TIA (aka Topsail) unveiled: the real scope of the NSA's domestic spying program
5/11/2006 by Hannibal
Communications metadata and The Big Database in the Sky
The new USA Today article reveals that the NSA has been collecting and archiving "transactional information" on all domestic calls made within the US—who called whom, when, from where, etc. The transactional data is acquired from cooperating telcos (AT&T, Verizon, BellSouth, but not Qwest) and fed it into a massive database so that the NSA can analyze the collected calling patterns for clues as to possible terrorist activity. Contrary to what the government has publicly claimed about the NSA's massive signals intelligence (SIGINT) vacuum, there is no requirement here that one end of the call be located in a foreign country; we're talking about calls between me and my grandmother, and in fact about every call I've ever made over the past few years.
You might recall from our earlier coverage
of a related instance of law enforcement overreach that government access to phone call transactional data is regulated by 18 USC 2703, which stipulates that the government doesn't need to show "probable cause" when petitioning for a court order to obtain this information on a customer. The standard that the government must meet is set at a lower threshold than probable cause, but it's not set at zero.
Crucially, the NSA's data-mining program not only dispenses with probable cause, but it dispenses entirely with the court order and thus with the lowered standard of evidence.
Think about that for a moment: the program is secret, and there is no judicial or congressional oversight (as of today
, there's not even any executive branch oversight from the Justice Department), so the national security establishment has arrogated to itself carte blanche to snoop your phone activity and possibly to detain you indefinitely
without a warrant based on what they find.
More to come
The original revelations about the NSA's SIGINT vacuum were just the tip of the iceberg, and the new revelations show us just a little bit more of the beast. Based on a few fairly recent stories we've run here at Ars, it appears there's probably more that we've yet to see. Much more.
Exhibit A is the story I linked above, about the feds getting a judicial ruling that extends the definition of "transactional information" to the data about your physical location that cell phone records contain. Law enforcement can now track your physical location via your cell phone without showing probable cause, so the precedent here is that, in the absence of clear laws
governing this specific type of data (i.e., cell phone location data) the definition of "transactional data" is being stretched to fit new types of communications "metadata."
Now let's look at Exhibit B, which is an article on an AT&T whistleblower
who spilled the beans on the NSA's secret surveillance rooms at major telco hubs. Inside these surveillance rooms is NSA network traffic analysis equipment, which is hooked into the fiber optic feeds of the main network via splitters that can siphon off signal for the NSA to snoop. The NSA then passes this siphoned signal through some heavy-duty traffic analysis equipment from a company called Narus. Here are just a few things that one of the Narus products can do, according to the product web page
* Universal data collection from links, routers, soft switches, IDS/IPS, databases, etc. provides total network view across the world's largest IP networks.
* Normalization, Correlation, Aggregation and Analysis provide a comprehensive and detailed model of user, element, protocol, application and network behaviors, in real time.
* Unparalleled extensibility - NarusInsight's functionality can easily be configured to feed a particular activity or IP service such as security, lawful intercept or even Skype detection and blocking.
And here's what the "intercept suite" add-on module lets you do with this device:
* CALEA- and ETSI-compliant modules for lawful intercept featuring a robust warrant management system. Capabilities include playback of streaming media (for example, VoIP), rendering of Web pages, examination of e-mails and the ability to analyze the payload/attachments of e-mail or file transfer protocols.
USA, meet TIA
* Proprietary directed analysis monitoring and surveillance module offering seamless integration with the NSS or other DDoS, intrusion or anomaly detection systems, securely providing analysts with real-time, surgical targeting of suspect information (from flow to application to full packets).
* Law enforcement has shown that they consider any transactional data arising from voice communications—either POTS (plain old telephone system), cellular, or VoIP—to be fair game and to be covered by a much lower threshold than "probable cause."
* In the absence of up-to-date laws, the POTS-based definition of "transactional information" is being stretched to fit new forms of data arising from new forms of communication (e.g. location data arising from cell phone calls).
* The NSA, for its part, has gone further and demonstrated that they consider such transactional data to be theirs to snoop, aggregate, and mine without any kind of court order at all.
* This transactional data can be correlated to specific end users by indexing their phone number(s) into a wide array of commercially available databases that cover many other aspects of our financial and private lives.
* The NSA also has in place the ability to collect "transactional information" for IP-based communications, like Web sessions, email, FTP, VoIP, and more.
Now, does anyone seriously think that the NSA is not collecting transactional data (at a minimum) for Web, email, FTP and other IP-based communications, and/or that they're not tying all of this data to individual users?
Just in case you're not convinced that the NSA is, right now—not at some unspecified point in the future, but at this very moment—compiling a complete and customized voice and data communications profile of every US citizen and mining all of those profiles for "terrorist activity," take a look at these paragraphs from a 2002 Wired article
that we linked in this post
It's a system which, it hopes, will ferret out terrorists' information signatures -- clues available before an attack, but usually not correctly interpreted until afterwards -- and decode them prior to an assault...
According to the IAO's blueprint, TIA's five-year goal is the "total reinvention of technologies for storing and accessing information ... although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes."
Our own coverage also pulled this quote from the now-defunct DARPA page for TIA:
According to DARPA, such data collection "increases information coverage by an order of magnitude," and ultimately "requires keeping track of individuals and understanding how they fit into models."
The USA Today report, in conjunction with other reports on the nature and scope of the NSA's communications surveillance activities, paints a picture of a massive data collection program that is in operation right now and is essentially an implementation of the very same TIA initiative that Congress has repeatedly tried to stop. Contrary to what DARPA claimed when they publicly started taking bids from companies to get involved with TIA, this program apparently does not require some "revolutionary" technology that's years in the future. It is being done now, with today's technology.
This should come as no surprise to anyone who's been paying attention. Earlier this year, we linked a Newsweek article
that reported that TIA was still around in the form of a program called Topsail. Late last month, Technology Review reported that this program had at some point been moved from DARPA to the NSA
, and magazine asked the question:
"Has the NSA been employing those TIA technologies in its surveillance within the United States? And what exactly is the agency doing, anyway?"
Well, now we know that the answer to the former question is a definitive "yes," and we have parts of the answer to the latter question.
Continue Reading this article...