This is even worse than it seems. A "hop" can go both ways. So if a terror suspect calls Comcast's main 800 number (or any other high volume number) they can track everyone who ever called that number. And obviously they have to deal with the fact that many people have multiple numbers and treat them as a single node. Three hops from a few thousand suspected terrorists each with multiple phone numbers might include a large fraction of the US population.
Not sure how this could possibly be helpful in an investigation if everyone is a suspect. At some point you have to narrow it down.
Edit: Apparently there are 875,000 names in the "Terrorist Identities Datamart Environment" (TIDE) [1]
So if each of those suspects can be connected to 20 people (hop 1 - 20 people) and each those people can be connected to an additional 20 people (hop 2 - 400 people) and connected again to 21 more (hop 3 - 8,000 people) you could reach the entire world's population.
The article noted people everyone on the internet is on average 4.74 hops from someone else. [1]
If they say "Two or three", that makes me believe that they have no constraints on it, and merely query as many hops' worth of data as is enough to give what they feel to be Enough. "Two or three" implies, IMO, "... to five".
> For a sense of scale, researchers at the University of Milan found in 2011 that everyone on the Internet was, on average, 4.74 steps away from anyone else.
Even if you assume a low chance of everyone getting hit in 3 hops from one Kevin Bacon, there of course isn't just one Kevin Bacon. That "terrorist watch list" is pretty damn long.
Six Degrees of Kevin Bacon is a parlor game based on the "six degrees of separation" concept, which posits that any two people on Earth are six or less acquaintance links apart.
I don't see why they would limit it to phone calls. It would make more sense to use ANY connection: coworkers, phone call, text, email, Facebook friend, relatives, members of organization/school/church, physical location, etc. Any of these could be a "hop".
I'd think you have a good shot at two, almost guaranteed no more than 3.
I'm from Norway, and yet can easily make that kind of connection in 4 hops: I've spoken to a few Norwegian MP's, who obviously have spoken to quite a few Norwegian prime ministers.
There's probably a number of other connections from her as she would have met any number of internationally renowned people both in capacity as prime minister and as WHO director - including US politicians - that might have met Kevin Bacon, but courtesy of the Oracle of Bacon she also has a Bacon number of 2 based on appearing in a talkshow as a guest alongside Michael Bolton documentary with Michael Bolton, who has appeared in some awards show with Kevin Bacon.
Chances are good there's some less obvious route that'd get me there in 3 hops. Once you "allow" off screen meetings, it gets really easy.
It would surprise me, for example, if Kevin Bacon hasn't met some relatively prominent US politicians and/or celebrities that has met one of the Norwegian MP's I've spoken to (for two hops), or if he hasn't met one of the US politicians or artists that have been at the Nobel peace price concerts, where they'd have met either aforementioned Gro Harlem Brundtland or any number of other Norwegian politicians that would either include someone I've met or definitively have met someone I've met (for 3 hops).
I think people tend to overestimate how many steps it'll take, because they see these celebrities and politicians they can't relate to that they think are so far apart from "their" world, but of course that is silly because these people tend to meet a lot of people, and so are natural "shortcuts" to get low number of hops to anyone. For example:
I'm two hops from Mao and Castro (via a trade-union rep I met that was introduced to Mao on a group trip to China in the 60's, and a former left wing politician I've met that met Castro on a visit to Cuba), and as a result at most 3 hops from Stalin and Nixon and most other major leaders contemporaneous with either of them, ranging from "ordinary politicians" to a fascinating laundry list of horrible dictators.
So if a terror suspect calls Comcast's main 800 number (or any other high volume number) they can track everyone who ever called that number
Note Comcast and other commodity services and their tendency for geographical monopolies, and that this is wholeheartedly supported by the governments by which they operate.
It's not so much "everyone is a suspect". It's "everyone is recorded"; investigating any suspect becomes not a matter of data collection, but of data collation. A hadoop job.
You're correct - if it's not useful to the investigation of the person who called Comcast, why would they look at everyone who has called Comcast?
Common sense says that they would not look at that data. If the response is "well they're power hungry, they'll look at whatever they want" then the discussion about the number of hops used is irrelevant since a power-hungry and abusive organization would find no value in limits on this sort of thing in the first place.
