NSA Spying: A Matter of Degree
We have long noted that the government is spying on just about everything we do.
The NSA has pretended that it only spies on a small number of potential terrorists. But NSA Deputy Director John C. Inglis inadvertently admitted that the NSA could spy on just about all Americans.
Inglis told Congress last week that the agency conducts three-hop analysis.
Three-hop (also known as three degree) analysis means:
The government can look at the phone data of a suspected terrorist, plus the data of all of the contacts, then all of those peoples contacts, and all of those peoples contacts.
This means that a lot of people could be caught up in the dragnet:
If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.
Given that there are now approximately 875,000 people in the governments database of suspected terrorists including many thousands of Americans every single American living on U.S. soil could easily be caught up in the dragnet.
For example, 350 million Americans divided by 2.5 million Americans caught up in dragnet for each suspected terrorist, means that a mere 140 potential terrorists could lead to spying on all Americans. There are tens of thousands of Americans listed as suspected terrorists including just about anyone who protests anything that the government or big banks do.
As the Electronic Frontier Foundation notes:
According to an unusually blunt Senate investigation of so-called fusion centers released last month, the TIDE [i.e. suspected terrorist] database is also full of information of innocent people that have nothing to do with terrorism. The report gave examples of: a TIDE profile of a person whom the FBI had already cleared of any connection to terrorism, a TIDE profile of a two-year old-boy, and even a TIDE profile of Ford Motor Company.
ARS Technica reports:
When the first revelations about the National Security Agencys (NSA) widespread collection of phone call metadata and Internet traffic began to surface, South Carolina Senator Lindsey Graham noted that for those not talking to terrorists on the phone, We dont have anything to worry about. Im glad that activity is going on, but it is limited to tracking people who are suspected to be terrorists and who they may be talking to.
Turns out the data collection is not so limited. In testimony yesterday before the House Judiciary Committee, National Security Agency Deputy Director Chris Inglis said that the NSAs probing of data in search of terrorist activity extended two to three hops away from suspected terrorists. Previously, NSA leaders had said surveillance was limited to only two hops from a suspect.
If youve ever played Six Degrees of Kevin Bacon or used LinkedIn to try to reach someone professionally, you know how small the world of interconnected contacts can be. When you use big data tools to mine for relationships, the world gets even smaller. That third hop in connections greatly expands the probability of innocent people worldwide being scooped up into the NSAs surveillance machine to include a good-sized share of American citizenscitizens who Senator Graham said dont have anything to worry about.
***
By reading this article, youre one hop from meand three hops from [Afghan President] Hamid Karzai.
***
The NSAs systems sort through the data using algorithms to find connections. These can be detected in near real time from Internet data or discovered in the periodic dumps of phone metadata from carriers, building upon the systems knowledge of previous connections. The system narrows the field of potential surveillance targets through a process thats similar to playing the game Six Degrees of Kevin Bacononly, in this case, its more like Three Degrees of Osama Bin Laden.***
To determine how many hops you are from Osama, for example, the NSAs data analysis engine software constantly plows through information and builds a model of all the relationships between every phone number on record and every IP address. Other software robots query the graph to discover which nodesphone numbers, IP addresses and email accountsfall within three degrees of separation from an established suspect.
If you have a direct relationship with a suspected terrorist or target (youve called them, youve emailed them, youve visited their website) thats a one hop relationship; theres a solid line connecting you to that person in the NSAs relationship graph. If you talk with, e-mail, or visit the Facebook page or website of someone whos got a one-hop relationship, youre two hops away. Add one more person in between in the graph, and youre three hops away.
If youre within three hops, you may get flagged for analysis, and then you could get extra special attention, such as a secret FISA warrant request to use PRISM for access to your data on cloud providers servers.
Under the NSAs FISA requests, Google, Microsoft, and other Internet services companies can be compelled to hand over relevant data from their servers on any account that falls within the three-hop range and is flagged as belonging to a person of interest. If youve won this lottery, the NSA will get access to your e-mails on Gmail or Outlook.com as well as your chats and Web-stored contacts, your documents, your synced data from computers and mobile devices, your backups, and anything else that can be handed overat least, so the documents Snowden leaked imply.
Your raw Internet traffic will get more attention as well. Your IP address will be watched more carefully by deep packet inspection hardware at the NSAs Net taps, and what you do online will get extra scrutiny.
If your behavior is anomalous enough, and if youre a US resident, the NSA will pass the surveillance over to the FBI. Otherwise, your data will be collected and analyzed until its determined that you have nothing to do with the alleged terrorist; how long that process takes (and how long the data is retained after analysis) is unknown.
Unfortunately, it doesnt take much to hit the three-hop jackpot; without knowing it, a large percentage of the worlds population (and the US population) could easily be classified as being in a third degree of separation from a suspected terrorist.
