Can Commercial Storage Services Handle the NSA's Metadata? 67
itwbennett writes "In a review of NSA surveillance last month, President Obama called for a new approach on telephony metadata that will 'establish a mechanism that preserves the capabilities we need without the government holding this bulk metadata.' Obama said that a third party holding all the data in a single, consolidated database would be essentially doing what is a government function, and may not increase public confidence that its privacy is being protected. Now, an RFI (request for information) has been posted to get information on U.S. industry's commercially available capabilities, so that the government can investigate alternative approaches."
And? (Score:3)
And what if some commercial storage vendor can't or won't handle the NSA's metadata archiving requirements?
Re: (Score:1)
or keep it secure
http://science.slashdot.org/st... [slashdot.org]
Re:And? (Score:5, Funny)
Re: (Score:1)
We will just have to give the NSA even more money to develop the storage technology they need to spy on us.
Re: (Score:1)
and so-called "metadata" is only the NSA's selling point. they are also capturing boatloads of actual content under the legal principle "we can and nobody can stop us".
Give it to a private contractor. In Hawaii. (Score:5, Funny)
Re: (Score:2)
It would be easier to just sub it out to China. It'll save them the bother of breaking into the servers.
Re: (Score:1)
Not really a technology problem (Score:4, Interesting)
This is less of a technology problem than a policy question. The technology exists to build secure databases and make it accessible to only one remote client. The real controversy is over collecting the data, and who holds it. Private companies don't want to do it. Many are against the NSA, and by extension the Federal government doing it. If only there was somewhere in the middle, between the Federal government and private industry...
Re: (Score:3)
Well, one of the numerous problems with this whole situation is we can't rely on anything the govt, or the companies involved, have to say. Are these companies really against this, or do they just see the need to pretend to publicly? And even if they really are against it, would that change for sufficient compensation?
Either way, privatization is not going to make the underlying problems (such as much of the program being unconstitutional) go away.
Re: (Score:1)
This is less of a technology problem than a policy question. The technology exists to build secure databases and make it accessible to only one remote client. The real controversy is over collecting the data, and who holds it. Private companies don't want to do it. Many are against the NSA, and by extension the Federal government doing it. If only there was somewhere in the middle, between the Federal government and private industry...
How about nobody collect and store this so-called metadata? Too radical an idea for you and your government-centric, corporatist-centric worldview? Tough.
Re: (Score:2)
Yes (Score:5, Insightful)
Given enough money.
Once the USA government asks for bids on this, you will get many companies wanting a share on this juicy contract. This is supposed to be with the intention of increasing security, but just wait a couple of years and stories will start to pop up as to how corners have been cut to turn a few extra dollars with the result that this data becomes available to all sorts.
Re:Yes (Score:5, Insightful)
Well, I'm sure one of the usual defense contractors built all the stuff the NSA is using in the first place, so having one build and run it someplace else doesn't seem like a problem. It just doesn't really seem like a solution either. How does moving around the lines on the org chart fix this issue?
Re: (Score:2)
Re: (Score:2)
Usually I would agree with this assessment but in this case not so much. The administrations responses to the public concern have been half measures at best.
I think the NSA does not really want to give up the data, and the Administration does not want to make but wants to be able to say they did something.
Clearly the plan here is for the NSA to tinker with the 'requirements' until nobody can meet them and use this as an excuse to delay any real changes indefinitely; meanwhile Obummer gets to sit back and s
Re: (Score:2)
Why even consider it? (Score:5, Insightful)
It's a bluff. A feint. A thinly veiled threat. It's not intended to actually come to pass. One of the things Obama proposed is to move the keys to the friggin kingdom from government controlled servers to nebulous "third parties". And in the very same damn speech he pointed out how this would be a ludicrously bad idea.
(Well, I mean, he also suggested that the telcom companies who move this data keep it until the NSA asks for it. That or third parties. I don't mean to harp on a stray comment or anything.)