On the contrary, common sense--as most of us understand it--has nothing to do with this. The rationale is to gather all data that's potentially useful at some unknown point in the future, and hang on to it for that unknown eventuality.
Case in point: all the license plate surveillance stories that came out today. (Not sure why today, this has been well understood for a couple years now.)
Every single government official and LEO talked to about this data say that gathering and keeping the data indefinitely on 260 million plates, in order to apprehend just 136 individuals, is good practice.
If that's your definition of common sense, I want nothing to do with it.
And the point of this "hops" story isn't whether they're looking at everyone now, it's whether your data is being automatically gathered and stored today to construct who knows what perspectives about you in the future. And at 3 hops of potentially useful data, odds are yes.
>Every single government official and LEO talked to about this data say that gathering and keeping the data indefinitely on 260 million plates, in order to apprehend just 136 individuals, is good practice.
>If that's your definition of common sense, I want nothing to do with it.
I would think this is a perfectly acceptable reason from the point of the NSA, or as someone who would like as much data available as possible to debug a problem. If I could log every event on every cloud instance I've ever launched negligibly this would be something I obviously would want to do as it would help tracking down issues immensely (assuming that I'm not drowning from data overload).
Debugging of your source code is not equal to a pervasive surveillance state intruding on individual privacy, unless you are to assume (incorrectly) that we are all owned by the state and have no independent rights apart from the state.
In the eyes of the law, debugging my source code and tracking every place your car drives on public roads (non intrusively without attaching a GPS device) are exactly the same: legal.
But previous articles posted to HN have had arguments by law professors that at least some of what the NSA is doing is actually illegal, even aside from questions of constitutionality.
The power hungry and abusive still like to give their actions a veil of legitimacy. Abusive behavior might be impossible to stop entirely, but that is absolutely not a justification for making it legal.
I don't understand this argument. The discussion of hops is a veil in the sense that it allows them to feign compliance to oversight and limitations.
But, in reality, they are doing exactly what they represent, except without limitations. So, there is direct bearing.
And, the concern is that by fudging the limits, it's gone from a limited program that gives at least a nod to 4tb Amendment protections to one that is virtually unlimited.
You're 100% right and don't deserve the downvotes. If the rebuttal is that they're power-hungry and abusive, the discussion about the number of hops is utterly pointless.
The discussion about the number of hops is the result of their attempts to thwart oversight. They are misrepresenting what they are doing, so as to avoid constraints.
In other words, they are power-hungry and abusive.
[citation needed] for the blackmail and extortion. It's inane to be so quick to jump from mere ability to do something bad to intent to do something bad.
When you teach American history as I do, you get asked about conspiracies a lot. As it happens, I’m skeptical about some of the biggest conspiracy theories out there — unlike nearly all of my students, for instance, I think it’s highly likely that Lee Harvey Oswald acted alone.
But I’m not one to ridicule such theories either, and I find the smug dismissal with which they’re so often greeted deeply obnoxious. Because forty-seven years ago one of America’s highest ranking law enforcement agents launched a secret campaign intended to blackmail the country’s most prominent civil rights activist into committing suicide.
That’s not a theory, it’s a fact. And once you know that, it gets a lot harder to dismiss other people’s stories of shadowy government goings-on.
Comparing the FBI of J. Edgar Hoover to the DoJ's FBI of 2013 is like comparing the Long Island State Park Commission of Robert Moses to the New York State Office of Parks & Recreation of 2013. Hoover's FBI was a personal fiefdom accountable to nobody, not even the President.
Also, odious as the letter is, it's not exactly forceful. If MLK's civil rights struggle had been shifted forward in time today and he had posted the "I Have A Dream" speech directly to Youtube, he'd have found far worse.
Agreed that Hoover was a bad actor. Thankfully he had fewer tools at his disposal than today's bad actor would. Even those who feel they've learned nothing else new recently (feeling they'd seen evidence of these programs previously), have now learned there are apparently insufficient controls over individual access to "collecting" (taking off the shelf and looking at) NSA files.
