On April 24th, as part of the Watson Institute for International Studies’s Security Seminar Series, Bruce Schneier gave a talk about the state of the NSA called Internet, Security, and Power. Schneier, a cryptographer and fellow at the Berkman Center for Internet & Society at Harvard Law, is an all-around security guru and the talk, which focused on the NSA’s controversial tracking programs, was totally packed. For the most part, the attendees were all connected to Brown’s computer science department.
In general, I found Schneier’s talk to be very informative and useful. As a security expert and advisor, he has real insider knowledge about the NSA, and so his talk offered clear and concise information about some of these clandestine programs. Such concrete information is useful and hard to come by. Surrounded by the legalese and outright lies flying around, it’s difficult to get such a coherent picture of what the NSA is doing.
As a layman, it is easy to feel uneasy with the NSA’s tracking programs, but difficult to know their full extent. For example, an average American might know that the NSA collects information from telephone companies and Internet Service Providers (ISPs) but not exactly how that information is gathered or put to use. Therefore, in this post, I will document a few of the NSA’s most potent and widely-used data collection and analysis programs.
PRISM: By far the most commonly known of the NSA’s shadowy programs, PRISM allows the NSA to gain access to information hosted on servers belonging to the Internet’s largest companies. In fact, Schneier said that the NSA actually encouraged these companies to make their software easier to eavesdrop on. Under the Protect America Act of 2007, if an NSA analyst has 51% confidence that their target is foreign, it becomes legal for them to employ electronic surveillance through PRISM.
UPSTREAM: This is a blanket name for four smaller programs (FAIRVIEW, BLARNEY, STORMBREW, and OAKSTAR), all of which are used for intercepting telephone and internet traffic as it passes through the United States. Because of the distributed nature of the Internet, information flows through paths that are not always the shortest but instead have the smallest cost or “weight”. The United States, as the birthplace of the internet, has a privileged position as a “backbone” which means more information passes through its internet nodes than might otherwise, which gives the NSA more fodder for collection.
The above NSA programs were designed to help the NSA collect data. The following programs are designed to help the NSA analyze and act on that data.
CO TRAVELER: Schneier talked a lot about this program, which is used to identify targets and their associates through this information. CO TRAVELER finds and relates individuals who are in each others’ presence more than usual, both domestically and abroad. It’s also used to track phones that are only turned on briefly, or that approach each other, turn off, and then turn back on elsewhere. As a result, when the NSA tracks, irregular patterns of phone disuse are flagged as readily as irregular patterns of use. Schneier used this cleverness as an example - while the NSA has incredibly smart, creative and resourceful people working on algorithms for data processing and analysis, they are not, as he says, “made of magic.”
XKEYSCORE: Described as “Google for the NSA”, XKEYSCORE is a means of searching and surveilling users’ internet activity. An analyst need only type in a justification and an email address to read all of somebody’s emails. Or, he could track their HTTP activity in real time, which is basically their entire internet browsing session. In order to do this, XKEYSCORE queries existing NSA databases and also interfaces with other data collection vectors. In fact, so much information passes through its databases every day that it must be refreshed daily. However, all pertinent information is saved in one of three other NSA databases: MARINA, PINWALE, or TRAFFICTHIEF. These databases cache requisitioned data from XKEYSCORE with increasing levels of granularity.
Here I’ve described some of the more passive techniques that the NSA uses to collect and analyze Internet user data. Because these require less constant oversight they are much more likely to be applied to average Internet users. However, the NSA uses many other more invasive tools to gain information from people they actually suspect to be targets. The Office of Tailored Operations (TAO) is the NSA’s department for exploitation - finding holes, and hacking into computers. TAO employs a program called QUANTUM which uses multiple vectors for invading and gaining access to targeted computers. While the 51% confidence rule still applies to TAO, they have historically been much more discriminating in their domestic actions.
I would say that in the end, Schneier’s talk was a hopeful one. Despite the shocking magnitude of these programs, he genuinely believes that the release of the Snowden documents will precipitate a sea change in the NSA’s organizational culture. He pointed to the NSA’s increasing tendency to contract out jobs as a positive sign - in part because, whistleblowers, particularly the younger, tech-savvy ones, feel more comfortable now that ‘company loyalty’ has ceased to be the gag it once was. Furthermore, the blowback resulting from the Snowden scandal has encouraged tech companies to fight NSA pressure as a PR move where they once may have caved. And finally, the Snowden scandal has brought these matters firmly to the forefront of the public consciousness. By educating ourselves about the NSA, its policies, and the greater state of internet security and privacy, we can begin to make the changes that will lead to safer, freer lives.