NSA creates US citizens' profiles by collecting metadata, public and commercial data
Posted on 30 September 2013.
In 2010, NSA analysts were instructed to disregard previous restrictions when it came to analyzing phone call and email logs belonging to Americans that had connections to foreign targets, and to use any other information data they could collect about the person from public, commercial and other sources to create a detailed picture of their lives and their connection to the person of interest, NYT reports.

The change was noted in a 2011 memo leaked by NSA whistleblower Edward Snowden, which also enumerated the restrictions that did stay in place and new ones that were added.

For example, analysts could perform the tracing of American contacts only if they were able to cite a foreign intelligence basis (terrorism, spying of foreign politicians, weapons proliferation, etc.) for such a probe.

They were also urged to follow established “minimization rules”, i.e. they were not allowed to share the data thusly collected with other federal agencies except when it indicated that a crime was or was to be committed or when their input was necessary to make sense of the information they collected and analyzed.

These new instructions concerned just the phone and email metadata. If they believed that the information they gleaned pointed towards something shady going on, the NSA still had to as the intelligence court to give permission for wiretapping the American citizen of interest.

Nevertheless, what should grate Americans the most about this latest revelation is that the decision to let analysts continue with their work even if the call or email "chaining" process lead to a US citizen was made in secret - "without review by the nation’s intelligence court or any public debate."

The policy change was justified by a 1979 Supreme Court ruling that said Americans could have no expectation of privacy about what numbers they had called.

"Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ 'metadata,' which includes the timing, location and other details of calls and e-mails, but not their content," say NYT reporters. "The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court."

The new policy was authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey in 2008, but it was only after a pilot project successfully performed this "social network graphing" that the policy was finally implemented.

The leaked documents don't mention - and the NSA refused to tell - which phone and e-mail databases are used to graph these social connections. But the documents share the name of one of the main tools that aggregates the collected information and allows analysts to work with it.

It's called Mainway, and according to the report, it is fed daily with huge swaths of data coming from sources such as "the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked."

"NSA analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say. Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter," the reporters point out the problem.

It is unknown how many Americans' lives and actions have been surreptitiously been scrutinized with the help of this policy.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //