The Truth About NSA

The revelations about the National Security Agency (NSA) obtaining the telephone and internet records of Americans is and should be disturbing – until the full course of facts are known. The more paranoid among us are likely heading off to Homing Pigeons R Us or stocking up on cans and miles of string.  But that’s understandable.

To the civil liberties purists, this is proof that the government wants to control us.  To the conservative population, it’s more evidence of Barack Obama’s Stalinist intent.  To liberals, this is another right wing attack on their beloved POTUS.

Actually, it’s none of these.

Given the seriousness of these current events, it is necessary to look at what information is available and study it carefully.  So far, the knee-jerk outrage is dominating the conversation and the reputation of an agency that has provided security and safety to the nation for over 60 years is being damaged without warrant.

In the last decade, there have been five people touted as NSA “whistleblowers;” Bill Binney, Tom Drake, Adrienne Kinne and David Murfee Faulk and, now, Edward Snowden.

It would violate an oath for me to discuss Binney and Drake, but I will say that neither of them are the noble, conscience-driven patriots they’ve been made out to be.  Kinne and Faulk were intercept operators appalled that NSA was intercepting the calls of armed forces personnel in the Middle East.  This story died quickly as the public realized the true nature and intent of those intercepts as a standard and cautionary practice to diminish the potential of security breaches from war zones.

Snowden, based on accounts in the press – the only information I have seen or am aware of – is nothing more than an opportunistic loser.  More on him later.

Consider that NSA, founded in 1952, has employed tens of thousands, no doubt hundreds of thousands of civilian, military and contractor personnel in those 61 years.  Online speculation suggest as many as 30,000 people are NSA-associated at any given time, so it would not be overreaching to use, as an estimate, 500,000 in the course of its history.  And, of course, this dosn’t include the tens of thousands of foreign, private industry and academic partners and members of Congress – and their staffers.

Out of well more than a half a million people, five – FIVE – have had suffered such moral indignity to become “whistleblowers.”  That would be .001%.  It is more than reasonable to expect that, given the diverse and eclectic nature of the NSA population, including those not in its employ but privy to its work, in 61 years a substantially higher percentage of individuals would have blown the metaphoric whistle.  But that is not the case.  It’s one one hundred-thousandths – or less since I’ve used a very conservative estimate of total employees.

One one of that miniscule number is Edward Snowden, the current poster child for privacy and citizen rights.

EDWARD SNOWDEN

There are holes – damaging holes – in the Edward Snowden story. This self-styled “whistleblower” is being hailed as a hero by those who either choose to ignore the obvious or are not smart enough to notice it.

A high school, community college and military drop-out, Snowden apparently could do no more than an “equivalency degree” in three years between 1999 and 2005.  He was gone from the Army reserves in four months, claiming he was discharged after he broke his legs in an accident. An Army spokesman said he could not comment on Snowden’s claim that he broke his legs in training because it involved medical records.  Ironic, isn’t it?  His medical records are sacred, yet …

Snowden has stated that he was a security guard at NSA – which would have been with a contractor – before working as “information technology” with the CIA.  I’ll stop here because this brings up a critical point.

When people claim they did certain things with certain intelligence agencies, we – primarily the news organizations – pretty much take them at their word.  This is because the CIA, NSA, DIA and all the other Secret Sisters will not confirm or offer what present or former employees did.  There are approved resumes that are very generic, but those resumes won’t say “covert officer,” “field operative” or anything else beyond the very basics.  With Edward Snowden, we really do not know what he did for whom.

He says the CIA stationed him in Geneva in 2007 (will Langley confirm?) and that he left two years later.  Why?  Sounds like a pretty nice gig to me.

According to reports, Snowden said he left the CIA in 2009 to work for private contractors Dell and Booz Allen. It was with Booz Allen that he got assigned to NSA offices in Japan and Hawaii. If this story didn’t already, things begin to smell.

Booz Allen said he has been an employee since March.  According to the timeline, in three months, Edward Snowden worked for Booz Allen in both Japan and Hawaii.

