NSA's "Virtual Lockbox" of Metadata
In the above video, NSA Director Gen. Alexander described the NSA archive of telecom “metadata” about all phone calls in the US, but not their content, and who knows what about all e-mail traffic and web traffic as being in a “virtual lockbox”. He adds that last year it was searched only for 300 “selectors” such as names or phone numbers. Previously NSA indicated that only 20 analysts and their 2 supervisors had authority to make such queries.
The issue in the eyes of your blogger is not whether this is adequate protection of civil liberties which Gen. Alexander acknowledges is a twin goal along with national security. “It’s not one or the other”, he added. The key issue is that the decision to do this, like the Bush Administration predecessor, was built on a very twisted legal foundation that was not clear to the Congress, let alone the public. Further the “virtual lockbox” is not established by law, but appears to be a construction of the Intelligence Community with unstated checks and balances.
Perhaps this “virtual lockbox” is essential for our national security in this day and age. But it needs a clear legal foundation and clear checks and balances to make sure it isn’t abused. Since NSA didn’t know that Snowden was stealing a large number of documents and DoD didn’t know that Manning was doing likewise, how does the public get assured that the “virtual lockbox” is never used for either political purposes or for Passport Office-style voyeurism?
Watergate happened so we can’t always assume that the highest leaders are benign. Nixon tried to misused the CIA to cover up Watergate and failed, but what assurances are there that such political misuse might not happen again?
“Metadata” is the raw material for “traffic analysis”. With records of several years of phone call “metadata” an analysts can identify all your friends and relatives, all organizations you belong to, all you medical providers, probably figure out your medical conditions, etc. Add to this information on e-mail “metadata” and URLs requested one can get a very good dossier on anyone that would have put J. Edgar Hoover to shame. (It is ironic that there is an oral tradition within FCC that FCC’s WWII-era Radio Intelligence Division was a pioneer in traffic analysis before NSA existed. RID left FCC at the end of the war for “parts unknown”.) It is ironic that 2 open literature cryptography pioneers, Susan Landau and Whitfield Diffie, have written that “traffic analysis, not cryptanalysis, is the backbone of communications intelligence.” Such is thee power of traffic analysis given a large amount of “metadata”.
If this program is as beneficial as Gen. Alexander claims, it deserves statutory protections and safeguards and a set of independent watchers and auditors who verify that the limited access under court supervision is the only access to this information.
====
Another viewpoint:
NYTimes op-ed that program is fundamentally illegal and unconstitutional and that NSA behavior has been “criminal”
UPDATE
A surprising FCC connection: Snowden’s father has hired former FCC General Counsel, from the Reagan era, Bruce Fein as his attorney in an attempt to negotiate a voluptuary return of his son under certain conditions which seem unlikely to be accepted.
NTIA's Limited Exemption from FCC Ex Parte Rules
(a) Exempt ex parte presentations. The following types of presentations are exempt from the prohibitions in restricted proceedings …
(5) The presentation is to or from an agency or branch of the Federal Government or its staff and involves a matter over which that agency or branch and the Commission share jurisdiction provided that, any new factual information obtained through such a presentation that is relied on by the Commission in its decision-making process will, if not otherwise submitted for the record, be disclosed by the Commission no later than at the time of the release of the Commission's decision;
It is conventional wisdom, even among experienced communications attorneys, that NTIA is “exempt” from FCC’s ex parte rules. The FCC says the purpose of these rules is as follows
Our ex parte rules play an important role in protecting the fairness of the FCC's proceedings by assuring that FCC decisions are not influenced by impermissible off-the-record communications between decision-makers and others. At the same time, the rules are designed to ensure that the FCC has sufficient flexibility to obtain the information necessary for making expert decisions.
The actual rule involved, 47 C.F.R. 1.1204, is shown at the top of this post. The Commission reviewed and updated its ex parte rules recently in Docket 10-43 in which MSS commented with little impact.
However, the Commission recently reopened part of this issue when in para. 40 of the NPRM of ET Docket No. 13-115 dealing with “Federal Earth Stations Communicating with Non-Federal Fixed Satellite Service Space Stations and Federal Space Station Use of the 399.9-400.05 MHz” it asked
We invite comment on how we might continue to protect against harmful interference to or from Federal earth station operations in a manner that is consistent with the coordination practice as set forth in the MOU, while at the same time ensuring transparency, fairness, and integrity in the Commission’s decision making process.
