Friday, April 2, 2010

The Watchers

The rise of America's Surveillance State
Shane Harris

Despite the Orwellian subtitle, this book does not claim that our every email is being read and phone call listened to by government spies. Even if they wanted too there is just too much data. They would be drowning in it.

The Watchers is the story of the use of electronic surveillance to find and counter terrorist threats. Since 9/11, with a great deal of hard work and a bit of luck, several plots to attack the U.S. at home and abroad have been foiled. The National Security Agency, or NSA, charged with electronic surveillance, has pieced together a picture of terrorists networks by tracing who calls or emails known terrorists and then who calls those people and so on, working outward to build a graph, showing each person as a point, connected with lines.

John Poindexter, who was Ronald Reagan's National Security Adviser and who had approved Ollie North's "neat idea" to use money from the sale of missiles to Iran to fund the Contra insurgency in Nicaragua, had another neat idea in 2002. Why not use the new methods of data mining to find terrorist cells by looking at the meta data generated by the internet, telephone calls and credit card transactions? Meta data is not the content of those calls and transactions, but the addressing - who called whom, where a card was used. Poindexter thought that terrorist networks would leave a signature in the noise of meta data that he could learn to interpret. He took his idea to DARPA, the Defense Advanced Research Projects Agency, where he was put in charge of a research project known as Total Information Awareness.

Meanwhile the NSA began looking at ways to use meta data in building it's charts, which grew to be called the BAG or "Big Assed Graph." These graphs were often too complex for interpretation, "hair balls," NSA analysts called them. It was hard to tell the conspiracies from the calls to Pizza Hut to order a large pepperoni with extra cheese.

Both the NSA and DARPA efforts had another, and larger problem; the Foreign Intelligence Surveillance Act. Written in the 1970s, the FISA act prohibited spying on United States persons without a warrant. United States persons are everybody here, not just citizens, and therefore would include the members of terrorist sleeper cells, hiding somewhere in Wisconsin, as well as foreign exchange students at high schools and colleges and Pakistani doctors working in your local emergency room.

FISA did not contemplate the existence of meta data. How then, to interpret FISA regarding these data mining programs? It would be impossible to apply for an individual warrant to look at the addressing of every email, telephone and credit card account that would need to be entered into a giant database for analysis. The programs were not reading anybody's mail or listening to their calls, either, just using their addressing information - like looking at the address and return address on millions of envelopes.

Poindexter addressed this problem at DARPA by using artificially generated data. His was a research project, not net, actual terrorist hunting, so he could afford to wait until Total Information Awareness was developed before having to address a change in FISA in order to use it in actual practice. Under Michael Hayden's direction, the NSA program got a finding from President Bush which interpreted FISA in such a was that they could use actual meta data and would only need to request a warrant when someone's actual mail, calls or transactions needed to be read.

By 2004 the Total information Awareness program had another problem. When it became publicly known that John Poindexter, infamous from the Iran Contra scandal, was running a secret government program called Total information Awareness, that sought to spy on everything anybody did anywhere, anytime and that it had this logo - things got a bit ugly.

The fact that this was an unfair characterization of the program, which would not read your mail and was not using real data, at least yet, did not matter. The plug was pulled by Congress and the program ended - except that it's research and methods were taken over by NSA and applied to it's experiments using real data, which still was generating uninterpretable hairballs.

The Watchers asks some interesting questions. How much are we willing to allow government to look at our electronic transactions in order to keep us safe from attack. Does it really matter if they use our meta data at all? Will it do any good? To this day the hard work of connecting one conspirator to another, guilt by association, even with the burden of applying for warrants for each U.S. person, is still far more effective than attempting to interpret the vast amount of meta data generated each day. John Poindexter's terrorist data signature has not been found. Your supermarket is mining your data every time you visit the store. Do we have anything to fear from the NSA looking at it? What does privacy even mean anymore in the era of Facebook, when we publish so much about ourselves online?

My supermarket can't seem to get any farther than offering me cents off coupons on brands of laundry detergent and dog food I don't like. Hopefully NSA's software has become more sophisticated than that in it's attempt to use data mining to find out who to spy on. Yet it is still, according to The Watchers, producing mostly hair balls.


Post a Comment

Comments will be moderated - so keep your comments moderate!

OpenID users will have their blog links again, yay!