[Cryptography] A lot to learn from "Business Records FISA NSA Review"

John Gilmore gnu at toad.com
Sat Sep 14 23:37:07 EDT 2013


This is one of the documents that an EFF Freedom of Information
lawsuit asked for.  The government had been claiming they could not
release ANY FISA court orders or submissions.  When the President
ordered the intelligence community to declassify more info in order to
present a fuller picture of the issues that Edward Snowden's leaked
documents raised, they went back through all the relevant documents
and, last week, released hundreds of pages in a rough dozen documents,
that they had initially claimed were exempt.  I read this document the
other night and learned a lot.  I encourage y'all to read it -- and
other recently released documents.

These are not "leaked" documents from Mr. Snowden.  These are
officially released documents from the NSA and Department of Justice.
While their choice of "what to release and what to black out" may have
been self-serving, the documents themselves are real and official.
They candidly describe a particular part of NSA's internal operations
that relate to the telephone metadata collected about on everyone in
the US.

Their main goal in writing this document was to convince the FISA
court (which had ordered them in 2009 to stop accessing the telephone
metadata after NSA told the court that some of it had leaked outside
the boundaries of the FISA court order) that they had their processes
in hand and that the court should let them go back to accessing the

Their main goal in declassifying it is, I believe, to convince the 
public that they are being very diligent to the court's orders and
to the limits that the court places on them.  And to detail all the
internal restrictions, checks and balances that they go through
while collecting, processing, accessing and releasing this telephone
metadata.  To show "the whole elephant".

And to that extent, they succeeded, both with the court and with me.

(However, I think the secret court made a fundamental error in ruling
that collecting info about everybody's phone calls is "relevant" to
any particular terrorism investigation.  That assertion reminds me of
John Yoo's since-repudiated assertions from the early Bush days, like
"it isn't torture unless you really intend to cause great bodily
injury" and "the President has inherent power to do anything he
wants".  When you start from a severely false premise, you can go a
long way into the wilderness before you notice your error.)

What NSA and DCI and DoJ also revealed, around the edges of this
document, is a lot of small bits of information about how the NSA
technical and managerial infrastructure works.  Much of this is
information that we "already knew", or could have guessed based
on already existing information, but some of it is not.  This document
supplies some context that help to fit the puzzle pieces together.

Things I learned there include:

  *  NSA's internal infrastructure runs on Unix.  (Linux is a branch of
     Unix.)  Their analysts log in to Unix machines with logins and
     passwords, as we do, and they use the standard Unix/Linux file
     access controls ("user, group, and other" permissions).

  *  They use web servers and web browsers and HTML and URLs to deliver
     their data to their "customers" at the FBI, CIA, and NCTC.

  *  NSANET, their internal Internet, is not encrypted!  (It is almost
     certainly protected by link encryption and fiber signal strength
     monitoring when it crosses from one place to another, but not
     inside their secured buildings.)  It's just a bunch of machines
     plugged into Ethernets, running standard protocols, like what all
     of our infrastructure uses.

  *  I'm guessing the reason NSANET isn't encrypted is because they
     don't seem to have any better encryption protocols for general
     use inside NSA than we do outside.  E.g. they don't seem to have
     automatic end-to-end encryption.  So in order to be able to buy
     standard machines and plug them in and use them, they have to run
     their whole net unencrypted.  (I think it's funny that because my
     old effort to embed automatic Opportunistic Encryption in Linux and
     IPSEC failed, therefore NSA's internal network isn't encrypted.
     Like they couldn't do it themselves!)

  *  They use a "PKI" (public key infrastructure) to control access to
     some databases inside NSANET.  When they wanted to stop one part of
     NSA's tech infrastructure from accessing the telephone metadata,
     they removed the "certificate" that gave it access credentials.

In other words, when it comes to general purpose computing, they are
running on almost exactly the same kind of infrastructure we are --
nothing better.  This makes sense, but I had expected that with
billions of tax dollars every year they had made some improvements in
the security, authenticity and integrity of their protocols and
software.  (But, I worked at Sun, which spent billions of dollars a
year on engineering their hardware and software, and Sun's machines
weren't much better than their competitors' at security, authenticity
or integrity either.)  We in the outside world *invented* all of NSA's
infrastructure.  They buy it from us, and are just "users" like most
computer users.  (Yes, they have programmers and they write code, but
their code seems mostly applications, not lower level OS improvements
or protocols.  I'm not talking about the parts of NSA that find
security holes in other peoples' infrastructure, nor the malware

So go read the document anyway!  Don't believe what I tell you...
draw your own conclusions.

Also it seems that:

  *  The vast majority of the information that they are squirting
     around inside NSA, searching and correlating, comes with no
     particular restrictions other than those that they impose
     internally (like not revealing things that disclose their sources
     and methods) and the general restrictions on releasing
     information about US persons.  They got that data "legally", or
     anyway, "fair and square", by stealing it from signals in other
     countries, and they can do what they want with it.  Having to
     deal with a judge who can put arbitrary restrictions on what they
     can do with a large database is a novel experience for them, and
     one that neither their personnel nor their infrastructure is
     properly set up to handle.  That's why they found that data was
     "leaking" from the telephone metadata database nine or ten ways
     that they hadn't yet noticed until they did an end-to-end review.
     The leaks were mostly fairly minor, but if they hadn't been
     forced to do the review, it's clear that more and more of NSA
     would have just been treating the telephone metadata like any
     other piece of stolen data.

  *  Their "need to know" culture and the maze of classifications and
     code words often prevents the right hand from knowing what the
     left hand is doing.  This is deliberate and is to help figure out
     who the insider threats ("moles") are, based on who had access to
     what info before it leaked outside NSA.  But the result is also
     that nobody is really in charge.  There are too many details that
     don't percolate up and down the chain of command, so stuff
     happens that isn't supposed to happen.  Like, the programmers who
     wrote the code for accessing the stored database of telephone
     metadata knew that it could only be accessed with a search term
     ("selector") that met the court's standard for "RAS" ("Reasonable
     Articulable Suspicion"), so they coded the software to check for
     that.  But the separate programmers who wrote the code for
     IMPORTING new data into the database from the telcos, didn't know
     that, so they wrote an "Alert list" (renamed "Activity Detection
     List" during the review) that would send a note to an analyst
     whenever new data came in for any selector on the list (e.g. when
     someone of interest to that analyst made a phone call).  These
     selectors were not restricted to those that met the court's
     standards, and indeed most of the selectors on the list did NOT
     meet the standard (it had 1,935 RAS approved selectors and 15,900
     unapproved ones).  This is not because they tried to get around
     the court -- but because they were not in control of their own
     infrastructure, because of lack of internal sharing of relevant
     information.  Free cultures really do outperform authoritarian

This is all useful information.  I recommend that folks also read other
documents that came out of that FOIA case -- there are about a dozen,
all listed on the EFF web site here:


In that list, this one is called "June 25, 2009 -- Implementation of
the Foreign Intelligence Surveillance Court Authorized Business
Records FISA".


More information about the cryptography mailing list