To My Mom

Posted on May 14, 2006 by Mash

Garden at Giverny

 

This Mother’s Day, and every day, I remember you. Each time I look into my daughter’s eyes I feel your love.

Happy Mother’s Day to everyone who visits this blog.

Posted in Personal | Comments Off on To My Mom

The Effects Of Drinking Too Much Kool-Aid

Posted on May 13, 2006 by Mash

The Kool Aid ManThere is a remarkable opinion piece today in The Washington Post entitled "The Right Call on Phone Records". It is remarkable because the author, former Deputy Homeland Security Advisor and Deputy Assistant to the President Richard Falkenrath, has apparently taken leave of his senses.

The op-ed begins with this bizarre paragraph:

On Thursday, USA Today reported that three U.S. telecommunications companies have been voluntarily providing the National Security Agency with anonymized domestic telephone records — that is, records stripped of individually identifiable data, such as names and place of residence. If true, the architect of this program deserves our thanks and probably a medal. That architect was presumably Gen. Michael Hayden, former director of the NSA and President Bush’s nominee to become director of the Central Intelligence Agency. [Emphasis added by me]

Richard FalkenrathWhen I read this, my initial thought was that the author was joking. But as I read through the rest of the fantasy piece I realized that Mr. Falkenrath was quite serious. I hope the remaining people at the top level of Homeland Security do not believe that a phone number is "anonymized" as Mr. Falkenrath appears to believe. If our senior leaders are this ignorant then we are in very serious trouble.  Here’s a little exercise for you, Mr. Falkenrath. Given the phone number 202-456-1414, how long will it take the NSA to find out whom this number belongs to? Ok, don’t hurt yourself. I will tell you. It will take them less then 23 seconds. Try it for yourself. Go to AnyWho and do a reverse lookup on 202-456-1414. Within seconds you will find that this phone number belongs to:

White House Switchboard Main Number

WASHINGTON, DC 20001
The notion that Mr. Falkenrath believes that phone numbers are "anonymized" would be laughable if not for the fact that the belief is held by the former Deputy Homeland Security Advisor to the President. If this is the kind of advice President Bush is getting we as a country are being ill served. The level of ignorance and incompetence this demonstrates is shocking.
 
Mr. Falkenrath goes on to praise General Hayden for devising this clever phone records analysis tool:
Very few career government officials possess the expertise, initiative and creativity needed to devise a system to penetrate such networks, using only existing statutory and presidential authorities, employing only existing technical and personnel resources, and violating the privacy of no American. Yet, if the USA Today story is correct, this appears to be exactly what Hayden did.
This again shows a frightening level of ignorance. The system that Mr. Falkenrath praises General Hayden for creating has been in existence since the year 1736 when Graph Theory was first discussed by Leonhard Euler. The modern derivations of graph theory, specifically network analysis, that is used to analyze networks is commonly used by many mathematicians and computer scientists. The specific algorithm apparently used by the NSA, link analysis, was famously adapted in 1995 by Sergey Brin and Lawrence Page in creating the search engine Google. Every Internet blogger is also familiar with this "system" and they regularly use its power when they use Technorati to find which web pages link to their blogs. Mr. Falkenrath, feel free to click here to find out how many web sites link to my blog. For the less technically inclined, General Hayden’s "system" is on display in the "Six Degrees of Kevin Bacon" Game. General Hayden’s "creativity" is neither original nor dramatic. He is just using technology already in existence to mine data from our phone records. The only newsworthy part of General Hayden’s "system" is that it likely violates the law.
 
Speaking of the law, Mr. Falkenrath leaps to General Hayden’s defense:

Some legislators and observers have questioned the legality of the alleged NSA domestic telephone records collection program. If the facts of the program are as reported in USA Today, there is every reason to believe that the program is perfectly legal.

There are, of course, strict legal limits on the ability of federal agencies such as the NSA to compel the provision of domestic information or to collect it secretly. The USA Today story, however, alleges that three telecommunications companies — AT&T, Verizon and BellSouth — provided it voluntarily. How else could one company (Qwest) decline to provide the information? Since there is no prohibition against federal agencies receiving voluntarily provided business records relating to their responsibilities, it appears that the NSA’s alleged receipt and retention of such information is perfectly legal.

