Forgot your password?
typodupeerror
Data Storage Government Privacy

Can Commercial Storage Services Handle the NSA's Metadata? 67

Posted by samzenpus
from the ocean-of-data dept.
itwbennett writes "In a review of NSA surveillance last month, President Obama called for a new approach on telephony metadata that will 'establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.' Obama said that a third party holding all the data in a single, consolidated database would be essentially doing what is a government function, and may not increase public confidence that its privacy is being protected. Now, an RFI (request for information) has been posted to get information on U.S. industry's commercially available capabilities, so that the government can investigate alternative approaches."
This discussion has been archived. No new comments can be posted.

Can Commercial Storage Services Handle the NSA's Metadata?

Comments Filter:
  • by MightyMartian (840721) on Monday February 10, 2014 @11:53AM (#46210555) Journal

    And what if some commercial storage vendor can't or won't handle the NSA's metadata archiving requirements?

  • by dsmithhfx (1772254) on Monday February 10, 2014 @11:55AM (#46210561)
    It's the only was to be sure.
  • by cold fjord (826450) on Monday February 10, 2014 @11:55AM (#46210565)

    This is less of a technology problem than a policy question. The technology exists to build secure databases and make it accessible to only one remote client. The real controversy is over collecting the data, and who holds it. Private companies don't want to do it. Many are against the NSA, and by extension the Federal government doing it. If only there was somewhere in the middle, between the Federal government and private industry...

    • Well, one of the numerous problems with this whole situation is we can't rely on anything the govt, or the companies involved, have to say. Are these companies really against this, or do they just see the need to pretend to publicly? And even if they really are against it, would that change for sufficient compensation?

      Either way, privatization is not going to make the underlying problems (such as much of the program being unconstitutional) go away.

    • by Anonymous Coward

      This is less of a technology problem than a policy question. The technology exists to build secure databases and make it accessible to only one remote client. The real controversy is over collecting the data, and who holds it. Private companies don't want to do it. Many are against the NSA, and by extension the Federal government doing it. If only there was somewhere in the middle, between the Federal government and private industry...

      How about nobody collect and store this so-called metadata? Too radical an idea for you and your government-centric, corporatist-centric worldview? Tough.

    • by pnutjam (523990)
      Yes, this "let's have someone else collect it" is a straw man argument designed to answer a question that wasn't asked.
  • Yes (Score:5, Insightful)

    by Alain Williams (2972) <addw@phcomp.co.uk> on Monday February 10, 2014 @11:55AM (#46210567) Homepage

    Given enough money.

    Once the USA government asks for bids on this, you will get many companies wanting a share on this juicy contract. This is supposed to be with the intention of increasing security, but just wait a couple of years and stories will start to pop up as to how corners have been cut to turn a few extra dollars with the result that this data becomes available to all sorts.

    • Re:Yes (Score:5, Insightful)

      by Rich0 (548339) on Monday February 10, 2014 @01:04PM (#46211023) Homepage

      Well, I'm sure one of the usual defense contractors built all the stuff the NSA is using in the first place, so having one build and run it someplace else doesn't seem like a problem. It just doesn't really seem like a solution either. How does moving around the lines on the org chart fix this issue?

    • by mjwalshe (1680392)
      yes the problem came from using contractors to do the NSA's job in the first place in stead of full time DV cleared staff
    • by DarkOx (621550)

      Usually I would agree with this assessment but in this case not so much. The administrations responses to the public concern have been half measures at best.

      I think the NSA does not really want to give up the data, and the Administration does not want to make but wants to be able to say they did something.

      Clearly the plan here is for the NSA to tinker with the 'requirements' until nobody can meet them and use this as an excuse to delay any real changes indefinitely; meanwhile Obummer gets to sit back and s

    • Yes! Mr. Manning and Mr.Snowden could probably work wonders as employees of a private, data storage facility.
  • by HeckRuler (1369601) on Monday February 10, 2014 @11:57AM (#46210579)

    It's a bluff. A feint. A thinly veiled threat. It's not intended to actually come to pass. One of the things Obama proposed is to move the keys to the friggin kingdom from government controlled servers to nebulous "third parties". And in the very same damn speech he pointed out how this would be a ludicrously bad idea.

    (Well, I mean, he also suggested that the telcom companies who move this data keep it until the NSA asks for it. That or third parties. I don't mean to harp on a stray comment or anything.)

    But let me spell out the subtext here for anyone that can't read between the lines: If you try and keep the government from storing this data, we'll just go find someone else to hold it. And my, my, my, doesn't that sound just simply horrible? Be a REAL SHAME if someone were to try and enforce that 4th amendment 'round here.

