A Quick Opinion on the Patriot Act

As many of you may know, I, T. Hyphen Asterisk, was in the Navy for over 30 years both active and reserve. The entirety of my career was spent "behind the green door" in secure spaces. In my case, the green door was entire buildings, but for many of my fellow sailors, it could have been a cramped, closet sized compartment on a ship or a sub. Nevertheless, the intelligence which we gathered gave the US and our allies the edge in putting the Cold War to bed (despite the best efforts of traitors such as Aldrich Ames, Ronald Pelton and the Navy's scourge, John Walker.)

After joining the Navy Reserve, my assignment was to a unit which worked in and around the NSA in this iconic building. One of the missions which our organization was assigned to prosecute was Own Force Monitoring or OFM. If you have ever been on a military base, you certainly saw the stickers on every telephone reminding you that your conversations may be subject to monitoring. Well, guess who did the monitoring. Yep, that was us.

While I was only marginally involved in working the mission, I was involved in a lot of the planning, especially when it concerned the new (at the time) threat of security leaks through email. As such, I had to conform to the same strict requirements of all other personnel, including mandatory semi-annual training (usually at least four hours of instruction). We learned about relevant US law, we were taught the importance of the Olmstead case, the Katz case and many others, but the largest part of this training revolved around USSID 18. USSID 18 is the guiding directive within the Signals Intelligence community and it told us what we could and could not do when it came to collecting information involving US Persons and others.

Without going into all of the details, even when we were monitoring telephones ON A MILITARY INSTALLATION, every conversation transcribed had to refer to the individuals as Person 1 or Person 2, even if it was apparent who was on the phone. Never, ever, except in the case of something dire such as immediate threats of harm or death, were we able to pass on specific conversations. Briefings at the end of the mission involved discussing the efficacy of the command's policies, not specific conversations. And at the end of a six month period, all transcriptions were to be destroyed.

At the NSA, our group tried (usually in vain) to 'sell' our services to help the various departments sift through HUMONGOUS amounts of collected information from non-US persons. There was so much information available (keep in mind that this was essentially pre-Internet levels of collected information) that no one or no thing could work through it all. The point I am trying to make is that there is several orders of magnitude more data available now as it was then. Even with super-duper computers, there is only so much that can be done to know everything about this data.

Let's talk about metadata. For those of you who do not know, every time you take a picture with your smartphone, there is a lot more than the photo which is recorded with the jpg file. Find a photo on your computer which came from your smartphone. Right click it, select Properties, then click the Details tab. Scroll through that screen and you will see a LOT of information about your picture. Go ahead and try it. I'll wait.

So, you can see which camera you used to take the photo, the exposure settings, the dimensions, pixel depth, whether you used flash, the time and date when you took the photo and, most important, where you took it by showing the LAT and LON settings. Do you realize that every time you upload a photo to a photo sharing site such as Facebook that you are telling the world when and where you took the picture?

That, my friends, is metadata. In the case of cell phone calls, metadata can be thought of as everything about the call except what was said.

The government wants to collect the metadata (I don't believe that the currently collected metadata contains location information) so that they do not have to depend upon the various cell phone companies (Verizon, T-Mobile, Sprint, etc.) to hang onto this information for an extended period of time.

Let's look at a scenario. Let's say the FBI suspects Joe Doe (John's radical brother) of collaborating with ISIS. They get a FISA court ruling to wiretap his phone and have access to all of his calling data. They notice that he has called a US number 12 times in the past day and it did not answer. Hmmm. Who could that be? Well, by having two years worth of metadata on the shelf for every domestic phone call, it would be a 10 second query to look that up. Did this number ever call Joe Doe back? Have there been other unanswered calls to this number from other numbers? Who does this guy talk to? What if it was the pizza shop down the street. No harm there, right? But what if there are several calls from the pizza shop to a cell phone in Yemen? He probably isn't ordering more pepperoni on that number. The NSA may have some intercepts from this phone in Yemen and the authorities notice that the guys in Yemen are making a lot of calls to Syria and Iraq. For these calls, we have voice recordings and these guys turn out not to be pleasant people.

In the pre-metadata collection days, once Joe Doe's circle had been exhausted, FBI lawyers would have to go back and get another FISA ruling to check out the pizza shop. Any other numbers would have to also be included. So, what could be a one or two hour process of checking out connections in the metadata database can turn into a one or two month process of getting court orders, subpoenas to the telcos and delivery of relevant datasets. But when you post your pictures on Facebook or Twitter, or send and receive your email through Gmail, you tacitly allow these non-governmental Internet giants, who have very few legal restrictions on what they can do with your data, full and unfettered access to your stuff. But, that's OK, right? After all, everyone of us checked the box that we read and agree to the EULA.

Have you ever done a Google search for something boring like a plunger for your drain and then for the next week, you see Drain-o and plumber ads appearing on every web page you visit? Yep. They are watching. I swear that they can read text messages, too. It happens all the time. Isn't that a bit creepy? Why is it OK for Google to dig through your unprotected bits, but it isn't OK for the government to do it?

The same government which is so incompetent that they cannot find 12 million illegal aliens is going to be organized enough to keep an actionable dossier on every American? C'mon. Find some tin foil. You could use a new hat.

I would be much more worried about the IRS than the NSA and the FBI. The FBI is still using a computer system designed when Johnson and Nixon were president. They have wasted almost a billion (yes a BILLION) dollars on a new case management system and it still doesn't work. You think they are spying on YOU? Unless you are a friend of Joe Doe, don't flatter yourself. The FBI is still using paper for their case files. The NSA is manned by government civilians, military personnel and a lot of contractors. They are all trained in what they can do and not do. They are pretty damned busy with important business.

Could the NSA or the FBI look up stuff about you if they wanted to? Sure. It would be illegal as hell without a warrant, even under current law. I would be a lot more concerned about an IRS agent looking at my income for a buddy or a health care worker digging up some dirt on their best friend's husband's stay at the hospital (both of which are illegal) than I would an NSA employee in that big black building checking out who you called last night.

We live in a new, information-centric world. Just like our definitions of marriage are morphing into something we couldn't have even imagined 20 years ago, our security and law enforcement professionals need better and more accessible information unimaginable when the original FISA law was enacted in 1978. Let's give them the right to save metadata, but do it with well thought out strings attached.

 

Comments

Popular posts from this blog

How To Change a Commercial Door Lock in 9 Easy Steps

Veeam reinstallation problem - VeeamBackup

Replacing the headlamp in your 2009 Toyota Highlander Hybrid