Snowden told The Guardian he had access to the full rosters of everyone working at  NSA, the entire intelligence community and undercover assets around the world.  This is a lie.  Snowden may have had access to NSA’s in-house directory and, possibly those of some agencies, but he was NOT privy to “everyone” or the “entire” community and he sure as Hell didn’t get the names of “undercover assets around the world.”  Such information is highly compartmentalized as is much of what Snowden alludes to know.  One of the IC’s handling instructions such as NOFORN (Not for Foreign Dissemination) is one that specifically eliminates contractors from having access.  As a contractor, there is quite a bit of information unavailable to Edward Snowden.

Snowden told The Guardian he made about $200,000 a year.  Therein another curiosity to the story.  This would have an un-degreed high-school dropout making as much as the highest paid Senior Executives in government.  

Here is the Office of Personnel Management pay scale for Hawaii.  It tops out at $151,000.  And that grade, 15, is not possible to attain without a college degree. I don’t know what Booz Allen’s pay scale is, and I’m sure there are cost of living provisions for high-dollar Oahu, but $200 grand is a bit steep.

I’ve not found specifics about his life or work in Japan or by whom he was employed, but we now know that he went to Hawaii, at least, with the intent to collect and leak classified documents.

According to the Guardian

In January, Snowden reached out to a documentary filmmaker and journalist, Laura Poitras, and they began to correspond. In mid-February, he sent an email to Greenwald, who lives in Brazil, suggesting he might want to set up a method for receiving and sending encrypted emails. He even made a YouTube video for Greenwald, to take him step-by-step through the process of encryption.

TIME AND PLACE

So Edward Snowden hops off to Hong Kong to leak his story and seek asylum.  The geography cannot be ignored nor can the timing. The PRISM story was published the day before President Obama began his summit in California with Chinese President Xi.

For years, the U.S. Intelligence Community, led by the National Security Agency, has been warning the government about Chinese government-sponsored hacking and other intrusions into American information systems.  There is no speculation about Chinese government involvement; it has been proven.  For this story to break at the same time the two President’s are meeting is just too delicious a coincidence.

A simple internet search on “China cyber warfare” will deliver to your browsers over two million hits.  We are, without possible doubt, at war and in this digital conflict, the People’s Republic of China fears the National Security Agency far more than they do our nuclear arsenal.

The “revelations” by Edward Snowden, hiding in China, are working to discredit NSA and has the potential to diminish the greatest threat to our adversaries – be they governments or terrorists.

There is already an outcry about attacking the messenger, but the questions MUST be asked; Why did Edward Snowden do what he did?  How accurate are his allegations?

 DATA

In the Fall of 2001, my alma mater, the University of South Carolina, was having an uncharacteristically good football season.  The Gamecocks started out 5-0, 4-0 in SEC play with a road win against conference rival Georgia and a dramatic come from behind win over Alabama. I was trolling the college football message boards to scout the upcoming competition and generally see what everyone was saying about my team when I came across something very curious.  There, deep in a southern college football forum, was an exchange in Arabic.  There was little text because most of the exchanges were images; images of landscapes.  There were beach scenes, meadows, mountains and forests.  On a southern college football bulletin board.  Although I had no clue who the communicants were or where they were located, I did have an idea about the messages.

From Wikipedia:

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. 

Simply put, messages imbedded in the code of digital photographs and other media.

This is important because it is necessary for people to understand the clever, if nefarious, ways information is being transmitted in the 21st Century.  Of course, there are scores of other ways, but this illustration is among the less complicated.

Before the internet and cell phones, bad guy communications were easy to find, though not necessary easy to understand.  Governments – and particularly their military forces – communicated on specific radio frequencies.  Transmissions were encrypted or otherwise coded to avoid scrutiny by adversaries.  This was a cumbersome means of information sharing, but it was what the technologies of the day permitted.  Once global communications went digital, however, all that changed.

