Risk
6/19/2013
11:53 AM
Connect Directly
RSS
E-Mail
50%
50%

What Prism Knows: 8 Metadata Facts

Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques.

5. What Location Information Does the NSA Capture?

Government officials have said that the 2015 Program -- also known as Mainway -- doesn't capture location metadata, and if it did, that might have Freedom of Assembly implications. But the NSA programs detailed to date in press reports have included not just Mainway and Prism, but also an Internet metadata collection program (Marina) and some type of telephone content interception program (Nucleon).

In his interview, Obama didn't touch on which NSA programs do record location data, leading The New Yorker to note: "There seems to be a shell game of reassurances, where what is meant to make us feel better about one program doesn't apply to another, or to how they work together."

6. Don't Stress over Meta-Data Collection?

How much metadata should the government be allowed to capture or use? "The drafters of the Constitution did not propose some absolute right to privacy; they ... saw privacy as a means to achieve a larger goal, to protect political liberties," said James A. Lewis, a senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies, in a blog post.

His argument: if it safeguards people's political liberties, then capturing metadata is a useful technique. "The essential political rights are freedom of expression and assembly, freedom from arbitrary detention, and the right to petition the government for a redress of grievances," Lewis said. "If these four rights are protected, surveillance is immaterial in its effect on civil liberties."

7. NSA Focus: Terrorists, Nukes, Enemy Nations

Furthermore, Lewis said, while NSA might collect mountains of data, that's its charter, and in reality the agency reads almost none.

"NSA (and the larger U.S. intelligence effort) focuses the bulk of its attention on terrorism, proliferation, and a few hostile countries that threaten the United States and its allies." he explained. "These are the priorities; there simply are not enough analysts to look at much else."

8. Fears of a Surveillance State

But what of the potential impact of persistent -- and some might argue, excessive -- surveillance of innocent people? Without a doubt, the leaks have laid bare programs that many Americans have found to be overreaching.

"The programs of the past can be characterized as 'proximate' surveillance, in which the government attempted to use technology to directly monitor communication themselves," said the computer researcher known as Moxie Marlinspike, formerly CTO of Whisper Systems, in a blog post titled "We Should All Have Something To Hide."

"The programs of this decade mark the transition to 'oblique' surveillance, in which the government more often just goes to the places where information has been accumulating on its own, such as email providers, search engines, social networks, and telecoms," he said.

With persistent surveillance, Marlinspike said one fear is that by capturing so much information on U.S. citizens, a determined investigator could likely find some type of charges to file against a suspect, given that legal experts estimate that there could be almost 10,000 federal crimes on the books. "If the federal government had access to every email you've ever written and every phone call you've ever made, it's almost certain that they could find something you've done which violates a provision in the 27,000 pages of federal statues or 10,000 administrative regulations," said Marlinspike. "You probably do have something to hide, you just don't know it yet."

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/26/2013 | 3:05:36 AM
re: What Prism Knows: 8 Metadata Facts
The major problem with Mr. Lewis' point is that if we had a benevolent government that we could trust, this would be an entirely different kettle of fish. Problem is, in 2013, there's a serious divide in the American political spectrum and programs like these can be abused for political gains. One needs only look at the fallout surrounding the IRS scandal to rest assured of that and the point hat Marlinspike brings up not only echoes that but amplifies it.

People need to remember that there is an entire cottage industry out there based solely on the collection and aggregation of your personal data and the resale of that data to organizations for any use they deem fit - whether it be advertising (a benign use) or something more sinister.

The really major issue that I have with these programs is that public knowledge of these collection efforts leads to interest from organizations that don't have the best interests of the American people at heart.

Imagine what happens if a group like Anonymous or an enemy power gains access to all of your personal data. Would you ever feel safe again? And given that the number of attacks is escalating on a year over year basis as well... it's just a matter of time. Identity theft may well be the tip of the iceberg...

Andrew Hornback
InformationWeek Contributor
Truthsmith
50%
50%
Truthsmith,
User Rank: Apprentice
6/21/2013 | 5:24:36 PM
re: What Prism Knows: 8 Metadata Facts
The argument by Lewis: if it safeguards people's political liberties, then
capturing metadata is a useful technique. "The essential political
rights are freedom of expression and assembly, freedom from arbitrary
detention, and the right to petition the government for a redress of
grievances," Lewis said. "If these four rights are protected, surveillance is immaterial in its effect on civil liberties.

He points to four essential "political liberties" as if they are the ones that count, as if they are the only ones that count. Note that he left out another very important one, the one that is DIRECTLY violated by the NSA practices:

Amendment 4: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The NSA's massive metadata collection is absolutely UNREASONABLE SEARCH. We all know that. Blabbing on about these other four "rights" reminds me of the rich young ruler that obeyed four commandments, but he failed on the biggest one, because he loved his riches more than God.
MikeSMJ
50%
50%
MikeSMJ,
User Rank: Apprentice
6/19/2013 | 9:22:40 PM
re: What Prism Knows: 8 Metadata Facts
As Bruce Schneier pointed out, the metadata can be more important, and more useful in investigations, than the data. In fact, with "Big Data" research techniques, the metadata can be used to find "key individuals" and clusters of individuals for any community of interest.

That is, the same techniques that are used to identify "potential" terrorists can be used to identify gun control activists, or women's rights activists, or (let's keep this balanced) "states rights" activists.

Once any organization - particularly a government - has this kind of power available, it becomes next to impossible to prevent its use for other purposes than the original intent. There is nothing to prevent the government from deciding that these interest groups are somehow a "danger to the society", and restricting their "freedom of expression and assembly, freedom from
arbitrary detention, and the right to petition the government for a
redress of grievances." Under the circumstances, I believe that
James A. Lewis is being naive to assert that this kind of invasion of privacy is not dangerous.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-3518
Published: 2014-07-22
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to exec...

CVE-2014-3530
Published: 2014-07-22
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.