<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
Subject-matter expert speaking here, and there's something VERY
"interesting" about that order that has not been discussed yet in
the press. <br>
<br>
Let's take it from the top so we're all on the same proverbial
page...<br>
<br>
<br>
1) The basics.<br>
<br>
The FISA Court order appears to cover CDR (Call Detail Records) for
each call passing through the Verizon network (and per press
reports, similar orders apparently exist for other carriers).
However, per item (3) below, this isn't the same part of Verizon
that you may already know and use.<br>
<br>
CDR includes the following: Date/time start, date/time end,
originating number, dialed/destination number. For mobile devices,
CDR includes geolocation data. Basically this is the kind of
information that already appears on your phone bill. <br>
<br>
The order does not include recording the conversations themselves
("transaction intercept"), but when the purpose is "traffic
analysis" (TA), there is no need to capture the actual
conversations: that can be done via a separate FISA Court order
that's targeted to specific telephone numbers, usually at the stage
after TA has ascertained the telephone numbers of interest. <br>
<br>
Capturing content (conversations) is incredibly cumbersome and
entails a lot of post-processing: keyword recognition, automated
transcription, human proofreading and correcting of the transcribed
material (yes even now, and this is hugely labor-intensive), and
possibly voiceprint recognition for attribution purposes
(identification of the person-identity of each person speaking,
which is not included in the present order). One of the holy grails
in LE and the USIC is 100% attribution.<br>
<br>
The fact that the order includes LOCAL calls is very interesting,
because it wasn't too long ago when local CDR was not captured at
all, since local calls were not individually billable. In certain
large cities such as New York where all local calls were billed
(anyone else here remember "message unit" charges?), each local call
generated a billing record but not CDR data. Ahh, the good old
days...<br>
<br>
<br>
2) A really interesting item.<br>
<br>
The fact that the order includes "trunk identifier" for each call is
VERY VERY interesting. <br>
<br>
And this gets us to what I think may be one of the key aspects of
this intercept order. Let's take a little romp through the
telephone network... <br>
<br>
Trunks are connections between telco switches. For example when you
call from Oakland to San Francisco, your call is connected over a
trunk between the switch in the Oakland CO and the switch in the San
Francisco CO. Every trunk has an identifying number, as a routine
matter for engineering and maintenance. <br>
<br>
What's intriguing as hell about trunk data is: ordinarily a caller
does not have any means of choosing the trunks that are assigned to
the call. However, the fact that the order includes "telephone
calling card numbers" begins to shed light on the "trunk" issue. <br>
<br>
When you use a telephone calling card, for example an MCI
cash-prepaid phone card, you're effectively making a choice of
trunks, because your call is routed from your local carrier's CO via
a trunk group to the carrier that operates the calling card service,
and then back out via the same or a different trunk group to the
destination carrier's CO. The phone card provider may or may not
have their switch programmed to pass the originating telephone
number onward to the destination carrier (I program switches, and I
can choose whether or not to pass ANI data forward).<br>
<br>
Telephone calling cards have in the past been used as a kind of
telephonic TOR, to obscure the origins and destinations of calls.
The originating carrier normally has data about the route to the
calling card service. The calling card service normally has data
about the card number to bill for the call, and the destination
number that the caller wishes to reach. The destination carrier
normally has data about the call from the calling card service to
the destination phone number. These three records are ordinarily
difficult to assemble into a single phone call. <br>
<br>
However in recent years it is likely that the originating carrier's
switch has been programmed to also capture the calling card data
including the destination number. The originating carrier's
equipment may only be able to provide data for one such
intermediary: Alice to Card Company to Bob. If Alice wants to
obscure her trail further, she'll try to call from one card company
or at least one card number, to another: thus, Alice to Card 1, to
Card 2, to Bob. No doubt that trick is well known to LE & the
USIC. <br>
<br>
Thus we arrive at what I believe may be a key element of this FISA
Court order: to obtain the CDR data associated with telephone card
providers, to enable aligning their inbound & outbound traffic
records, from which to arrive at attribution on calls that are
routed through these calling card providers. Or perhaps "calling
card provider" singular, per (3) below. <br>
<br>
If I had to guess, and this is an educated guess, I would say that
the targets of the intercepts are sophisticated large-scale criminal
organizations such as the international drug cartels operating in a
number of US cities. <br>
<br>
<br>
3) Further support for hypothesis:<br>
<br>
Notice the specific names on the FISA Court order. <br>
<br>
"Verizon Business Network Services" is NOT the same thing as the top
layer of the Verizon corporation. Instead, this business unit
specializes in enterprise-scale telecom solutions, such as private
wired and wireless networks of the types that are used by Fortune
500 corporations. <br>
<br>
"MCI Communication Services" was the nation's first competing long
distance provider, originally known as "Microwave Communications
Inc." for its point-to-point microwave network linking major
cities. Since the 2000s, MCI was/is also the most widely-used
cash-paid calling card service, selling its calling cards in stores
across the US including Costco. <br>
<br>
I'll need to give it a bit more thought as to what, among the
enterprise-scale solutions that Verizon Business Network Services
offers, might be of interest here. More about which later, unless I