    Also, fuck beta. I have no way to tell if someone responded to me other than looking at that specific thread.

    • by Gr8Apes (679165)

      But let me spell out the subtext here for anyone that can't read between the lines: If you try and keep the government from storing this data, we'll just go find someone else to hold it.

      Nice attempt at misdirection, but the gov holding the data is only worse than the gov having access to said data to begin with, which is the real issue. 4th, 9th, and 10th Amendments and all, ya know

    • by JWW (79176)

      Also, fuck beta. I have no way to tell if someone responded to me other than looking at that specific thread.

      I know. That is the worst feature of the beta by far. Lacking direct navigation to comment threads from users' comments pages is a egregious omission.

  • America should go for Mongo DB...its web scale. And in addition its "high performance" and supports sharding.
  • by GodfatherofSoul (174979) on Monday February 10, 2014 @12:01PM (#46210611)

    OK, so they want to store everything passing across the lines that they deem suspicious, promise us that no one will look at it with a warrant, then if you're ever suspected of something they can go back and find all your communications over the past X years. And, since the feds don't want the blame for holding onto this information (and looking as Big Brother-ish as they are), they want private industry to pony up the disk space? I'd almost trust the NSA more to house this info since they'll only snoop in on my conversations when I post/say a flagged word/phrase. Wheraeas I KNOW private companies will as soon as they figure out how they can commoditize it.

    It's Orwellian enough seeing Google spam me with ads based on my email conversations.

    • by HeckRuler (1369601) on Monday February 10, 2014 @12:21PM (#46210727)

      OK, so they want to store everything passing across the lines that they deem suspicious,

      No. Not really.
      They really do want to store everything passing across the lines. Period. The "deeming suspicious" part only comes into play once they get a warrant to go look at the data they've already collected and stored.

      The up-side to this idea is that the NSA isn't holding onto the data that they promise they're not looking at without a warrant. That's about it.

      The down-side to this is that we SURE AS SHIT can't trust a third party to not look in the box. This third party is also implicitly alerted to who the NSA is investigating and when. That information alone is itself sensitive and not the sort of thing to be trusted to a third party.

      Of course, you know, I guess I could extrapolate my answer and cut down your sentence even further:

      OK, so they want to store everything

  • by king neckbeard (1801738) on Monday February 10, 2014 @12:12PM (#46210683)
    They probably can, given enough money, but 'the capabilities they need' are actually quite modest. The metadata program has no legitimate utility, so just write me a check for half a billion, and I'll build a machine that sits idle and is not connected to the internet, let alone accessible by the NSA. I've solved your problem with equal efficacy and far reduced cost.
  • Wrong question. (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Monday February 10, 2014 @12:13PM (#46210687) Journal
    Can they? Sure. It's not as though the private sector can't store data, if provided with the right incentives. Heck, AT&T is providing the DEA with access to nearly three decades of call records, plus consulting expertise, right now [slashdot.org]!

    Trouble is, that was never the fucking point. Do people want the NSA collecting a giant database about them? No. Does it make the slightest difference if the giant database is nominally Verizon's giant database, that just so happens to respond to all queries from the NSA? Aside from the greater likelihood that the database will be used for marketing and surveillance, not a bit. The ostensible '3rd party' won't remain at arm's length for long. Why would they? An entire organization with a single customer, dedicated to shovelling data toward them on command? Instant capture. The only time the 3rd party will be 'independent' is if somebody asks the NSA what that 3rd party is up to, in which case they'll oh-so-innocently-have-no-idea-what-that-independent-entity-does. For all other purposes, they'll be joined at the hip.
    • by ShakaUVM (157947)

      >Do people want the NSA collecting a giant database about them?

      No.

      > Does it make the slightest difference if the giant database is nominally Verizon's giant database, that just so happens to respond to all queries from the NSA?

      Yes. Because this, if nothing else, creates a paper trail and at least a properly worded query to the database, whereas currently (as Snowden demonstrated) anyone with a modicum of coding experience can download the whole thing and make off with it and no one's the wiser.

      >Asi

  • by Anonymous Coward

    The problem isn't where the collected data is stored. The problem is that it is being collected. There is no reason that the bulk metadata of every phone call made in the US is stored for years or indefinitely. There is no need for this RAW data to be shared with other countries. So where it is kept makes no difference. This data shouldnt be kept at all, and from every independent analysis of the program it has had NO impact on fighting terrorism. So it is a colossal breach of the constitution and a massive

  • ...well enough to be leaked.

