How does a Government Surveillance Organization Go Bureaucratically Dark?

How does a Government Surveillance Organization/Operation Go Bureaucratically Dark?

May 2015

Well, I have an example I’d like to share w/ you.

However, I’d like to state – up front – my feelings about personal privacy in the USA in 2014.

I am aware that The U. S. Constitution contains no express right to privacy.  However, The Bill of Rights clearly reflects the concern of James Madison and other founders for protecting specific aspects of privacy, such as the privacy of beliefs (1st Amendment), privacy of the home against demands that it be used to house soldiers (3rd Amendment), privacy of the person and possessions as against unreasonable searches (4th Amendment), and the 5th Amendment’s privilege against self-incrimination, which provides protection for the privacy of personal information.  In addition, the Ninth Amendment states that the “enumeration of certain rights” in the Bill of Rights “shall not be construed to deny or disparage other rights retained by the people.”  The meaning of the Ninth Amendment is elusive, but some persons (including Justice Goldberg in his Griswold concurrence) have interpreted the Ninth Amendment as justification for broadly reading the Bill of Rights to protect privacy in ways not specifically provided in the first eight amendments.

For the above reasons, I do have strong feelings about the requirements for individuals to: Be adequately forewarned about the willy-nilly archiving of personal information, ownership, distribution, & relative permanence of each individual’s personal property (be it virtual or physical): their “privacy”, as it were; & that they be given ample & liberal opportunities to, “Opt-Out” of revealing personal information or classes pf personal information. For example, I believe that the almost universal default policy of Opt-In ought to be replaced by a mandatory default policy of “Opt-Out”.

Given my belief that the concept & practice of personal privacy is fundamental to a free, democratic society, I set off in search of those organizations w/in our government that might have a high probability of either ignoring, or in the worst case, actively circumventing controls implemented by the government in order to guarantee personal privacy.

Now… How does a “secret” government operation go “Dark”? “Dark”, in this context meaning some shadowy group of indeterminate size who scrutinize our communications & locations in order to extract some information that somehow results in a decrease in the risk of threat to our nation.

This may be naïve, but I don’t believe that significant covert organizations are created out of whole cloth. I believe this because I have trouble imagining how any group of more than four or five people can both determine the level of confidentiality of some piece of information & keep that information to themselves, while at the same time accomplishing anything useful.

Additionally, it seems reasonable to me that if one or more Dark organizations already exist & are funded, why create a new wheel?

So I set out – using only publically available data – to see if any of these organizations might exist. I decided not to take a directly historical approach by going back to our nation’s founding because I’m interested in data – not hearsay – & the data are better as we move forward in time. However, history at times provides insight into the story I’m telling & so, occasionally, I’ll provide relevant historical context or justification that makes the story more understandable.

I’ll somewhat arbitrarily choose to begin this modern history of US espionage regulation w/ with the enactment into law of The Foreign Intelligence Surveillance Act (FISA), introduced on May 18, 1977, by Senator Ted Kennedy and signed into law by President Carter in 1978 (Hrrrmmm…., both democrats). The bill was cosponsored by nine Senators: Birch Bayh (D-IN), James O. Eastland (D-MS), Jake Garn (R-UT), Walter Huddleston (D-KY), Daniel Inouye (D-HI), Charles Mathias (R-MD), John L. McClellan (D-AR), Gaylord Nelson (D-WI), and Strom Thurmond(R-SC).

Five Democrats & Three Republicans!!??  It is no more possible for me to imagine this type of cross party cooperation today than it is to see WHAT?

FISA was a US Federal law w/ some serious clout, & it worked for a while…

It began w/ The NSA warrantless surveillance controversy (“warrantless wiretapping”) concerns about the willy-nilly surveillance of persons within the United States during the collection of allegedly foreign intelligence by the U.S. National Security Agency (NSA) as part of the touted war on terror. Under this program, referred to by the Bush administration as the terrorist surveillance program,[1] part of the broader President’s Surveillance Program, the NSA was authorized by executive order to monitor, without search warrants, the phone calls, Internet activity (Web, e-mail, etc.), text messaging, and other communication involving any party believed by the NSA to be outside the U.S., even if the other end of the communication lies within the U.S. However, it has been discovered that all U.S. communications have been digitally cloned by government agencies, in apparent violation of unreasonable search and seizure. During the Obama Administration, the NSA has allegedly continued operating under the new FISA guidelines.[3] However, in April 2009 officials at the United States Department of Justice acknowledged that the NSA had engaged in “overcollection” of domestic communications in excess of the FISA court’s authority, but claimed that the acts were unintentional and had since been rectified.[

And then came 09/11.

On September 11, 2001, an otherwise normal Tuesday morning, four well-coordinated & well-funded coordinated terrorist attacks were executed by the Islamic terrorist group al-Qaeda upon the United States in New York City and in Washington, D.C. The attacks — perpetrated by just 19 direct-head cases) — killed almost 3,000 people and caused at least $10 billion in property and infrastructure damage.