MSS filed comments recently replying to this invitation and addressing 2 issues of ex parte practice by federal users regulated by NTIA pursuant to Section 305 and 902 of the Communications Act.
First, while the above quoted §1.1204 requires
“any new factual information obtained through such a presentation that is relied on by the Commission in its decision-making process will, if not otherwise submitted for the record, be disclosed by the Commission no later than at the time of the release of the Commission's decision;”
either NTIA is not being consistent in doing so or FCC and NTIA have a non obvious interpretation of this requirement. Usually NTIA complies with the letter of §1.1204 with an “11th hour” the day prior to the FCC’s decision. However, in the case of Docket 10-236, the revision of the FCC’s experimental license rules in Part 5, there is no filing from NTIA or any other federal agency on record. Since many bands covered by experimental licenses were bands shared with federal users and since the proposed new “program licenses” offered new interference issues with both federal and nonfederal incumbent users, it is very hard to believe that NTIA did not indicate some position to FCC.
Perhaps NTIA, with condoning behavior by FCC, has a nonobvious interpretation of §1.1204, perhaps as twisted as NSA’s interoperation of the Patriot Act and FISA. SpectrumTalk suggests that readers and commenters in Docket 13-115 ask NTIA how it actually interprets § 1.1204 and why there was no NTIA filing in Docket 10-236.
The MSS comments also pointed out the “NTIA ex parte loophole” that has been repeatedly discussed in this blog. This is the practice of private parties using NTIA staff to bypass the transparency provision so the ex parte rules and to send negative information to FCC via NTIA so the party on the opposite side does not find out in a timely way what the new issue is and is unable to rebut it quickly.
Your blogger saw this repeatedly drink the UWB rulemaking where cellular interests and GPS interests used NTIA as their covert pipeline to FCC decision makers. In an FCBA public forum at FCC at that time, then NTIA Administrator Gallagher even acknowledged that he would receive such ant-UWB allegation and immediately call a top FCC manager with them!
MSS raised this issue in Docket 10-43 comments. Oddly, the Report & Order in that proceeding mischaracterized the MSS comments as proposing to “delete” the provisions of §1.1204 that apply to NTIA and then dismissed the suggestion as a reductio ad absurdum - a cute debating trick. The issue is not whether NTIA should be allowed easier access to FCC on matters of common jurisdiction, but rather whether private parties should abuse this provision to keep information off the public record so it can not be rebutted.
MSS continues to urge that NTIA document in the FCC docket file all contact with private parties, other than government contractors, that are clearly intended to influence FCC proceedings subject to ex parte rules.
Google's Balloon-based Wi-Fi for Rural Areas & Emergencies
In the past few days Google’s Project Loon has been revealed. As one who was a early pioneer in this area, your blogger was excited about this unexpected use of Wi-Fi which in itself was an unexpected application of the unlicensed ISM bands when the rules for them were adopted in 1985.
While much is made now about the ability of unlicensed spectrum to foster innovation, the key to the success of the ISM bands and the comparative failure of the contemporary U-NII and U-PCS bands is the great technical flexibility the rules for the ISM bands had to implement unimagined applications, not just what the proponents of the bands wanted at that time. Unlicensed by itself does not lead to technical innovation. The synergy of unlicensed and flexible technical rules that allow innovators to innovate at Internet speed” not “government speed” is what enables innovation. Several of the recent proposals for new unlicensed spectrum have so many strings attached that one wonders if they will really enable innovation as the ISM bands have.
Kudos to Google for this fascinating innovation of balloon-based Wi-Fi for emergency and rural use. It shows that the combination of unlicensed and truly flexible rules can supply the spectrum needed for disruptive innovation - perhaps the reason why the mainstream spectrum holders and their suppliers in the 1980s were dead set against the original ISM band rules and were happy to see your blogger sent off to “internal exile” in FCC for several years after the original ISM band decision.
NSA and Privacy Safeguards
The agency and its advocates maintain that its protection of that data is subject to rigorous controls and oversight by Congress and courts. For the public, it comes down to a question of unverifiable trust.
“The constraints that I operate under are much more remarkable than the powers that I enjoy,” said the senior intelligence official who declined to be named.
When asked why the NSA could not release an unclassified copy of its “minimization procedures,” which are supposed to strip accidentally collected records of their identifying details, the official suggested a reporter submit a freedom-of-information request.
