Former FBI Agent: All Digital Communications Stored By US Gov't

New submitter davesays writes "CNN anchors Erin Burnett and Carol Costello have interviewed Former FBI Counterterrorisim specialist Tim Clemente. In the interviews he asserts that all digital communications are recorded and stored. Clemente: 'No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not.' 'All of that stuff' — meaning every telephone conversation Americans have with one another on U.S. soil, with or without a search warrant — 'is being captured as we speak.' 'No digital communication is secure,' by which he means not that any communication is susceptible to government interception as it happens (although that is true), but far beyond that: all digital communications — meaning telephone calls, emails, online chats and the like — are automatically recorded and stored and accessible to the government after the fact. To describe that is to define what a ubiquitous, limitless Surveillance State is."

Re:Jupiter Tape?

[AK Marc]

He's not right. I've worked at a non-Bell telco, and they don't capture anything not ordered by a specific warrant, and only then, for the warrant, and no more than necessary to comply with the order.

I've heard rumors that AT&T captures all, but never anything that confirms that. Perhaps he meant that the major carriers provide streaming replicas of all traffic to the government, who then archives some (or all) of it. But I know for a fact that "all" is just plain wrong.

Re:Jupiter Tape?

[Jane Q. Public]

"'ve heard rumors that AT&T captures all, but never anything that confirms that. "

It most certainly is confirmed. In a court case some years ago, a technician outed that the government had installed a splitter in a special room in one of their exchanges, which fed ALL of their digital data straight to the government. The telcos involved admitted that it was only one of many such. Mass collection, and no warrants involved, anywhere.

In fact, that was the whole reason Congress voted to give telcos immunity, remember? How short our memories can be.

Not true

[Charliemopps]

I work for a moderate sized phone company. Customers in the millions. The government has no link into our systems. WE can't even record all of your calls and monitor all your internet traffic. Think about it this way, your ISP likely doesn't even have enough bandwidth to provide you with the speed you're paying for some of the times... Netflix on a friday night for example. Do you really think they have the extra bandwidth to ship all that data off to the government as well? Phone calls are a whole other animal, and are mostly still analog. Duplicating that would involve upgrading the switch... an at least 30yr old piece of obsolete equipment... It just doesn't make sense. Sure, the government could pay for all this stuff... but it would be a HUGE project. Everyone in the company would know. The equipment in our data center is very obvious... we all know what each piece does. There's no mysterious black box in the corner... and there's no way they could be tracking everything without us knowing. There would be at least 1 piece of weird equipment somewhere. I've neither seen nor heard of any such equipment. On top of that, all that data would be meaningless without access to our databases. Capturing the data or phone calls raw would just give you a mac address or phone number. You wouldn't know who was using those numbers. So you'd have to query our database... a database that changes regularly... new systems come online all of the time. So they'd have to have access from outside of the company, so holes in our firewall, make SOAP requests into our system, Have an active user account, make requests to dozens of different DBs, hundreds of Tables, know how all their joins work, know when system changes go in, and on and on... No such thing could happen without the entire company knowing about it. It's just not possible.

Re:Jupiter Tape?

[the eric conspiracy]

A switch room that contains a deep packet scanner is not the same thing as sending ALL internet traffic to a storage system. More likely it's just a tap.

The thing that makes me doubt this is the cost. To funnel a copy of the internet to the Feds would require building a shadow internet plus storage for the whole thing.

Re:Jupiter Tape?

[DragonTHC]

There's not a lot of storage necessary. Not what you're thinking. Text messages and chats are very small in size. Phone conversations are very small using the right codecs. I also heard once about 8 years ago that the US government was buying up symmetrix like they were going out of style.

Honestly, I believe it. It's entirely possible.

Re:Jupiter Tape?

[DaHat]

Having said that: where is immunity for the Government? It doesn't have any.

Sovereign immunity [wikipedia.org]... and it has existed for far longer than this nation has.

Re:Jupiter Tape?

[arth1]

The average cell phone usage is 459 minutes/month * 300 M cell phones / 2 * 60 sec * 3 KB/sec = 13,000 PB/month (uncompressed).

Why the "/ 2"/ Assuming that every phone call made from a cell phone is also to a cell phone? And not doing compression, but doing dedup?
I don't know how others use theirs, but most of my phone calls aren't social, but to businesses and their land lines.