get abducted by a black helicopter;-) <br>
<br>
<br>
4) Lastly, the classification stamps on the doc are interesting. <br>
<br>
Top Secret is obvious. NOFORN means "no foreign persons (may read
this document)." "SI" is the intriguing one. "SCI" refers to
Sensitive Compartmentalized Information, that was only available to
persons within the specified "compartment" or sub-category such as a
project or operation. SCI is a specification added to Top Secret to
further limit access. And it usually pertained to stuff that any
sane person would wish to remain classified, such as information
obtained by breaking a hostile country's diplomatic and military
encryption system. That example would be marked something like
"TS/SCI/CRYPTO/NAME" where NAME referred to the country or NSA
region, or "ALLO" for "all other countries not part of designated
NSA collection regions." As recently as the 1980s, most of the
Middle East was in ALLO, but now each country in that region is
specified.<br>
<br>
So I'm going to guess (educated guess) that SI stands for "Sensitive
Information", indicating a more-exclusive specification within TS,
but not exactly a compartment, because the information crosses the
boundaries between a number of compartments. <br>
<br>
<br>
5) "And now a word from our sponsor," or, "your reading habits for
the Guardian's sponsors":<br>
<br>
To read the FISA Court order for yourself, you might want to block
the numerous snoops on that Guardian page: <br>
<br>
For AVG Do Not Track, block Google +1 and the Twitter Button. <br>
<br>
For JavaScript Blocker, the list is impressive: you'll need to
enable these to see the document: <br>
s3.amazonaws.com <br>
<a class="moz-txt-link-abbreviated" href="http://www.documentcloud.org">www.documentcloud.org</a> <br>
resource.guim.co.uk <br>
oas.guim.co.uk, <br>
<br>
but you can block the following:<br>
rtax.criteo.com<br>
ajax.googleapis.com<br>
pasteup.guim.co.uk<br>
static.guim.co.uk<br>
combo.guim.co.uk<br>
cdm.optimizely.com<br>
edge.quantserve.com<br>
pixel.quantserve.com<br>
req.connect.wunderloop.net<br>
w.dgets.outbrain.com<br>
static.chartbeat.com<br>
And a couple of other obvious ones from Google and Facebook. What
right Facebook has to collect data on people who aren't Facebook
product (you're not the user, you're being used) is beyond me, but
none the less. <br>
<br>
<br>
6) Lastly a bit of opinion:<br>
<br>
To editorialize just a wee bit, it strikes me that FBI and NSA are
suffering from Google Envy. <br>
<br>
It would be so much easier for them to just dangle some shiny
consumer-goodies and get people to sign up in droves, and collect
unlimited data on them that way. But no, they have to go see a
judge and ask permission. As the old rent-a-car ad used to say,
"We're Number Two, but we try harder!" <br>
<br>
-G.<br>
<br>
<br>
==========<br>
<br>
<br>
<div class="moz-cite-prefix">On 13-06-06-Thu 1:36 AM, Eddan Katz
wrote:<br>
</div>
<blockquote
cite="mid:95A51570-3403-4D58-B978-0BF24E7E0DA9@clear.net"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div style="-webkit-text-size-adjust: auto; ">The NSA has obtained
an FISC order to have Verizon turn over phone data records on
all customers until July 19th.</div>
<div style="-webkit-text-size-adjust: auto; "><br>
</div>
<div style="-webkit-text-size-adjust: auto; ">Here's the court
order:<br>
<a moz-do-not-send="true"
href="http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order">http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order</a></div>
<div style="-webkit-text-size-adjust: auto; "><br>
</div>
<div style="-webkit-text-size-adjust: auto; "><br>
</div>
<div style="-webkit-text-size-adjust: auto; ">The gist of it from
EFF Deeplinks post (<a moz-do-not-send="true"
href="https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans">https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans</a>)</div>
<div style="-webkit-text-size-adjust: auto; "><br>
</div>
<div>
<p style="margin: 0.5em 0px 1.3em; padding: 0px; border: 0px;
font: inherit; "><span style="-webkit-text-size-adjust: auto;
background-color: rgba(255, 255, 255, 0);">In a report by
Glenn Greenwald, the paper published <a
moz-do-not-send="true"
href="http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order"
style="margin: 0px; padding: 0px; border: 0px; font:
inherit; text-decoration: none; ">an order</a> from the <a
moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court"
style="margin: 0px; padding: 0px; border: 0px; font:
inherit; text-decoration: none; ">Foreign Intelligence
Surveillance Court</a> (or FISC) that directs Verizon to
provide “on an ongoing daily basis” <i style="margin: 0px;
padding: 0px; border: 0px; font: inherit; ">all</i> call
records for any call “wholly within the United States,
including local telephone calls” and any call made “between
the United States and abroad.”</span></p>
<p style="margin: 0.5em 0px 1.3em; padding: 0px; border: 0px;
font: inherit; "><span style="-webkit-text-size-adjust: auto;
background-color: rgba(255, 255, 255, 0);">In plain
language: the order gave the NSA a record of <i
style="margin: 0px; padding: 0px; border: 0px; font:
inherit; ">every</i>Verizon customer’s call history --
every call made, the location of the phone, the time of the
call, the duration of the call, and other “identifying
information” for the phone and call -- from April 25, 2013
(the date the order was issued) to July 19, 2013. The order
does not require content or the name of any subscriber and
is issued under <a moz-do-not-send="true"
href="http://www.law.cornell.edu/uscode/text/50/1861"
style="margin: 0px; padding: 0px; border: 0px; font:
inherit; text-decoration: none; ">50 USC sec.1861</a>,
also known as <a moz-do-not-send="true"
href="https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act"
style="margin: 0px; padding: 0px; border: 0px; font:
inherit; text-decoration: none; ">section 215 of the
Patriot Act</a>.</span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
sudo-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sudo-discuss@lists.sudoroom.org">sudo-discuss@lists.sudoroom.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sudoroom.org/listinfo/sudo-discuss">http://lists.sudoroom.org/listinfo/sudo-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>