Sunday, April 22, 2012

Whistleblower: The NSA is Lying -- The U.S. Government Has Copies of Most of Your Emails

From Democracy Now:
National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion "transactions" — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States...
Here's part of an interview conducted by DN:
JUAN GONZALEZ: Well, I wanted to ask William Binney about this issue. When it comes to snail mail, the old postal system, it’s very tough for the government to intercept mail, except in times of war, particular situations. When it comes to phone conversations, land phone conversations, you need a warrant to be able to intercept phone conversations. But what about email, and what about the communication now that is really the dominant form that not only Americans, but many people around the world communicate? What are the restrictions on the government in terms of email?

WILLIAM BINNEY: Well, after some of the laws they passed, like thePATRIOT Act and their secret interpretation of Section 215, which is—my view, of course, is same as Tom Drake’s, is that that gives them license to take all the commercially held data about us, which is exceedingly dangerous, because if you take that and put it into forms of graphing, which is building relationships or social networks for everybody, and then you watch it over time, you can build up knowledge about everyone in the country. And having that knowledge then allows them the ability to concoct all kinds of charges, if they want to target you. Like in my case, they fabricated several charges and attempted to indict us on them. Fortunately, we were able to produce evidence that would make them look very silly in court, so they didn’t do it. In fact, it was—I was basically assembling evidence of malicious prosecution, which was a countercharge to them. So...

AMY GOODMAN: Do you believe all emails, the government has copies of, in the United States?

WILLIAM BINNEY: I would think—I believe they have most of them, yes.

AMY GOODMAN: And you’re speaking from a position where you would know, considering your position in the National Security Agency.

WILLIAM BINNEY: Right. All they would have to do is put various Narus devices at various points along the network, at choke points or convergent points, where the network converges, and they could basically take down and have copies of most everything on the network.



  1. Opportunity to get rich: write an email client or an add-on to existing email client that adds an easy to use interface to pretty good privacy. PGP is GNU licensed so it is free to use, it is very robust and would take a supercomputer months to break a single message, its full source code is published so there are no back doors for anyone.

    Also there are free file encryption tools that create two or more encrypted vaults - if a court orders you to decrypt your laptop you just open the vault filled with legal internet porn. I think opening one vault scrambles the other vault randomly.

  2. From a transport perspective, email is like sending postcards. If you have anything you don't want prying eyes to see, encrypt the body of your email. This won't do much to obscure the sender/recipient correlations that will still take place, but a sufficiently careful person can mitigate that using darknets (e.g. TOR) and burnable email accounts.

    PGP was written over 20 years ago to address the encryption issue. Here's a good history on the PGP wars (the government tried to use export restrictions and the threat of key escrow to tame the beast):

    If anyone wants to kick around with some of these analysis tools, Xplico is a good one that anyone can set up at home:

    This isn't a carrier grade solution like NARUS but it can give you a feel for how network traffic analysis tools work. If an open source project like this has features like "Facebook Chat dissector for the new Facebook Chat protocol" you can bet the big players have all kinds of toys to analyze your traffic with.

    The reality of the Internet is that any data sent through it can be collected and stored in perpetuity. It's wishful thinking to believe otherwise. The question of "can" versus "should" is becoming irrelevant in the advance of technology.

    End to end transport of communication is hard work that takes planning, infrastructure, governance, education, and operation. Nowhere in that list is the word "convenience." We've poured our innermost secrets out en masse over telephone lines for over a century with no real regard for the central hubs everything passes through. There's no effective difference with data.

    A possible solution would be end to end encryption via peer to peer networking. With the advent of consumer communication endpoints like the iPhone though, you are not in control of your device. The runaway success of iPhone, with its walled garden approach to computing, should say all that is needed about the mass preference of "we the people" to security of information.

  3. PGP was compromised a decade ago, and that information was given to me by someone who worked in the field. The gummint has backdoors for anything they want backdoors to and particularly with this Hitleresque admin, if they want it, they will get it via blackmail, threats, or violence.

  4. I suppose you could always use a very obscure language and record it as a .wav file...The Japs couldn't figure out Navajo during WWII....but I know the Navy CT's and the CIA.

    I read the American Black Chamber which told of the US history of cryptology. I could keep up with most of that....but then I got the book, The Cryptologers and I got left in the dust!

    I imagine also embedding messages in graphics files is pretty easy to spot and with the newer cameras, the exif file can sink you unless you have an editor to delete the image info.