Tuesday, January 28, 2014

NSA Decryption Multipurpose Research Facility


NSA Decryption Multipurpose Research Facility

 



NSA Decryption Multipurpose Research Facility



NSA Decryption Multipurpose Research Facility


The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)

[Excerpts of excellent NSA overview to focus on the MRF decryption facility.]
When Barack Obama took office, Binney hoped the new administration might be open to reforming the program to address his constitutional concerns. He and another former senior NSA analyst, J. Kirk Wiebe, tried to bring the idea of an automated warrant-approval system to the attention of the Department of Justice’s inspector general. They were given the brush-off. “They said, oh, OK, we can’t comment,” Binney says.
Sitting in a restaurant not far from NSA headquarters, the place where he spent nearly 40 years of his life, Binney held his thumb and forefinger close together. “We are, like, that far from a turnkey totalitarian state,” he says.
There is still one technology preventing untrammeled government access to private digital data: strong encryption. Anyone—from terrorists and weapons dealers to corporations, financial institutions, and ordinary email senders—can use it to seal their messages, plans, photos, and documents in hardened data shells. For years, one of the hardest shells has been the Advanced Encryption Standard, one of several algorithms used by much of the world to encrypt data. Available in three different strengths—128 bits, 192 bits, and 256 bits—it’s incorporated in most commercial email programs and web browsers and is considered so strong that the NSA has even approved its use for top-secret US government communications. Most experts say that a so-called brute-force computer attack on the algorithm—trying one combination after another to unlock the encryption—would likely take longer than the age of the universe. For a 128-bit cipher, the number of trial-and-error attempts would be 340 undecillion (1036).
Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. “We questioned it one time,” says another source, a senior intelligence manager who was also involved with the planning. “Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys.” According to the official, these experts told then-director of national intelligence Dennis Blair, “You’ve got to build this thing because we just don’t have the capability of doing the code-breaking.” It was a candid admission. In the long war between the code breakers and the code makers—the tens of thousands of cryptographers in the worldwide computer security industry—the code breakers were admitting defeat.
So the agency had one major ingredient—a massive data storage facility—under way. Meanwhile, across the country in Tennessee, the government was working in utmost secrecy on the other vital element: the most powerful computer the world has ever known.
The plan was launched in 2004 as a modern-day Manhattan Project. Dubbed the High Productivity Computing Systems program, its goal was to advance computer speed a thousandfold, creating a machine that could execute a quadrillion (1015) operations a second, known as a petaflop—the computer equivalent of breaking the land speed record. And as with the Manhattan Project, the venue chosen for the supercomputing program was the town of Oak Ridge in eastern Tennessee, a rural area where sharp ridges give way to low, scattered hills, and the southwestward-flowing Clinch River bends sharply to the southeast. About 25 miles from Knoxville, it is the “secret city” where uranium- 235 was extracted for the first atomic bomb. A sign near the exit read: what you see here, what you do here, what you hear here, when you leave here, let it stay here. Today, not far from where that sign stood, Oak Ridge is home to the Department of Energy’s Oak Ridge National Laboratory, and it’s engaged in a new secret war. But this time, instead of a bomb of almost unimaginable power, the weapon is a computer of almost unimaginable speed.
In 2004, as part of the supercomputing program, the Department of Energy established its Oak Ridge Leadership Computing Facility for multiple agencies to join forces on the project. But in reality there would be two tracks, one unclassified, in which all of the scientific work would be public, and another top-secret, in which the NSA could pursue its own computer covertly. “For our purposes, they had to create a separate facility,” says a former senior NSA computer expert who worked on the project and is still associated with the agency. (He is one of three sources who described the program.) It was an expensive undertaking, but one the NSA was desperate to launch.
Known as the Multiprogram Research Facility, or Building 5300, the $41 million, five-story, 214,000-square-foot structure was built on a plot of land on the lab’s East Campus and completed in 2006. Behind the brick walls and green-tinted windows, 318 scientists, computer engineers, and other staff work in secret on the cryptanalytic applications of high-speed computing and other classified projects. The supercomputer center was named in honor of George R. Cotter, the NSA’s now-retired chief scientist and head of its information technology program. Not that you’d know it. “There’s no sign on the door,” says the ex-NSA computer expert.
At the DOE’s unclassified center at Oak Ridge, work progressed at a furious pace, although it was a one-way street when it came to cooperation with the closemouthed people in Building 5300. Nevertheless, the unclassified team had its Cray XT4 supercomputer upgraded to a warehouse-sized XT5. Named Jaguar for its speed, it clocked in at 1.75 petaflops, officially becoming the world’s fastest computer in 2009.
[Image]
1 Geostationary satellites
Four satellites positioned around the globe monitor frequencies carrying everything from walkie-talkies and cell phones in Libya to radar systems in North Korea. Onboard software acts as the first filter in the collection process, targeting only key regions, countries, cities, and phone numbers or email.
2 Aerospace Data Facility, Buckley Air Force Base, Colorado
