Once again, I suggest everyone interested read James Bamford's book Shadow Factory.
All these revelations regarding call metadata, PRISM collection (albeit under a different codename at the time), modern fiber taps, and even more are covered.
You'll learn about how they shave fiber optic cables in order to intercept traffic and not be detected. You'll find out about the various facilities already reported, along with others like the NSA Georgia facility. You'll find out exactly where on what beach these fiber lines run in and out of. It's a very well-researched book.
You'll learn a lot more than what's been verified with these leaks.
Was expecting to find comment by tptacek explaining how WP's Craig Timberg has no journalistic integrity because "direct access" clearly doesn't mean the NSA gets whatever data it wants by whatever means necessary. Rather, "direct access" can only imply the NSA administers the credentials of each and every server and database existent, which clearly couldn't be true.
My thoughts exactly. I had assumed that tpateck would have magnified a figure of speech (e.g. full control -> judge can only appoint not remove), ranted about some obtuse point (e.g. which foreign government does not spy), and enjoyed the thread on violation of first/fourth amendment right derail from the issue. And all of his posts are moved to the top by HNers who recognize the name.
It wasn't. I agree there's a little bit of wrongness to that, but I hope his parent post won't mind too much, because there's a lot of truth to his point. Often we get more information like this, a fuller understanding of how Americans have been paying billions of dollars to fund this surveillance weapon that threatens the human race, and find an extremely well-written post by an obviously highly intelligent tptacek at the top, explaining why, strictly speaking, this is all legal -- or something. I'm glad I'm not the only one who finds it annoying.
Oh, I figured I was missing some context. I still hope that's the case. I'm not sure what value there is to replying to imagined posts by people who aren't posting, and hijacking the top rated comment to boot.
Those posts usually have a lot of responses that rise to the challenge though, and without any opposition or advocacy for the devil, much less (or even nothing) is learned. I don't think it's fair to call him out like that, HN is better than this and posts can be dealt with on a one by one basis.
Take off all the nicks, for maximum message resolution.
I think this is a bit of a cheap shot at tptacek so will defend him in his absence.
First, when it comes to programs by US intelligence agencies (both previously known, currently revealed, and yet to be revealed) there are multiple categories of evaluation: namely, ethical, legal, constitutional.
Generally speaking, everything the Feds are doing is legal in the sense that it follows a specific legal process that was setup in the scare over terrorism, which both expanded the powers of the executive branch and created "shadow courts" which presumably provide some checks and balances in the system. Of course, we can't really know how reliably these work since the process for National Security Letters and other aspects itself is secret. Nonetheless, there are specific process in places that seem generally speaking to be followed. How often there are "exceptions" to this process is difficult to ascertain, and has not really been a focus in the present debate.
When it comes to constitutionality, it is a hotly debated topic among Americans partially because it was the bedrock of the American state, but an increasing number of Americans (including justices) either aren't knowledgable or don't care about the specifics of the constitution. This is a huge topic, but it is sufficient to say that something can be unconstitutional (even blatantly so) and nonetheless be legal. In this specific case, it is difficult to know how or whether the protection against "unreasonable" searches includes storage of metadata associated with phonecalls that can be searched by an analyst.
Then, more broadly, there are a wide representation of ethical issues. For example, it is completely legal and constitutional to spy on non US citizens, but are there any boundaries that should be set on what is and is not acceptable behavior? My strongly held view is that, at least when it comes to US hq'ed companies with a large foreign user base that they provisions in places for non US citizens should at the very least be the same as those for US citizens. However, saying that something should exist and implementing it are two different things, and one is considerably more difficult than the other.
So this is all basically to defend tptacek and say that it is important to differentiate when accusing the US government of "crimes." In other words, there are lots of unethical things that you can do that are perfectly legal.
I'm mocking the "direct action" fabricated controversy. I apologize that wasn't more clear.
I fully expected Craig Timberg to be attacked, just like Glenn Greenwald was.
It is unfair that I'm using a nym, whereas tptacek's a real identity.
It may be unfair to single out tptacek out of the mob of people banging the "direct action" drum. He stands out here on HN. Since I'm using a nym, I won't belabor the point.
As I assume tptacek would also say, the specifics of the "direct access" are rather a big deal. If the access is constrained to NSLs approved by judges in regulated quantity, you have a legal process. Perhaps there is no independent oversight or accountability to the public at large, yet you still have legality.
However, if any analyst can at whim look at the info associated with any gmail account / Facebook user / etc. then you have a clearly extra-legal approach with absolutely no accountability.
Also, there is a significant difference between capacity and use. If a analyst or a sys admin for the NSA has capacity to view things but does not actually have permission from the NSA to use that capability absent an NSL, then
To be honest, to date nothing has emerged that makes it seem that the NSA has this sort of capacity, except when it comes to Verizon phone calls, although I don't think we know much if anything about the NSA's downstream capabilities when it comes to major Silicon Valley firms.
In short, I assume that Google, Facebook, etc. are telling an important truth when they say that access is limited to legal processes. Whether or not the NSA also has and uses downstream access to similar data is another question altogether.
In addition to The Shadow Factory he also wrote The Puzzle Palace and Body of Secrets. I'm not sure how much material is shared between the three books, or if they're meant to be read in any certain order, but I'm plowing through The Puzzle Palace now.
