First off, let me be very clear. I do *not* condone placing backdoors into critical infrastructure such as firewalls and routers. This post is about the packets themselves, and capturing only what is legally allowed. I believe the NSA has the legal right (and the mandate) to do much of what they are currently doing, given some caveats. I don’t condone mass spying on US citizens, but I don’t think that’s really happening in this case. What I believe is really going on is much more benign.
While I believe that organizations like the NSA are actively pursuing backdoor access to many things (and if recent reports are to be believed, they are very successful), doing it against US interests opens a whole can of worms (the details of which can be better addressed by people much more security-minded than myself).
The NSA has the mandate to keep watch on any signals intelligence (including phone calls, data packets, etc) entering or leaving the US, as well as signals intelligence of any *targeted* person on US soil. There are a lot of discussions on what the NSA does and does not capture and store, and (by it’s very nature) we’ll never know the whole truth. (A good intelligence agency will never show their whole hand).
Now on the surface this seems pretty simple, but with the prevalence of the internet, things have gotten a lot more complicated. In order to accomplish it’s mandate (from a technical perspective), the NSA needs to have a ‘copy’ (either inline, SPAN session, etc) of all data entering/leaving the US. Privacy issues aside (yet not dismissed), the NSA is well within their mandate to do so, and archive/not archive said data, *as long as they are only getting traffic physically entering/leaving US soil, or have a court order targeting a particular person*.
The first part is comparatively easy, capture everything in/out of all data circuits entering/leaving of the US. (Plenty of reports exist about them already are doing so).
The second part is not so easy (from a technical perspective): targeting individuals on US soil. You really have 2 options: 1) capture it at the source (compromise the PC or another SIGINT method), or 2) capture it somewhere in the middle.
#1 is fairly straightforward enough: keyloggers, remote exploits, backdoors, etc on the targets PC or *personal* router/modem, to gather said data and send it to the NSA for processing. This does not (typically) involve anyone except the intended target.
#2 is where we run into tricky legal/technical issues. If the targets PC/modem/router are not exploitable or there’s a chance the target would discover something local, you have to look elsewhere. In order to do so the NSA now has to have something inline between the target and the other end(s) he/she is communicating with. Due to the decentralized nature of the internet, this is not an easy problem to solve. Put it too close and the target may be tipped off, put it too far away and you start having to capture at so many different points in the network and try and piece it all back together. Then you have to worry about proxies. If the target is at an ISP behind said proxy, then a capture on the target too far away will also gather data on people unrelated to the target and court order. So this is why I see the NSA working hard on the remote exploits and such; they want to capture the data as close to the source as possible (in theory), but there’s also the possibility that the Service Provider itself is the one being targetted. This gets into an issue where you might have innocent US citizens being watched as ‘collateral damage’, but that’s no real different than in ‘meatspace’ where an innocent person walks into (for example) a money laundering place and conducts legitimate business. These things might happen, but should be by far the exceptions, not the norm.
Now, a wrinkle in this. A traditional telco keeps records of every single phone call that happens, and the NSA either has access to, or can obtain access to said database. This has *historical* records of everyone the target called, to develop a list of contacts to follow up on. Telcos do *not* however keep a list of all the servers a user connects to (mainly because they don’t bill on it (yet) so there is no need to store it, but also on a technical level having to watch large amounts of links, gather metadata, send them off, and store them), but to groups like the NSA this would be an EXTREMELY valuable resource! To be able to get ‘call records’ for data packets historically for a target would be very useful in this day and age where more and more communication is over data packets instead of voice. If the telcos won’t (or can’t) gather/store that history, who will? Is a telco storing call records any different than a telco storing TCP or UDP flow records and handing them over to law enforcement (not the contents of the packets, but just the fact that IP ‘x’ talked to IP ‘y’ on TCP/UDP port ‘z’ at this time)? They are both just metadata. If the NSA has full access to CDRs (Call Detail Records) and just gathers the metadata themselves, is that legal?
I think if the NSA or telco is just gathering and storing the *metadata* then it’s just CDR 2.0.
I think if the NSA or telco is capturing the *whole* packet and storing them, and doing it on a national scale, that’s something else entirely, and a huge expansion of what they had traditionally had done. But without knowing *exactly* what is or is not being done, the American populace is having to either take it on faith that the NSA is bring truthful (remember, they’re an intelligence/counterintelligence agency), or run it up the chain to the lawmakers to get the straight answers. The American people as a whole need to decide if a *possible* breach in privacy is enough to get up off their couches and do something about it. (Write your lawmaker, demand answers!)
Everyone deserves the benefit of the doubt, and without clear-cut evidence that the NSA *is* doing something illegal I have to lean towards giving them that benefit. Yes, I know that’s naive and I’ll probably be proven wrong, but I can’t honestly believe we’ve slipped this far into a surveillance state this quickly. The real truth on what’s going on is somewhere in the middle of both extremes. I don’t believe the NSA truly is capturing everything, but I also don’t believe for a minute we’re getting the whole story.
I’m sure there will be plenty of people that will agree with me, argue with me, call me an NSA apologist, etc. That’s ok. The important thing is that we keep an open and honest dialog going on this, and not let the issue drop!