Intelligence collected from the geostationary satellites, as well as signals from other spacecraft and overseas listening posts, is relayed to this facility outside Denver. About 850 NSA employees track the satellites, transmit target information, and download the intelligence haul.
3 NSA Georgia, Fort Gordon, Augusta, Georgia
Focuses on intercepts from Europe, the Middle East, and North Africa. Codenamed Sweet Tea, the facility has been massively expanded and now consists of a 604,000-square-foot operations building for up to 4,000 intercept operators, analysts, and other specialists.
4 NSA Texas, Lackland Air Force Base, San Antonio
Focuses on intercepts from Latin America and, since 9/11, the Middle East and Europe. Some 2,000 workers staff the operation. The NSA recently completed a $100 million renovation on a mega-data center here—a backup storage facility for the Utah Data Center.
5 NSA Hawaii, Oahu
Focuses on intercepts from Asia. Built to house an aircraft assembly plant during World War II, the 250,000-square-foot bunker is nicknamed the Hole. Like the other NSA operations centers, it has since been expanded: Its 2,700 employees now do their work aboveground from a new 234,000-square-foot facility.
6 Domestic listening posts
The NSA has long been free to eavesdrop on international satellite communications. But after 9/11, it installed taps in US telecom “switches,” gaining access to domestic traffic. An ex-NSA official says there are 10 to 20 such installations.
7 Overseas listening posts
According to a knowledgeable intelligence source, the NSA has installed taps on at least a dozen of the major overseas communications links, each capable of eavesdropping on information passing by at a high data rate.
8 Utah Data Center, Bluffdale, Utah
At a million square feet, this $2 billion digital storage facility outside Salt Lake City will be the centerpiece of the NSA’s cloud-based data strategy and essential in its plans for decrypting previously uncrackable documents.
9 Multiprogram Research Facility, Oak Ridge, Tennessee
Some 300 scientists and computer engineers with top security clearance toil away here, building the world’s fastest supercomputers and working on cryptanalytic applications and other secret projects.
10 NSA headquarters, Fort Meade, Maryland
Analysts here will access material stored at Bluffdale to prepare reports and recommendations that are sent to policymakers. To handle the increased data load, the NSA is also building an $896 million supercomputer here.
Oak Ridge National Laboratory - Multi-Program Research Facility http://www.heery.com/Repository/Images/Oak_Ridge_National_Laboratories.jpg
[Image]
http://www.heery.com/portfolio/oak-ridge-national-laboratory.aspx?service=5
Oak Ridge National Laboratory - Multi-Program Research Facility
Oak Ridge, Tennessee
The Department of Energy (DOE) complex at Oak Ridge required the creation of a state of the art, large-scale, secure science and technology facility that would provide the appropriate infrastructure and environment to both integrate and consolidate multidisciplinary scientific capabilities for defense and homeland security activities. The Heery-designed and constructed Multi-Program Research Facility (MPRF) provides facilities for research and development activities in non-proliferation research, training and operations; cyber security research and development; geospatial analysis; inorganic membrane research and prototyping; and myriad other activities.
Based on Heery’s previous successful work with ORNL as part of a third-party development team, ORNL tapped the Keenan team to serve as its developer for the MPRF, with Heery in the role of design-builder.
The MPRF contains 218,000 SF of office and laboratory space. This highly secure building plays a key role in delivering the science and technology needed to protect homeland and national security. In addition, Heery International continues to work on various new assignments on the ORNL campus.
The goal was to develop cutting-edge facilities designed for sustainability and energy efficiency. Heery guided ORNL and the development team in delivering facilities to showcase energy and water efficiency and renewable energy improvements. With Heery’s assistance, ORNL now has the most LEED-certified space in the entire DOE system, having attained LEED certification for the firm’s earlier project, the East Campus Complex, and LEED Gold certification for the MPRF, which is the first LEED Gold facility on the ORNL campus.
Following images from bing.com/maps The MRF is at upper left.
[Image]
[Image]
[Image]
[Image]
[Image]
[Image]
http://femp.buildinggreen.com/overview.cfm?ProjectID=1125 Oak Ridge National Laboratory Multiprogram Research Facility (MRF)
(ORNL Multiprogram Research Facility)
[Image]
Overview
Location: Oak Ridge, TN
Building type(s): Other, Laboratory, Commercial office
New construction
195,000 ft2 (18,100 m2)
Project scope: 5-story building
Rural setting
Completed October 2006
Rating: U.S. Green Building Council LEED-NC, v.2/v.2.1--Level: Gold (39 points)
The Multiprogram Research Facility (MRF) was implemented through a design-build contract, but is a complex mixture of labs and offices that have stringent operational, security, and environmental and energy requirements. The program was highly developed and has detailed technical parameters that could not be compromised.
Environmental Aspects
The building's vertical orientation minimized its footprint on the landscape. Using native, drought-resistant plants in the landscape obviated the need for irrigation. This, along with the use of low-flow plumbing fixtures, reduced potable water usage by approximately 34%.
The building was projected to use 25% less energy than that of a comparable facility built in minimal compliance with code. A hybrid solar lighting system with rooftop solar collectors was installed to test the feasibility of using fiber optics for natural lighting.
The project team preferred materials with recycled content and those that were manufactured regionally. The team also recycled construction waste wherever possible.
Owner & Occupancy
Owned by Keenan Development Associates, LLC, Corporation, for-profit
Occupants: Federal government
Typically occupied by 318 people, 40 hours per person per week
Expected Building Service Life: 35 years