Mr. Falkenrath must be patting himself on the back for his clever logical inversion here. It is a very nice argument to put the Government’s actions in the passive voice. To imply that the phone companies somehow left the phone records on the NSA’s doorstep and one fine morning General Hayden discovered these records as he went out for the morning paper is too clever an argument to sustain itself. Mr. Falkenrath ignores the fact the Government demanded these records from the phone companies without the required court orders. It went as far as to try to bully and blackmail Qwest into turning over the phone records. That kind of behavior hardly suggests that the NSA was a passive actor in this fiasco. Perhaps Mr. Falkenrath needs a reminder of the laws that were broken when the NSA demanded these records without a court order. You can read my layman’s analysis here or Professor Kerr’s analysis here and here.

Mr. Falkenrath concludes by putting in a plug for General Hayden for the CIA Director post. He also praises the can-do gung-ho attitude of General Hayden in contrast to the timidity of the rest of the bureaucracy:

Bureaucrats excel at finding reasons not to do something. They are most often guilty of sins of omission, not commission. A timid, ordinary executive might have concluded that it was too risky to ask U.S. telecommunications companies to provide anonymized call records voluntarily to an agency such as the NSA, dealing with foreign intelligence. If the USA Today story is correct, it appears that Mike Hayden is no timid, ordinary executive. Indeed, it appears that he is exactly the sort of man that we should have at the helm of the CIA while we are at war.

Mr. Falkenrath apparently does not understand that there is a difference between initiative and law breaking. The Constitution and the laws are there for a purpose. Choosing to ignore the laws does not make a good executive or a good nominee for the position of Director of Central Intelligence.

Mr. Falkenrath’s deeply flawed opinion piece should cause all citizens alarm. This opinion piece is a window into the thinking of some our top officials in Government entrusted with protecting us. The level of ignorance and incompetence demonstrated by Mr. Falkenrath may unfortunately be commonplace amongst the political appointees within this Administration. For exposing this level of incompetence, we all owe Mr. Falkenrath an enormous debt of gratitude.

 

Posted in Constitution, Politics | 9 Comments

Free Advice to the NSA: How To Pursue Terrorists And Protect Civil Liberties

Posted on May 12, 2006 by Mash

Phone Link Analysis

 
The latest revelation that the National Security Agency has gathered phone records of millions of ordinary Americans has generated outrage and controversy across the political spectrum. The NSA has gathered phone records apparently without court orders in violation of existing statutes. It appears that the NSA is attempting to use this vast database of phone records to connect the dots between known terrorists by using software to look for links and patterns in the records. Unfortunately, the fact that the phone records contain the phone numbers of millions of ordinary and innocent Americans opens the door to abuse of the database and guilt by association.
 
The NSA is likely using link analysis techniques in an attempt to connect known targets separated by multiple degrees of separation. Link analysis is a simple yet powerful tool that can be used very effectively on structured relational data. Link analysis is nothing but the high tech equivalent of the "Kevin Bacon Game".
 
The image above [click image for a larger image] shows an example of how NSA would connect Bad Guy #1 with Bad Guy #2. To do so, NSA would need the phone records of Bad Guy #1, Person A, Person D, Person G and Bad Guy #2. By traversing the phone record tree from both directions the NSA could connect Bad Guy #1 and Bad Guy #2 by finding that they both are connected to intermediate Persons A, D or G.
 
In order for the NSA to do link analysis with a court order, the NSA would have to first get a warrant for the phone records of Bad Guy #1. It would then have to get a warrant for phone records for each person on Bad Guy #1’s phone record (i.e., persons A and B) and then get warrants for the persons on the phone records of the next set of people and so on. At some point, the NSA would have a difficult case to make that one of these intervening people was legitimately connected to an ongoing investigation. Even if it succeeded in making the case for the warrant, the logistics of getting a warrant at every step of the process would make this kind of link analysis cumbersome and nearly impossible to perform in real time. I suspect that is why the NSA and the President decided to go around the law. When faced with a question of law, instead of asking Congress to update the law, the Government chose to ignore the law.
 