In your blogger’s view the strength of the safeguards is key if their information is to be used for valid national security purposes and NOT for political purposes , e.g. IRS allegations, or employee voyeurism, e.g. Passport Office experience. Watergate happened and government trust is no longer automatic.
How independent are the overseers who check for misuse? Who do they answer to? Do they really have adequate resources? (It is unlikely that the FISA court has adequate resources even though it is independent.) Do contractor employees, like Snowden, have access to the overseers to make complaints without fear of retaliation?
A review of the statute creating the Office of Inspector General of the Intelligence Community shows that office is charged to protect intelligence information and sources and that protection of privacy of the rest of us is not a stated goal. Note that in 50 USC § 403–3h(g) this IG is allowed to talk to contractors but in 50 USC § 403–3h(g)(3) only “an employee of the intelligence community” is protected from retaliation. Thus Snowden did not have the option available to him if he had been interested in it.
Finally, there is one way this might influence a matter pending before FCC: The Japanese press has reported that if SoftBank is blocked in its merger with Sprint, it will try to buy T-Mobile. Why would SoftBank be blocked? FierceWireless has reported that Verizon Wireless (VZW) and T-Mobile were not subject to orders to deliver “metadata” to NSA because of foreign ownership. VZW is a joint venture of Verizon, a US corporation and the UK’s Vodaphone. T-Mobile is a subsidiary of the former German monopolist. (The FISA court order that Snowden released dealt with a subsidiary of Verizon NOT VZW.)
Thus the secretive CFIUS review might block the merger since it would result in 3 out of 4 US cellular carriers having some foreign ownership while the speculated SoftBank/T-Mo merger would keep it at the present 2.
UPDATE
There is some confusion about the current protection of Intelligence Community contractors as whistle blowers. A friend pointed outpointed out that the DNI IG website says
It is the policy of the federal government to enable employees to disclose evidence of fraud, abuse, mismanagement, or illegal activities without fear of reprisal. The Inspector General Act of 1978, as amended by the Intelligence Community Whistleblower Protection Act of 1998 provides employees and contractors of intelligence agencies with a mechanism for reporting alleged wrongdoing in IC agencies and associated programs to Congress. Under the ICWPA, IC employees have the right to engage in whistleblowing activity relating to intelligence matters of "urgent concern" and to be free from retaliatory actions for such reporting. "Urgent concerns," as defined by the ICWPA, include matters an IC employee reasonably believes to evidence violations of law, rule or regulation; gross mismanagement; gross waste of funds; an abuse of authority; or a substantial and specific danger to public health or safety. In some circumstances, ODNI personnel (including employees, assignees, detailees, and contractors) may feel it necessary to report such matters to Congress when, in the view of the ODNI personnel, those matters are not being adequately addressed by the ODNI or another government agency. If ODNI personnel wish to report waste, fraud, abuse, violation of law, or gross mismanagement by IC employees to Congress, the matter should first be raised to the IC Office of Inspector General. The IC IG will advise the employee regarding the procedures for making an IC whistleblower complaint. Additionally, ODNI and IC personnel may report misconduct to the IC IG at any time. For additional information on whistleblower obligations, policies and procedures, to make a whistleblower disclosure, and/or if you believe that you have been a victim of whistleblower retaliation, ODNI and IC personnel should contact the Office of the IC IG at 703-482-1300.
Busy Day in Federal Spectrum Management
Among the findings:
- Since 2009, the percentage of American homes reached by high-speed broadband networks have more than quadrupled (from less than 20% to more than 80%) and average broadband speeds have doubled.
- Between 2000 and 2010, the percentage of American households with a home connection to broadband has surged from 4.4% to 67%.
- Annual investment in U.S. wireless networks grew more than 40% between 2009 and 2012, from $21 billion to $30 billion.
In reply to CTIA’s accusations in dueling spectrum charts, the report makes the following statement:
In comparison to other nations, the United States ranks among the top countries in current licensed spectrum available for mobile broadband, and while we cannot predict the amount of spectrum freed by the incentive auctions, this forthcoming spectrum — combined with Federal repurposing — are likely to keep the United States well atop other nations in mobile broadband allocation.
And now the White House adds a new spectrum chart that alleges to show
USA #1!

Now why does the current CTIA “flag chart” show the US as having 409.5 MHz of spectrum while the White House finds 608 MHz is a little mystery as neither side shows their raw data. A minor quip: we showed here in March raw data from Japan that added up to 501.2 MHz for Japanese commercial mobile wireless spectrum, yet the White House chart gives 500 MHz, close but not what your blogger documented with detailed data straight from Japan.