Building Programs

Indoor Spaces:


Other (43%), Office (18%), Laboratory (14%), Conference (6%), Data processing (6%), Mechanical systems (3%), Retail general (3%), Public assembly (2%), Restrooms (2%), Lobby/reception (2%), Cafeteria, Circulation, Gymnasium, Electrical systems




NSA Snowden Releases Tally Update - *1,057 Pages January 27, 2014

NSA Snowden Releases Tally Update - *1,057 Pages January 27, 2014

















27 January 2014. Add 47 pages to NBC News. Tally now *1,057 pages (~1.8%) of reported 58,000 files. DoD claims 1,700,000 files (~.0062% of that released).
27 January 2014. Add 18 pages to Anonymous via New York Times.
16 January 2014. Add 8 pages to The Guardian.
* 14 January 2014. Add 21 pages to Information.dk (duplicate).
* 13 January 2014. Add 4 pages to Information.dk (duplicate).
Related Snowden Document and Page Count Assessment:
http://cryptome.org/2014/01/snowden-count.htm
* 5 January 2014. Add 16 pages to Der Spiegel (30 December 2013. No source given for NSA docs). Tally now *962 pages (~1.7%) of reported 58,000. NSA head claims 200,000 (~.50% of that released).
4 January 2014. The source was not identified for *133  pages published by Der Spiegel and Jacob Appelbaum in late December 2013. They are included here but have not been confirmed as provided by Edward Snowden. Thanks to post by Techdirt.
Glenn Greenwald tweeted:
Glenn Greenwald @ggreenwald, 8:05 AM - 29 Dec 13 @Cryptomeorg @ioerror I had no involvement in that Spiegel article, ask them - and they don't say those are Snowden docs.
Matt Blaze tweeted, 11:24 AM - 2 Jan 14
matt blaze @mattblaze If there are other sources besides Snowden, I hope journalists getting docs are careful to authenticate them (& disclose uncertainty).
3 January 2014. Add 13 pages to Washington Post.
3 January 2014. See also EFF, ACLU and LeakSource accounts:
https://www.eff.org/deeplinks/2013/11/nsa-spying-primary-sources
https://www.aclu.org/nsa-documents-released-public-june-2013
http://leaksource.wordpress.com/
2 January 2014. Add 1 page to Washington Post published 10 July 2013.
* 31 December 2013. Add 16 pages to Der Spiegel.
* 30 December 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum (no source given for NSA docs).
* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum (no source given for NSA docs).
* 30 December 2013. Add 42 pages (8 duplicates) to Der Spiegel (no source given for NSA docs).
* 29 December 2013. Add 4 pages to Der Spiegel (no source given for NSA docs).
24 December 2013. Add 2 pages to Washington Post.
23 December 2013
http://www.adn.com/2013/12/22/3243451/pincus-snowden-still-has-a-road.html
We've yet to see the full impact of former National Security Agency contractor Edward Snowden's unauthorized downloading of highly classified intelligence documents.
Among the roughly 1.7 million documents he walked away with -- the vast majority of which have not been made public -- are highly sensitive, specific intelligence reports, as well as current and historic requirements the White House has given the agency to guide its collection activities, according to a senior government official with knowledge of the situation.
The latter category involves about 2,000 unique taskings that can run to 20 pages each and give reasons for selective targeting to NSA collectors and analysts. These orders alone may run 31,500 pages.
13 December 2013. Add 26 pages to Trojkan (SVT). Tally now 797 pages (~1.4%) of reported 58,000. NSA head claims 200,000 (~.40% of that released). Australia press reports "up to 20,000 Aussie files."
Rate of release over 6 months, 132.8 pages per month, equals 436 months to release 58,000, or 36.3 years. Thus the period of release has decreased in the past month from 42 years.
12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington Post.


21 November 2013. See also EFF and ACLU accounts:
https://www.eff.org/deeplinks/2013/11/nsa-spying-primary-sources
https://www.aclu.org/nsa-documents-released-public-june-2013


3 November 2013
47 42 Years to Release Snowden Documents
Out of reported 50,000 pages (or files, not clear which), about 446 514 pages (>1% 1%) have been released over 5 months beginning June 5, 2012. At this rate, 89 100 pages per month, it will take 47 42 years for full release. Snowden will be 77 72 years old, his reporters hoarding secrets all dead.
NY Times, 3 November 2013:
Whatever reforms may come, Bobby R. Inman, who weathered his own turbulent period as N.S.A. director from 1977 to 1981, offers his hyper-secret former agency a radical suggestion for right now. “My advice would be to take everything you think Snowden has and get it out yourself,” he said. “It would certainly be a shock to the agency. But bad news doesn’t get better with age. The sooner they get it out and put it behind them, the faster they can begin to rebuild.”