OK, good, glad to hear that. I had sort of assumed that that was the case, but wasn't sure. It's a lot of material to slog through, but I find this stuff fascinating for some reason.
Specifically relating to the recent revelations, this book was where I learned of the NSA's "vacuum cleaner" approach, in which all available messages are collected -- in this case, it was trans-Atlantic radio transmissions being monitored by ECHELON. So, an American citizen in the UK calling an American citizen in the US would have their call collected.
The approach (collect everything you can at the trunk line or server farm) is very similar to the e-mail collection strategy that's being documented now.
I don't see why that would be true. This is classical signal transmitted optically, not quantum cryptography. There is no reason you couldn't splice the cable through a machine that recorded the signal and then recreated it. Or a beam splitter that removed just a small fraction of the signal; the effect would be a slight increase in transmission loss.
I had a professor who did optics research sponsored by the NSA. They didn't tell him the intended application, but he suspected it was to tap optical fibers by evanescent wave coupling (see http://en.wikipedia.org/wiki/Evanescent_wave#Evanescent-wave... ). It's as if photons are quantum tunneling out of the fiber, so there is no need to physically cut into it. That would have made the tapping nearly undetectable.
The prevailing theory is that they do the latter; the former would be both easy to detect (at the time of splice) and locate (via TDR).
Getting the signal out of the fiber pales in comparison, though, with the task of getting all of that data back to Maryland/Utah.
Unless they have specific cooperation of the cable owners and can tap/split the fibers at the landings, they must be spending a significant percentage of the cost of the original fiber runs (in parallel cables to return the tapped data). The mind reels.
I don't know much about undersea cables (although it is a fascinating subject), but I imagine there's no need to tap a cable in the middle of the ocean. If instead you tap it a couple miles offshore (even tens of miles), suddenly have a lot less undersea fiber to run. And if multiple cables come ashore at the same place, you can probably disguise it as just another fiber.
Of course, this requires a friendly country at one end of the cable, but that's probably not too big a problem.
I don't believe fibre cables are single length. Between your point of signal origin and the destination are already a number of boxes that act as repeaters. To split the cable, you'd effectively add in another one (or subvert the provider, of course). Or I believe you can tap the cable anyway:
What's to stop a direct packet copy? The line goes in, a digital device sees the packets, copies them bit for bit and sends the original to their destination and a copy to the NSA. Similar to headphone splitting.
I think most of the taps they're referring to involve tapping light directly off the fiber, which reduces the light intensity at the receiving end and can therefore be detected in theory at least
Interfering with existing amplifiers/signal boosters would be fairly hard to hide unless the NSA was solely responsible for that units maintenance, and I suspect that as a general rule they aren't. It's much easier to hide a tap at some random point along the line where nobody has any reason to visit
There are different non-disruptive techniques, two known methods being "shaving" the cable and the other involves bending the fiber optic cable at certain angles.
I wouldn't be surprised if there are other esoteric techniques that somehow allow NSA to monitor emanations through an intact fiber optic cable and its shielding.
No, you have not made it up in your head. It has been widely accepted as a fact but I guess if it was originally true there must have been a few "givens'.
Who said this? It seems obviously false. All you would have to do is insert a detector and another emitter that simply replays everything the detector reads.
While I agree it's certainly false, your implementation idea would almost certainly introduce detectable delay. All you'd need is a beam splitter. You can manufacture them to only take 1% of the beam.
Sure. But "Hey guys, just to let you know, we moved our relay back a couple meters for reorganization" would also introduce detectable delay -- I doubt anyone actually cares about the delay.
In the late 90's, I attended a presentation that described doing just such a fractional-light fiber split at major exchanges (e.g. MAE-West) to collect data for research purposes. [1] While the researchers were probably trustworthy, I remember thinking that such sniffing seemed like it could be pretty scary in the wrong hands.
(The presentation was given by Evi Nemeth, who was sadly in the news recently due to being lost at sea.)
[1] http://www.caida.org/workshops/isma/9808/report.html
"The coral/ocXmon family of monitors use optical splitters to tap fiber, filtering 5-10% of the light signal to interface cards in the coral monitoring host."
These splitter work in the domain of light-pulses transmitted over a fiber. So you get 100% of the messages, but the flashes of light representing the bits will be much weaker. Probably this will mean that you have to put in much more effort to decode the signal than a usual network-device will need, and also probably means that you will have a higher number of errors in your data.
On the other hand, if you'd tap only a short distance downstream of the transmitter (or an inline amplifier), that 1% might be plenty, undisturbed by the distortions introduced further on the line, so probably that's the preferable tapping location anyway.
[I know that I'm oversimplifying a lot here and modern optical communication systems work much different.]
It depends on the power budget of the fiber link. A 3db splitter would tap 50% of the power, but if this was planned for in advance it would be easily integrated in the long haul network.
All these revelations regarding call metadata, PRISM collection (albeit under a different codename at the time), modern fiber taps, and even more are covered.
You'll learn about how they shave fiber optic cables in order to intercept traffic and not be detected. You'll find out about the various facilities already reported, along with others like the NSA Georgia facility. You'll find out exactly where on what beach these fiber lines run in and out of. It's a very well-researched book.
You'll learn a lot more than what's been verified with these leaks.
http://www.amazon.com/The-Shadow-Factory-Eavesdropping-Ameri...