(Updated: August 24, 2016)
The Snowden revelations made people familiar with what NSA calls "selectors": telephone numbers, email addresses too a whole attain of similar groups of characters that tin live used to seat a exceptional target.
However, really fiddling was revealed nearly how just these selectors are used inward corporation to choice out communications of interest. But meanwhile, declassified documents nearly NSA, High German parliamentary committee hearings too an word oversight study from Holland give unopen to details nearly that.
It came out that the signals word agencies of these 3 countries (and probable many other countries too) grouping all selectors that belong to a for sure target into sets called correlations or equations.
Wrapping private selectors into equations makes sense, every bit 1 of the most of import requirements for signals word is of course of teaching knowing which telephone numbers, email addresses etc. a exceptional target uses, every bit oft they volition utilization many of them too alter them regularly.
United States
In ii recent postings on this weblog, the NSA's storage too analysis of domestic telephone records nether the Section 215 (or BR FISA) computer program was analysed. Information nearly this computer program comes almost entirely from a large number of documents that select been declassified past times the US government.
Among those documents is a BR FISA Review (.pdf) from 2009, inward which, belike for the get-go time, nosotros discovery the term "correlation". The study says that NSA uses correlated selectors to query the BR FISA metadata. The role of such a laid of selectors is described every bit follows:
"If at that spot was a successful RAS decision made on whatever 1 of the selectors inward the correlation, all were considered RAS-approved for utilization of the query because they were all associated with the same [target redacted]"
RAS stands for Reasonable Articulable Suspicion, which must live determined for a for sure selector, earlier it tin live used to query the domestic telephone metadata. So, when 1 selector was RAS-approved, the analyst was allowed to also utilization all other selectors that were correlated to the same target.
This do of what tin live described every bit "one approved selector approves the whole correlation set" was ended when on Feb 20, 2009, the Emphatic Access Restriction (EAR) tool was implemented. Since then, each selector has to live individually RAS-approved earlier it tin live used to query the metadata database.
Note that this only applied to selectors used for querying domestic telephone records. As nosotros learned from the High German province of affairs described below, NSA continued to utilization correlations for its foreign collection efforts overseas.
Correlation database
According to the BR FISA Review, NSA has a database that holds correlations betwixt selectors of involvement too which provides automated correlation results to analysts. So when an analyst wants to know which (other) identifiers a for sure target uses to communicate, he tin hold off that upwards inward this database.
The elevate of this database was redacted, but according to its seat inward the review's glossary, it starts with A. The correlation database is so dissimilar from the OCTAVE tasking tool, which is used to activate telephony selectors on the diverse collection systems. Analysts tin so create upwards one's take heed past times themselves which of the correlated selectors they genuinely desire to task.
It's non clear though whether these correlations include both telephone too cyberspace selectors, but plainly it's useful to collect too grouping all kinds of identifiers used past times a exceptional target.
Glossary of the 2009 BR FISA Review report, with
inward the fourth seat the correlation database
Germany
The agency NSA uses correlations immediatly reminds of a do that was revealed during hearings of the High German parliamentary committee that investigates NSA spying practices. On May 20, 2015, BND employee W.O. explained that until 2012, the NSA sent its selectors to BND inward the cast of a so-called "equation".
According to the witness, an equation was a tape that could comprise upwards to 1 hundred selectors used past times or related to a exceptional target. This large number of selectors is because the equation contains all dissimilar ways of spelling too technical encoding permutations of a selector. For 1 email address this could for instance be:
mustermann@internet.org
mustermann%40internet%2Eorg (HTML-Hex)
mustermann\&\#37;2540internet.org (multiple encodings)
mustermann\\U0040internet.org (UTF-16)
The explanation given past times witness W.O. of how BND managed these NSA equations was rather confusing, but an of import chemical cistron seemed to live that such a whole laid of selectors could live prevented from beingness activated, when BND rejected only 1 selector when using it would violate High German police line or High German interests.
Especially for cyberspace identifiers (like chat handles or nicknames) it tin live really hard if non impossible to attribute them to a exceptional country. But when an equation contains only 1 identifier that is easier to attribute (like an email address), the whole laid of selectors tin live either approved or disapproved based upon the identifyable selector.