Every few months another cop or DMV employee is busted for looking at records they shouldn't. In my book, this problem of collecting the data but not partitioning it from bad actors is one that should be getting more airtime at all levels of government and all levels of security.
"That example of obscene overreach and abuse of a government agency does not count because it is nothing more than an example of obscene overreach and abuse of a government agency."
I think the argument is that you need more justification to claim that a government agency is engaging in blackmail and extortion than "a once in a century character in a different government agency 50 years ago at the height of a national paranoia not seen since that time sent someone a nasty letter."
I agree with you, but I was responding to the claim:
"b/c it has nothing to do with an investigation...now blackmail and extortion???"
I read that as something stronger than "we need to take lessons from history." I think the statement goes further than that to claim that the NSA's purported justifications are entirely pretense and the real motivation is blackmail and extortion. That I think requires stronger proof than "someone sometime did something."
Fears and cautions should not be tied to organizations themselves, but rather to actions. The NSA is not the FBI, yet memories of Hoover should give pause to anyone considering the NSA.
Tying fear and caution to organizations prevents you from learning much of anything from history as the offending organizations are almost all abolished, abandoned, or reorganized. Should experimentalists working in medicine and the humanities not learn from the Tuskegee Experiment because Public Health Service is a different organization today and the Tuskegee Institute no longer exists in a meaningful way?
I don't think anybody disagrees with the broad point you're making; this subthread is talking about how likely it is that the FBI is blackmailing people and trying (clumsily) to convince people to kill themselves based on the actions of Hoover's FBI.
No. It's inane to create conditions under which "mere ability" is so powerful and accessible, then rely on hope and faith that there are no bad actors with "intent" to "do something [evil]". It's not as if we haven't been there before.
OTOH, it's perfectly reasonable to be concerned about the capabilities that we give our government. That is exactly what distinguishes various forms of government and exactly why we have a Constitution that defines ours as it does.
First because it could be potentially useful if you want to catch terrorists. For example if a suspected terrorist calls person X and person Y also calls X, X may be the terrorist leader and Y may be another terrorist.
Second why would they limit it to one direction? There seems to be little if any legal or practical downside to simply collecting more data.
There are plenty of kneejerk reactions to what has been put out in the news lately, but actions like this equally bypass a necessary public debate. Without sufficient knowledge of what is actually transpiring, the American public isn't in the position to say "this is right", or "this is wrong" about what the NSA _actually_ does versus what people conjecture it does.
If you're saying, "I know what the NSA does because Snowden, some slides, and people on the internet told me so", then you're still in the group of heavily misinformed. I would definitely like to see information brought to light from the government's side in a constructive way, and help frame a national debate over these programs. Discussing the legality of foreign and domestic surveillance and constructing a (public) legal rationale will, hopefully, provide a solid foundation for future generations.
Regardless of what is or isn't going on, it's pretty obvious to the common citizen that the rationale for current actions are derived from equivocating legalese.
I would definitely like to see information brought to light from the government's side in a constructive way
How do you propose to gauge "constructive" when the basis of the government's position is that those they are surveilling deserve to be surveilled? Your desire requires a conflict of interest on their part (the continued employment and non-prosecution of James Clapper and Keith Alexander testify to this).
Furthermore, your attempt to marginalize Snowden is unseemly.
While your approach seems to be the rational way to go about it, it's simply impractical.
Officials constantly lie under oath(legalese and national security), and admit to wrongdoings only when they are exposed, and there's absolutely nowhere for them to go. When it is established beyond reasonable doubt, only then they come forward.
Following this kind of pattern, there is no way to have constructive debate. Besides, the government releasing information themselves is a political dead-end.(hint: there's a difference between suspecting(conspiracy theories, tin foil hats etc) and knowing.)
I'm wondering if the NSA is willing to self-fund? I'm sure, given their omnipotence and excellent ears, they could, perhaps, make a few ticks in the stock market. ;)
Before I get labelled tin-foily, let us recall Iran-Contra and longstanding allegations regarding the CIA's drug trafficking... there is precedence.
Communications backup provider - screw SMS Backup / voicemail - backup.nsa.gov could provide a friendly web interface to retrieve and search back through transcriptions/audio of your phone calls in case you forget where it was you mentioned you'd meet someone, or the tone of your date's voice when he/she said they'd be running ten minutes late, etc.