Today, bad guys – be they governments, terrorist organizations, organized crime or in-laws – use the same networks and systems as churches, schools, business, industries and private citizens.  It’s cheaper, faster, global and more efficient than using dedicated circuits or radio waves and with sophisticated software encryption, the world-wide information grid is equally as safe if not more so.

There are some very cumbersome details involved in the collection of intelligence, none more so than in the gathering of that related to communications.  Although most will choose not to believe it, the Constitution is sacred to the people who run and work in the National Security Agency.  The Fourth Amendment is assiduously followed and preached at all levels of the agency.  That alone makes the collection of communications intelligence difficult.

Not only are American human beings considered citizens with Constitutional rights, but so are American-owed companies.  Unless and until an American “citizen” can be proven to the court that it is an agent of a foreign power with reasonable belief to be potentially harmful to the security of the United States, that citizen, be it human or corporation, is protected from scrutiny.

Here’s where things get very sticky.

A huge volume of global internet traffic actually travels through the United States, even if the communicants are not physically in the country.  Servers, cables, satellites and other telecommunications equipment and transmission media are owned by American companies.  Even though those resources may actually reside in another country, ownership provides it citizen status.

map_big
Global Internet Protocol Map
Click for larger image

Further, most email and database servers are also American, again, either resident in the United States or owned and operated by American companies.  Once again, those servers are protected by the Fourth Amendment.

This means that Terrorist A in Afghanistan talking to Terrorist B in Indonesia might conduct their conversation over American-owned communications. The example of the Arabic exchange with images could well be an example of foreign bad guys using American assets to communicate. 

To better understand the gigantic sea of digital data in which bad guys of all types can hide, it’s necessary to understand the size of the currents across which they communicate.  The following statistics are for 2012 and come from Pingdom, a Swedish company that monitor sites and servers on the Internet.

Internet users

  • 2.4 billion – Number of Internet users worldwide.
  • 274 million – Number of Internet users in North America.

Web pages, websites, and web hosting

  • 634 million – Number of websites (December).
  • 51 million – Number of websites added during the year.
  • 43% – Share of the top 1 million websites that are hosted in the U.S.

Social media

  • 1 billion – Number of monthly active users on Facebook, passed in October.
  • 200 million – Monthly active users on Twitter, passed in December.
  • 175 million – Average number of tweets sent every day throughout 2012.

Mobile

  • 1.3 billion – Number of smartphones in use worldwide
  • 6.7 billion – Number of mobile subscriptions.
  • 5 billion – Number of mobile phone users.

Images

  • 300 million – Number of new photos added every day to Facebook.
  • 5 billion – The total number of photos uploaded to Instagram since its start, reached in September 2012.

Video

  • 14 million – Number of Vimeo users.
  • 200 petabytes – Amount of video played on Vimeo during 2012.
  • 150,648,303 – Number of unique visitors for video to Google Sites, the number one video property (September).
  • 4 billion – Number of hours of video we watched on YouTube per month.

The volume of telephone and internet traffic is mind-boggling, and it grows every year.  THIS is where the bad guys live.  They communicate, educate, recruit, surveil and steal on the same networks that everyone uses.  To further emphasize the point, look at the photo below and imagine that there is a nuclear bomb in one of the vehicles.  This isn’t a fanciful idea since we know such weapons can be made small enough to find in a car.

Which vehicle has the bomb?  Do you profile – a strict no-no in today’s America?  Do you stop every single car and truck on the highway?  You could use some search criteria such as vehicle type and maybe even tag number if you have that information.  How do you know to look on this particular highway and this particular time?  Do you scan every vehicle with radiological “sniffers” as they go by?  What give you the right to scan the vehicles of private citizens?

Now, suppose your information indicates that the bomb will be detonated in the next hour. What do you do?

The volume of internet and cell phone traffic is exponentially larger than is depicted in the photograph, but the point is the same. 