But let me spell out the subtext here for anyone that can't read between the lines: If you try and keep the government from storing this data, we'll just go find someone else to hold it. And my, my, my, doesn't that sound just simply horrible? Be a REAL SHAME if someone were to try and enforce that 4th amendment 'round here.
Also, fuck beta. I have no way to tell if someone responded to me other than looking at that specific thread.
Re: (Score:1)
But let me spell out the subtext here for anyone that can't read between the lines: If you try and keep the government from storing this data, we'll just go find someone else to hold it.
Nice attempt at misdirection, but the gov holding the data is only worse than the gov having access to said data to begin with, which is the real issue. 4th, 9th, and 10th Amendments and all, ya know
Re: (Score:2)
Also, fuck beta. I have no way to tell if someone responded to me other than looking at that specific thread.
I know. That is the worst feature of the beta by far. Lacking direct navigation to comment threads from users' comments pages is a egregious omission.
Here is the solution America... (Score:2)
This entire system is so f-ed up (Score:5, Insightful)
OK, so they want to store everything passing across the lines that they deem suspicious, promise us that no one will look at it with a warrant, then if you're ever suspected of something they can go back and find all your communications over the past X years. And, since the feds don't want the blame for holding onto this information (and looking as Big Brother-ish as they are), they want private industry to pony up the disk space? I'd almost trust the NSA more to house this info since they'll only snoop in on my conversations when I post/say a flagged word/phrase. Wheraeas I KNOW private companies will as soon as they figure out how they can commoditize it.
It's Orwellian enough seeing Google spam me with ads based on my email conversations.
Re:This entire system is so f-ed up (Score:4, Interesting)
OK, so they want to store everything passing across the lines that they deem suspicious,
No. Not really.
They really do want to store everything passing across the lines. Period. The "deeming suspicious" part only comes into play once they get a warrant to go look at the data they've already collected and stored.
The up-side to this idea is that the NSA isn't holding onto the data that they promise they're not looking at without a warrant. That's about it.
The down-side to this is that we SURE AS SHIT can't trust a third party to not look in the box. This third party is also implicitly alerted to who the NSA is investigating and when. That information alone is itself sensitive and not the sort of thing to be trusted to a third party.
Of course, you know, I guess I could extrapolate my answer and cut down your sentence even further:
OK, so they want to store everything
Re: (Score:2)
aka PreCrime.
It doesn't matter. (Score:3)
Wrong question. (Score:5, Insightful)
Trouble is, that was never the fucking point. Do people want the NSA collecting a giant database about them? No. Does it make the slightest difference if the giant database is nominally Verizon's giant database, that just so happens to respond to all queries from the NSA? Aside from the greater likelihood that the database will be used for marketing and surveillance, not a bit. The ostensible '3rd party' won't remain at arm's length for long. Why would they? An entire organization with a single customer, dedicated to shovelling data toward them on command? Instant capture. The only time the 3rd party will be 'independent' is if somebody asks the NSA what that 3rd party is up to, in which case they'll oh-so-innocently-have-no-idea-what-that-independent-entity-does. For all other purposes, they'll be joined at the hip.
Re: (Score:2)
>Do people want the NSA collecting a giant database about them?
No.
> Does it make the slightest difference if the giant database is nominally Verizon's giant database, that just so happens to respond to all queries from the NSA?
Yes. Because this, if nothing else, creates a paper trail and at least a properly worded query to the database, whereas currently (as Snowden demonstrated) anyone with a modicum of coding experience can download the whole thing and make off with it and no one's the wiser.
>Asi
Dont keep it at all. (Score:1)
The problem isn't where the collected data is stored. The problem is that it is being collected. There is no reason that the bulk metadata of every phone call made in the US is stored for years or indefinitely. There is no need for this RAW data to be shared with other countries. So where it is kept makes no difference. This data shouldnt be kept at all, and from every independent analysis of the program it has had NO impact on fighting terrorism. So it is a colossal breach of the constitution and a massive
Well Certainly... (Score:2)
...well enough to be leaked.
