Wayne Rash doubts the NSA can do everything that Edward Snowden says. And even if it is, it’s only doing its job
According to the story, the NSA has been able to record all of the telephone conversations in one (presumably unfriendly) country using Mystic, and, what’s more, can recall any of them using a playback tool called Retro for up to 30 days after it was recorded. The story in The Washington Post also suggested that the NSA would eventually expand this call-recording capability to as many as six other countries sometime soon.
So why was this revelation greeted with less apparent consternation than earlier Snowden leaks? Partly it’s the result of more pressing news, such as Russia’s annexation of Crimea and MH370, an airliner full of people that’s been missing without a trace since March 8. On a slower news day, this Snowden leak might be big news.
But perhaps in this case, the usual Washington herd mentality is doing us all a favor. To accept all of Snowden’s revelations uncritically is to play into the hands of Snowden and former Guardian US columnist Glenn Greenwald, two self-important people who likely don’t really understand the implications of what they are claiming.
To make sense of the latest Mystic revelations, it’s important to look at them in the context of how other similar revelations shook out over time. For example, when the Prism stories first broke, there was a lot of angst over the collection of phone metadata by the NSA. That metadata includes the basic call information, such as the phone numbers involved, and the duration of the call. It does not include the contents of the call.
But then we found out that the NSA was actually able to get only about 20 percent of that metadata because it couldn’t keep up with the volume of calls. Worse, processing all of the metadata that the agency did get, strained its available bandwidth to the limit.
Could this be real?
Now consider the possibility that the NSA is indeed doing what the reports claim, and is recording all of the phone calls in some unnamed foreign country. To fit within the limits of the agency’s bandwidth and storage (and there are constraints—even for the NSA, bandwidth and storage are neither unlimited nor cheap), it is likely a small nation with far fewer voice-connection possibilities than the United States, or any of the Western European nations, let alone China. It would also have to be a nation over which there has been a significant national security concern whose phone calls we have been recording for years.
So are we really collecting all of the phone calls in, say North Korea, Iran or Afghanistan? I don’t know, and the NSA isn’t going to reveal that. But let’s say for the sake of this discussion that it is one of those and that other nations with similar profiles and levels of concern are soon to join them. The next question is, why should we care?
Remember, it is the NSA’s job to collect foreign signals intelligence in the process of analysing threats against the United States. There’s no indication that the agency is in the process of recording phone calls in the United States and, considering the outrage from close US allies over the bugging of phones in Western Europe, they probably aren’t attempting to listen to conversations there, either.#
Is your business legitimate?
NSA foreign phone bugging might matter to your company if it does business in one of the countries that is a target of the phone-call recording program. In the case of most of these countries, the US government already knows you’re doing business there, so whatever you say will not be a surprise. And if you’re doing business with those countries contrary to US sanctions against those governments, then you have bigger problems than the NSA.
But let’s say you’re involved in legitimate business in one of those countries and you don’t want the NSA listening in. Well, you can encrypt your phone calls. As I found at CeBIT in mid-March, there’s no shortage of European vendors who can provide products that will encrypt your voice communications. Some of them are billed as “NSA Proof.”
Chances are pretty good that the NSA can break that encryption given time and motivation, but will the agency even bother? Again, if you’re doing business legitimately then they already know what you’re doing.
But getting back to the question of what difference it makes, the fact is that the NSA is doing its job if it’s recording phone calls in another country. It’s supposed to be listening in to signals of all types, looking for threats to the United States. If it can manage to record all of a single country’s phone calls for later study, and somehow manage all that data within its bandwidth and storage constraints, then it’s simply fulfilling its charter.
But even before we get too wrapped up in what it may or may not be recording, we need to reflect on the lack of discrimination regarding those reports. When a purported capability seems more like science fiction than reality on the face of it, then maybe there’s a little too much imagination involved. Yes, it’s likely that the NSA can record every phone conversation that takes place in a few countries. But can it do anything with that information once it has it? Right now, we don’t know, but past experience has shown that they probably can’t.
Originally published on eWeek.