Of an estimated 5,981,000,00 mobile phone numbers globally, 323,000,000 are in the United States (103% of population). If just one-third (108,000,000) of those phones make ONE 60-second call in a 24-hour period, that would equate to 108 million minutes or 1,800,000 hours or 75,000 days or 205 years of conversation PER DAY every day. Using only 1/3 of U.S. cell phones, between January 1st and December 31st, nearly 75 THOUSAND YEARS of telephone conversation are generated. And these are conservative numbers.

In reality, it’s estimated that there were over 900 billion cell phone calls made just in the United States last year and not all of these are real conversations. What about butt dialing, late night drunk calls, harassing (ring and hang up), dropped calls, voice mail retrieval and just checking in? (If each of those 900 billion calls averaged one minute: 1,712,329 years of conversation)

Consider, too, what else people are doing on these phones in addition to making voice calls.  They’re texting (trillions!), conducting banking, searching the web, making point-of-service payments (I use mine at Starbucks), navigating via GPS, playing online games, watching movies and TV, checking sports scores, sending and receiving video, Tweeting and Facebooking. What the court order mandated was that Verizon provide NSA with metadata of phone calls.  That is, the technical parameters of the communications – billing records.  What was specifically prohibited was the content of the calls. So, what’s the difference?

The metadata is, as Wikipedia puts it, data about data.  Here is how the court order reads:

IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the National Security Agency (NSA) upon service of this Order, and continue production on an ongoing daily basis thereafter for the duration of this Order….an electronic copy of the following tangible things: all call detail records or “telephony metadata” created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.

Telephony metadata includes comprehensive communications routing information,. including but not limited to session identifying information (e.g., originating and terminating telephone number… and time and duration of call. Telephony metadata does not include the substantive content of any communication, as defined by 18 U.S.C. ? 2510(8), or the name, address, or financial information of a subscriber or customer.

The content, that which was not allowed and, apparently, not sought by NSA, is the actual conversation – what was being said.  No voices were recorded.  Look at the numbers above.  Why would they want the conversations of “every American?”

What NSA wants is the technical parameters of the global cell phone environment.  When the agency gets information about bad guy communications, it needs to be able to search through the environment and find out what numbers are associated with him.  It’s like looking at for friends of friends of someone on Facebook, or following a Follower of a Follower on Twitter without looking at the posting or tweets.

There is one more point for U.S. citizens to consider.  If NSA is as nefarious as some are making it out to be, why did it even bother to go to a FISA court for permission?

EMAIL

And then there is email.  Best estimates are that over 294 billion per day; 2.8 million every second.

And here’s the kicker; 80-90% of those were spam and viruses. There are nearly 2 billion legitimate email users and 3 billion email accounts worldwide, more than one in every five persons on the earth.  Of these 730 million were business email accounts. As afraid of NSA as people seem to be, consider the following from Gigaom.com:

  • Apple: Apple is operating a multiple-petabyte Teradata system. Apple uses the data warehouse to get a better understanding of its customers across product groups. Now every piece of identifiable information — and those iTunes interactions generate a lot of data — goes into the system so the company knows who’s who and what they’re up to.
  • Wal-Mart: The retail giant deployed Teradata’s first-ever terabyte-scale database in 1992, and it has grown, uh, a bit since then. Its operational system was at 2.5 petabytes as of 2008, and is certainly leaps and bounds bigger by now — likely well into the double digits when you consider it operates separate ones for Wal-Mart and Sam’s Club as well as a backup system. The analytics efforts have essentially helped Wal-Mart become a massive consignment shop. It tells suppliers, “You have three feet of shelf space. Optimize it.” And then it gives them any data they could possibly need to determine what’s selling, how fast and even whether they should redesign their packaging to fit more on the shelves.
  • eBay: eBay has two systems in place, and they’re both big. Its primary data warehouse is 9.2 petabyes; its “singularity system” that stores web clicks and other “big” data is more than 40 petabytes. It has a single table that’s 1 trillion rows.