Outlet Pages
The Guardian 273
Washington Post 216
Der Spiegel * 97
O Globo Fantastico ~87
New York Times
Anonymous
118 (82 joint)
18
ProPublica 89 (82 joint)
Le Monde 20
Dagbladet 13
NRC Handelsblad 4
Huffington Post 3
CBC 9
The Globe and Mail 18
SVT 2
L'Espresso 3
Trojkan (SVT) 29
Jacob Appelbaum * 71
Information.dk 22*
Anonymous/New York Times 18
NBC News 47




Timeline of releases:
27 January 2014. Add 47 pages to NBC News.
27 January 2014. Add 18 pages to Anonymous.
16 January 2014. Add 8 pages to The Guardian.
* 14 January 2014. Add 21 pages to Information.dk (duplicate).
* 13 January 2014. Add 4 pages to Information.dk (duplicate).
3 January 2014. Add 13 pages to Washington Post.
2 January 2014. Add 1 page to Washington Post published 10 July 2013.
* 31 December 2013. Add 16 pages to Der Spiegel.
* 30 Decebmer 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum.
* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum.
* 30 December 2013. Add 16 pages to Der Spiegel.
* 30 December 2013. Add 42 pages to Der Spiegel.
* 29 December 2013. Add 4 pages to Der Spiegel.
24 December 2013. Add 2 pages to Washington Post.
13 December 2013. Add 26 pages to Trojkan (SVT).
12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington Post.
11 December 2013. Belatedly add 25 pages to Guardian.
11 December 2013. Belatedly add 74 pages to Washington Post.
10 December 2013. Add 2 pages to CBC.
10 December 2013. Add 4 pages to CBC (duplicate of previous source).
9 December 2013. Add 3 pages to Trojkan. Add 2 pages to Guardian. Add 82 pages to New York Times and ProPublica (joint).
6 December 2013. Add 3 pages to L'Espresso.
5 December 2013. Add 2 pages to SVT (Swedish TV).
5 December 2013. Add 1 page to Washington Post.
4 December 2013. Add 3 pages to Washington Post.
2 December 2013. Add 3 pages to CBC.
30 November 2013. Add 18 pages to The Globe and Mail.
30 November 2013. Add 3 pages to NRC Handelsblad.
29 November 2013. Add 1 page to CBC.
27 November 2013. Add 3 pages to Huffington Post.
26 November 2013. Add 4 pages to Washington Post.
23 November 2013. Add 1 page to NRC Handelsblad.
23 November 2013. Add 5 pages to New York Times.
22 November 2013. Add 10 pages to Dagbladet.
18 November 2013. Add 6 pages to The Guardian.
17 November 2013. Add two images to Der Spiegel.
4 November 2013. Add 14 pages to Washington Post.
3 November 2013. A reports an additional 54 slides for O Globo Petrobas.
3 November 2013. Add 22 pages to New York Times.
2 November 2013. Add 13 pages to Guardian, 11 are duplicates.
31 October 2013. Add 4 pages to Washington Post.
29 October 2013. Add 3 pages to Der Spiegel
27 October 2013. Add 2 pages to Der Spiegel.
25 October 2013. Add 4 pages to Le Monde.
22 October 2013. Add 5 pages to Le Monde.
21 October 2013. Add 11 pages to Le Monde, 8 are duplicates.
20 October 2013. Add 1 page to Der Spiegel.
13 October 2013. Add 4, 7 and 9 pages to Washington Post.
8 October 2013. Add 7 pages to O Globo: CSE spying on Brazilian ministry, reported 7 October 2013.
6 October 2013. Add Snowden pages published by Washington Post, Der Spiegel, O Globo Fantastico, New York Times, ProPublica. Some are duplicates(*).


5 October 2013
26 Years to Release Snowden Docs by The Guardian
Out of reported 15,000 pages, The Guardian has published 192 pages in fourteen releases over four months, an average of 48 pages per month, or 1.28% of the total. At this rate it will take 26 years for full release.
Edward Snowden will be 56 years old.
Glenn Greenwald will be 72.
Laura Poitras will be 75.
Alan Rusbridger will be 86.
Barton Gellman will be 78.
Julian Assange will be 68.
Chelsea Manning will be 52.
Keith Alexander will be 88.
Barack Obama will be 78.
Daniel Ellsberg will be 108.
This author will be 103.



Number Date Title Pages


The Guardian
273
21 16 January 2014 SMS Text Messages Exploit 8
20 9 December 2013 Spying on Games 2
18 18 November 2013 DSD-3G 6
19 1 November 2013 PRISM, SSO
SSO1 Slide
SSO2 Slide
13*
18 4 October 2013 Types of IAT Tor 9
17 4 October 2013 Egotistical Giraffe 20*
16 4 October 2013 Tor Stinks 23
15 11 September 2013 NSA-Israel Spy 5
14 5 September 2013 BULLRUN 6*
13 5 September 2013 SIGINT Enabling 3*
12 5 September 2013 NSA classification guide 3
11 31 July 2013 XKeyscore 32
10 27 June 2013 DoJ Memo on NSA 16
9 27 June 2013 Stellar Wind 51
8 21 June 2013 FISA Certification 25
7 20 June 2013 Minimization Exhibit A 9
6 20 June 2013 Minimization Exhibit B 9
5 16 June 2013 GCHQ G-20 Spying 4
4 8 June 2013 Boundless Informant FAQ 3
3 8 June 2013 Boundless Informant Slides 4
2 7 June 2013 PPD-20 18
1 5 June 2013 Verizon 4


