Risk
8/12/2013
02:02 PM
50%
50%

NSA: We Touch Only 1.6% Of Internet Traffic

Intelligence agency releases new details about the scope and scale of its digital dragnet.

How much Internet traffic is being actively intercepted and reviewed by the National Security Agency (NSA)?

According to newly released details from the NSA, of the estimated 1,826 petabytes of data that flow across the Internet daily, the agency in its foreign intelligence mission touches about 1.6% of that. That was the claim made in a seven-page PDF released Saturday on the NSA's website, which was released to communicate in greater detail the scope and scale of NSA collection, as well as legal basis for that surveillance.

According to the document, the NSA studies only a fraction of the data it intercepts. Notably, of the 1.6% of Internet traffic the NSA touches daily, the agency actively reviews only 0.025%, or about 7,250 GB. "Put another way, if a standard basketball court represented the global communications environment, NSA's total collection would be represented by an area smaller than a dime on that basketball court," the document states.

The newly published overview -- which is "aimed at providing a succinct description of NSA's mission, authorities, oversight and partnerships" -- disclosed that it works with a number of overseas organizations to provide signals intelligence pertaining to terrorists, online attackers and other enemies of the state. "NSA partners with well over 30 different nations in order to conduct its foreign intelligence mission," reads the document. "In every case, NSA does not and will not use a relationship with a foreign intelligence service to ask that service to do what NSA is itself prohibited by law from doing."

[ What do IT professionals think of the NSA's data gathering practices? Read NSA Surveillance: IT Pro Survey Says What? ]

The document also confirms that the agency runs a number of surveillance programs that involve "[compelling] one or more providers to assist NSA with the collection of information responsive to the foreign intelligence need." Some related, recently outed programs go by cover names such as Blarney, Fairview, Lithium and Oakstar. The agency said those aren't standalone efforts, however, but rather part of a higher-level effort to obtain desired intelligence.

Other efforts, as already revealed publicly, extend to telecommunications providers. On that front, NSA offered additional details pertaining to its Business Records Foreign Intelligence Service Act (FISA) program (a.k.a. BR FISA), through which "specified U.S. telecommunications providers are compelled by court order to provide NSA with information about telephone calls to, from, or within the U.S." The document continues, "The information is known as metadata, and consists of information such as the called and calling telephone numbers and the date, time, and duration of the call -- but no user identification, content, or cell site locational data." It noted that BR FISA has been reauthorized four times by Congress since being launched in 2006.

But have the surveillance programs -- and potential privacy tradeoffs -- been worth it? Gen. Keith Alexander, who leads the NSA, said in a keynote speech at this year's Black Hat information security conference in Las Vegas that 54 terrorist-related activities -- 13 of them in the United States -- had been thwarted thanks to the NSA's surveillance programs. Building on that statement, the newly published NSA document said that of the 13 domestic activities, BR FISA played a role in 12.

The release of new details pertaining to the NSA's surveillance efforts came just one day after President Obama called on Congress to reform the Patriot Act and Foreign Intelligence Surveillance Court authorized by FISA. In a press conference, he also recommended adding greater oversight of and transparency into the NSA's intelligence collection efforts, directed the NSA to add its first-ever Civil Liberties and Privacy Officer, and called on a group of outside experts to study the NSA's current surveillance technology and detail the security, privacy and foreign policy implications related to their use.

Also Friday, the White House released a 22-page white paper arguing that the government has broad latitude when it comes to collecting telephone metadata. But it also noted that the surveillance programs authorized by FISA and the Patriot Act can legally be used only for counterterrorism purposes, and said the programs the surveillance effort "includes internal oversight mechanism to prevent misuse."

In response to Obama's call for the NSA's surveillance programs to be reformed, WikiLeaks chief Julian Assange issued a statement saying the move vindicated the role of former NSA contractor Edward Snowden's whistle blowing. "But rather than thank Edward Snowden, the President laughably attempted to criticize him while claiming that there was a plan all along, 'before Edward Snowden,'" said Assange. "The simple fact is that without Snowden's disclosures, no one would know about the programs and no reforms could take place."

Regardless, President Obama's proposed reforms may face an uphill battle. Notably, House Homeland Security Committee Chairman Michael McCaul (R-Tex.), who formerly dealt with the FISC while working as a counterterrorism prosecutor, warned Sunday on NBC that Obama's proposals could "slow down the efficacy and efficiency of our counterterrorism investigation."

Meanwhile, Sen. Ron Wydon (D-Ore.), who wants to see the domestic telephone metadata interception program shuttered, said the proposals didn't go far enough. "Notably absent from President Obama's speech was any mention of closing the backdoor searches loophole that potentially allows for the warrantless searches of Americans' phone calls and emails under section 702 of the Foreign Intelligence Surveillance Act," he said in a statement. "I believe that this provision requires significant reforms as well and I will continue to fight to close that loophole."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/15/2013 | 12:26:04 AM
re: NSA: We Touch Only 1.6% Of Internet Traffic
NSA is looking at a dime-sized amount of information on a basketball court. I like that metaphor. But it matters more than a dime to me whether I'm included in that speck. We need judicial oversight of this process, not the security agencies being a rule onto themselves.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
8/13/2013 | 4:26:11 PM
re: NSA: We Touch Only 1.6% Of Internet Traffic
This is a slippery slope, both in the US and in every other country in the world. I've always believed that people should expect whatever they put online to be seen by others, no matter what privacy protections they take. That's not a good thing; it's just a reality. I'm wary that governments are actively spying, but isn't that what Google and Facebook do, too? Will we see a day when governments pay private tech companies for that service? In the US, we have come to expect that sort of activity to be controlled by court-ordered warrants issued in secret, and the security court allowed this under that standard. In other countries, the order may simply come from the military or the government. Eventually, we'll all be in some government's file for what we say. I may be in there now just for this post. That's nothing short of creepy.
GHCro
50%
50%
GHCro,
User Rank: Apprentice
8/12/2013 | 10:27:03 PM
re: NSA: We Touch Only 1.6% Of Internet Traffic
Hey NSA, you've been so much more than kind. You can keep the dime. But only if you throw the rest away. Except, we all know you're not going to do that. You're going to keep it for whenever you feel like looking at it. That's the problem. I agree with AbneyW074, it's a shame, but we need more new products like Cloudlocker, TOR, Startpage, etc, to give NSA as small a target as possible.
AbneyW074
50%
50%
AbneyW074,
User Rank: Apprentice
8/12/2013 | 10:08:00 PM
re: NSA: We Touch Only 1.6% Of Internet Traffic
Years ago, talking about email encryption services like TOR or personal cloud devices that you keep in your home like CloudLocker would have made you seem incredibly paranoid. Not so anymore. In fact, I expect the market for products that protect personal privacy to grow by leaps and bounds. It's really a shame.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.