Moon of Alabama Brecht quote
December 20, 2005

Echelon And FISA

Thesis: The U.S. administration is using an automated communication surveillance system to monitor communications between the domestic U.S. and foreign countries. The system is a enhanced version of the Echolon system developed by the National Security Agency during the cold war to spy on foreign communication.

The use of such a system in communication involving the domestic U.S. is against the Fourth Amendment and could not possibly be legal even through the Foreign Intelligence Surveillance Act.

To be able to use the technology, the administration decided to break the law.

Noah Shachtman of Defense Tech asked if there are technical reasons that led the  administration to ignore the FISA procedures while wiretapping. I am now convinced that this is indeed the case.

Some hints come through the comments to his piece and there is additional information in today's Lichtblau/Sanger New York Times piece:

Administration officials, speaking anonymously because of the sensitivity of the information, suggested that the speed with which the operation identified "hot numbers" - the telephone numbers of suspects - and then hooked into their conversations lay behind the need to operate outside the old law.

Described is an automated (i.e. speed) system that does not only wiretap calls from/to "hot numbers", it identifies new "hot numbers" on the fly.

The wiretapping process itself generates the criteria for further wiretapping.

This is an inherent feature of an evolved Echelon system that, I suspect, is now applied to the domestic United States.

ECHELON is a term associated with a global network of computers that automatically search through millions of intercepted messages for pre-programmed keywords or fax, telex and e-mail addresses.

For decades Echelon has been used by the NSA to spy on foreign telecommunications. Echelon has been investigated by the European Parliament because it has been and may  still be used for spying in commercial interests.

How does this work?

The system taps into general communication lines like international telecommunication satellite links and analyzes all traffic going through such lines.

The system listens to and processes communication in realtime. It is preconfigured with specific phone numbers, email addresses and/or keywords. An evolved Echelon may include speaker recognition.   

If a specific communication matches one of the preconfigured criteria, i.e. includes a specific number, keyword or voice, it is recorded in a large storage facility.

Database mining technologies and automated statistic methods are used to find patterns within and between the recorded communications. The discovery of such patterns may lead to further investigation or may modify the system's sensitivities.

The system may monitor a link to Pakistan and be triggered by all calls through that link originating from a mosque in Detroit. Those calls get recorded and the NSA's computer banks use speech recognition and automated translation to further analyze them. The process may also use speaker recognition via voice patterns to distinguish persons involved in the calls.

The wiretapping and statistical analyze of calls from the line of the mosque in Detroit may have found three calls that included the keyword "plane" and also involved the specific voice pattern of an unknown person A.

That specific voice pattern would then become a criteria for listening into other calls. If person A in his next call uses a cell phone to call uncle Muhammad in Karachi, the general surveillance of such calls to Pakistan would recognize his voice pattern and trigger its recording.

The process can catch a specific persons calls, even if that person uses multiple phones and connections. The wiretapping of the mosque's line generates new "hot numbers" for further wiretapping.

A similar process used on keywords starting with a preconfigured list could generate additional keywords. These would be added to the "trigger list" for further surveillance. A starting keyword may be "plane". A statistical relevant number of calls would be found to include the word "plane" and the word "plastic". This could lead to the word "plastic" being added to the keyword list.

The system also allows for statistical dissection of patterns and, more important, to find deviation from such pattern. While the use of the phrase "Merry Christmas" at the end of December is not suspect, its use in various calls in July and August would be quite suspicious and could trigger further investigation.

In general such a system will always generate a lot of false positives. Cases were people may get investigated, thrown into jails, "renditioned" and tortured because of some statistical anomaly.

FISA demands a "probable cause" to allow a wiretap. But with the application of an Echelon like system, the probable cause is generated by the wiretap. Indeed in their piece last Friday Rinsen/Lichtblau report:

A complaint from Judge Colleen Kollar-Kotelly, the federal judge who oversees the Federal Intelligence Surveillance Court, helped spur the [temporary] suspension, officials said. The judge questioned whether information obtained under the N.S.A. program was being improperly used as the basis for F.I.S.A. wiretap warrant requests from the Justice Department, according to senior government officials.

