMROCK from 1945-1975), but this ignores the differences amongst calculator technology: NSA does re-create entire information streams, but at virtually the same minute the filter arrangement picks out the communications associated amongst the selectors, the other information are gone.

Searching through information packets of innocent people agency at the same fourth dimension destroying them - except when they comprise i of the selectors which NSA is interested in.



Diagram from the EFF nigh Upstream collection. Click to enlarge.


Storage in addition to classification

Under department 702 FAA, only information that are associated amongst a specific selector are stored. For Upstream collection, this agency only the communications that rest after the filtering proces. These are processed (decoded, formatted, etc.) in addition to stored inward NSA databases for a maximum of only 2 years.

Downstream collection nether the PRISM computer program results inward all the information associated amongst specific selectors that the large mesh companies manus over to the FBI, which in addition to then forwards them to NSA. These are also processed in addition to and then stored for a maximum of v years.
 
Data from FAA collection are unremarkably stored inward separate database partitions in addition to are protected yesteryear the Exceptionally Controlled Information (ECI) compartment RAGTIME (RGT). Only analysts who are cleared for RAGTIME, have got the specific need-to-know in addition to who are authorized yesteryear the information possessor have got access to these data.

Already a few months earlier the start of the Snowden-revelations a volume certifications that authorize department 702 FAA collection.

Last November, ZDNet reported nigh a leaked NSA document that lists a amount of xi components of RAGTIME. Besides the iv known ones, the document also mentions RAGTIME-BQ, F, N, PQ, S, T in addition to USP, but so far, nosotros don't know what variety of information they protect.



On August 26, 2013, Der Spiegel published the so far only document from the RAGTIME (RGT)
compartment: the floorplan of the European Union mission to the UN inward New York.
Note the containing 160.000 private conversations (75% of which instant messages), which were intercepted yesteryear NSA betwixt 2009 in addition to 2012 - a much to a greater extent than noun leak than the park internal powerpoint in addition to sharepoint stuff.

Snowden handed them over to The Washington Post, which reported nigh this cache on July 5, 2014. After a cumbersome investigation, it flora that the intercepted communications contained valuable unusual intelligence information, but also that over nine out of 10 concern human relationship holders were non the intended surveillance targets in addition to that nearly one-half of the files contained US individual identifiers.



Breakdown of the intercepted messages collected nether 702 FAA authority
that were reviewed yesteryear The Washington Post. Click for a larger version.


Targeted interception

The numbers from The Post exercise audio similar a massive overcollection, but nosotros should maintain inward heed that this notwithstanding is targeted collection, something that privacy advocats e'er prefer rather than mass collection.

NSA's Upstream computer program volition probable number inward only equally many communications of innnocent people equally when the police clit taps telephone numbers in addition to IP addresses nether a warrant, although NSA targets may endure to a greater extent than careful inward conducting private telecommunication than ordinary criminals.

From the dataset examined yesteryear The Washington Post, it becomes clear that innocent people tin endure affected inward ii ways: first, when they communicate straight amongst (or about) a unusual target, in addition to second, yesteryear "joining a chat room, regardless of subject, or using an online service hosted on a server that a target used for something else entirely."

This shows that fifty-fifty amongst targeted interception, the technical configuration of sure enough mesh platforms instruct inward acre quite difficult, or fifty-fifty impossible to isolate the conversations inward which a target is personally involved.

As the dataset that Snowden exfiltrated seems to endure derived from both Upstream in addition to PRISM collection, it's hard to state which of these programs is to a greater extent than intrusive. Upstream became a less useful root since the most mutual communication services have got been encrypted, spell PRISM may also non endure equally productive equally before, after it was exposed yesteryear the press.




Dataflow diagram for Upstream collection nether the FAIRVIEW program.
Published on Nov 16, 2016. Click to enlarge.
(More FAIRVIEW dataflow diagrams)
 

Backdoor searches

On August 9, 2013, The Guardian PR/TT program, which NSA terminated yesteryear the destination of 2011.

These backdoor searches are non nigh collecting new information yesteryear tapping telephone in addition to mesh cables or acquiring information from mesh companies, but nigh conducting searches inward information that have got already been collected.

While inward general, NSA is only allowed to collect novel information when they are related to unusual targets, these backdoor searches may also involve identifiers (like names, electronic mail addresses in addition to telephone numbers) of US citizens, thence they are straightaway officially called "U.S. individual queries".

Initially, these searches were only allowed for information from PRISM, because Upstream non only collected communications "to" in addition to "from", but also "about" targets, which made it to a greater extent than sensitive than PRISM collection (Upstream appeared to clit inward tens of thousands of purely domestic e-mails each year).