  • Google and Facebook have the talent that, with a several billion dollar (per year) federal contract they could probably be incentivized to put together a team and plan to make it happen. They have the infrastructure already. They just need enough coin to make it sufficiently attractive to work on the problem.

    But the real problem here is uglier than this. The NSA program is the price we pay for living in a globalized, "open society" that prides itself on not doing things like "profiling" and that is unwillin

  • by strstr (539330) on Monday February 10, 2014 @12:34PM (#46210845)

    The meta-data information provided by the President is a fucking cover story for hiding their spy games program. It's already been exposed that they are doing much more than saving meta-data; they're collecting word for word, every communication domestically and foreign, saving the content of our communications.

    Lets focus on the meta-data for a minute thing: according to Bill Binney, previous NSA director on technology that helped design the system, anybody can store meta-data and equipment that fits inside a 20 by 12 foot room. FOR ALL COMMUNICATIONS, WORLD WIDE. So of course Verizon, AT&T, and these others douches can store this information. In a room probably the size of 5 by 5, because they'll be storing it themselves ; and providers are already storing this information anyway, which has been available for law enforcement use for some time. The Bluffdale data center in Utah is big enough to store 100 years of content data though, .. which means they're using it to store actual profiles and content of people, not just meta-data. Details @ http://www.pbs.org/newshour/bb... [pbs.org] "NSA Collects ‘Word for Word’ Every Domestic Communication, Says Former Analyst"

    On top of that, they have a massive satellite and radar system with a variety of capabilities, which is being used to target Americans during continuous black operations. Mind reading capability, tracking from space, watching our movements wherever we are. look at the details @ http://www.oregonstatehospital... [oregonstatehospital.net]

    • by strstr (539330)

      Here's a few revelent articles: Phone companies already record and log all 'meta-data' and have for decades. Law enforcement have had full access to it through court-orders, warrants, etc. Generally, information is kept by phone companies for a period up to or a minimum of 3 years.

      http://gizmodo.com/5795861/how... [gizmodo.com] ("How the police get your phone records" written, 2011)

      https://www.aclu.org/blog/tech... [aclu.org] ("How Long Is Your Cell Phone Company Hanging On To Your Data?", 2011): this article covers cell phone only

    • I absolutely argree! Consider a few numbers. Assume 3 phone calls per person per day in U.S. Then, the number of calls is

      Number Calls = (330 X 10^6 People) X (3 Calls / Person / Day) = 1 X 10^9 Calls / Day

      Assume each call lasts for 1 minute.

      Seconds of Content = (1 X 10^9 Calls / Day) X (1 Minute / Call) X (60 Seconds / Minute) = 60 x 10^9 Seconds

      Call audio data can be handled with a 4 KHz cutoff. It takes two samples per Hz to capture this data. Assume 2 Bytes per sample (actually too high
  • Fixed that for ya.
  • The world is globaliszed, don'tchaknow? I'll bet some Chinese firm would have *no* trouble offering to host the outsourcing of the data storage....

                        mark "on Chinese-made chips...."

  • Sure. Let's not shut down the horrible program that a ton of people oppose and instead hand the data over to a company to manage and keep secure. What's the worst that can happen?

    Off the top of my head:

    1 - Hackings. No database is secure. If anyone was to store the data securely (putting aside for the moment the question of whether they should have the data in the first place), I'd trust the NSA to do it over some random company. At the very least, this reduces the potential attack vectors.

    2 - Profits.

  • I would assume that the methods used to collect this data are CLASSIFIED. Why else are they trying to get their hands on Snowden for leaking some of it?

    IF you have classified information to store, you DON'T put it on third party systems unless they are under the necessary controls required to handle classified data. So, putting this data on contracted storage is NOT going to involve calling Amazon AWS for an account and just copy it up and pay the bill. So in reality you'd just be contracting somebody to

  • by DarthVain (724186) on Monday February 10, 2014 @01:14PM (#46211081)

    Seriously, all your data is perfectly safe. I have worked with GIS for 14 years. and I can tell your conclusively that absolutely no one reads metadata. :)

  • the entire Internet will have unfettered access to the data, without actually being able to access said data, thanks to the perpetual irreparable nature of the system's design. ... just visit http://404.nsa.gov

  • by cdd109 (2978027)
    I think the job should go to the same team that built healthcare.gov
  • ...at the request of the State is working as an Agent of the State. As an Agent of the State, it is required to meet the exact same 4th Amendment requirements as the State itself. This whole argument is ridiculous. President Obama should be laughed out of office for seriously considering this proposal. Constitutional Law professor, indeed!
  • ... gone and shut down Megaupload.

If money can't buy happiness, I guess you'll just have to rent it.

Working...