Washington Post
216

2 January 2014 Quantum Computer 2 10

2 January 2014 Quantum Computer 3

23 December 2013 NSA/CSS Mission 2

11 December 2013 Excessive Collection 9

11 December 2013 SCISSORS 2 7

11 December 2013 SCISSORS 1 4

11 December 2013 Yahoo-Google Exploit 6

11 December 2013 Cable Spying Types 7

11 December 2013 WINDSTOP 1

11 December 2013 Co-Traveler 24

11 December 2013 GSM Tracking 2

11 December 2013 SIGINT Successes 4

11 December 2013 GHOSTMACHINE 4

5 December 2013 Target Location 1

4 December 2013 FASCIA 2

4 December 2013 CHALKFUN 1

26 November 2013 Microsoft a Target? 4

4 November 2013 WINDSTOP, SSO, Yahoo-Google 14

30 October 2013 MUSCULAR-INCENSOR Google and Yahoo 4

14 October 2013 SSO Overview 4

14 October 2013 SSO Slides 7

14 October 2013 SSO Content Slides 9

4 October 2013 Tor 49

4 October 2013 EgotisticalGiraffe 20*

4 October 2013 GCHQ MULLENIZE 2

4 October 2013 Roger Dingledine 2

30 August 2013 Budget 17

10 July 2013 PRISM Slide 1

29 June 2013 PRISM 8

20 June 2013 Warrantless Surveillance 25*

7 June 2013 PPD-20 18*

6 June 2013 PRISM 1


Der Spiegel
* 97

31 December 2013 QFIRE * 16

30 December 2013 TAO Introduction * 16

30 Deceber 2013 QUANTUM Tasking (8 duplicates of QUANTUMTHEORY) 28*

30 December 2013 QUANTUMTHEORY 14

29 December 2013 TAO ANT COTTONMOUTH (images)
TAO ANT COTTONMOUTH
(DE article)
4

17 November 2013 ROYAL CONCIERGE (DE) ROYAL CONCIERGE (EN) 2

29 October 2013 NSA-CIA SCS 3

27 October 2013 NSA-CIA SCS 2

20 October 2013 Mexico President 1

20 September 2013 Belgacom 3

16 September 2013 SWIFT 3

9 September 2013 Smartphones 5

1 September 2013 French Foreign Ministry 0

31 August 2013 Al Jazeera 0


O Globo Fantastico
~87

7 October 2013 CSE Brazil Ministry 7

8 September 2013 Petrobas ~60

3 September 2013 Brazil and Mexico 20


New York Times
118

9 December 2013 Spying on Games 82*

23 November 2013 SIGINT Strategy 2012-2016 5

3 November 2013 SIGINT Mission 2013 SIGINT Mission 2017 22

28 September 2013 Contact Chaining Social Networks 1

28 September 2013 SYANPSE 1

5 September 2013 BULLRUN 4*

5 September 2013 SIGINT Enabling 3*



ProPublica
89

9 December 2013 Spying on Games 82*

5 September 2013 BULLRUN 4*

5 September 2103 SIGINT Enabling 3*


Le Monde
20

25 October 2013 NSA Hosts FR Spies 4

22 October 2013 Wanadoo-Alcatel 1

22 October 2013 Close Access Sigads 2

22 October 2013 Boundless Informant 2

22 October 2013 PRISM 11


Dagbladet
13

19 November 2013 BOUNDLESSINFORMANT 13


NRC Handelsblad
4

30 November 2013 Dutch SIGINT 3

23 November 2013 SIGINT Cryptologic Platform 1


Huffington Post
3

27 November 2013 Muslim Porn Viewing 3


CBC
9

10 December 2013 NSA-CSEC Partnership 1

10 December 2013 G8-G20 Spying 4*

2 December 2013 G8-G20 Spying 3

29 November 2013 G8-G20 Spying 1


The Globe and Mail
18

30 November 2013 CSEC Brazil Spying 18*


SVT (Swedsh TV)
2

5 December 2013 Sweden Spied Russia for NSA 2


L'Espresso
3

6 December 2013 NSA Spies Italy 3


Trojkan (SVT)
29

11 December 2013 NSA Sweden FRA Relationship 1*

11 December 2013 NSA 5 Eyes Partners 1

11 December 2013 NSA Sweden FRA Agenda 8

11 December 2013 NSA Sweden FRA RU Baltic 1

11 December 2013 NSA GCHQ Sweden FRA COMINT 1

11 December 2013 NSA Sweden FRA  XKeyscore Plan 5

11 December 2013 NSA Sweden FRA XKeyscore Sources 1

11 December 2013 NSA Sweden FRA XKeyscore Tor et al 3

11 December 2013 NSA Sweden FRA XKeyscore Slide 1

11 December 2013 NSA Sweden FRA Quantum 1 1

11 December 2013 GCHQ Sweden FRA Quantum 1

11 December 2013 NSA Sweden FRA Quantum Accomplishments 2

9 December 2013 NSA and Sweden Pact 3*


Jacob Appelbaum
* 71

30 December 2013 NSA Catalog * 50

30 December 2013 NSA Catalog Video Clips * 21


Information.dk
22*

14 January 2014 SSO (duplicate) 7*

14 January 2014 PRISM (duplicate) 11*

13 January 2014 5-Eyes Spy G8-G20 (duplicate) 4*


Anonymous/
New York Times

18

27 January 2014 NSA Smartphones Analysis 14

27 January 2014 GCHQ Mobile Theme 4


NBC News
47

27 January 2014 GCHQ Squeaky Dolphin 47
























TOP SECRET//COMINT/REL TO USA, FVEY
TOP SECRET//COMINT/REL TO USA, FVEY
2
Smartphone
Converged mobile devices
offering advanced capabilities,
often with PC-like
functionality. No set industry
standard definition.
Boasts powerful processors,
memory, larger screens and
open operating systems.

Saturday, January 25, 2014

A Day in the CIA Operations Center

A Day in the CIA Operations Center

24 January 2014
A Day in the CIA Operations Center


https://www.cia.gov/news-information/featured-story-archive/2014-featured-
story-archive/a-day-in-the-life-of-a-cia-operations-center-officer.html

A Day in the Life of a CIA Operations Center Officer
[Image]
Entrance to the CIA Operations Center Hi-resolution (3.2MB)
Undistorted red sign at left states: "Restricted Area Authorized Personnel Only"
[Image]
“There is no substitute for juggling multiple classified, time sensitive projects, 12 hours a day, over and over again outside of actually doing it,” said Bradley, an officer serving in the CIA Operations Center (Ops Center). And that is exactly what Bradley and his Ops Center colleagues do each day in one of the most fast-paced work environments at the CIA.
Ops Center officers provide around-the-clock alert and warning communication to the CIA director and Agency leadership on international crises and priority matters of national security. They also facilitate timely communication to senior Agency and Intelligence Community leaders, as well as President’s Daily Brief (PDB) briefers and the White House.
