11:53 AM

What Prism Knows: 8 Metadata Facts

Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques.

5. What Location Information Does the NSA Capture?

Government officials have said that the 2015 Program -- also known as Mainway -- doesn't capture location metadata, and if it did, that might have Freedom of Assembly implications. But the NSA programs detailed to date in press reports have included not just Mainway and Prism, but also an Internet metadata collection program (Marina) and some type of telephone content interception program (Nucleon).

In his interview, Obama didn't touch on which NSA programs do record location data, leading The New Yorker to note: "There seems to be a shell game of reassurances, where what is meant to make us feel better about one program doesn't apply to another, or to how they work together."

6. Don't Stress over Meta-Data Collection?

How much metadata should the government be allowed to capture or use? "The drafters of the Constitution did not propose some absolute right to privacy; they ... saw privacy as a means to achieve a larger goal, to protect political liberties," said James A. Lewis, a senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies, in a blog post.

His argument: if it safeguards people's political liberties, then capturing metadata is a useful technique. "The essential political rights are freedom of expression and assembly, freedom from arbitrary detention, and the right to petition the government for a redress of grievances," Lewis said. "If these four rights are protected, surveillance is immaterial in its effect on civil liberties."

7. NSA Focus: Terrorists, Nukes, Enemy Nations

Furthermore, Lewis said, while NSA might collect mountains of data, that's its charter, and in reality the agency reads almost none.

"NSA (and the larger U.S. intelligence effort) focuses the bulk of its attention on terrorism, proliferation, and a few hostile countries that threaten the United States and its allies." he explained. "These are the priorities; there simply are not enough analysts to look at much else."

8. Fears of a Surveillance State

But what of the potential impact of persistent -- and some might argue, excessive -- surveillance of innocent people? Without a doubt, the leaks have laid bare programs that many Americans have found to be overreaching.

"The programs of the past can be characterized as 'proximate' surveillance, in which the government attempted to use technology to directly monitor communication themselves," said the computer researcher known as Moxie Marlinspike, formerly CTO of Whisper Systems, in a blog post titled "We Should All Have Something To Hide."

"The programs of this decade mark the transition to 'oblique' surveillance, in which the government more often just goes to the places where information has been accumulating on its own, such as email providers, search engines, social networks, and telecoms," he said.

With persistent surveillance, Marlinspike said one fear is that by capturing so much information on U.S. citizens, a determined investigator could likely find some type of charges to file against a suspect, given that legal experts estimate that there could be almost 10,000 federal crimes on the books. "If the federal government had access to every email you've ever written and every phone call you've ever made, it's almost certain that they could find something you've done which violates a provision in the 27,000 pages of federal statues or 10,000 administrative regulations," said Marlinspike. "You probably do have something to hide, you just don't know it yet."

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
6/26/2013 | 3:05:36 AM
re: What Prism Knows: 8 Metadata Facts
The major problem with Mr. Lewis' point is that if we had a benevolent government that we could trust, this would be an entirely different kettle of fish. Problem is, in 2013, there's a serious divide in the American political spectrum and programs like these can be abused for political gains. One needs only look at the fallout surrounding the IRS scandal to rest assured of that and the point hat Marlinspike brings up not only echoes that but amplifies it.

People need to remember that there is an entire cottage industry out there based solely on the collection and aggregation of your personal data and the resale of that data to organizations for any use they deem fit - whether it be advertising (a benign use) or something more sinister.

The really major issue that I have with these programs is that public knowledge of these collection efforts leads to interest from organizations that don't have the best interests of the American people at heart.

Imagine what happens if a group like Anonymous or an enemy power gains access to all of your personal data. Would you ever feel safe again? And given that the number of attacks is escalating on a year over year basis as well... it's just a matter of time. Identity theft may well be the tip of the iceberg...

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
6/21/2013 | 5:24:36 PM
re: What Prism Knows: 8 Metadata Facts
The argument by Lewis: if it safeguards people's political liberties, then
capturing metadata is a useful technique. "The essential political
rights are freedom of expression and assembly, freedom from arbitrary
detention, and the right to petition the government for a redress of
grievances," Lewis said. "If these four rights are protected, surveillance is immaterial in its effect on civil liberties.

He points to four essential "political liberties" as if they are the ones that count, as if they are the only ones that count. Note that he left out another very important one, the one that is DIRECTLY violated by the NSA practices:

Amendment 4: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The NSA's massive metadata collection is absolutely UNREASONABLE SEARCH. We all know that. Blabbing on about these other four "rights" reminds me of the rich young ruler that obeyed four commandments, but he failed on the biggest one, because he loved his riches more than God.
User Rank: Apprentice
6/19/2013 | 9:22:40 PM
re: What Prism Knows: 8 Metadata Facts
As Bruce Schneier pointed out, the metadata can be more important, and more useful in investigations, than the data. In fact, with "Big Data" research techniques, the metadata can be used to find "key individuals" and clusters of individuals for any community of interest.

That is, the same techniques that are used to identify "potential" terrorists can be used to identify gun control activists, or women's rights activists, or (let's keep this balanced) "states rights" activists.

Once any organization - particularly a government - has this kind of power available, it becomes next to impossible to prevent its use for other purposes than the original intent. There is nothing to prevent the government from deciding that these interest groups are somehow a "danger to the society", and restricting their "freedom of expression and assembly, freedom from
arbitrary detention, and the right to petition the government for a
redress of grievances." Under the circumstances, I believe that
James A. Lewis is being naive to assert that this kind of invasion of privacy is not dangerous.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.