William Binney: Shutdown of UPSTREAM is a farce

William Binney: Shutdown of UPSTREAM is a farce

Loud & Clear, 6 March 2019

(this part of Loud&Clear starts at02:31)

Transcript, text in [] and links by Joachim Gruber

John Kiriakou: ... The National Security Agency, NSA, has reportedly shut down a system that analyzes logs of Americans' domestic calls and text messages, halting a program that has been the source of controversy over privacy since the 9/11 attacks. The program apparently ended months ago, and the Trump Administration apparently will not ask Congress to reauthorize it. But the NSA retains vast domestic and international spying capabilities. We are joined from Washington by Bill Binney, a former NSA technical director who became a legendary national security whistleblower. ... Snowden warned us that this program was taking place, that it was illegal and unconstitutional, and now our policy makers have decided, it's better that we don't have this program. What do you make of this?

William Binney: Well, that's the same program that I was complaining about internally, in the channels, in the House and Senate Intellgence Committees. That was just the start of it. That was only the metadata part of it. The ultimate part of it started in 2002, and it's called the "UPSTREAM" program.

Remember from the PRISM's program slide where the government goes to the telecommunications companiesand service providers and says "Give us data on this person, because we've got a warrant" or something. That's their upfront take approach that says "Here's where we're conforming with the law. Don't worry about us. We're doing the right thing!" In the background is this UPSTREAM program which is the fiber optic taps where they're taking everything off the fiber lines using AT&T, Verizon, and about 30 other companies (in cache) inside the country, not counting the ones around the world and all the other redundancies as other parties like the second parties where they collect stuff that gets forwarded them, too. Those are the programs where their real data is collected and all this idea, in fact some of the, I think the Wall Street Journal alleged that they were only considering and hadn't actually done it.

But what it [the US government] is saying is fundamentally

that the UPSTREAM program [started around 2002] has been running for so long,
it developed to such an extent that the telecommunications companies giving any batch load of all the communications we had from our service or everybody that [UPSTREAM] no longer adds anything. So in other words,
that the UPSTREAM bulk acquisition of data on everybody is complete.

So that tells me that all this thing [i.e. UPSTREAM shutdown] is a farce.

John Kiriakou: Does shutting that down affect the national security in any way?

WB: Absolutely not. It never helped in the first place. What it did was,it hindered analysts from seeing what was really important for them to look at, because that gave them so much data, look at all the communities and contexts of phones and emails [communications] and so on, and endless degrees of separation [hubs], looking at people all over the place and never actually find anything meaningful. That's because all the material that was dumped on them was just burying them with irrelevancies.

The thing we were doing with ThinThread -I likened it to saying: we were pulling all the needles and potential needles out of the haystack and letting the haystack going right by. So, the analysts had nothing but relevant and important information to look at. That's not what they are doing today, and hasn't been since 2001.

My estimate was just in the phone network alone in the US it was roughly 3 billion (3 10⁹) transactions every day. That's the record for local and long distance phone calls just inside the US. Now, my estimate around the world is something on the order of 4 billion a day, as many as 12 billion a day.

That's why we did the ThinThread program in the 1990s. Even back then, when they had nowhere near the capacity to collect data that they do today, even back then they were buried. The analysts were complaining in NSA. I was the technical director of the analysis reporting area for the world - that was about 6000 analysts-, and they all had the same problem, they were buried with information even back then.

So that's why we did the ThinThread program, to devise a way to make it possible to get only relevant information, that was meaningful for the targets they were looking at. That was the whole point: to reduce the burden on them, so they only got a finite number of things that were relevant every day, and didn't have to look through this mass amount of data. They get tens of thousands of items every day, and then have to go through them. You can only go so far in a day, and if you have to stop and report anything, you stop there and you never get through the rest of it. The next day you come in, there's a new batch of data from that day. It was just an endless process of making them dysfunctional.

JK: It's not that the capabilities are going away. It's just that they decided to stop this mass collection of data. Is that correct? If the FBI, let's say, wants to do an investigation, can they not just rely on the technology to collect the data that they need?

WB: Actually, they've already got them collected with the UPSTREAM program. That was my point. All these other programs, like the Verizon warrant tat the FISA court issued, the general warrant that they issued to say "here, give up all the data hundred million plus people who are your subscribers" that all now is now being collected in UPSTREAM and that program has nothing anymore. So there is no reason to spend money on, why don't just get rid of it. That doesn't count the ability to go to places like the GCHQ or other countries and for any data that they have internally. After all, they have the same -, the chances the data you had can be passed through other countries and back into the US. So there's a probability of that, too.

JK: And the US famously cooperates with most intelligence services around the world for this kind of data. So, they are not actually losing data. All they have to do is ask a liaison partner for access the data. Correct?

WB: Actually, they don't even have to do that because the collection would be done by the partners, but all that data, as near as I can tell, is being forwarded to NSA for storage. There is the central depository for all this data for everybody. In Utah, that's one of them, and they have got another one three times the size over here in Fort Mead.

And the point is, then they give - , and you could see it like a couple of countries that have ICReach (in cache), which is the close-in people, the departments/agencies within the US and the Five Eyes. The others, the third parties, basically, are using XKEYSCORE (in cache) to interrogate the data that they forward to be stored by the NSA. They are all using these programs to interrogate the NSA database. They became basically the central repository for all the data collected from the Five Eyes (UK, Canada, Australia, New Zealand, US), and at least 9 other countries, including, you know, Poland, Germany, Japan.

-------------------- APPENDIX ----------------------------

NSA Stops Certain Section 702 "Upstream" Activities

Release No: PA-014-18 April 28, NSA, 2017

... "During the extension period, NSA undertook a broad review of its Section 702 program. Under Section 702, NSA collects internet communications in two ways:

"downstream" (previously referred to as PRISM) and
"upstream".

Under downstream collection, NSA acquires communications "to or from" a Section 702 selector (such as an email address). Under upstream collection, NSA acquires communications

"to,
from, or
about"

a Section 702 selector [selector types] An example of an "about" email communication is one that includes the targeted email address in the text or body of the email, even though the email is between two persons who are not themselves targets. The independent Privacy and Civil Liberties Oversight Board described these collection methods in an exhaustive report published in 2014.

After considerable evaluation of the program and available technology, NSA has decided that its Section 702 foreign intelligence surveillance activities will no longer include any upstream internet communications that are solely "about" a foreign intelligence target. Instead, this surveillance will now be limited to only those communications that are directly "to" or "from" a foreign intelligence target. These changes are designed to retain the upstream collection that provides the greatest value to national security while reducing the likelihood that NSA will acquire communications of U.S. persons or others who are not in direct contact with one of the Agency's foreign intelligence targets.

In addition, as part of this curtailment, NSA will delete the vast majority of previously acquired upstream internet communications as soon as practicable.

NSA previously reported that, because of the limits of its current technology, it is unable to completely eliminate "about" communications from its upstream 702 collection without also excluding some of the relevant communications directly "to or from" its foreign intelligence targets. That limitation remains even today. Nonetheless, NSA has determined that in light of the factors noted, this change is a responsible and careful approach at this time."

-----------------------

Version: 9 March 2019

Address of this page

Home

Joachim Gruber