The administration could not apply for FISA wiretaps because the system now used to wiretap is inherently incompatible to FISA. The administration could have gone to Congress to ask for a modification of the law, but it did not. Instead it broke the law.

Why did they do this?

In an interview a former NSA architect of Echelon II, Bruce McIndoe, explains:

"No system of such enormous magnitude would only be used for a single purpose. They use it for everything they can, if they feel it's necessary. Whenever they need to exploit its potential, they do it."

John Bolton may be able to tell more about such exploits.

Posted by b on December 20, 2005 at 10:24 UTC | Permalink


As the saying goes, the military is always thirty years ahead in technology than the public knows...

The Panopticon Singularity

If you haven't seen what technofascism is about do look over the above...

Posted by: Uncle $cam | Dec 20 2005 12:17 utc | 1

I would guess that high cost operations like speech analysis would only be carried out on high value lines rather than in a general way.

In any case, I'm more inclined to think that the illegal operations were targetted at domestic US opposition groups. I don't think the regime cares about calls from mosques as much as it does about dissenters.

Posted by: Colman | Dec 20 2005 12:55 utc | 2

high cost operations like speech analysis

The NSA spends billions and it most of Echelon is a fixed investment. The costs of running it are neglectible.

In any case, I'm more inclined to think that the illegal operations were targetted at domestic US opposition groups.

I am not sure about the NSA, but the FBI does so.

F.B.I. Watched Activist Groups, New Files Show

Counterterrorism agents at the Federal Bureau of Investigation have conducted numerous surveillance and intelligence-gathering operations that involved, at least indirectly, groups active in causes as diverse as the environment, animal cruelty and poverty relief, newly disclosed agency records show.
One F.B.I. document indicates that agents in Indianapolis planned to conduct surveillance as part of a "Vegan Community Project." Another document talks of the Catholic Workers group's "semi-communistic ideology." A third indicates the bureau's interest in determining the location of a protest over llama fur planned by People for the Ethical Treatment of Animals.

Posted by: b | Dec 20 2005 13:01 utc | 3

Critics Question Timing of Surveillance Story

The New York Times first debated publishing a story about secret eavesdropping on Americans as early as last fall, before the 2004 presidential election.

But the newspaper held the story for more than a year and only revealed the secret wiretaps last Friday, when it became apparent a book by one of its reporters was about to break the news, according to journalists familiar with the paper's internal discussions.

That "liberal media" NYT could have and should have changed the vote in the last election with this.

What was the deal to hold it back?

Posted by: b | Dec 20 2005 14:45 utc | 4

The Machine keeps on rolling... However,

Fate has blessed the Democrats with a remarkable convergence of stories, with the Alito confirmation hearings about to follow on the heels of the revelations about Bush's domestic spying scandal, if they choose to take advantage of it. Alito's Achilles' heel is civil liberties, and the spying scandal has put that issue on the front burner. Bush obviously cannot be trusted to respect the privacy and freedom of American citizens, and neither can Alito. So opposition to Alito can be woven into a more general narrative about the Bush administration's power-hungry tactics, and the fact that now, more than ever, we need to make sure that we have leaders who respect the idea of checks and balances, and of limits on state power.

35% is ridiculously low for a Supreme Court nominee, and it's getting close to the point where GOP senators from purple or blue states could start feeling pressure not to confirm him, if our side can manage to make an issue out of each senator's vote. If the Dems in the Senate can just remember that acting in accordance with the wishes of the vast majority of the public is usually not tantamount to political suicide, we just might have a chance of blocking Alito. Are Lincoln Chafee, Olympia Snowe, et al. really prepared to go 'nuclear' over Sam Alito?

But of course we know the dems are part of the problem...

