Security risks in FISA reform
Several noted computer security experts have an interesting paper in the current issue of IEEE Security & Privacy Magazine. Rather than critique the civil liberties implications of the Protect America Act, the “fix” to intelligence wiretapping and surveillance law being debated in Congress, the experts examine potential security weaknesses in the surveillance system run by the National Security Agency, the system that the act affects.
The authors’ essential concerns stem from the design of the surveillance system itself, which they regard as inherently—and perhaps unavoidably—prone to abuse, both from outside forces and, more likely, government insiders.
First, they argue that the “surveillance architecture implied by the Protect America Act will, by its very nature, capture some purely domestic communications…” This seems plausible, considering the design of modern telecom networks, which the authors do a good job of summarizing in easy-to-understand terms. They spend a fair amount of the paper describing how the NSA’s system would inevitably capture purely domestic communications without a warrant—which would be illegal, even if unintentional—and also how hackers could theoretically penetrate the system and steal communications and other intelligence. The authors acknowledge that the design of the NSA’s surveillance apparatus is still secret, but they base their assessments of how it works on press accounts, changes in surveillance law, and on accounts by a former AT&T employee, Mark Klein, about an alleged NSA listening post in
Another fascinating aspect of the surveillance system involves the use of call detail records, which I’ve written about in some detail. Specifically, the authors are concerned that CDRs, which the government probably can obtain without a warrant, can reveal an enormous amount of personal information about an individual, even though the records only contain so-called “meta data,” such as when a call was placed, what number was called, how long the call lasted, and so on. Could CDRs be a productive form of warantless surveillance?
The authors also point out that CDR information can be inaccurate. The NSA uses meta data to decide which conversations and e-mails to listen to or read. So, if the targeting data is bad, how can the NSA be sure it’s intercepting the appropriate communications? To remedy any potential abuse, intentional or otherwise, the authors recommend “frequent ex post facto review of CDR-based real-time targeting.”
There are some indications in the Protect America Act that this review would occur. The government would be required, for instance, to demonstrate to a secret intelligence court that the means by which it determines the location of certain targets is “reasonable.” (The location of a target is a key factor in whether the NSA can intercept without warrants.) But it remains to be seen how this ex post facto review would work in practice, and whether it would involve CDRs.
A number of the authors have quite a history opposing various enhancements to government surveillance of telecom networks, but their report is by no means an outright condemnation of the pending law or NSA’s activities. It’s worth a read just for the technical explanations of how very difficult it is to intercept communications on the net. But they also offer some constructive suggestions and cautionary tales for a surveillance system that we’ll all be living with for the foreseeable future.