Re: (Score:1)
god, people are retards.. (Score:3, Funny)
The meta-data information provided by the President is a fucking cover story for hiding their spy games program. It's already been exposed that they are doing much more than saving meta-data; they're collecting word for word, every communication domestically and foreign, saving the content of our communications.
Lets focus on the meta-data for a minute thing: according to Bill Binney, previous NSA director on technology that helped design the system, anybody can store meta-data and equipment that fits inside a 20 by 12 foot room. FOR ALL COMMUNICATIONS, WORLD WIDE. So of course Verizon, AT&T, and these others douches can store this information. In a room probably the size of 5 by 5, because they'll be storing it themselves ; and providers are already storing this information anyway, which has been available for law enforcement use for some time. The Bluffdale data center in Utah is big enough to store 100 years of content data though, .. which means they're using it to store actual profiles and content of people, not just meta-data. Details @ http://www.pbs.org/newshour/bb... [pbs.org] "NSA Collects ‘Word for Word’ Every Domestic Communication, Says Former Analyst"
On top of that, they have a massive satellite and radar system with a variety of capabilities, which is being used to target Americans during continuous black operations. Mind reading capability, tracking from space, watching our movements wherever we are. look at the details @ http://www.oregonstatehospital... [oregonstatehospital.net]
Re: (Score:1)
Here's a few revelent articles: Phone companies already record and log all 'meta-data' and have for decades. Law enforcement have had full access to it through court-orders, warrants, etc. Generally, information is kept by phone companies for a period up to or a minimum of 3 years.
http://gizmodo.com/5795861/how... [gizmodo.com] ("How the police get your phone records" written, 2011)
https://www.aclu.org/blog/tech... [aclu.org] ("How Long Is Your Cell Phone Company Hanging On To Your Data?", 2011): this article covers cell phone only
Re: (Score:1)
Number Calls = (330 X 10^6 People) X (3 Calls / Person / Day) = 1 X 10^9 Calls / Day
Assume each call lasts for 1 minute.
Seconds of Content = (1 X 10^9 Calls / Day) X (1 Minute / Call) X (60 Seconds / Minute) = 60 x 10^9 Seconds
Call audio data can be handled with a 4 KHz cutoff. It takes two samples per Hz to capture this data. Assume 2 Bytes per sample (actually too high
s/can/should (Score:2)
No problem (Score:2)
The world is globaliszed, don'tchaknow? I'll bet some Chinese firm would have *no* trouble offering to host the outsourcing of the data storage....
mark "on Chinese-made chips...."
What's The Worst That Can Happen? (Score:2)
Sure. Let's not shut down the horrible program that a ton of people oppose and instead hand the data over to a company to manage and keep secure. What's the worst that can happen?
Off the top of my head:
1 - Hackings. No database is secure. If anyone was to store the data securely (putting aside for the moment the question of whether they should have the data in the first place), I'd trust the NSA to do it over some random company. At the very least, this reduces the potential attack vectors.
2 - Profits.
Seriously? You people are NUTS! (Score:2)
I would assume that the methods used to collect this data are CLASSIFIED. Why else are they trying to get their hands on Snowden for leaking some of it?
IF you have classified information to store, you DON'T put it on third party systems unless they are under the necessary controls required to handle classified data. So, putting this data on contracted storage is NOT going to involve calling Amazon AWS for an account and just copy it up and pay the bill. So in reality you'd just be contracting somebody to
Metadata (Score:3)
Seriously, all your data is perfectly safe. I have worked with GIS for 14 years. and I can tell your conclusively that absolutely no one reads metadata. :)
Sub the job out to private industry to ensure ... (Score:1)
the entire Internet will have unfettered access to the data, without actually being able to access said data, thanks to the perpetual irreparable nature of the system's design. ... just visit http://404.nsa.gov
RFP (Score:1)
A third party holding the data... (Score:2)
Shouldn't have ... (Score:2)