Posted by: Uncle $cam | Dec 20 2005 15:18 utc | 5

An extensive June 2000 report about Echelon:

Signals intelligence and human rights

This report argues that FISA places no effective restraint on NSA surveillance on the international communications of U.S. citizens, of all types and in every place. FISA and other restrictions operate to limit intelligence surveillance in the U.S. It affects information that leaves NSA, but not that which enters the agency’s computers and storage systems, or those of its foreign allies. Critical questions about how the NSA can “minimize” extending intrusion in the era of the Internet have been asked many times, but never (publicly) answered. Advanced data processing systems and methods can conform to the rules of the 1970s, yet strip a person naked of privacy. The possible methods of conducting electronic search and seizure in the 21st century were not foreseen in the 1970s, far less two hundred years earlier.

Posted by: b | Dec 20 2005 16:51 utc | 6

Noah has an update as has Arkin

Posted by: b | Dec 20 2005 16:58 utc | 7

thanks for bringing this up, b. I saw Laura Rozen, at War and Piece, mentioned something about Noah, but was just glancing at my usual blogs.

I appreciate that you have explained and elaborated on her remark.

This was probably the route for eavesdropping on the head of the UN, I would imagine.

and of course, beyond monitoring citizens, such spyware is usual for corpos to monitor the competition and eliminate one faction of free trade and the capitalism they tout like religious doctrine, and violate just as often and agressively as tv evangelists lining their pockets while thanking god for miracles...

Posted by: fauxreal | Dec 20 2005 19:09 utc | 8

Why was this system restricted to 'international' calls if indeed it was? Was it a technological reason ie sheer weight of data on screening all calls. Was it a philosophical reason? ie Only calls at least in part oriiginating overseas should be monitored by a conscientous govt (don't laugh up there in the back) or probably the most likely; Was the restriction the result of a legal decision? Either it was felt that the courts wouldn't allow unrestricted monitoring of private domestic conversations between citizens or most likely of all; Does this arcane telecomunications act that Bush and Co have ben referring to have a perceived 'loophole' that denies privacy to calls going outside the US?

In the opinion of a Gonzales or an Alito that is. It must be that they were hoping to keep the NYT quiet until they got all their ducks in a row on the Supine Court. Hence Sulzberger getting browbeaten right up until the last moment.

I wonder what their definition of 'international' call is? I'm not familiar with the workings of US systems but there will be instances where due to the integration of networks, calls from one part of Northern US to another part of Northern US are routed thru Canada. Same will be true South of the border. It would be very surprising if Echelon can separate these calls out with 100% accuracy.

People should be clear that this system may catch a few independent coke importers and even a freelance bomber or two but it won't catch any halfway sophisticated network because tools such as voice digitisation and PGP phone make Echelon irrelevant.

Posted by: Debs is dead | Dec 20 2005 19:28 utc | 9

Karen Kwiatkowski on Violating the Constitution and Lt. General Hayden.

Posted by: beq | Dec 20 2005 20:07 utc | 10

Just wait until they get a quantum computer running this kind of system....

Posted by: The Key | Dec 21 2005 3:16 utc | 11

The LA Times catches Bush in another lie.

Officials Fault Case Bush Cited

In confirming the existence of a top-secret domestic spying program, President Bush offered one case as proof that authorities desperately needed the eavesdropping ability in order to plug a hole in the counter-terrorism firewall that had allowed the Sept. 11 plot to go undetected.

In his radio address Saturday, Bush said two of the hijackers who helped fly a jet into the Pentagon — Nawaf Alhazmi and Khalid Almihdhar — had communicated with suspected Al Qaeda members overseas while they were living in the U.S.
The current and former counter-terrorism officials, who requested anonymity, said there were repeated phone communications between a safe house in Yemen and the San Diego apartment rented by Alhazmi and Almihdhar. The Yemen site already had been linked directly to the Al Qaeda bombings of two U.S. embassies in Africa in 1998 and to the 2000 bombing of the U.S. destroyer Cole in Yemen, several current and former U.S. counter-terrorism officials familiar with the case said.

Those links made the safe house one of the "hottest" targets being monitored by the NSA before the Sept. 11 attacks, and had been so for several years, the officials said.