They could probably just modify financial various transactions. Even 0.01% of annual transactions would add up pretty nicely. Levy their own tax. http://en.wikipedia.org/wiki/Salami_slicing
It is an amendment to "H.R. 2397: Department of Defense Appropriations Act, 2014" that reads:
Amash-Conyers-Massie-Mulvaney-Polis Amendment:
"None of the funds made available by this Act may be used to collect tangible things (including telephone numbers dialed, telephone numbers of incoming calls, and the duration of calls) pursuant to an order under section 501 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1861) if such things do not pertain to a person who is the subject of an investigation described in such section."
Yes! I know most people suffer from the "my congressman is the only non-corrupt one"-syndrome, but I actually can say that and not be bullshitting. He's done a great job representing Grand Rapids and Michigan.
I was just clarifying because when you said 'my', I assumed you were referring to the precinct. Senators are Congresspeople, and if you'd said "Diane Feinstein and Barbara Boxer" I'd have probably read it differently.
Wow. Read up on him a little, and am duly impressed... even though we don't agree on many policies, if he were in my district I'd vote for him anyway because he seems like he has principles and sticks to them. At this point what those principles are hardly matters because the rest of Congress has so little integrity.
response offered by DNI counsel Robert Litt. Asked by committee chairman Bob Goodlatte if the government really thought the massive collection of phone records could be kept from the American people, Litt replied, "Well, um, we tried."
I don't get why they are so "shoulder shruggy" about all of this.
I think it is because they live in a world where secrets are to be kept no matter the cost in the end. This article is just another step in the progressive revelations that have totally destroyed their credibility yet they do not care.
Silly question- do any of these comments count as perjury? If you say you're not doing $thing, then it's later revealed that you indeed did $thing, then you come out and say "Yeah, we do $thing"
How.. how do we not penalize and punish people for this? When they make knowingly false statements in official government capacity?
I think those are two separate issues. I think the key difference is public support. Once all the facts about the NSA have come out, I think the public will be against what the NSA is doing. Bush's torture program divided the country more, and I suspect it's largely because 9/11 isn't as fresh on our minds now.
Truthfully, I think that the torture programs are to Prism as the McCarthy Committee is to the Vietnam War.
That last bit is what worries me (9/11 not fresh in people's minds).
A disaster any day now facilit^H^H^H^H^H^H allowed to happen would serve the political status quo very well.
Am I being overly paranoid? I don't think the people in charge of the NSA shenanigans care one whit for loss of life if it would consolidate their power further.
There is a difference in separation too. Prism could be spying on you or me, while the torture programs are torturing someone somewhere. Not saying this is right, but direct impact tends to motivate people more.
Justice takes time sometimes, especially when we're talking about powerful people who can claim "national secrets" at the drop of a hat. Think about how much work federal prosecutors have to do to convict someone like James Clapper (or anybody else that's lied to Congress). For reference, the Enron scandal was revealed in 2001, but it wasn't until 2006 that Kenneth Lay and Jeffrey Skilling were found guilty. And they didn't even have a national security excuse.
Truthfully, now that public opinion has come out against Prism, I think that the politicians are going to do everything in their power to publicly punish the people responsible. We just need to be patient.
good catch. I know i had heard that there was someone testifying to congress under oath, so I made the assumption that that was the process. It's interesting that there is no true reason to stop congress from always having people offer a testimony under oath, yet they allow it. another blatant loop hole.
That's not how justice works. Unless you're found with a dead prostitute covered in blood, you don't owe anything to anyone if you're already powerful.
Well, politics can intervene. Nixon and Clinton were so detested by their opposing parties that they were (or nearly were) impeached for fairly trivial reasons.
Sure. His real personal blunder was recording his conversations. High-level politics is mostly gangsterism. That has been true...forever. Nixon's out-in-open crimes like bombing Cambodia were much worse than his celebrated two-bit break-in, but no one did a thing about it.
Hell, LBJ should have been put before a firing squad. Does anyone think that was a real possibility?