The problem in this approach for the NSA was that getting the phone records of intervening persons between two known bad guys requires court orders. There is perhaps a simple way to achieve the goals of the NSA without the court orders and the violations of privacy that results if the court orders are not sought. I propose that instead of seeking the actual phone numbers from the phone companies, the NSA should seek secure hashed equivalents of the phone numbers. That is, all phone records handed over to the NSA should contain secure hashed ids instead of the actual phone numbers of American citizens. The phone company would keep the actual phone records and the mappings between the phone numbers and their hashed equivalents. This will ensure that the NSA does not have a database of phone numbers of ordinary Americans. I also believe there is no law that would be violated by the phone companies turning over this data to the NSA.
 
Briefly, secure hashing is a technique that is commonly used to store passwords and to digitally sign electronic messages. The power of secure hashing lies in that when a number or string is hashed to produce a message digest, there is no way to get back to the original number or string. However, the same number, if secure hashed repeatedly will result in the same message digest. This feature allows one to store data, a password or phone record for example, in a database without the original password or phone record being compromised. Given the original phone number or password, one can secure hash it and then compare it to data in the database to find its matching hash. SHA-1, the most commonly used secure hashing algorithm was designed by none other than the National Security Agency.
 
This new database maintained at the NSA, using secure hashed ids in lieu of phone numbers, would be just as effective for data mining and link analysis. If the NSA knows the phone number(s) of a known target or targets, they can simply convert the phone number to its secure hashed equivalent (or "message digest" ). These message digests then can be used to perform link analysis on the database. Using the example in the image, the NSA would secure hash the phone number of Bad Guy #1 and look up the phone record equivalents in the database. They would find the hashed message digests representing Persons A and B. When they look up the records for the message digest of person A, they would similarly find the message digest of Person D. Similarly, coming from the other side, the NSA would secure hash the actual number for Bad Guy #2 and find the message digest of Person G. In looking at the records of Person G, the NSA would find the message digest of Person D. Then, Voila!, the NSA will have connected Bad Guy #1 to Bad Guy #2 without knowing the phone numbers of Persons A, D and G. Armed with the message digests of Persons A, D and G, the NSA can now approach the court for a warrant based on probable cause. The phone companies can then provide the NSA with the actual numbers and identities of Persons A, D and G by mapping the message digests to their original phone numbers that the companies would keep in their own databases. The phone records of all other persons not involved between Bad Guy #1 and Bad Guy #2 will remain unknown to the NSA.
 
This simple use of existing cryptography techniques may eliminate the need for the massive intrusion into the privacy of ordinary Americans that is currently occurring. This solution allows the NSA to troll and mine to their hearts content in an attempt to keep us safe without violating our hard earned civil liberties. Who knows, with any luck it will come to light that the NSA is already doing this and all this fuss will have been about nothing. However, the fact that Qwest balked at handing over phone records to the NSA suggests to me that the NSA is not using this simple but effective technique.
Posted in Constitution, Politics | 10 Comments

It’s Beginning To Look A Lot Like Fitzmas

Posted on May 12, 2006 by Mash

Fitzmas!

 
The grand jury investigating the CIA leak case will meet today. Raw Story is reporting that Special Counsel Patrick Fitzgerald is expected to meet with the grand jury. The networks are planning to stake out the federal courthouse.
 
All signs point to an indictment announcement some time on Friday. In anticipation of a multiple count indictment, I dedicate this song to Karl Rove, the Turd Blossom:
 
Communique by Dire Straits
They wanna get a statement for Jesus sake
It’s like talking to the wall
He’s incommunicado no comment to make
He’s saying nothing at all

But in the communique you know he’s gonna come clean
Think what he say, say what he mean
Maybe on Monday he got something to say
Communication
Communique
Communique

Maybe he could talk about the tricks of the trade
Maybe he could talk about himself
Maybe he could talk about the money that he made
Maybe he’d be saying something else

But in the communique you know he’s gonna come clean
Think what he say, say what he mean
Maybe on Monday he got something to say
Communication
Communique
Communique

And now the rumors are flying
Speculation rising
Say that he’s been trying someone else’s wife
Somebody at the airport
Somebody on the phone
Says he’s at the station and he’s coming on the noon
Then we get the story a serious breeze
And a photograph taken in the hall
You don’t have to worry with the previous release
Right now, he’s saying nothing at all
But in the communique you know he’s gonna come clean
Think what he say, say what he mean
Maybe on Monday he got something to say
Communication
Communique
Communique