Authorities also had traced the phone number at the safe house to Almihdhar's father-in-law, and believed then that two of his other sons-in-law already had killed themselves in suicide terrorist attacks. Such information, the officials said, should have set off alarm bells at the highest levels of the U.S. government.

Under authority granted in federal law, the NSA already was listening in on that number in Yemen and could have tracked calls made into the U.S. by getting a warrant under the Foreign Intelligence Surveillance Act.

Then the NSA could have — and should have — alerted the FBI, which then could have used the information to locate the future hijackers in San Diego and monitored their phone calls, e-mail and other activities, the current and former officials said.

Posted by: b | Dec 21 2005 10:20 utc | 12

Technical glitches blamed for illegal eavesdropping

Yeah, right.

Posted by: kw | Dec 22 2005 11:06 utc | 13

Just as I thought and described above:

Boston Globe: Wiretaps said to sift all overseas contacts

The National Security Agency, in carrying out President Bush's order to intercept the international phone calls and e-mails of Americans suspected of links to Al Qaeda, has probably been using computers to monitor all other Americans' international communications as well, according to specialists familiar with the workings of the NSA.

We have all learned in the past week that the Foreign Intelligence and Surveillance Act of 1978 contains provisions that allow the government to conduct quick reaction surveillance of an individual and go to the court afterwards for a warrant.

So what would the NSA need to do that isn't covered by the provisions of FISA?

My guess is the government decided after 9/11 to monitor everyone.

Question: How does the NSA handle entries to messageboards and comments to blogs. They are "international communication" too. I guess they don´t have a grip on those (yet). But its an interesting problem. Maybe they should hire me?

Posted by: b | Dec 23 2005 16:49 utc | 14

Using this thread as a link dump

Arstechnica too thinks its automated mass-spying on calls and email.

Corrente reasons it's IP traffic and webtraffic that gets monitored.

Might well be - easy and cheep to do. But the problem is that you do not get any real information. Searching for the word "terrorism" in an IP stream will likely turn up millions of packets were that word is used in DISCUSSIONS ABOUT "terrorism".

Line sniffing can not give you "intent". But then maybe they are dumb enough to try anyhow.

Posted by: b | Dec 23 2005 18:57 utc | 15

Still collecting:

Another Arstechnica piece that supports my above stated insight about line tapping efforts

any engineer or computer scientist worth his or her salt will tell you that an intelligent, targeted, low-tech approach beats a brute-force high-tech approach every time.

There is no high-tech substitute for human intelligence gathering. In fact, anyone who's read Malcolm Gladwell's Blink will know that an overload of crudely processed information is actually more likely to lead an analyst astray than it is to produce any useful insight. Limited amounts of high-quality information combined with old-fashioned expertise always has been and still is the only way to sort the real from the fake, whether you're talking about Greek statues or Al Qaeda communications.

In the end, brute force security techniques are not only corrosive to democratic values but they're also bad for national security. They waste massive resources that could be spent more effectively elsewhere, and they give governments and countries a false sense of security that a savvy enemy can exploit to devastating effect.

Posted by: b | Dec 23 2005 19:27 utc | 16


Conclusion: No matter how you look at the legality of wiretapping, the president did break the law.

Posted by: b | Dec 23 2005 20:08 utc | 17

This story appears to me to be a pretty standard foreign news page filler. If it strikes a chord with people it will be folowed up and cranked into a campaign. If not no one will ever hear of Zhao Yan, Ching Cheong, or Shi Tao again.

Who are they? Journalists in China who have been arrested for writing stories that 'disclosed state secrets'. Really important ones that could jeopardise China's safety and security such as Zhao Yan responsible for:
"a New York Times report about plans by ex-President Jiang Zemin to retire from his top military post."

Imagine that! People may learn that yet another internecine conflict in the upper levels of The Party has been resolved by edging out the 'old fellas'. They wouldn't do that would they?

Ching Cheong has been charged with spying for Taiwan. I know nothing of the details but given the animosity between Taiwan and PRC something as trifling as writing a newstory that was published in Tailwan could get a reporter in that sort of hot water. eg
"Ching Cheong, a Hong Kong-based correspondent for Singapore's Straits Times, was accused in August of spying for China's rival, Taiwan. If convicted, he could face the death penalty".