Why don’t both the WhiteHouse/FCC/NTIA and CTIA release the raw data that backs up their numerical spectrum claims? This would end the dueling spectrum chart issue so we can focus on substance.
The report also continues to talk about spectrum sharing, a topic that the cellular establishment dismisses in their quest to maximize use of Chinese electronics that meet 3GPP standards. However, most sharing mechanisms involve decision making at the base stations, NOT in the mobiles. So whatever complexity is involved is not int he mobile which is all CMRS architectures are really slaves to the orders they receive from base stations.
Also released was a Presidential Memorandum to Executive Branch agencies on “Expanding America's Leadership in Wireless Innovation”.
This memorandum creates a “Spectrum Policy Team”. The Chief Technology Officer and the Director of the National Economic Council, or their designees, will co-chair a Spectrum Policy Team that shall include representatives from the Office of Management and Budget (OMB), the National Security Staff, and the Council of Economic Advisers. The Spectrum Policy Team will work with NTIA to implement the memorandum and may invite the FCC to provide advice and assistance.
This appears to be the implementation of Recommendation 5.1 of the PCAST spectrum report that was belittled by the cellular establishment because of its sharing recommendations. (Trivia note: the PCAST report recommended a ‘Spectrum Management Team (SMT)” and we see that in the implementation it became a “Spectrum Policy Team”. Not clear if the semantic difference is important.)
Hopefully this means NTIA and IRAC will get more “adult supervision” than they have been getting in the past in order to focus on national priorities, not necessarily the priorities of the individual IRAC member agencies.
The Memorandum also directs NTIA “in consultation with the Spectrum Policy Team” to produce
“a plan directing applicable agencies to provide quantitative assessments of the actual usage of spectrum in those spectrum bands that NTIA previously identified and prioritized in its Third Interim Report and such other bands as NTIA and the Spectrum Policy Team determine have the greatest potential to be shared with nonfederal users.
As mentioned previously, NTIA and the IRAC members have zero interest in quantifying the actual use of 225-400 MHz in urban areas. We hope that the Spectrum Policy Team will include this band as one that should be quantified.
The Memorandum directs NTIA to “conduct a pilot program to monitor spectrum usage in real time in selected communities throughout the country” and “to require that each agency's regular reviews of its frequency assignments include a quantitative assessment of its actual usage of spectrum under such assignments”.
Part of the Memorandum is nonbinding “advice” to FCC, an independent agency:
Performance Criteria for Radio Receivers. The FCC is strongly encouraged, in consultation with NTIA, where appropriate, the industry, and other stakeholders, to develop to the fullest extent of its legal authority a program of performance criteria, ratings, and other measures, including standards, to encourage the design, manufacture, and sale of radio receivers such that emission levels resulting from reasonable use of adjacent spectrum will not endanger the functioning of the receiver or seriously degrade, obstruct, or repeatedly interrupt the operations of the receiver. In developing such a program, the FCC is strongly encouraged to give due consideration to existing policies and prudent investments that have been previously made in systems, including receivers. In its consultation with the FCC, NTIA shall provide information regarding Federal receiver standards and agency practices under those standards.
As previously discussed here, NTIA for over 20 years has been condoning FAA’s unwillingness to implement ICAO receiver immunity standards for ILS receivers that greatly impact FM broadcasting licensees. The hard technical part of receiver standards is creating the standard. But int he case of ILS receiver standards that was done in a multistakeholder process manage by the former CCIR (now ITU-R) and ICAO in the 1990 time frame. But the really hard part is really recognizing the economic externalities involved: in many cases the party that has to buy the improved receiver is not the one who gets the benefit. This is why AOPA vehemently opposes ILS receiver regulation.
NTIA and FAA have been publicly silent on this issue for a long time. “What’s fit for the goose, is fit for the gander.” As part of this reexamination of receiver standards FAA and NTIA should publicly state what they think the issues are with respect to implementation of the ICAO ILS receiver standard and what action, if any, they plan to take.
Finally NTIA and NIST announced plans to establish a National Center for Advanced Communications in Boulder, Colorado. The two agencies recently signed a Memorandum of Understanding (MOU) to collaborate on the establishment of the center. The MOU states that the center will leverage the “critical mass of NIST and NTIA research and engineering capabilities concentrated in Boulder” to form a “unique national asset,” and includes the infrastructure and collaborative environment needed to address a wide range of advanced communications challenges. This joint effort will increase the impact of existing efforts already under way in both agencies.
