[sudo-discuss] NSA: All your calls are belong to us

[GtwoG PublicOhOne]

Subject-matter expert speaking here, and there's something VERY
"interesting" about that order that has not been discussed yet in the
press. 

Let's take it from the top so we're all on the same proverbial page...


1) The basics.

The FISA Court order appears to cover CDR (Call Detail Records) for each
call passing through the Verizon network (and per press reports, similar
orders apparently exist for other carriers).  However, per item (3)
below, this isn't the same part of Verizon that you may already know and
use.

CDR includes the following:  Date/time start, date/time end, originating
number, dialed/destination number.  For mobile devices, CDR includes
geolocation data.  Basically this is the kind of information that
already appears on your phone bill. 

The order does not include recording the conversations themselves
("transaction intercept"), but when the purpose is "traffic analysis"
(TA), there is no need to capture the actual conversations:  that can be
done via a separate FISA Court order that's targeted to specific
telephone numbers, usually at the stage after TA has ascertained the
telephone numbers of interest. 

Capturing content (conversations) is incredibly cumbersome and entails a
lot of post-processing: keyword recognition, automated transcription,
human proofreading and correcting of the transcribed material (yes even
now, and this is hugely labor-intensive), and possibly voiceprint
recognition for attribution purposes (identification of the
person-identity of each person speaking, which is not included in the
present order).  One of the holy grails in LE and the USIC is 100%
attribution.

The fact that the order includes LOCAL calls is very interesting,
because it wasn't too long ago when local CDR was not captured at all,
since local calls were not individually billable.  In certain large
cities such as New York where all local calls were billed (anyone else
here remember "message unit" charges?), each local call generated a
billing record but not CDR data.  Ahh, the good old days...


2)  A really interesting item.

The fact that the order includes "trunk identifier" for each call is
VERY VERY interesting. 

And this gets us to what I think may be one of the key aspects of this
intercept order.  Let's take a little romp through the telephone
network...  

Trunks are connections between telco switches.  For example when you
call from Oakland to San Francisco, your call is connected over a trunk
between the switch in the Oakland CO and the switch in the San Francisco
CO.  Every trunk has an identifying number, as a routine matter for
engineering and maintenance. 

What's intriguing as hell about trunk data is: ordinarily a caller does
not have any means of choosing the trunks that are assigned to the
call.  However, the fact that the order includes "telephone calling card
numbers" begins to shed light on the "trunk" issue. 

When you use a telephone calling card, for example an MCI cash-prepaid
phone card, you're effectively making a choice of trunks, because your
call is routed from your local carrier's CO via a trunk group to the
carrier that operates the calling card service, and then back out via
the same or a different trunk group to the destination carrier's CO. 
The phone card provider may or may not have their switch programmed to
pass the originating telephone number onward to the destination carrier
(I program switches, and I can choose whether or not to pass ANI data
forward).

Telephone calling cards have in the past been used as a kind of
telephonic TOR, to obscure the origins and destinations of calls.  The
originating carrier normally has data about the route to the calling
card service.  The calling card service normally has data about the card
number to bill for the call, and the destination number that the caller
wishes to reach.  The destination carrier normally has data about the
call from the calling card service to the destination phone number. 
These three records are ordinarily difficult to assemble into a single
phone call. 

However in recent years it is likely that the originating carrier's
switch has been programmed to also capture the calling card data
including the destination number.  The originating carrier's equipment
may only be able to provide data for one such intermediary:  Alice to
Card Company to Bob.  If Alice wants to obscure her trail further,
she'll try to call from one card company or at least one card number, to
another: thus, Alice to Card 1, to Card 2, to Bob.  No doubt that trick
is well known to LE & the USIC. 

Thus we arrive at what I believe may be a key element of this FISA Court
order: to obtain the CDR data associated with telephone card providers,
to enable aligning their inbound & outbound traffic records, from which
to arrive at attribution on calls that are routed through these calling
card providers.  Or perhaps "calling card provider" singular, per (3)
below. 

If I had to guess, and this is an educated guess, I would say that the
targets of the intercepts are sophisticated large-scale criminal
organizations such as the international drug cartels operating in a
number of US cities. 


3)  Further support for hypothesis:

Notice the specific names on the FISA Court order. 

