NSA Shares Its Data Wealth
Aug 26, 2014 6:39 AM PT
The United States National Security Agency secretly shares the communications data it has amassed over the years with nearly 24 U.S. government agencies using a search engine resembling Google Search, The Intercept reported Monday.
That's more than 850 billion records of phone calls, emails, cellphone locations and Internet chats.
The ICREACH search engine's user interface is strikingly similar to that of Google.
The U.S. Federal Bureau of Investigation and the Drug Enforcement Administration are key participants in ICREACH, according to planning documents for the search engine released by NSA whistle-blower Edward Snowden.
ICREACH reportedly has been accessible to more than 1,000 analysts at 23 U.S. government intelligence agencies.
Information shared through the search engine can be used to track people's movements, map out their networks of associates, help predict future actions, and posssibly to discover their religious affiliations or political beliefs, according to The Intercept.
This news flies in the face of a report filed in December by the president's review group on intelligence and communications technologies.
That report, which makes 46 recommendations, was followed up in January by a recommendation from the Privacy and Civil Liberties Oversight Board that the NSA should end its bulk telephone metadata collection program.
Reaching Out and Touching Everyone
ICREACH was designed to be the largest system in the U.S. for internally sharing secret surveillance records.
It can handle 2 billion to 5 billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, Internet chats and text messages. It also can handle location information collected from cellphones.
However, ICREACH does not appear to have a direct relationship to the NSA database that stores metadata on Americans' phone calls under Section 215 of the Patriot Act.
It appears to be a querying tool that reaches across multiple databases rather than a repository, according documents provided to The Intercept.
Every Step You Take
Those databases share data swept up by programs authorized under Executive Order 12333. Collection of data under this order does not have court oversight and receives minimal congressional scrutiny because it targets foreign communication networks rather than domestic ones.
However, its broad scope means some Americans' communications get swept up, and ICREACH apparently does tap into that data.
Further, U.S. law enforcement agencies have used parallel construction as a means of circumventing restrictions on accessing data stored by the NSA.
"The idea that the government is making it easier for not only national security agencies but also agencies dealing with domestic law to access this information is troubling," Neema Guliani, legislative counsel at the American Civil Liberties Union, told TechNewsWorld.
"And the idea that you don't know what was collected and can't challenge how the information was gathered raises concern that the abuses we've seen in the NSA architecture are bleeding over into other areas," she continued.
Fear, Uncertainty and Doubt
"If the reports are accurate, ICREACH demonstrates the sensitivity of large-scale collection of personal information," Harley Geiger, senior counsel at the Center for Democracy & Technology, told TechNewsWorld.
"No piece of information is collected in a vacuum, and data aggregation paints a detailed picture of an individual," he elaborated.
Indeed, "we kill people based on metadata," former CIA head Michael Hayden said during a panel discussion.
U.S. government surveillance authorities should be worded less broadly to limit their scope, Geiger suggested.
In addition, information not determined to be related to an investigation or target should be destroyed, he continued. Congress should require government agencies to get a warrant to search for Americans' communications in pools of data, and "the practice of parallel construction should be closely scrutinized by Congress and outlawed if it is indeed being used to circumvent privacy protections built into the law."