A great deal of research has been done into the interconnectedness of people in the Internet age. Social scientists, mathematicians, and computer scientists have explored the small world phenomenon with studies and experiments for over 50 years, and their findings show that the small world keeps getting smaller as technology advances. In 1979, chair and founder of MITs political science department Ithiel de Sola Pool and the University of Michigans Manfred Kochen published a paper titled Contacts and Influence, which draws on a decade of research into social networks. De Sola Pool and Kochen posited that in a country the size of the United States, if acquaintanceship were random and the mean acquaintance volume were 1,000, the mean length of minimum chain between pairs of persons would be well under two intermediaries.
In other words, if the average person in the US has contact with and is acquainted with 1,000 others (through brief interactions, such as an e-mail or a phone call, or through stronger associations), then were at most two hops from anyone else in the US. Ergo, if any one person in the US is one hop from a terrorist, chances are good that you are three hops away.
***
Live in a major metropolitan center in the US and youre bound to be two degrees of separation away from someone in a country thats of interest to the NSA. For example: I have been a regular customer of restaurants owned by Baltimores Karzai family, which is headed by a brother of Afghan President Hamid Karzaitwo hops. Im also, according to LinkedIn, two degrees of separation away from President Obama. Am I a good guy or a bad guy?
The Internet has blown the level of interconnectedness though the proverbial roofwe now have e-mail, social media, and instant message interactions with people well never meet in real life and in places well never go. A 2007 study by Carnegie Mellon University machine learning researcher Jure Leskovec and Microsoft Researchs Eric Horvitz found that the average number of hops between any two arbitrary Microsoft Messenger users, based on interaction, was 6.6. And a study of Twitter feeds published in 2011 found the average degree of separation between random Twitter users to be only 3.43.
So even if the NSA limited its surveillance activitiesand by surveillance I mean active probing of the content of communications of an individualto people within two hops of suspected terrorists, thats a sizable population. Three ratchets it up to hundreds of millions or potentially billions of people, especially when the definition of a hop is based on relationships so casual we could create them by accidentally clicking on a link in a spam e-mail. So far, we know that there have been about20,000 requests for FISA warrants to surveil domestic targets since 2001, but if those warrants covered three hops from the suspects at the center of the requestsdepending on how tightly or loosely the NSA defines a relationshipthree hops could encompass as much as 50 percent of the Internet-using population of the world.
Whats the likelihood that youve managed to fall into that 50 percent? Well, if you live outside the US or ever talk to anyone outside the US, your odds go up. If you have contacts in parts of the world that the US government has interest in as sources of terrorism, it goes up much more. That places people like me (journalists), social activists, academics, and a large chunk of the business world in a zone of high risk for NSA surveillance.
***
Youd be a fool not to at least consider the possibility that the NSA is already reading your e-mail.
The New York Times writes:
Adding a new chapter to the research that cemented the phrase six degrees of separation into the language, scientists at Facebook and the University of Milan reported on Monday that the average number of acquaintances separating any two people in the world was not six but 4.74.
If the distance between any two people in the world is 4.74, the distance between any two Americans is probably less than 3 .
Legendary NSA cryptographer and mathematician William Binney who worked at the agency for 32 years, and who was the head of the NSAs global digital data efforts created a much better two hop system before 9/11.
Called ThinThread, the system created by Binney (with the help of Thomas Drake,Kirk Wiebe and Ed Loomis) automatically encrypted all Americans communications to protect our Constitutional rights. Information was gathered on people within two hops of suspected terrorists, and information could only be decrypted by a court order. In other words, Binneys system created a structure in which innocent Americans couldnt be spied on unless there was a court order showing probable cause.
Binneys system was actually cheaper and more efficient than the NSAs current Constitution-violating system.
Binney told us:
The zone of suspects was for us limited to two degrees (hops). Beyond that increases the problem exponentially. So, three hops is going much too far.
By going much too far, Binney means that the NSA is unnecessarily trashing Americans Constitutional rights.
But he also means that the more data the NSA gathers on more innocent Americans, the harder it will be to catch bad guys. Because contrary to the NSAs claims looking in bigger and bigger haystacks doesnt help find the needle.
Technical Postscript: We asked Binney about the formula for determining how many Americans would be caught up in a three hop dragnet. He explained that simple formulas cant give an accurate answer, as it depends on such factors as whether government and business organizations are eliminated from the hop analysis:
If you dont eliminate commercial companies and government agencies from the calculations, then by inclusion they reduce the number of degrees of separation.
Binney also explained that failure to eliminate duplicate contacts, the number of people caught up in the dragnet could be over-estimated.
Go here to see the original:
NSA Spokesman Accidentally Admits that the Government Is ...