While many CIA officers become subject matter experts on specific topics, Ops Center officers address world-wide political, military and economic issues daily, and they use a wide range of analytic and operational knowledge to support the Agency’s mission at home and abroad.
So what prepares a person for such an important job with very high stakes? Bradley’s experiences before joining the Agency were a good start.
As an undergraduate student, Bradley earned a double major in “world religions” and “politics and government” with a “national security studies” minor. After graduation, he went on to work five jobs simultaneously — as a police officer and dispatcher, resort manager, the executive director of a national security think tank, a newspaper columnist, and as a freelance marketing consultant. Bradley enrolled fulltime in graduate school after leaving his law enforcement position, but he still maintained his newspaper column and his position at the think tank.
Bradley’s interest in intelligence and national security was piqued during his years as a law enforcement officer. He always knew that one day he wanted to contribute his skills to a higher purpose: the protection of the nation and its interests abroad.
“When I was growing up, my father — a former Green Beret — always talked about the virtue of intelligence in carrying out Special Forces missions. He taught me that there is nothing like timely, accurate intelligence to help save lives,” Bradley said.
Bradley’s path to the Agency began when he worked with the CIA Center for Studies in Intelligence for his final graduate project. Bradley’s task was to interview former 9/11 and Weapons of Mass Destruction Commission participants about how well CIA worked with them during their investigations. Bradley formed lasting relationships with the Agency officers he worked with and was offered a job when the project ended.
“I was given a few choices on which job I could take, and the Ops Center position appealed to me,” Bradley said. And since beginning his work in the Ops Center, Bradley said, “It’s everything I imagined it would be and more.”
Bradley remarked about the composure and professionalism of his Ops Center colleagues, no matter how hectic things get on the floor. “Everyone remains exceptionally poised and manages the pressure in a way our fellow Americans would be very proud of,” Bradley noted. “It’s a great team environment.”
And after three years in the Ops Center, despite sacrificing his weekends and holidays, Bradley is still excited to come to work each day. “I’m not burned out yet,” he said. “I will continue to work long days for the sake of our country as long as I’m able.”
Posted: Jan 23, 2014 01:12 PM
Last Updated: Jan 23, 2014 01:12 PM



Wednesday, January 15, 2014

N.S.A. Devises Radio Pathway Into Your Computers

N.S.A. Devises Radio Pathway Into Computers

JAN. 14, 2014
[Image]
WASHINGTON — The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
No Domestic Use Seen
There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.
“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.
Embracing Silicon Valley’s critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.
Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”
“Holes in encryption software would be more of a risk to us than a benefit,” he said, adding: “If we can find the vulnerability, so can others. It’s more important that we protect our power grid than that we get into China’s.”
From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor — or disable before they could be used to launch a cyberattack.
A Focus on Defense
In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.
“How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago.
“That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”
If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.
The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia’s help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.
Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.
“The argument is not working,” said Peter W. Singer of the Brookings Institution, a co-author of a new book called “Cybersecurity and Cyberwar.” “To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off” the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.
An Old Technology
The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.
In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.
The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.
Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.
“Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies,” Ms. Vines, the N.S.A. spokeswoman, said.
But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran’s nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.
One feature of the Stuxnet attack was that the technology the United States slipped into Iran’s nuclear enrichment plant at Natanz was able to map how it operated, then “phone home” the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran’s program.
But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
On Sunday, according to the semiofficial Fars news agency, Iran’s Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting — and making no mention of what are suspected of being its own attacks on Saudi Arabia’s largest oil producer.




