home

NSA Surveillance: Packet-Sniffing vs. Data Mining

GW Law Prof Orin Kerr has a theory on the NSA warrantless surveillance program, based upon some material in James Risen's book. Orrin is very much an expert in these issues. One of his articles is Kerr, Orin S., "Internet Surveillance Law After the USA Patriot Act: The Big Brother That Isn't" . Northwestern University Law Review, Vol. 97, 2003 (downloadable here.)

Orin thinks the program may have involved packet-sniffing which he likens to a giant pen register or trap and trace (the former records numbers dialed from a phone, the latter records telephone numbers of incoming calls and neither intercept the content of communications) rather than data-mining.

Packet sniffing refers to installing a monitoring device on a steam of traffic that looks for specific sequences of letters, numbers, or symbols.....The term "data-mining" is usually used to mean taking an already-gathered database of information, and then performing analysis on the gathered database in lots of ways to identify patterns and characteristics.

While a court-authorized intereception warrant is not required for a pen register or trap and trace, the feds are required to get a court order. Even under FISA. Warrantless emergency pen registers and trap and traces can be used only for 48 hours before applying for a court order.

So, wouldn't a court order, although not an interception warrant, be required for packet-sniffing? Orin doesn't say, but he does find this perplexing:

But something seems fishy here. For example, the leakers of the story seem focused on the Fourth Amendment instead of FISA.

< Prime Minister Ariel Sharon Suffers Massive Stroke | The 2006 Bloggies Awards >
  • The Online Magazine with Liberal coverage of crime-related political and injustice news

  • Contribute To TalkLeft


  • Display: Sort:
    Comparing packet sniffing, as described above, with a pen register is confusing. It's entirely possible to look at only a packet's header information, something I would consider similar to a pen register. But to look at the contents of a packet for specific information requires reading the entire packet and, in my mind, that's just like a wiretap. When IP people do packet sniffing they're looking at the header information, not the contents. Usually they're trying to debug a networking problem and only the header information is useful. Of course, packets often contain packets. Or so I've been told. If the NSA was only looking at the header information the data mining would be nothing but traffic analysis. It would seem more useful, perhaps, to use the contents of the packets for data mining. Beyond this point I'm well over my head.

    Does anybody believe that the administration would deliberately ignore or circumvent FISA - only to do something that doesn't require a warrant anyway? I didn't think so. Does anybody doubt that the NSA has the technology and resources to massively eavesdrop on American communications, just as they have been doing on foreign conversations for decades? I didn't think so.

    Re: NSA Surveillance: Packet-Sniffing vs. Data Min (none / 0) (#3)
    by Edger on Wed Jan 04, 2006 at 08:19:07 PM EST
    Allen, The administration's stated justifications for "wiretapping" (thru NSA monitoring) Americans communicating with people outside the US with "known links to Al Qaeda" are that they do it to forestall "terror" attacks. It seems logical that they would not be doing just network traffic analysis, but would have to be examining packet contents, i.e. they want to know what was said in those communications, by whom, to whom, and about what.

    A little google and a little memory jar of the very, very rare occasions many years ago when I was around anyone doing any packet sniffing and -- Packet sniffing involves capturing the entire packet. So packet sniffing is the data version of wiretapping. From Network Security Glossary
    Packet sniffing is to computer networks what wire tapping is to a telephone network.
    Maybe the government/President thinks that if it's only a computer listening and not a human then it isn't really wiretapping.

    Re: NSA Surveillance: Packet-Sniffing vs. Data Min (none / 0) (#5)
    by Edger on Wed Jan 04, 2006 at 08:31:58 PM EST
    President thinks that if it's only a computer listening and not a human then it isn't really wiretapping. I think he doesn't think that at all. He's just trying to BS everyone. Then again "president thinks", with the current incumbent, is an oxymoron, no? ;-)

    Libby is almost right. NSA is said to have had the technology for some time to monitor every call and e-mail, with computers looking for certain words and phrases, and passing flagged items to humans for further analysis. This is what they are said to do OUTside of the country. To do this in the U.S. requires more than just the technology - it requires the infrastructure and budget for ongoing operation. They have to be able to get the data from the phone and internet lines, then get all that data to their computers for analysis, (and buy all those computers,) and hire the humans needed to look over flagged messages. THAT is a lot of money and people. So the huge budget and number of people needed - combined with it being illegal - prevented it from happening. Until 9/11. The 1994 CALEA law required phone companies to install tappable switching systems. But after 9/11 to government made telecommunications companies also start installing internet routers that the government could automatically tap into. We know that the spy budgets went way up. And now we know that Bush ordered SOMEthing that he couldn't get warrants for. So it was probably an order for NSA to start monitoring calls and e-mails here, to be filtered for "terrorists." But it bothers me a LOT that Bush's surragates say people lke ME are providing aid and comfort to the enemy, and the FBI is defining environmentalists as terrorists, and keeping data about anti-war protesters. So we have no way to know if this is part of what NSA is doing when Bush promises they are only monitoring "suspected terrorists." Now, just to piss everyone off, I've been writing that this is happening because our communications are wide open to anyone who wants to listen in, and that if we had gone ahead and started using the Clipper Chip none of this could be happening now.

    Now, just to piss everyone off, ...
    Okay.
    ... and that if we had gone ahead and started using the Clipper Chip none of this could be happening now.
    The encryption algorithm to the Clipper Chip was a secret known only to the NSA. Mostly (only?) external experts friendly to the NSA were allowed to briefly review the algorithm after signing a non-disclosure agreement. There was no way to be certain it didn't contain a backdoor. Also, in theory, the FBI required a warrant to obtain the two separate parts to the key needed to decode a communication, but, as I remember, most people weren't convinced the process was adequate to prevent abuse. Would the NSA have been able to obtain the keys without a warrant? I think the Clipper Chip idea is good, but I'm not convinced the Clipper Chip as originally proposed would have prevented this. Of course, you could use PGP for email, but then your email will stand out like a sore thumb and the NSA will wonder what you're hiding.

    Allen, Right now every e-mail and phone call is wide open. So if you encrypt now it will really stand out. People accused the government of proposing the Clipper Chip so they could listen in. But since anyone, including the government, can already listen in, how does it make sense that installing an encryption chip enables the government to listen in? If the government wanted to listen in, then NOT proposing such a chip is the way to do it. The Right led the attack on Clipper, and now the Right IS listening in.

    how does it make sense that installing an encryption chip enables the government to listen in?
    And you know it's just an encryption chip how? Because the NSA says so, perhaps?
    The Right led the attack on Clipper
    "The Right" includes the EFF, EPIC and the ACLU now, does it?

    It was John Ashcroft who was the point-person in the anti-Clipper campaign.