For comparison, the capacity of the NSA Utah Data Center is reported to be about 4,900 petabyes. Considering the global volume of data outlined above and the world-wide scope of its charter, NSA is pretty much on a par with eBay and Wal-Mart.

The point to all this arithmetic is that the mass of information through which the National Security Agency must sift in pursuit of real bad guys is so astronomical that collecting all email and listening to all phone calls is more than just illegal, it’s not possible, efficient, smart or worthwhile. Even a fraction of it poses a huge burden of search and discovery.

WHY THE DATA?

NSA combs through telephone billing records and internet traffic looking for bad guys. What happens when they find one? The intelligence community (law enforcement, State Department,Defense Department, Customs, etc.) have and share databases on foreign bad guys. They collect whatever information they can on them and cross-reference that data with their own specialized intelligence. When that information includes “signals” such as telephone or fax numbers, email addresses and so on, NSA goes to work trying to find related communications in the vast digital universe that covers the globe.

If “A,” known bad guy in Pakistan is identified and, with him, associated telephone numbers, NSA will search the spectrum for communications on those numbers, whether the call originated with them or were made to them. Understandably, any number called by “A” or that calls him will become of interest. What then, if “A” gets a call from “B” in the United States? Should that number be dismissed because it presumably belongs to a U.S. citizen, or should it be considered a number of interest? If this is a puzzle to you, you are a fool.

NSA can not and does not listen to the conversation between “A” and “B” but rather gives “B’s” number and his potential association to “A” to the FBI. By having access to telephone metadata, NSA can scan through it to find out if “B” contacted anyone foreign persons of interests. The FBI will check out – with a warrant – internal U.S. associations.

Were NSA to record and store all the conversations and emails and search histories of just every American, it would take many more Utah Data Centers and a gigantic super-computer farm. The fact is, the agency doesn’t do that. NSA has no interest in pumpkin pie recipes, breakup stories, gossip or a recitation of your trip to Cozumel. It is trying to find bad guys, so face it, NSA just isn’t that into you.

The accusations of domestic spying by the National Security Agency are serious and disturbing. Most people realize the scope of the problem, and are not assuaged by a “trust me” attitude by the government.  Frankly, with the Obama Administration, that is more understandable than ever.  But in the case of NSA allegedly spying on American citizens, there are significant points that need discussion.

SNOWDEN

Consider what we know about Edward Snowden; his background, his curious movements before and after the leaks and, most importantly, his choice of refuge. Edward Snowden has told multiple lies in his interviews.  He claims he had access to the name of every NSA employee and everyone in the US intelligence community as well as every foreign operation that the United States is now running and its purpose.  Snowden was a contractor as part of Eagle Alliance, a consortium of companies hired by NSA to conduct “Non-Mission IT.”  That means he did NOT have the accesses he claims.  He lied.  Might a liar also commit forgery?

Espionage?

I will also reiterate that considering the hundreds of thousands of people who have worked for or with NSA or been privy to its operations in the last 61 years, why is it that so tiny a fraction of people have publicly “exposed” what they consider to be questionable practices?  I can say with certainty it’s not because of political agenda or fear of reprisal.  Those who have come forward do so under sketchy circumstances and/or have personal issues that make their claims questionable.

CHINA

For years, China has been attacking U.S. computer systems: government, corporate, industrial and academic.  That the Chinese have been waging cyber war against the United States and other western countries is not debatable.  NSA, with its Director, General Keith Alexander leading the charge, has publicly warned Congress and American corporations about the very real damage China has been and will continue to inflict on our national information systems.  The People’s Republic of China fears the National Security Agency far more than they do our nuclear arsenal.”

What better way to marginalize the NSA threat to China’s cyber offensive than to create a domestic hostility for the agency?  Using an “insider” to claim NSA is reading American’s emails and listening to their phone calls, a public backlash against NSA can be fashioned that would turn very shade of the political spectrum against it. That is precisely what has happened.  Score for China.