Witness W.O. contradicted himself on whether an equation contains only cyberspace selectors, or also telephone numbers (with wildcards too blanks), but on September 24, 2015, witness D.B. said that equations were only used NSA cyberspace selectors.
Splitting up
W.O. also explained that until 2012, the NSA sent its selectors inward the cast of equations. When BND rejected 1 selector from such an equation set, BND employees inward Bad Aibling had to enquire NSA to take that number from their equation, or else the other selectors inward that equation were rejected too.
Since 2011, these equations were separate upwards too telephone too cyberspace selectors were each pose inward separate databases, which apparently made it possible to spend upwards private selectors. Afterwards, the estimator scheme reassembles the selectors into their proper equations again, which tin instantly select for instance a rejected telephone number amongst an approved email address. But if 1 of them is disapproved, the whole equation volition non live forwarded to the collection system.
This explanation past times witness W.O. is rather puzzling because the province of affairs earlier too afterwards 2011/2012, too earlier too afterwards splitting upwards the equations seems to live the same: inward both cases all selectors from an equation are rejected when only 1 of them was disapproved.
It seems so that splitting upwards the equations had unopen to other purpose, but that didn't acquire clear from the committee hearings. The committee members oft had difficulties inward agreement these technical issues too were so hardly able to enquire the witnesses the questions that could convey clarity.
Maybe the splitting upwards only meant separating telephone too cyberspace selectors, every bit from the study of a special independent authorities investigator it did became clear that NSA provided a description or a justification for every unmarried telephone selector, but that justifications for cyberspace selectors weren't available for BND personnel.
Investigation
There's similar confusion nearly the internal BND investigation into the selectors provided past times the NSA. Witness D.B. explained that when inward August 2015, Dr. T. investigated suspicious NSA cyberspace selectors, he was non given them inward the cast of equations, but every bit separate, private ones.
Apparently D.B. suggested that this was the argue that Dr. T. institute so many selectors that could non live identified: they were separated from correlated ones that could select made them easier to identify. But why separate these selectors when that rips them from elements that attributes them to a for sure target and/or a exceptional country?
BND selectors
What is said earlier is only nearly the selectors that were provided past times NSA, inward corporation to live tasked on the satellite collection scheme operated past times BND inward Bad Aibling. Besides these, BND of course of teaching also has its ain selectors.
During the hearing from Jan 28, 2016, witness D.B. was asked whether BND's ain selectors were also grouped into equations. D.B. explained that BND doesn't utilization the term equation, but that inward its fundamental tasking database scheme PBDB, at that spot are multiple selectors for a for sure target (with for each selector (German: Telekommunikationsmerkmal or TKM) multiple permutations).
Update
In the High German periodical Der Spiegel from Apr 2, 2016, it was explained on page 33 that selectors used past times BND select the next format: they start with an email address, a telephone number or a similar designator, followed past times the word topic, with WPR for Waffenproduktion, LAP for Landwirtschaftspolitik, TEF for Terrorfinanzierung too ISG for Islamistische Gefährder, so the province which is spied upon, designated past times 3 letters, too finally a Sperrvermerk for those unusual word agencies that should non run into the results for this selector. They are designated with a 4-letter abbreviation of their codename, similar HORT for HORTENSIE (United States) or BEGO for BEGONIE (Denmark).
The BND satellite intercept station at Bad Aibling, Germany
(Photo: AFP/Getty Images)
The Netherlands
In the Netherlands, a report (.pdf) from lastly Feb past times the word oversight committee CTIVD advised the the General Intelligence too Security Service AIVD to consider using unopen to variety of correlations or equations for its volume collection efforts too.
The study reveals that currently, the AIVD uses a listing (Dutch: kenmerkenlijst) containing all selectors, similar telephone numbers, email addresses too keywords, used for specific operations. For most of these selectors, the listing contains a curt justification for why it was pose on this list, with a reference to an underlying document. Earlier, the committee institute that likewise often, these justifications were likewise short, non related plenty to the target, or fifty-fifty absent.
According to the commission, it would live ameliorate when the AIVD would render a justification for each targeted individual or organisation, instead of for every unmarried selector. Often, 1 target volition utilization multiple telephone numbers too email addresses. Grouping them past times target too providing a justification for that target would so also cut back the length of the list.
This approach is already used past times AIVD when it comes to targeted interception.
Tidak ada komentar:
Posting Komentar