Friday, July 12, 2013

NSA: The Rest of the Story

NSA Multi-Tasking                        [Graphic courtesy of NSA; published by the Washington Post]

Click here for related story [Washington Post]

It's time for the Rest of the Story.

Sourcing your information [Graphics from NSA via WaPo]
We've been monitoring the Snowden-NSA story for several weeks now to see if anyone would connect the dots. 

So far, all the stories have focused solely on the revelation that NSA has legally/illegally collected all this data/metadata, but it's all technically legal since NSA isn't targeting specific US citizens.  It just gathers information for analysts to use to track down "Evildoers" and "terrorists". 

And, NSA's answer is correct -- or, partially correct.

But, there's more to that story.

Snowden-style leaks can create problems; but, from what we've gleaned in 50+ years in the Intel biz, most are not harmful.  In fact, most leaks expose illegal operations classified solely because they ARE illegal.  We've never leaked a word, but have followed such breaches with interest.

Daniel Ellsburg was an infamous leaker who was pilloried by  the government and worshiped by the Media because he leaked Top Secret information on how the US created the Vietnam War.

Snowden, on the other hand, is pilloried by both the Government AND the Media, but has made revelations even more damning as Ellsburg's.  As Ellsburg notes, however, the laws and the Media have changed so that, had Snowden stepped forward, as his critics insist he should have, he'd likely be undergoing a rendition session in Romania -- never to set foot in a US courtroom.

Now, no one can compare with Mr Obama, who has blown several clandestine and covert operations, resulting in the devastation of decades of planning, preparation, recruitments, safe-houses, recruited sources, and blown covers for case officers -- all exploited for his personal publicity as a hard-charging anti-terrorist kind of guy [and, Intelligence professionals believe his intent to destroy US Intelligence security and credibility; no sane recruited asset feels safe now].

But, we digress. 
We're here to talk about the "Rest of  the Story" about NSA's data-mining.

Dataflow                  [Graphics courtesy NSA via WaPo]
This NSA collection program [PRISM] is a multi-stage process which exploits all telecom, internet, and electronic systems; even Microsoft helped NSA circumvent its own encryption system -- so your passwords for your bank access and other sensitive accounts are currently part of the NSA databank.

1) NSA gathers all data and metadata and stores it in its Utah data-warehouses of trillions of terabytes.

2) NSA doesn't exploit the data directly, but opens the data to other agencies to exploit. 
---Thus, NSA is technically legal and has followed Congressional procedures dictated by the SSCI.

3) However, once gathered and stored, other US agencies [DOJ, DHS [ATF, DEA], HHS, DIA, CIA, FBI, IRS, state and local police, etc.,  can mine that data for their own purposes, legal or otherwise.  Gosh, who's to know?

4)  But, last but not least, we have the crux of the matter.

The added, invisible factor is that all those agencies are staffed by tens of thousands of cleared contractors whose subsidiaries and teaming partners work for private sector insurance companies, credit agencies, financial institutions, all of whom have an intense interest in your personal affairs as a component of risk management.  

The large Defense contractor generally works both the government and private sectors. 
Here's a typical client list.
  • Health and human services [HHS, Insurance Companies, Hospitals, etc.]
  • Financial sector [IRS, Fed, Banks/Mtge, Insurance companies, credit reporting agencies, etc.
  • Infrastructure (transportation, energy, telecommunications)
  • Law enforcement and homeland security [FBI, DHS DEA, ATF],
  • Military Intelligence, to include Reserve Units and National Guard with members from the federal, state, and local law enforcement agencies.  [Uncleared in their regular jobs, on Active Duty, they have full access to all data which their military clearances allow.]

A few of the many DOD contractors

 Now, we're not saying, or even implying that these Defense contractors would ever misuse their access to your files, but, let's look at some hypotheticals.

Defense contractors work both the public and private sectors, winning large contracts, requiring a large number of employees, many with Top Secret/SCI clearances/access. 

The companies are huge, and employees tend to shift from one division to another, or from one company to another, often with additional status with Military Reserve and National Guard units.

1) Direct Access:  "Cleared" contractors can probe your NSA-collected personal/personnel files for their own purposes [e.g., stalking, revenge, blackmail, extortion, or "just checking!"].

2) Company loses a Defense contract, so the analyst is moved from Defense Intelligence to Financial Intelligence which supports
     a)  The Credit Reporting agencies [e.g., Experian]
     b)  Health and automobile insurance clients and applicants,
     c)  Hospitals -- does this patient pose a high risk because of past ailments?
     d)  Banks:  Extensive background check to see what personal and professional habits
          the applicant has exhibited.
     e)  Political enemies targeted via access provided by Treasury to all banks, blocking
          credit applications and freezing accounts, thereby neutralizing irritating opponents.

Reviewing client files in NSA databases is a simple series of key strokes.

But, here's another scenario from the public sector:

Weekend Warrior with TS/SCI access [SF Sentinel]
Let's assume:

State Bureau of Investigation [SBI] officer who belongs to an Army Reserve Intelligence unit and has a Top Secret/SCI clearance. 

As a State employee, he cannot access personal files on citizens; it's illegal, even stretching the truth by designating the individual as a "potential terrorist". 

But, going into his Reserve Center, he can access the link to NSA's data warehouses at the TS/SCI level to examine all issues related to a citizen whom he officially suspects might be doing something illegal -- or, just checking on his neighbor who smokes cigarettes in his back yard.  
Every bit of NSA data is available at a keystroke, and who's to know the purpose of the inquiry.

Graphic courtesy of NSA ; published by the Washington Post
So, when you decide to give NSA a pass on their illegal collection process, take a look at the whole picture.