The Right considers this another Obama grab for our freedom and the Left, well, the Left just hates anything related to intelligence and protecting the security of the country.  Another score. And Snowden’s revelations coming at the same time as President Obama’s summit with President Xi cannot be reasonably considered a coincidence.  Three to nothing, Peoples Republic of China.

THE DAMAGE

The resultant investigations, hearings, legislation, media bashing and general public suspicion could severely hamper the most powerful cyber force in the world.  And if it meant the firing of or resignation by General Alexander, all the better.  Since the position of Director of NSA, who is also Commander of U.S. Cyber Command, is nominated by the President of the United States, a gun-shy and administratively incompetent Barack Obama would no doubt select as Alexander’s replacement someone likely to lead the agency on an all-too cautious and ineffective path.  Gooooooal China.

NSA AND THE LAW

Believing the current prevailing spin relies on an assumption that NSA violates an inbox full of laws.  No matter what some may think, that doesn’t happen.  There are very strict – VERY STRICT – procedures in place and enforced to prevent illegal actions.  The sanctity of the Fourth Amendment is paramount at NSA. It is drilled into every employee from the first day on the job and repeatedly thereafter.  NSAers are required to review legal procedures and protocols every year and reminders of the agency’s commitment to the law from the Director and other leaders are routine.

The law is not a cavalier concept nor is it paid lip service at the National Security Agency.  But that assertion will not convince the conspiracy-minded or those with political or nefarious agendas.

THE CHARACTER OF THE CHARACTERS

On a personal note. I know the NSA Director, General Keith Alexander and Deputy Director Chris Inglis.  These are men of the highest integrity and honesty.  Neither they nor any of the decision-makers at NSA would consider, tolerate, propose or entertain any effort to break the spirit or the letter of the law.  I am supremely confident that Alexander, Inglis and a host of other leaders at the agency would resign rather than accommodate any order, be it from the President, the Secretary of Defense or the Director of National Security that would compromise their principles or violate the law.  I don’t expect many people to be persuaded by my characterization of the NSA leadership, but it is important to me to say it.  It is equally necessary for the public to scrutinize who Edward Snowden is, what he has actually done and question his motives.  And if character is to be taken into account, I choose that of Keith Alexander over Edward Snowden any time.

I will also offer that the NSA Office of the General Counsel is a strict disciplinarian organization.  Nothing gets by the OGC.  One of the senior attorneys in the OGC once told me it was his job “to keep the Director out of jail.”  If PRISM or the cell phone metadata program came within a light year of General Alexander, the OGC would shut it down faster than Barack Obama could accept a campaign donation.

THE BOTTOM LINE

The intent of this article is not just to serve as a character witness for the National Security Agency, but to point out some of the stark realities of its mission and the environment in which it must perform that mission.  NSA cannot defend itself without violating its own code of security.  To prove, without question, the agency’s compliance with the spirit and the letter of the law would also reveal far too much information to our adversaries about intelligence collection.  That sounds like an excuse, but it is the truth.  So many people instantly believed Edward Snowden, my hope is they will take a breath, use some logic and think this through.

The National Security Agency is not listening to your phone calls or reading your email.  It is doing its damnedest in a difficult and complicated digital world, to identify and marginalize people who wish to do us harm.  There is neither value nor interest in what you say or do online or on the phone.

Intelligence is a contact sport.  It cannot be accomplished with success if it is practiced with timidity.  Adherence to the law is not timid and, although laws are, by design, restrictive, dynamic intelligence procedures can and do provide our national decision makers with valuable information.No one is expecting carte blanche for any part of the intelligence community, nor do any of the agencies involved ask for it.

NSA has been diligent about keeping Congress and its Executive Branch masters informed of its operations and the agency’s leadership is equally diligent about following the law. All it can ask the American public is that it be fair.

CS

2 comments

  1. Its like you read my mind! You seem to know a lot about this, like you
    wrote the book in it or something. I think that you can do with a
    few pics to drive the message home a bit, but instead of that,
    this is fantastic blog. An excellent read.
    I will certainly be back.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s