Subject-matter expert speaking here, and there's something VERY "interesting" about that order that has not been discussed yet in the press.

Let's take it from the top so we're all on the same proverbial page...

1) The basics.

The FISA Court order appears to cover CDR (Call Detail Records) for each call passing through the Verizon network (and per press reports, similar orders apparently exist for other carriers). However, per item (3) below, this isn't the same part of Verizon that you may already know and use.

CDR includes the following: Date/time start, date/time end, originating number, dialed/destination number. For mobile devices, CDR includes geolocation data. Basically this is the kind of information that already appears on your phone bill.

The order does not include recording the conversations themselves ("transaction intercept"), but when the purpose is "traffic analysis" (TA), there is no need to capture the actual conversations: that can be done via a separate FISA Court order that's targeted to specific telephone numbers, usually at the stage after TA has ascertained the telephone numbers of interest.

Capturing content (conversations) is incredibly cumbersome and entails a lot of post-processing: keyword recognition, automated transcription, human proofreading and correcting of the transcribed material (yes even now, and this is hugely labor-intensive), and possibly voiceprint recognition for attribution purposes (identification of the person-identity of each person speaking, which is not included in the present order). One of the holy grails in LE and the USIC is 100% attribution.

The fact that the order includes LOCAL calls is very interesting, because it wasn't too long ago when local CDR was not captured at all, since local calls were not individually billable. In certain large cities such as New York where all local calls were billed (anyone else here remember "message unit" charges?), each local call generated a billing record but not CDR data. Ahh, the good old days...

2) A really interesting item.

The fact that the order includes "trunk identifier" for each call is VERY VERY interesting.

And this gets us to what I think may be one of the key aspects of this intercept order. Let's take a little romp through the telephone network...

Trunks are connections between telco switches. For example when you call from Oakland to San Francisco, your call is connected over a trunk between the switch in the Oakland CO and the switch in the San Francisco CO. Every trunk has an identifying number, as a routine matter for engineering and maintenance.

What's intriguing as hell about trunk data is: ordinarily a caller does not have any means of choosing the trunks that are assigned to the call. However, the fact that the order includes "telephone calling card numbers" begins to shed light on the "trunk" issue.

When you use a telephone calling card, for example an MCI cash-prepaid phone card, you're effectively making a choice of trunks, because your call is routed from your local carrier's CO via a trunk group to the carrier that operates the calling card service, and then back out via the same or a different trunk group to the destination carrier's CO. The phone card provider may or may not have their switch programmed to pass the originating telephone number onward to the destination carrier (I program switches, and I can choose whether or not to pass ANI data forward).

Telephone calling cards have in the past been used as a kind of telephonic TOR, to obscure the origins and destinations of calls. The originating carrier normally has data about the route to the calling card service. The calling card service normally has data about the card number to bill for the call, and the destination number that the caller wishes to reach. The destination carrier normally has data about the call from the calling card service to the destination phone number. These three records are ordinarily difficult to assemble into a single phone call.

However in recent years it is likely that the originating carrier's switch has been programmed to also capture the calling card data including the destination number. The originating carrier's equipment may only be able to provide data for one such intermediary: Alice to Card Company to Bob. If Alice wants to obscure her trail further, she'll try to call from one card company or at least one card number, to another: thus, Alice to Card 1, to Card 2, to Bob. No doubt that trick is well known to LE & the USIC.

Thus we arrive at what I believe may be a key element of this FISA Court order: to obtain the CDR data associated with telephone card providers, to enable aligning their inbound & outbound traffic records, from which to arrive at attribution on calls that are routed through these calling card providers. Or perhaps "calling card provider" singular, per (3) below.

If I had to guess, and this is an educated guess, I would say that the targets of the intercepts are sophisticated large-scale criminal organizations such as the international drug cartels operating in a number of US cities.

3) Further support for hypothesis:

Notice the specific names on the FISA Court order.