I think what was meant was the opposition can play a large part in an intervention for trivial reasons so a grave reason should be more than enough motivation.
That's very true. But look at the political atmosphere now.
I feel that there's opposition theater rather than true opposition. Some of the things in opposition don't even make sense. People bicker over trite best left to late night "reality" TV, and how many actually believe the things they spout? Nixon, though he's one of my least favorite politicians, and Clinton actually believed in something; what do today's career politicians truly believe now?
With the rise for 24/7 news and the internet, live performance to an ever vigilant target demographic is taking precedence over substantive action.
I don't blame the politicians. I blame the people.
They were planning to do a lot more than spy, too. They were planning to kill both Daniel Ellsberg (if they couldn't discredit him first, e.g. by giving him LSD to make him nonsensical just before making a public appearance) and the journalist Jack Anderson.
Classy. Though considering how it was recently revealed that Nixon intentionally torpedoed the talks with Vietnam before he got elected, that's totally in line with the character.
Not to mention "collection" seems to be used to describe the act of an analyst using the data, not storing it for future use[1]. I interpreted this quote as, "We are not currently using geolocation data, just storing it for future use".
--
[1] Based off Clapper's explanation, "To me, collection of a U.S. person's data would mean taking the books off the shelf, opening it up and reading it"[2]
How can we refute the NSA's policies when they change definitions of words? If we attack "collection" then they redefine it as analysts' having queried for the data, but what about when we attack "storage"? Would they redefine how data is "in storage" to include only when it's stored in a web browser cache (for example)?
What do they call it when data is re-routed to their data centers for indexing and storage?
> "We are not collecting [geolocation] data," Inglis said, "under this program." (emphasis added)
The very first question that comes to mind when I read that quote is:
Well, then, under what other program are you collecting geolocation data.
The answer implies the possibility that they are in fact collecting geo. data, just not as part of this program, so the answer is technically truthful, while also being fully deceptive.
> The author of the Patriot Act, Jim Sensenbrenner of Wisconsin, reminded the government that the act was up for renewal in 2015. The provisions for phone metadata collection, he warned, have "got to be changed … otherwise in a year or year and a half you're not going to have it any more."
Wait? That's the threat? Shouldn't they have to prove that they have sensible "provisions" before they get to keep doing it? Or how about, we are going to take immediate action and you come back to us when you have sensible provisions.
How about we repeal (or at least let expire) both the Patriot Act and FISA Amendments Act, and then we start over from scratch, and have a real 2+ year national debate on what NSA's job should be and what level of oversight they need to have.
Also, don't even think about putting back the "general warrant" provision in the laws. That is and will always be unconstitutional. You have a target? Ask a judge to give you a normal warrant, for that target, or for several targets at most - not a whole country.
You're not going to get anywhere with the argument that the NSA needs to get a regular warrant for all investigations. The specific warrant requirement has never applied to their purely foreign intelligence activities.
Who determines what provisions are sensible? Clearly the intelligence community can't do it unilaterally, because nobody would buy it. And we're talking about years before Congress or god forbid the courts can take any actions. Do you think it's a good idea to shut the NSA down until then?
10% of people living in america are not citizens. 90% of people are. If their definition of 'foreign' is 'non-citizen' and they only have to be 51% certain that someone is foreign, that is a 49% error rate, which means (at a maximum) 90% of the people they have in their databases and are tracking are american citizens.
If they had to be 91% certain, that's a 9% error rate, and they would have a database that 52% are american citizens...
"Tjaden actually sat down and figured out what the average Bacon number is for the quarter million or so actors and actresses who have played in television films or major motion pictures and came up with 2.8312 steps. Anyone who has ever acted, in other words, can be linked to Bacon in an average of under three steps."
Are you saying that if Bacon gets flagged because he takes part in a peace protest then all the quarter million or so actors (i think it's just actor these days, not actress, women's lib and all that) who played in television films or major motion pictures will have their numbers run by you know who? Thanks a lot Bacon.
I wonder (and would not be surprised) if the nodes are always defined by phone number alone. Meaning, if you made a restaurant reservation at the italian place by your house, you're two hops from everyone who's ever called or been called by them.