The reason I bring this to everyone's attention is that it appears that at least some of the 'evidence' against these journalists was obtained by using the same sort of domestic intelligence gathering that BushCo have been using within the US. The case of Chinese reporter Shi Tao appears to involve an even more pernicious form of intelligence gathering in that Yahoo who were eager to ingratiate themselves with the PRC elite provided the necessary data:
"Chinese reporter Shi Tao, who worked for the Contemporary Business News in Hunan province, was sentenced in April to 10 years in prison for sending foreign-based websites the text of an internal Communist Party memo.

He is believed to have been jailed as a result of information Western internet firm Yahoo supplied to the Chinese government."

I'm not going to go anywhere near the 'moral leadership' argument so often used by exceptionalists attempting to ethically justify US imperialism.

But the fact that every major nation in the world is 'at it' effectively means that political prisoners from all over the world, have no light at the end of the tunnel.

There is no place they can point to where things are successfully done differently.

Even worse there is no nation to turn to which for whatever reason (and yes often as a gameplay in some other 'more important' negotiation) will pressure the dictatorship into letting the prisoner go.

I'm sure BushCo would love to be able to use these prisoners' fragile grip on life to browbeat another nation with. This is especially if it distracted amerikans from looking too hard at what the corporanazis had been up to 'at home'.

It wouldn't do that however. Now that US oppression of it's population has become so blatant, we can expect that major powers of Russia China and the US will enter into a "I won't show yours if you don't show mine" 'gentleman's agreement'.

ps Those who think american exceptionalism is exceptional should study the last major empire eg The English. Kipling in the 19th century and Maugham in the early 20th both give a good unself-conscious insight into English exceptionalism where anyone who isn't English including Amerikans 'is not quite top drawer'.

In those days it was the 'new worlders' who attempted ingratiation by claiming a 'special relationship' which was exploited by the English when expedient, otherwise amerikans would be pushed back into line.

What a difference a couple of extended, allegedly victorious wars can make eh!

Posted by: Debs is dead | Dec 23 2005 21:52 utc | 18

Nuclear Monitoring of Muslims Done Without Search Warrants

In search of a terrorist nuclear bomb, the federal government since 9/11 has run a far-reaching, top secret program to monitor radiation levels at over a hundred Muslim sites in the Washington, D.C., area, including mosques, homes, businesses, and warehouses, plus similar sites in at least five other cities, U.S. News has learned. In numerous cases, the monitoring required investigators to go on to the property under surveillance, although no search warrants or court orders were ever obtained, according to those with knowledge of the program. Some participants were threatened with loss of their jobs when they questioned the legality of the operation, according to these accounts.

Spy Agency Mined Vast Data Trove, Officials Report
The National Security Agency has traced and analyzed large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program that President Bush approved after the Sept. 11, 2001, attacks to hunt for evidence of terrorist activity, according to current and former government officials.

The volume of information harvested from telecommunication data and voice networks, without court-approved warrants, is much larger than the White House has acknowledged, the officials said. It was collected by tapping directly into some of the American telecommunication system's main arteries, they said.

As part of the program approved by President Bush for domestic surveillance without warrants, the N.S.A. has gained the cooperation of American telecommunications companies to obtain backdoor access to streams of domestic and international communications, the officials said.

"Streams of communication" is definitly Internet traffic.

Posted by: b | Dec 24 2005 7:23 utc | 19

Also from the last one above:

The switches are some of the main arteries for moving voice and some Internet traffic into and out of the United States, and, with the globalization of the telecommunications industry in recent years, many international-to-international calls are also routed through such American switches.

One outside expert on communications privacy who previously worked at the N.S.A. said that to exploit its technological capabilities, the American government had in the last few years been quietly encouraging the telecommunications industry to increase the amount of international traffic that is routed through American-based switches.

Posted by: b | Dec 24 2005 7:31 utc | 20

It is depressing to see it right there in front of you but I have always imagined that internet communications have been monitored since well before 9/11.