"Verizon Business Network Services" is NOT the same thing as the top
layer of the Verizon corporation.  Instead, this business unit
specializes in enterprise-scale telecom solutions, such as private wired
and wireless networks of the types that are used by Fortune 500
corporations. 

"MCI Communication Services" was the nation's first competing long
distance provider, originally known as "Microwave Communications Inc."
for its point-to-point microwave network linking major cities.  Since
the 2000s, MCI was/is also the most widely-used cash-paid calling card
service, selling its calling cards in stores across the US including
Costco. 

I'll need to give it a bit more thought as to what, among the
enterprise-scale solutions that Verizon Business Network Services
offers, might be of interest here.  More about which later, unless I get
abducted by a black helicopter;-)


4)  Lastly, the classification stamps on the doc are interesting. 

Top Secret is obvious.  NOFORN means "no foreign persons (may read this
document)." "SI" is the intriguing one.  "SCI" refers to Sensitive
Compartmentalized Information, that was only available to persons within
the specified "compartment" or sub-category such as a project or
operation.  SCI is a specification added to Top Secret to further limit
access.  And it usually pertained to stuff that any sane person would
wish to remain classified, such as information obtained by breaking a
hostile country's diplomatic and military encryption system.  That
example would be marked something like "TS/SCI/CRYPTO/NAME" where NAME
referred to the country or NSA region, or "ALLO" for "all other
countries not part of designated NSA collection regions."  As recently
as the 1980s, most of the Middle East was in ALLO, but now each country
in that region is specified.

So I'm going to guess (educated guess) that SI stands for "Sensitive
Information", indicating a more-exclusive specification within TS, but
not exactly a compartment, because the information crosses the
boundaries between a number of compartments.


5)  "And now a word from our sponsor," or, "your reading habits for the
Guardian's sponsors":

To read the FISA Court order for yourself, you might want to block the
numerous snoops on that Guardian page: 

For AVG Do Not Track, block Google +1 and the Twitter Button. 

For JavaScript Blocker, the list is impressive:  you'll need to enable
these to see the document:
s3.amazonaws.com
www.documentcloud.org
resource.guim.co.uk 
oas.guim.co.uk,

but you can block the following:
rtax.criteo.com
ajax.googleapis.com
pasteup.guim.co.uk
static.guim.co.uk
combo.guim.co.uk
cdm.optimizely.com
edge.quantserve.com
pixel.quantserve.com
req.connect.wunderloop.net
w.dgets.outbrain.com
static.chartbeat.com
And a couple of other obvious ones from Google and Facebook.  What right
Facebook has to collect data on people who aren't Facebook product
(you're not the user, you're being used) is beyond me, but none the less.


6)  Lastly a bit of opinion:

To editorialize just a wee bit, it strikes me that FBI and NSA are
suffering from Google Envy. 

It would be so much easier for them to just dangle some shiny
consumer-goodies and get people to sign up in droves, and collect
unlimited data on them that way.  But no, they have to go see a judge
and ask permission.  As the old rent-a-car ad used to say, "We're Number
Two, but we try harder!" 

-G.


==========

 
On 13-06-06-Thu 1:36 AM, Eddan Katz wrote:
> The NSA has obtained an FISC order to have Verizon turn over phone
> data records on all customers until July 19th.
>
> Here's the court order:
> http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order
>
>
> The gist of it from EFF Deeplinks post
> (https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans)
>
> In a report by Glenn Greenwald, the paper published an order
> <http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order> from
> the Foreign Intelligence Surveillance Court
> <https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court> (or
> FISC) that directs Verizon to provide "on an ongoing daily
> basis" /all/ call records for any call "wholly within the United
> States, including local telephone calls" and any call made "between
> the United States and abroad."
>
> In plain language: the order gave the NSA a record of /every/Verizon
> customer's call history -- every call made, the location of the phone,
> the time of the call, the duration of the call, and other "identifying
> information" for the phone and call -- from April 25, 2013 (the date
> the order was issued) to July 19, 2013.  The order does not require
> content or the name of any subscriber and is issued under 50 USC
> sec.1861 <http://www.law.cornell.edu/uscode/text/50/1861>, also known
> as section 215 of the Patriot Act
> <https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act>.
>
>
>
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/sudo-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-discuss/attachments/20130606/6b509666/attachment.html>