N.S.A. Devises Radio Pathway Into Computers

JAN. 14, 2014
WASHINGTON -- The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of "active defense" against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls "computer network exploitation."
"What's new here is the scale and the sophistication of the intelligence agency's ability to get into computers and networks to which no one has ever had access before," said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. "Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it's never had before."

Friday, January 10, 2014

Snowden Document and Page Count Assessment

The count of Snowden files has ranged from an initial low end of 10,000 to the latest high of 1,700,000, although the high end is likely exaggerated by officials to maximize alleged damage.
The number of pages in these files has not been estimated but about 1,000 pages have been released, mostly as PDFs and images. How many total pages might be in the files and now long would it take Snowden to read them to assure least harm to the US?
For comparison, Cryptome's archive is about 70,000 files. Converting these files to pages comes to about 1,000,000 pages. These files are PDFs, HTMLs, DOCs, TXTs, DWGs, images, spreadsheets, with a few videos and films excluded from the count. To get the page count all files were converted to PDFs. The page count of documents ranges from 1 to 2,200. This might be a fair range of types and page counts of files in the Snowden batch.
An average file then, of 70,000 files with 1,000,000 pages, comes to 14.28 pages per file. Using this as a guide for the Snowden files, the number of pages could range from 142,800 pages for 10,000 files to 24,276,000 pages for 1.7 million files.
Examining the low end of 142,800 pages would be about like reading 476 books of 300 pages length. Examining the high end of 24,276,000 pages would be like reading 80,920 books of 300 pages each.
Snowden is smart and knows his material thoroughly so time to speed read a 300-page book of NSA material, could be done in, say, 2 hours.
On the low end it would take 952 hours to read 142,800 pages, reading 10 hours a day, would come to 95 days, or about 3 months.
On the high end it would take 161,890 hours to read 24,276,000 pages, reading 10 hours a day, would come to 1,619 days or about 54 months -- 4 1/2 years.
4 1/2 years is longer than Snowden is reported to have worked for Dell and Booz Allen as contractor to NSA.
It is unlikely Snowden would have examined 24 million pages.
More likely Snowden used a program to quickly analyze large data collections and rank intelligence actionability in the NSA manner. Glenn Greenwald told Buzzfeed that the documents had been beautifully organized, “almost to a scary degree.” As if prepared with a purposeful program for analyzing and data sharing with avid customers.
There are information security programs which compartmentalize data for multiple levels of security and access as well as controls for the distribution and timing of release. These are used to manage classified data handling among a variety of personnel and agencies with varying clearances.
It could be that Snowden remains in control of his material's release by way of programmed implants in the material for access and timing although the material is physically distant from him. This too is conventional security practice.
These practices would be characteristic of a seasoned security person who could not be certain of media outlets' long-term behavior, their transmission and storage security, their theft and spying prevention capabilities, their susceptiblity to coercion or persuasion by officials or by inducements to betray him to protect themselves.
Events have shown that these meticulous security measures would have been and remain appropriate.
It also allows Snowden to remain in charge of any negotiations for return of the material, for accurate accounting of the material's scope, retention, distribution and release, and for assuring his safety without relying on the fickle fingers of fate of informants and turncoats which have beckoned the all-too-trusting to long-term imprisonment.
__________
As an aside, another way to surmise what Snowden allegedly had on four laptops is by file size. Cryptome's 70,000 files comes to about 17GB, or an average of 243KB per file. Using that as a guide to Snowden's files, the total size ranges from 2.43GB for 10,000 files to 413GB for 1,700,00 files. On the high end that's about 103GB per laptop. No problem, laptops with 100GB-250GB disks are common.
 

