[mpyne]

> The N.S.A. achieved a technical breakthrough in 2010 when analysts first matched images collected separately in two databases — one in a huge N.S.A. database code-named Pinwale, and another in the government’s main terrorist watch list database, known as Tide — according to N.S.A. documents.

Sounds like this is the answer.

One of the difficult aspects of investigating terrorist networks through signals intelligence would be deciphering the network itself (which is why NSA would have been interested in phone metadata).

If you had a known list of terrorist suspects (TIDE) and could match those to legally-intercepted video feeds or pictures (which is what I'm assuming PINWALE is for) then you could identify the user IDs being chatted with and then use PRISM and other approved signals interception methods to decipher "who's who in the zoo".

With a better selectivity of who the targets would be then you could use targeted access operations to both get better fidelity on actual plots (instead of dumb keywords searches, actually assign analysts to get a "deep dive" into any of the plot(s) under discussion). This would also enable you to avoid wasting time and resources on people who are not a threat by filtering out "where the terrorists are not".

The ideal end result: Disrupting a bombing plot before it happens. Both the 2009 and 2010 bombings were disrupted only by luck, so "clearly" the NSA didn't have the tools they needed, which is why I warn you guys that the argument "oh but they didn't catch Tsarnaev" doesn't end the way you think it does. :P

----

I know you all like to claim that counter-terrorism is just rhetoric used to justify more sinister motives, but I've found it striking how almost every time a leak is presented the evidence shows a bunch of NSA analysts trumpeting... counter-terrorism.

This case is no different: "another 2011 N.S.A. document reported that a facial recognition system was queried with a photograph of Osama bin Laden.", "A 2011 PowerPoint showed one example when Tundra Freeze, the N.S.A.’s main in-house facial recognition program, was asked to identify photos matching the image of a bearded young man with dark hair.", "One N.S.A. PowerPoint presentation from 2011, for example, displays several photographs of an unidentified man — sometimes bearded, other times clean-shaven — in different settings, along with more than two dozen data points about him. These include whether he was on the Transportation Security Administration no-fly list, his passport and visa status, known associates or suspected terrorist ties, and comments made about him by informants to American intelligence agencies."

There's certainly an argument to be made about whether such investigative abilities are safe for democracy, but what we've consistently not seen is a bunch of people trying to subvert democracy, not even according to the very documents NSA and their managers thought would be safest from ever being publically disclosed.

[humbert]

> what we've consistently not seen is a bunch of people trying to subvert democracy, not even according to the very documents NSA and their managers thought would be safest from ever being publically disclosed.

In August 2013, a report by Reuters revealed that the Special Operations Division (SOD) of the U.S. Drug Enforcement Administration advises DEA agents to practice parallel construction when creating criminal cases against Americans that are actually based on NSA warrantless surveillance. [1] The use of illegally-obtained evidence is generally inadmissible under the Fruit of the poisonous tree doctrine. [2]

[1] http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE... [2] https://en.wikipedia.org/wiki/Parallel_construction

[mpyne]

That's not an example of "subverting democracy" (though I'll admit I do find it distasteful).

Even that has rules, and the rules are on the whole followed.

Parallel construction is about finding evidence that can hold up in the court of law, without divulging classified intelligence "sources and methods" (you know, much the very things NSA is complaining about Snowden having done).

It starts from evidence legally collected by NSA (which is why "fruit of the poisonous tree" would not apply). The law permits the NSA to share that legally-collected information in some cases with law enforcement.

But law enforcement can't build a case on that without burning the NSA source, so NSA advises them on how to start a new trail that can lead to a prosecution without NSA having to close off that intelligence source.

Is it unfair? Perhaps, but then so is Google using legal tax loopholes to avoid paying taxes. Distasteful perhaps, but legally permissible.

[woah]

What do you not understand about warrants?

[mpyne]

Well that would be hard to accurately answer by definition, I think...

[count]

While not defending it in any sense, this STILL shows what the grandparent poster is saying: The folks THINK they're doing the RIGHT thing. They're giving extra evidence of crimes to convict criminals!