It is ironic that the present ITS was part of NIST’s predecessor, NBS, until NTIA was created in 1978. ITS, basically a contract research operation for other agencies with little funding of it own, was split from the collocated NBS/NIST in order to give a critical mass to what became NTIA when the last of the Office of Telecommunications Policy was moved out of the White House in Executive Order 12046. This with the creation of the Spectrum Policy Team and the ITS/NIST collaboration a key impact of yesterday’s actions is a move to start to undo the changes of 1978 which in retrospect were not successful.
UPDATE
On this busy day there was conference at Georgetown University entitled “"Optimal Coevolution of Mobile Broadband Technology and Spectrum Policy”. The conference was rather one sided focusing on the concerns of the cellular interests and their usual demands for more spectrum and reallocation vs. sharing. However, several of the speakers discussed the Executive Branch releases of the day. Introduction is below. All videos are here.
UPDATE 2
See http://www.marcus-spectrum.com/Blog/files/SpecMeasCorr414.html
NSA "Metadata" Collection: Did FCC Know?
Did FCC know about the recently revealed NSA collection of “metadata” including “pen register” information (and more, but not content) of every phone call in the USA?
Your blogger, a “card carrying” ACLU member, has no direct knowledge of this program.
Indeed, he has not dealt in any way with the intelligence community since before 9/11 and has not dealt with NSA in more than 25 years. However, based on observations of their modus operandi at those times it is fair to say that at the very least the FCC Chairman most likely knew about this collection program and that during the Bush Administration at least the FCC Chairman knew about the apparently illegal predecessor program that took place at that time.
FCC Rules (47 C.F.R. 0.181) provide for a “Defense Commissioner” who “directs the homeland security, national security and emergency preparedness, and defense activities of the Commission”.
Through much of the Commission’s history this was a commissioner other than the Chairman. In recent years, under both parties, the Chairman has assumed these duties which has likely had the impact of minimizing the number of commissioners who know what was happening in sensitive areas.
(However, one stimulus for the de facto merger of the Defense Commissioner position with the Chairman’s Office was the attempt of Comm. Mimi Weyforth Dawson to use the position in cooperation with her husband, a key Senate staffer in the defense area, to set herself up to be the next FCC chairman in a Republican factional fight during the Reagan Administration.)
So what is the real problem here with the NSA program? It was probably legal under the Patriot Act. The key congressional intelligence committees apparently know about it. Did Congress as whole understand that this was allowed under the Patriot Act? Are some provisions of the Patriot Act really a threat to our democracy?
Your blogger is not as concerned about the “vacuum cleaner” collection of massive amounts of information as much as the safeguards protecting it from inappropriate use. Several agencies of the federal government have a lot of private information on you beside NSA: think Passport Office, IRS. Both of these have had scandals in recent memory.
The Passport Office has had recurring problems with voyeuristic staffers who were using their access to look up Hollywood personalities and their personal information. After multiple scandals this resulted in new oversight of employee access and the topic has been quiet in the US for several years although a quick Google search shows comparable problems in other countries.
The current IRS scandal shows the potential of misuse of sensitive information for political gain, although it probably wasn’t the real issue in the Tea Party case. J. Edgar Hoover was a master at misusing private information. Note that the IRS problem was discovered by the Treasury Inspector General for Tax Administration (TIGTA), an independent office created in 1998
to provide independent oversight of IRS activities. TIGTA promotes the economy, efficiency, and effectiveness in the administration of the internal revenue laws. It is also committed to the prevention and detection of fraud, waste, and abuse within the IRS and related entities.
While the Intelligence Community says that the Foreign Intelligence Surveillance Court overseas the data collection and use, does it really the the resources to do so? The Wikileaks/Bradley Manning case shows that the classified community has not always done a good job detecting when someone overreached their authorized access and “need to know”.
There is an Intelligence Community Inspector General, but does he have a clear charter and adequate resources to protect truly personal information from either voyeuristic or politically motivated snooping? It is interesting that Gen. Patraeus used e-mail for his extramarital affair even though he knew about these programs. Maybe he had more faith in their discretion than I have.
Perhaps we need an independent TIGTA-like office with adequate staffing to have independent oversight to assure that information collected under sensitive intelligence programs is only used for sensitive intelligence programs and not to create a police state.