In Apr 2017, NSA halted this "about" collection, after which the FISA Court allowed NSA to also ship US individual queries on information collected through the Upstream computer program - something that had already tried, but failed to proof that NSA is notwithstanding monitoring American citizens inward that way, it's straightaway these backdoor searches which are considered the biggest privacy violations nether department 702 FAA - the ACLU says that they allow "spying on U.S. residents without a warrant."

Even onetime NSA manager Michael Hayden was aware of the privacy risks of these queries, but the PCLOB report nigh department 702 explains that NSA has procedures in addition to requirements to bound these US individual queries, although they are dissimilar for content in addition to for metadata:

- Queries of content are only permitted for US individual identifiers that have got been pre-approved (i.e. added to a white list) through i of several processes, including other FISA processes. Such approvals are for instance granted for US persons for whom at that spot are already private warrants from the FISA Court nether department 105 FISA or department 704 FAA. US individual identifiers tin also endure approved yesteryear the NSA's Office of General Counsel after showing that using a sure enough US individual identifier would "reasonably probable render unusual intelligence information."

- Queries of metadata may only endure conducted inward a arrangement that requires analysts to document the the world for their metadata enquiry (a Foreign Intelligence (FI) justification) prior to conducting the query. An oversight report adds that "analysts are non required to banking concern agree whatsoever specific database or seek whatsoever internal approvals prior to executing a enquiry against [702 FAA] metadata."

Relevant queries

In general, NSA analysts are required to create queries that are equally focussed equally possible so they render information that is most useful in addition to relevant for their unusual intelligence mission. According to the PCLOB report, analysts have "training regarding how to utilization multiple enquiry damage or other enquiry discriminators (like a appointment range) to bound the information that is returned inward reply to their queries of the unminimized data."

In the Section 702 Overview that was published yesteryear ODNI on Dec 20, it is explained that US individual queries on metadata are useful equally they are oft the fastest in addition to most efficient way to banking concern agree whether in addition to how a sure enough US individual (either suspect or victim) is connected to unusual actors. The overview also provides some remarkably concrete examples:
- Using the call of a US individual hostage to cull through communications of the terrorist network that kidnapped her to pinpoint her place in addition to condition;
- Using the electronic mail address of a US victim of a cyber-attack to chop-chop seat the range of malicious cyber activities in addition to to warn the U.S. individual of the actual or pending intrusion;
- Using the call of a authorities employee that has been approached yesteryear unusual spies to discover unusual espionage networks in addition to seat other potential victims;
- Using the call of a authorities official who volition endure traveling to seat whatsoever threats to the official yesteryear terrorists or other unusual adversaries.



Dataflow diagram for Downstream collection nether the PRISM program.
Published on June 29, 2013. Click to enlarge.


Numbers of queries

While NSA in addition to the Office of the Director of National Intelligence (ODNI) were acre non able to render numbers nigh the "incidental collection" nether department 702 FAA, they exercise ameliorate when it comes to numbers nigh the backdoor searches.

In a letter to senator Wyden, in addition to then DNI Clapper wrote that inward 2013, NSA approved 198 US individual identifiers for querying the content, in addition to that at that spot had been ca. 9.500 queries on metadata from information collected nether the PRISM program, but of the latter ca. 36% were duplicative or recurring queries.

ODNI's annual transparancy report also provides numbers of US individual queries. In 2016, at that spot were 5.288 content queries, but this also includes CIA queries in addition to NSA searches of content from Upstream collection, something that was genuinely unauthorized until Apr 2017 (see above), but which the agency is straightaway trying to brand visible.

The ascent of the number of US individual queries on metadata is fifty-fifty higher, equally it went upwards from 9.500 inward 2013, to 30.355 inward 2016. The amount presented inward the ODNI study is supposed to apply to NSA, CIA in addition to FBI, but After Section 702 Reauthorization
- Politico: Warrantless Surveillance Can Continue Even if Law Expires, Officials Say
- Emptywheel.net: In NSA-intercepted data, those non targeted far outnumber the foreigners who are + The Debrief - An occasional serial offering a reporter’s insights
- B. Hanssen: Why the NSA’s Incidental Collection nether Its Section 702 Upstream Internet Program May Well Be Bulk Collection, Even If The Program Engages In Targeted Surveillance
- NSA Director of Civil Liberties in addition to Privacy Office Report: NSA's Implementation of Foreign Intelligence Surveillance Act Section 702
- Privacy in addition to Civil Liberties Oversight Board: Surveillance Program Operated Persuant to Section 702 FISA

Tidak ada komentar:

Posting Komentar