Anyhow, CTIA [ctia.org] lists 2.30 Teraminutes yearly per December 2012. Presumably that's also counting cell-to-cell twice, which I'm sure the three letter agencies would record twice too (if nothing else to record what was said when there's a drop-out in the connection on either end). That's 138 Teraseconds, which at 3 kB/s would be 414 PB per year, before compression.
That's a far cry from your 13,000 PB per month (or 156 EB per year), and spread out over multiple providers absolutely doable from a capacity viewpoint. Especially since it doesn't have to be online for a year, but can go on tape. If ten datacenters recorded this, with a fluctuation of 40% in data density between them, and flushed everything to tape within a week, each would need less than 2 PB of online storage.

But do I believe they do so? No. If they did, they wouldn't have a way to mine the data. It would possibly be useful as evidence after the fact, but not for monitoring purposes. It's way too much data.

Re:Jupiter Tape?

[the eric conspiracy]

Here is Klein's statement.

https://www.eff.org/files/filenode/att/SER_klein_decl.pdf [eff.org]

The splitter sent the internet traffic to a secure room.

And another interview with Klein:

http://www.pbs.org/wgbh/pages/frontline/homefront/interviews/klein.html [pbs.org]

It's pretty obvious that room contained a Narus DPI. End of story.

Re:I should be shocked and appalled...

[Antique Geekmeister]

> I seem to recall that rumor used to have it that only all calls in and out of the USA were monitored,

That looks like the NSA's legal requirements to monitor only foreign communications. They were prohibited from monitoring domestic communications, that was the responsibility of the FBI. Unfortunately, "Homeland Security" was created in the wake of 9/11 specifically to merge and organize data among the various intelligence services, and part of the result is that you can't effectively prosecute one agency for overstepping its bounds by going to the other agencies. They can all rely on Homeland Security to cover for them with "Patriot Act" court free search orders, or groundless "national security" orders that prevent even disclosing that your clients have been monitored.

Homeland Security is an extremely dangerous concentration of monitoring and investigation power. I sincerely hope that the antipathy of the more specialized intelligence agencies continues to hinder their growth.

Re:Jupiter Tape?

[Anonymous Coward]

If you're security minded, you would assume they look for steganography in your seemingly innocent communications.

FTFY

Re:Jupiter Tape?

[tibit]

There's no uncompresed 22kHz audio anywhere in the phone network system. You simply budget 64kbits/s for one direction in a voice call, that's also called DS0. That's what the analog last mile gets converted to and hauled as worldwide. It's 8 ksamples/s, at 8 bits per sample, using nonlinear A-law or mu-law lookup table. Every fax or modem connection gets hauled that way as well, and it works by design :)

Re:Logistically impractical

[pregister]

From what I've read, the legal argument against this being an illegal search is that the entire dataset isn't searched, it is stored. They store the communications. When they want access to the data on a particular person they get a search warrant to access the stored data. I don't agree with that, but that seems to be the theory.

Here is [nytimes.com] a short video on an NSA whistleblower about the Utah datacenter and the types of things they can do with that much data.

Re:Jupiter Tape?

[the eric conspiracy]

DPI = deep packet inspection. A TCP/IP packet contains header(s) and body. The header tells you the address and some info re the protocol. The body is the content. Most internet infrastructure only cares about the header. Something that is capable of DPI will recover the content of some types of packets. Which ones depends on the capability of the DPI unit you use.

So if you want to search for email sent to joe@there.com you need to use DPI because the email header is in the body.

Use of a splitter is step one for DPI.

This article talks about the AT&T / Mark Klein incident:

http://en.wikipedia.org/wiki/Deep_packet_inspection#United_States [wikipedia.org]

Re:Jupiter Tape?

[dachshund]

Nobody needs to actively mine the data. The goal would be to collect it. Once you've collected it, you have the ability to follow leads you wouldn't have been able to follow had you not captured it in the first place.

You become aware that an individual may be a person of interest. Ordinarily you'd begin your investigation at that point. With this technology you can now go 'back in time' and figure out not only who that person spoke with, but exactly what was said in those calls. It would be incredibly useful.

I could even see Executive Branch lawyers convincing themselves that this was legal, provided the communications were not actually accessed without some sort of due process.

Of course, the problem with this theory is that it would be very hard to implement, since it would require massive and detectable changes to local telco infrastructure. On the other hand, intercepting wireless communications could be done without any such tampering, provided that the government could obtain a database of SIM credentials for decryption.