The thing I have trouble comprehending is how they could mine data from streaming. Voice data on phones uses pretty univeral technology. A call from just about any telephone can be made to just about any other telephone.

Data transmission is nothing like as simple. And I still don't see how data can be randomly mined the way echelon does with phones. Very little is straightforward plain text. In addition many of the software server/client progs are OS specific.
Although versions of Pretty Good Privacy made since inventor Phil Zimmerman left the company will have a backdoor in them it is unlikely that anyone serious about encryption would use a product whose source code hadn't been independently verified.

Interestingly enough the 'reactionary' wing of the IT industry frequently typified by the possession of an MSCE has been conducting a campaign against Zimmerman's open source solution for Voice Over Internet Protocol encryption.

Their argument is weak and basically runs along the lines that Skype has inbuilt 128 bit encryption so why worry. That the only reason that people are even worried about this issue is that the Skype encryption is so seamless that most people are unaware that their Skype calls are encrypted.

To which a cynic such as myself would argue that people don't know about Skype's encryption because Skype has stayed quiet lest the cypherpunks demand the source code and find the backdoor that Skype will have put in at the behest of the US government. So skype will be secure from everyone it already was secure from because only the US government has access to the complete network.

So they probably gather every bit of data coming down the tracks but reading it seems to be impractical.

Posted by: Debs is dead | Dec 24 2005 8:23 utc | 21

but reading it seems to be impractical.

Not so Debs. I have personally done extensive network sniffing for error diagnostics in client-server communications. It is relative easy to shuffle through a huge amount of traffic, find all skype traffic and to catch a distinguished flow between two parties.

Automization of that is straightforward and the hardware/software required is off the shelf.

The problem is interpretation of the data. It just doesn´t make sense to search for specific words. Traffic patterns are also very unreliable as datapoints. The human dynamics involved are not predictable.

Imagine during a hunt on child porn sellers what "keyword" would you be looking for? The keyword "childporn" will certainly lead you to catch everybody that discusses the issue and most certainly not the people really involved in the issue.

A google search on "plane" and "bomb" will give you some 6 million hits, including this comment, but none of those will lead to the next 9/11 attempt. It's the mass "false positiv" readings that are killing the effort.

There are more effective ways like human intelligence, i.e. feet on the ground. A mass combing effort of email/phone is just a waste of money and dangerous as it WILL get abused over time.

Posted by: b | Dec 24 2005 8:44 utc | 22

That's pretty much what I was saying B. Getting the data would be easy, making sense of it much more difficult. The best anyone could do easily would be to see who was up who. Finding out what the rent was would be far more difficult. The nature of the net and the way people relate to each other would mean that the 'authorities' would end up with an ever growing list of names/ip addresses and no way of winnowing the wheat from the chaff.

As far as Skype goes which almost certainly has a backdoor in it to allow the authorities to accesss the content of calls deemed 'important', they may manage to catch morons who believe their conversations safe from eavesdropping because of the 'strong' encryption but anyone really serious won't be pissing around with Skype.
When 'listening in' on others' transmissions first became prevalent, those wanting to avoid detection would use 'one time pads' that is a particular cypher would only be used once to ensure the chances of the cypher being decyphered were kept to a minimum. If I remember correctly the transmissions from the Russian embassy in Washington of McLean's information on the Manhattan project was finally partially cracked as a result of some lazy courier in another part of the world not bothering to use a new cypher.

Now that the listeners rely on patterns of communication rather than content to discern what is going on, people wishing to avoid detection use 'one time' communication channels. That is randomly selected types of communication using randomly selected devices.

Years ago this would have been impossible but the plethora of means of communication eg email, ICQ, IRC, usenet, mobile phones, landlines, Ebay, mail, document couriers etc combined with a plethora of cheap and easily available devices from net cafe's to sim cards to phone cards makes trying to find a pattern of behaviour from anyone's usage of these devices next to impossible.

Posted by: Debs is dead | Dec 24 2005 11:53 utc | 23

The comments to this entry are closed.