Sunday, 7 September 2014

Newly Revealed NSA Program ICREACH Extends the NSA's Reach Even Further

SOURCE: ELECTRONIC FRONTIER FOUNDATION


Turns out, the DEA and FBI may know what medical conditions you have, whether you are having an affair, where you were last night, and more—all without any knowing that you have ever broken a law.

That’s because the DEA and FBI, as part of over 1000 analysts at 23 U.S. intelligence agencies, have the ability to peer over the NSA’s shoulder and see much of the NSA’s metadata with ICREACH.

Metadata is transactional data about communications, such as numbers dialed, email addresses sent to, and duration of phone calls, and it can be incredibly revealing. ICREACH, exposed by a release of Snowden documents in The Intercept, is a system that enables sharing of metadata by “provid[ing] analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.” It’s the latest in a string of documents that demonstrate how little the intelligence community distinguishes between counter-terrorism and ordinary crime—and just how close to home surveillance may really be.

The documents describe ICREACH as a “one-stop shopping tool for consolidated communications metadata analytic needs.” ICREACH brings together various databases with a single search query, allowing analysts to search literally billions of records. The tool allows sharing of “more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones.” It is intended to include data from Five Eyes partners as well. While the program shares data obtained under Executive Order 12333, it includes data from U.S. persons.

ICREACH grew out of CRISSCROSS and PROTON, older tools that allowed the CIA, DEA, FBI, DIA, and NSA to share metadata. Metadata sharing in CRISSCROSS started with only date, time, duration, calling number, and called number. PROTON, which expanded CRISSCROSS, allowed sharing of far more information, including latitude and longitude coordinates, email headers, and travel records like flight numbers. The system had compatibility issues, and NSA never added the additional information PROTON could handle. PROTON also appears to have the capacity for sophisticated data analysis: “PROTON tools find other entities that behave in a similar manner to a specific target.”

While data sharing may seem innocuous, and perhaps even necessary, the melding of domestic law enforcement and national security agencies deserves far more attention. The blending of the war on drugs and the war on terror, and domestic and international law enforcement, and the move from targeted to mass, suspicionless surveillance, is leading to a place where everyone is a suspect and can be targeted at any time.

As The Intercept article pointed out, one serious concern is that data obtained through ICREACH could be used forparallel construction— the practice through which the DEA obscures the source of tips it receives from the NSA and then passes on to other law enforcement agencies. The DEA will “recreate” investigative trails,  and hide the source of the information from defense lawyers, judges, and prosecutors. With parallel construction, NSA data can be used in ordinary criminal investigations, without any way to challenge the collection of that data in court. This runs blatantly counter to notions of due process and the right to a fair trial, to question and confront witnesses, and have competent counsel.
  
The ICREACH system makes it even easier for law enforcement to use communications data collected by NSA without revealing the source. While domestic law enforcement agencies can already get some of the kinds of data in ICREACH without a warrant, they at least have to serve a subpoena or national security letter on a telecommunications provider. A subpoena requires court approval, and either type of process can be challenged in court. Instead, with ICREACH, any approved analyst at a partner agency can access the data in secret with just a few keystrokes, and with little possibility of judicial review.

That data could then be used in a variety of ways, without revealing the NSA as the original source of the information. With a traffic stop or anonymous informant as pretext, domestic law enforcement could initiate an investigation, conduct physical searches, visit targets, and more.

Even more disturbing: the cops on your block may be getting ICREACH data passed on to them. The information sharing movement goes beyond just big federal agencies. There are myriad channels through which state and local law enforcement agencies can get the information agencies like the FBI and DHS have. The FBI works directly with local law enforcement through Joint Terrorism Task Forces (JTTFs). Through JTTF memoranda of understanding, officers from police departments across the country work directly under the FBI’s command and agree not to talk about the work they do.
Similarly, local agencies and federal agencies share intelligence information through fusion centers, where local law enforcement can access DHS and FBI databases, among others.  

The Constitution was intended to constrain the government’s investigative authority. The national security state has created a gaping hole in those protections. Although the government has argued that it has bent the rules around surveillance only in the name of national security, the lines of what is appropriate information to share between various agencies continue to get blurrier. Without some safeguards, the same surveillance architecture that targets “terrorists” can be used to target everyday lawbreakers.

The rallying cry from law enforcement is always the need to catch criminals. But constitutional constraints like no unreasonable searches and seizures and the right to the assistance of counsel exist specifically because of the societal agreement that the need to curb government abuse is worth occasionally letting a guilty person go.

No comments:

Post a Comment