 
Update: Chris Matthews is beating the Fitzmas drum this morning.
Posted in Humor, Politics | 11 Comments

Hold The Phone

Posted on May 11, 2006 by Mash

Inspector ClouseauUSA Today reported this morning that the National Security Agency has been collecting phone records of tens of millions of ordinary Americans with the willing cooperation of the phone companies (except Quest which refused to hand over records without a court order). This disclosure caused an irritated President Bush to make a brief statement this morning. I quote the statement in its entirety:

After September the 11th, I vowed to the American people that our government would do everything within the law to protect them against another terrorist attack. As part of this effort, I authorized the National Security Agency to intercept the international communications of people with known links to al Qaeda and related terrorist organizations. In other words, if al Qaeda or their associates are making calls into the United States or out of the United States, we want to know what they’re saying.

Today there are new claims about other ways we are tracking down al Qaeda to prevent attacks on America. I want to make some important points about what the government is doing and what the government is not doing.

First, our international activities strictly target al Qaeda and their known affiliates. Al Qaeda is our enemy, and we want to know their plans. Second, the government does not listen to domestic phone calls without court approval. Third, the intelligence activities I authorized are lawful and have been briefed to appropriate members of Congress, both Republican and Democrat. Fourth, the privacy of ordinary Americans is fiercely protected in all our activities.

We’re not mining or trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to al Qaeda and their known affiliates. So far we’ve been very successful in preventing another attack on our soil.

As a general matter, every time sensitive intelligence is leaked, it hurts our ability to defeat this enemy. Our most important job is to protect the American people foreign another attack, and we will do so within the laws of our country.

Thank you.

You will notice that the President does not deny the facts of the USA Today story. He also specifically notes that the Administration’s "international activities" strictly target al Qaeda. He leaves open the possibility that domestic activities cast a much wider net. He also notes that the Administration is "not mining or trolling" through the "personal lives" of Americans. Mr. Bush is parsing very hard here to make a distinction between personal lives and personal records. The distinction is between contents of a phone conversation and records of a phone conversation. That distinction allows Mr. Bush to escape the clutches of the 4th Amendment.

However, this new NSA spying disclosure does violate at least one and perhaps two laws enacted by Congress. Where FISA does not apply, access to phone records are covered by the "pen register" or "trap and trace device" laws. The two relevant laws are 18 U.S.C. §§3121-3127 and 50 U.S.C. §§1841-1846. In order to get the phone records of a "U.S. person" the Government must get a court order. If the Government is arguing that they need the order for foreign intelligence or terrorism related activities and the information does not concern a "U.S. person", the Government must also get a court order. In both cases the application for the court order must show that the information requested is "relevant to an ongoing criminal investigation" or is "relevant to an ongoing investigation to protect against international terrorism or clandestine intelligence activities". In the case of a foreign intelligence investigation, there is a provision for an emergency authorization where the Attorney General can approve the gathering of information without a court order provided that an application is made for an order within 48 hours. There is also a provision in the law that states that in a time of war the President can authorize the collection of phone records without a court order for up to 15 calendar days following a declaration of war by Congress. There is also a requirement for the Attorney General to make detailed annual reports to Congress regarding collection of U.S. persons’ phone records and a requirement for the Attorney General to make detailed semi-annual reports to the "Permanent Select Committee on Intelligence of the House of Representatives and the Select Committee on Intelligence of the Senate" regarding collection of phone records related to foreign intelligence or terrorism.

The Bush Administration is almost certainly violating the law by not getting the required court orders. If the program is as widespread as has been reported the Administration would have had to apply for and receive tens of millions of court orders. The Bush Administration may also have violated the Congressional oversight requirements of the statutes. Judging by the reaction in Congress today it appears that Congress was not fully briefed by the Administration.

The argument from the Administration will probably again be reduced to a defense on the President’s alleged inherent Article II powers as Commander-in-Chief during wartime. The President will argue that the Constitution gives him inherent authority to violate duly enacted laws in his capacity as Commander-in-Chief. This is a flimsy argument at best and is quite easily debunked. In the end the Administration is left with no Constitutional leg to stand on.

When the law and the Constitution are not on his side, the President can, in the final analysis, rely upon the Republican controlled Congress to turn a blind eye once more. 

Posted in Constitution, Politics | 16 Comments