Tuesday, January 7, 2014

NSA San Antonio Data Mining Facility

The Panopticon Economy: NSA San Antonio Data Mining Facility 2008:
http://www2.sacurrent.com/news/story.asp?id=69607
Surrounded by barbwire fencing, the anonymous yet massive building on West Military Drive near San Antonio’s Loop 410 freeway looms mysteriously with no identifying signs of any kind. Surveillance is tight, with security cameras surrounding the under-construction building. Readers are advised not to take any photos unless you care to be detained for at least a 45-minute interrogation by the National Security Agency, as this reporter was.
There’s a strangely blurry line during such an interrogation. After viewing the five photos I’d taken of the NSA’s new Texas Cryptology Center, the NSA officer asked if I would delete them. When I asked if he was ordering me to do so, he said no; he was asking as a personal favor. I declined and was eventually released.
America’s top spy agency has taken over the former Sony microchip plant and is transforming it into a new data-mining headquarters — oddly positioned directly across the street from a 24-hour Walmart — where billions of electronic communications will be sifted in the agency’s mission to identify terrorist threats.
“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas,” writes author James Bamford in the Shadow Factory, his third book about the NSA. “Costing, with renovations, upwards of $130 million, the 470,000-square-foot facility will be almost the size of the Alamodome. Considering how much data can now be squeezed onto a small flash drive, the new NSA building may eventually be able to hold all the information in the world.”
Bamford’s book focuses on the NSA’s transformation since 9/11, with the impetus for the new facility being a direct ramification of those attacks. At the time, the NSA had only about 7 percent of its facilities outside the Washington D.C./Baltimore area. But the realization that additional attacks could virtually wipe out the agency catalyzed a regional expansion. [See “Secret Agency Man,” November 5, 2008.]
The new facility is a potential boon to the local economy since it’s reportedly going to employ around 1,500 people, but questions remain about whether there will be adequate oversight to prevent civil-rights violations like Uncle Sam’s recent notorious warrantless wiretapping program. The NSA would suggest the facility’s ability to sort through surveillance data is one of America’s top defenses against terrorist threats, but the NSA’s presence comes with concerns that abuse of its secretive power could see the agency become akin to the “Thought Police” of 1984, George Orwell’s classic novel depicting the nightmare of a total surveillance society — and all for nothing. Even as the facility is completed, a new government-backed report has concluded that data surveillance is an ineffective method for identifying potential terrorists or preventing attacks.
So just what will be going on inside the NSA’s new San Antonio facility? Bamford describes former NSA Director Mike Hayden’s goals for the data-mining center as knowing “exactly what Americans were doing day by day, hour by hour, and second by second. He wanted to know where they shopped, what they bought, what movies they saw, what books they read, the toll booths they went through, the plane tickets they purchased, the hotels they stayed in… In other words, Total Information Awareness, the same Orwellian concept that John Poindexter had tried to develop while working for the Pentagon’s [Defense Advanced Research Projects Agency].” ...
Bamford writes about how NSA and Microsoft had both been eyeing San Antonio for years because it has the cheapest electricity in Texas, and the state has its own power grid, making it less vulnerable to power outages on the national grid. He notes that it seemed the NSA wanted assurance Microsoft would be here, too, before making a final commitment, due to the advantages of “having their miners virtually next door to the mother lode of data centers.” The new NSA facility is just a few miles from Microsoft’s data center of the same size. Bamford says that under current law, NSA could gain access to Microsoft’s stored data without even a warrant, but merely a fiber-optic cable.
“What the Microsoft people will have will be just storage of a lot of the email that is being sent. They keep this email — I don’t know why — and there should be some legislation saying how long it should be kept,” said Bamford in a phone interview last week. “The post office doesn’t keep copies of our letters when we mail letters; why should the telecom companies or the internet providers keep copies of our email? It doesn’t make sense to me. But there’s no legislation. So they need a place to store it, and that’s where they’re storing all this stuff.” (Microsoft did not return a call for comment before press deadline.) ...
NSA’s new facility also gives the agency easy access to UTSA’s Institute for Cyber Security and the school’s Center for Infrastructure Assurance and Security. The ICS was founded in 2007 with a $3.5-million grant from the Texas Emerging Technology Fund to continue efforts to protect American communities against cyber-attacks, with the CIAS — a think tank launched in 2001 — being rolled into the ICS. All of this led U.S. Representative Ciro Rodriguez (D-San Antonio) to declare San Antonio “the center of cybersecurity, in the country and the world.”
ICS Founding Executive Director Ravi Sandhu acknowledges some synergy between the NSA presence in San Antonio and UTSA’s cybersecurity work.
“Cybersecurity in the public domain has largely been about defense, but there’s certainly an attack component to it. To some degree, the U.S. Department of Defense and intelligence agencies are now starting to talk about the attack component in the public domain,” says Sandhu.
Sandhu says UTSA’s cybersecurity students are recruited by many of San Antonio’s local employers and doesn’t doubt that NSA is one of them. “Recruiting is one end … but it’s an attractive thing for NSA employees [too]. They can further their education — they can do degrees part-time, they can do advanced degrees … so there are advantages beyond direct recruitment of NSA students.”
Does automated data mining even work?
While the opening of the NSA’s massive new data center heightens existing civil-rights concerns, a new report from the National Research Council questions whether such data-mining is even effective. Sponsored by the Department of Homeland Security and the National Science Foundation and released in October of this year, the report suggests that pattern-based data-mining is not even a viable way to identify terrorists.
The 352-page study —“Protecting Individual Privacy in the Struggle Against Terrorists” — concludes that identification of terrorists through automated data-mining “is neither feasible as an objective nor desirable as a goal of technology development efforts.” It also says inevitable false positives will result in “ordinary, law-abiding citizens and businesses” being erroneously flagged as suspects.
“Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result,” says the report. The question, then, is how rigorously will human analysts vet such information before alleged leads are pursued, and who has oversight of the process?
“Part of the problem is … jurisdiction over national-security issues is very divided in Congress. You have the Homeland Security committee, the Justice committee, but, of course, you also have some basic issues — government oversight, appropriations,” says Professor Fred Cate, the NRC committee member who wrote most of the report and who serves as director of Indiana University’s Center for Applied Cybersecurity Research. “So I think in some ways one of the issues is the need for a more streamlined oversight system so that somebody takes responsibility for it.”