"Verizon Business Network Services" is NOT the same thing as the top layer of the Verizon corporation. Instead, this business unit specializes in enterprise-scale telecom solutions, such as private wired and wireless networks of the types that are used by Fortune 500 corporations.

"MCI Communication Services" was the nation's first competing long distance provider, originally known as "Microwave Communications Inc." for its point-to-point microwave network linking major cities. Since the 2000s, MCI was/is also the most widely-used cash-paid calling card service, selling its calling cards in stores across the US including Costco.

I'll need to give it a bit more thought as to what, among the enterprise-scale solutions that Verizon Business Network Services offers, might be of interest here. More about which later, unless I get abducted by a black helicopter;-)

4) Lastly, the classification stamps on the doc are interesting.

Top Secret is obvious. NOFORN means "no foreign persons (may read this document)." "SI" is the intriguing one. "SCI" refers to Sensitive Compartmentalized Information, that was only available to persons within the specified "compartment" or sub-category such as a project or operation. SCI is a specification added to Top Secret to further limit access. And it usually pertained to stuff that any sane person would wish to remain classified, such as information obtained by breaking a hostile country's diplomatic and military encryption system. That example would be marked something like "TS/SCI/CRYPTO/NAME" where NAME referred to the country or NSA region, or "ALLO" for "all other countries not part of designated NSA collection regions." As recently as the 1980s, most of the Middle East was in ALLO, but now each country in that region is specified.

So I'm going to guess (educated guess) that SI stands for "Sensitive Information", indicating a more-exclusive specification within TS, but not exactly a compartment, because the information crosses the boundaries between a number of compartments.

5) "And now a word from our sponsor," or, "your reading habits for the Guardian's sponsors":

To read the FISA Court order for yourself, you might want to block the numerous snoops on that Guardian page:

For AVG Do Not Track, block Google +1 and the Twitter Button.

For JavaScript Blocker, the list is impressive: you'll need to enable these to see the document:
s3.amazonaws.com
www.documentcloud.org
resource.guim.co.uk
oas.guim.co.uk,

but you can block the following:
rtax.criteo.com
ajax.googleapis.com
pasteup.guim.co.uk
static.guim.co.uk
combo.guim.co.uk
cdm.optimizely.com
edge.quantserve.com
pixel.quantserve.com
req.connect.wunderloop.net
w.dgets.outbrain.com
static.chartbeat.com
And a couple of other obvious ones from Google and Facebook. What right Facebook has to collect data on people who aren't Facebook product (you're not the user, you're being used) is beyond me, but none the less.

6) Lastly a bit of opinion:

To editorialize just a wee bit, it strikes me that FBI and NSA are suffering from Google Envy.

It would be so much easier for them to just dangle some shiny consumer-goodies and get people to sign up in droves, and collect unlimited data on them that way. But no, they have to go see a judge and ask permission. As the old rent-a-car ad used to say, "We're Number Two, but we try harder!"

-G.

==========

On 13-06-06-Thu 1:36 AM, Eddan Katz wrote:

The NSA has obtained an FISC order to have Verizon turn over phone data records on all customers until July 19th.

Here's the court order:
http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order

The gist of it from EFF Deeplinks post (https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans)

In a report by Glenn Greenwald, the paper published an order from the Foreign Intelligence Surveillance Court (or FISC) that directs Verizon to provide “on an ongoing daily basis” all call records for any call “wholly within the United States, including local telephone calls” and any call made “between the United States and abroad.”

In plain language: the order gave the NSA a record of everyVerizon customer’s call history -- every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for the phone and call -- from April 25, 2013 (the date the order was issued) to July 19, 2013. The order does not require content or the name of any subscriber and is issued under 50 USC sec.1861, also known as section 215 of the Patriot Act.
_______________________________________________
sudo-discuss mailing list
sudo-discuss@lists.sudoroom.org
http://lists.sudoroom.org/listinfo/sudo-discuss