From what I've seen while studying in an academic research lab:
The tools student researchers were designing (commonly in Jython at my school, btw) integrated multiple networks at once with surprising fluency. It was often a dopamine-stimulating part of demos to say something such as, "See, this is the extent of the phone number graph, and now we add the email data <click> and now we add facebook data <click> and now resumes <click> and now mailing lists <click> and shopping records!"
Also, they use discrimination functions to weed out nodes with heavy use, like a restaurant take out number. Typically, they can histogram # of connections and use central moments such as kurtosis to determine if a particular node has too many connections.
That seems unlikely; otherwise you could stay off the radar by just establishing a protocol of only calling your terrorist friends, rather than having them call you (or vice versa, if that's the direction a "hop" indicates).
The scenario you describe wouldn't be helped by using an undirected graph, since common hubs (technical support, sex chat lines, sales cold calls, etc.) would connect almost everything with very short path lengths. A common compromise is to throw away all non-reciprocated edges and then use an undirected graph. Your protocol would still keep you off the radar, which illustrates some of the difficulties of the approach.
It's not a filter, but you're losing a lot of information by discarding direction. Without direction, most nodes will likely be part of a giant connected component with small diameter, due to the presence of hubs. See my other comment in this thread.
I don't care about if it's two hops or three; they're collecting a metric shit-tonne of info. It's like really large amounts of money: if a corporation makes a million dollars or five million dollars, it's all just numbers on a page for me. This "revelation" doesn't change the game at all, because I know that there's still a lot of shit that the NSA isn't telling us about their activities. Feels like hit bait (and it's worked).
Regardless of the general concepts of lies, collect-it-all, and "metric shit-tonne of info", the difference between two hops or three is literally "exponentially more".
It's not lost on me that it's a lot more. Trust me; I've done math before. But really, once a dataset is sufficiently huge, it's just "big." Could it be bigger? Sure. But it'll still be big. Again, five million dollars is five times more than a million dollars, but it's still just a bunch of money.
To put it another way, it'd be foolish to assume that there are limits on how much data they're collecting. Those limits on what can be collected and from whom probably exist somewhere, but it should not surprise anybody any more that the NSA is collecting x data from y userset. We're in the future now; you should operate under the assumption that any and all data is being logged by somebody, and that the walls that keep that data from others are only so strong.
"....."The statute says 'collection'," congressman Jerrold Nadler told Cole. "You're trying to confuse us by talking use."
"...One senior member of the panel, congressman James Sensenbrenner, the author of the 2001 Patriot Act, warned the officials that unless they rein in the scope of their surveillance on Americans' phone records, "There are not the votes in the House of Representatives" to renew the provision after its 2015 expiration."
"You're going to lose it entirely," Sensenbrenner said.
NSA warned to rein in surveillance as agency reveals even greater scope
NSA officials testify to angry House panel that agency can perform 'three-hop queries' through Americans' data and records
3 hops is a lot of data. For example I have about 100 friends on Facebook. One of my friends I know has around 500 friends on Facebook and if they're friends have a lot of friends that is a ridiculous and unnecessary amount of data being harvested about people I have never met, have nothing to do with and will never meet.
How can Obama keep on allowing this to happen? This is just getting ridiculous now and if it weren't for Snowden leaking the information, we wouldn't even know it was happening...
Using a German Business-Social-network, I do have 120 contacts (first hop and I am not a power-user there). After the third hop there are about 1.1 million people.
And that is just one network. Use telephone, other social networks, snail-mail, et al.
The longstanding question of whether or not phone metadata collected by NSA includes geolocation data has been answered. "We are not collecting that data," Inglis said, "under this program."
Not sure how this could possibly be helpful in an investigation if everyone is a suspect. At some point you have to narrow it down.
Edit: Apparently there are 875,000 names in the "Terrorist Identities Datamart Environment" (TIDE) [1]
So if each of those suspects can be connected to 20 people (hop 1 - 20 people) and each those people can be connected to an additional 20 people (hop 2 - 400 people) and connected again to 21 more (hop 3 - 8,000 people) you could reach the entire world's population.
875,000 x 8,000 = 7 billion
[1] http://www.reuters.com/article/2013/05/03/us-usa-security-da...