Now what country would hate us enough to instigate & train, & fund at least seventeen out of the nineteen… What? Criminals?  Psychopaths? Pissed Off Young Guys? …to fly a commercial jetliner full of random people into a building full of people at 700 miles per hour?

Seriously, how is this even imaginable?  By any standard you would have to be <HOW>insane to willingly make this choice.

Charlie Manson looks like the fucking milkman compared to these whackadoos.

Well, here’s a graph of the origins of the psychopaths who flew the airplanes into New York’s two tallest buildings, the command post in DC, & an unfortunate failure in a field in Pennsylvania…

 

The Saudi’s (& I’m lumping the UAE in there as well) really, really, really don’t like us. They have proven that they want to & are able to kill US civilians. And they are willing & able to train more young men & women to asymmetrically kill innocents.

“But… But…  they’re our friends.”

I know that in my day-to-day life, if I have somebody out these who really, really, really doesn’t like me –  my family & friends, at least, are going to know about it. They will not presume that because I’m acting relatively normally, that this somebody is often – because they want to kill me — top-of-mind. Just saying…

09/11 begat:

The President’s Surveillance Program (PSP) — a collection of secret intelligence activities authorized by then President of the United States George W. Bush shortly after (of course, this could be interpreted as having been enacted w/o much, if any, serious discussion) the September 11 attacks in 2001 as the “knee-jerk” part of the never-ending & always expanding War on Terrorism.

“[All] Information collected under the PSP program was protected within a Sensitive Compartmented Information (SCI) security compartment codenamed STELLARWIND.”

What does this mean? (In terms of tests, what did snowden need to pass to get this level of access?)

STELLARWIND survived the formation & implementation of the Foreign Intelligence Surveillance Act of 1978.

the succeeded during the presidency of Barack Obama by four major lines of intelligence collection in the territorial United States together capable of spanning the full range of modern telecommunications.

The existing four major security verticals are:

  1. The Terrorist Surveillance Program, which authorized warrantless wiretapping of international communications where one party to the communication was believed to be affiliated with al-Qaida. The other activities have reportedly included data mining of e-mail messages[3] and telephone call detail records in the NSA call database.[4]

So presidential authority PSP morphed into FISA

FISA = Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008

The FISA Amendments Act also added a new Title VII to FISA which contained provisions similar, but not identical, to provisions in the Protect America Act of 2007 (The Protect America Act (signed into law by Dubya) was controversial – effectively removing the requirement for a warrant for electronic government surveillance) which had expired earlier in 2008. Title VII legally permits electronic government surveillance (let’s just call this EGS) but w/ additional oversight. There’s EGS w/o a court order – authorized only by the president to be used against foreign powers.

Then there is EGS w/ a court order. The court order adds a layer of oversight, & presumably limits the potential of surveillance To obtain one of these, someone (it really helps if you are employed by one of the many (there are more than 50) federal law enforcement agencies, needs just petition the FISA court.

If the petition is granted, the order legally permits someone in the government to obtain copies of all of your records – physical & virtual, as well as copies of all of your electronic communications. This all seems well & good except for two things: first, the FISA court (since 1979) has only turned down 11 out of 33,949 warrant requests submitted.

Second – there is a bigger problem.  Some of the federal law enforcement agencies mentioned above include: the National Oceanic and Atmospheric Administration Fisheries Office for Law Enforcement (OLE),  the Bureau of Indian Affairs Police (BIA Police), the United States Fish and Wildlife Service, the U.S. Postal Police, & finally, the Amtrak Police.

Now, while I envy & admire park rangers & I’m not even sure what an Amtrak Police uniform looks like (let alone, an OLE uniform), I’m quite certain that I don’t want any random employee at one of these agencies – or the other 45 – to have a 99.9675 percent chance of having it granted.  In Vegas, I would take those odds anytime.

The point here is that it seems to me that the process of obtaining searchable access to the government’s electronic surveillance archives is too uncomplicated.

Get employed by a federal law enforecment agency, say as a GS-029 – an Environmental Protection Assistant; grab the FISA form… Wait there isn’t a form. The FISA Court accepts “A one-paragraph form order stating that the … process “‘contains all the required elements”.

  1. So, here’s a scenario: You’re an GS-029: Environmental Protection Assistant, & you think your spouse may be cheating on you. You work up that paragraph, ship it off to the FISA Court, & w/ the understanding that there is an almost 100% chance that it will be approved, you prepare the FISA-endorsed requests for information on all of your spouse’s electronic communications – email, chats, texts, phone calls, locations, etc.. Pretty creepy.

But doable. Although the above scenario is legal, it’s clearly outside the spirit of the law.

The new provisions in Title VII of FISA were scheduled to expire on December 31, 2012, but two days before that date, the U.S. Senate extended the FISA Amendments Act for five years (until December 31, 2017) which renews the U.S. government’s authority to monitor electronic communications of foreigners abroad.

Thus, the controls that are in place today are the ones that I have described above.

Section 702 permits the Attorney General and the Director of National Intelligence to jointly authorize targeting of persons reasonably believed to be located outside the United States, but is limited to targeting non-U.S. persons. Once authorized, such acquisitions may last for periods of up to one year.

 

This allowed this provision, “Section 702 authorizes foreign surveillance programs by the National Security Agency (NSA), like PRISM and some earlier data collection activities which were previously authorized under the President’s Surveillance Program from 2001.” to be grandfathered in.

 

PRISM is a clandestine mass electronic surveillance data mining program launched in 2007 by the National Security Agency (NSA), with participation from an unknown date by the British equivalent agency, GCHQ.[1][2][3] PRISM is a government code name for a data-collection effort known officially by the SIGAD US-984XN.[4][5] The Prism program collects stored Internet communications based on demands made to Internet companies such as Google Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms.[6] The NSA can use these Prism requests to target communications that were encrypted when they traveled across the Internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier,[7][8] and to get data that is easier to handle, among other things.[9]

 

As a side note, GCHQ was originally established after the First World War as the Government Code and Cypher School (GC&CS) and was known under that name until 1946. During the Second World War it was located at Bletchley Park, where it was famed for its role in the breaking of the German Enigma codes.

In 2013, GCHQ received considerable media attention when NSA whistleblower Edward Snowden revealed that the agency was attempting to collect all online and telephone data in the UK via the Tempora programme

 

Data was obtained from interceptions made by all branches of the military, the police, the Post Office and information handed over by cable companies. Staff had little formal training, and struggled against difficult government actions (like giving away a code had been cracked, causing it to be changed.) Only in the thirties did Germany become a serious target for GC&CS, and a fear that German codes were unbreakable had to be educated out. Shortly before World War 2 broke out the GC&CS code breakers were bolstered by the recruitment of mathematicians like Alan Turing, having previously filled their teams with linguists.

As World War 2 looked likely, GC&CS was moved to ‘Station X’, Bletchley Park, where it worked to break enemy codes throughout the war. By the end of the war GC&CS had been turned into GHCQ. < Where many of the greatest computing theorists worked (Turing, (Alan Mathison Turing, OBE, FRS (/ˈtjʊərɪŋ/ TEWR-ing; 23 June 1912 – 7 June 1954) was a British mathematician, logician, cryptanalyst, philosopher, computer scientist, mathematical biologist, and marathon and ultra distance runner. He was highly influential in the development of computer science, providing a formalisation of the concepts of “algorithm” and “computation” with the Turing machine, which can be considered a model of a general purpose computer.[2][3][4] Turing is widely considered to be the father of theoretical computer science and artificial intelligence.[5])

 

Hut 6 (the section tasked with breaking German Army and Air Force Enigma messages ) were the Machine Room, plus the Decoding Room and Registration Room with mainly female staff

Turing

Gordon Welchman, who refined Turing’s design of the ENIGMA machine studied Mathematics as a scholar at Trinity College, Cambridge from 1925 to 1928. In 1929 he became a Research Fellow in mathematics at Sidney Sussex College, Cambridge, a Fellow in 1932, and later Dean of the College

Conel Hugh O’Donel Alexander, CMG, CBE (19 April 1909 – 15 February 1974), was an Irish-born British cryptanalyst, chess player, and chess writer. He worked on the German Enigma machine at Bletchley Park during World War II, and was later the head of the cryptanalysis division at GCHQ for over 20 years. In chess, he was twice British chess champion and earned the title of International Master. He was usually referred to as C.H.O’D. Alexander in print and Hugh in person. “In playing through an Alekhine game one suddenly meets a move which simply takes one’s breath away.” <-exciting guy  Moved to Hut 8 )Naval InT

One codebreaker concerned with Cryptanalysis of the Enigma, John Herivel, discovered what was soon dubbed the Herivel tip or Herivelismus. For a brief but critical few months from May 1940, the “tip”, in conjunction with operating shortcomings or “cillies”, were the main techniques used to solve Enigma. The “tip” was an insight into the habits of the German machine operators allowing Hut 6 to easily deduce part of the daily key.

ENIGMA

Apart from some less-than-ideal inherent characteristics of the Enigma, in practice the machine’s greatest weakness was the way that it was used. The basic principle of this sort of enciphering machine is that it should deliver a very long stream of transformations that are difficult for a cryptanalyst to predict. Some of the instructions to operators, however, and their sloppy habits, had the opposite effect. Without these operating shortcomings, Enigma would, almost certainly, not have been broken.[83]

Cillies in the operation of the four-rotor Abwehr Enigma included four-letter names and German obscenities.

 

The Internet is still evolving from a decentralized, semi-codified, set of agreements between network owners & each other; & between network owners & corporate, governmental, organizational, & individual users. It  provides a convenient means to communicate & to move monies rapidly. The international nature of the Internet, the relative anonymity that can result, & the built-in capacity for automated, asymmetric violence make the Internet particularly well-suited for crime & warfare.

Steven Bellovin classically stated, “Firewalls are barriers between “us” and “them” for arbitrary values of “them.””