[keithpeter]

Just a thought: terrorist networks may not be the most significant factor here. Recent outrages (and I mean that) in Boston, London[1] and Birmingham/West Midlands[2] UK have been the work of lone individuals who may have self-radicalised, 'consuming' propaganda thrown over the wall by terrorist organisations based in different parts of the world. Where would people here put the line between eccentricity, a known condition, extreme speech and terrorism[3], [4]?

[1] http://www.bbc.co.uk/news/magazine-25424290

[2] http://www.bbc.co.uk/news/uk-england-birmingham-24586050

[3] http://www.bbc.co.uk/news/uk-england-leicestershire-27633943

[4] http://www.bbc.co.uk/news/uk-england-leicestershire-27328590

PS: not one of these people was on any kind of list.

[mpyne]

I can't speak for GCHQ, but the Boston bombers were identified by signals intelligence. It was Russia's, but they were identified nonetheless and turned over to the FBI.

The FBI failed to properly follow-up with that lead, but that's not (itself) a failure of SIGINT.

Despite all that (and ironically), the Boston bombing was a scenario where we should expect the NSA to be unable to see early signs, since they are forbidden from tracking the communications of either of the Tsarnaev brothers since they were on U.S. soil. NSA would only have seen anything if they had reached out to a known foreigner, outside of the U.S., in the process of germinating their plot.

But even so, it may be that we have to "settle" for the existence of occasional homegrown extremism (America is no stranger to that either) while still foiling the external plots that can be foiled.

[gerardvanvooren]

And one week later a massive explosion in West, Texas killed a lot more people. Yet somehow we only talk about the Boston bombers.

It is a theater, but the NSA got way too far. And even the motto of "100% security" by Obama is complete nonsense. Because it didn't stop the massive explosion in West, Texas, nor the Boston bombings.

Their problem is a lack of logical thinking.

[mpyne]

> Their problem is a lack of logical thinking.

If you're trying to equate the psychological impact of things like 9/11 to the equivalent number of coal deaths or traffic accidents then I'm not sure the lack of logical thinking is limited to them.

Treating humans like they should be Vulcans is one of the most illogical things of all. People are not Vulcans, and any systematic policy that fails to take that into account is doomed to failure.

[gerardvanvooren]

> If you're trying to equate the psychological impact of things like 9/11 to the equivalent number of coal deaths or traffic accidents then I'm not sure the lack of logical thinking is limited to them.

The executive branch of US gov, also didn't do one bit to relax the minds of "us". Instead they waved the red (and the US-) flag quite a lot and they put oil on the flame of fear. That by itself is criminal enough. But they went further and further... We know the history.

[keithpeter]

Yes, I remember that. Good point. And of course the drip-drip of car accidents and alcohol use &c.

Wasn't it Shneier who said that it wasn't the things you read about in the paper (by definition rare and exotic) that you had to watch out for but the banal ordinary things?

[zacinbusiness]

I'm assuming that I misunderstand the point of this technology, as used by the NSA. It seems that they have pictures of people that they want to arrest. And they have information about those same people, but without pictures. And so they have developed a technology that matches a picture with the name of the person in that picture?

If the NSA wants to have person A detained then wouldn't it be a good idea for them to already know what that person looks like? Am I entirely missing the point?

[mpyne]

Well somehow I doubt that the NSA has a decent picture on everybody, but for those that they do then yes, it's a way of doing identity matching between pictures of people and data involving those people.

Think doing relational SQL joins based on photos, IMO.

[zacinbusiness]

So my interface looks something like:

Age: Height: Sex: Eye Color: Skin Color: Build:

and I can fill it in and I will be presented with an image (or images) that matches that query, along with basically all the other information currently collected about that individual?

So, a use case would be...a 6'2'' individual with medium complexion and shinny build with heavy facial hair was caught on a camera doing some potentially illicit activity and the feds can feed that info into the DB and the output is a list of people who match that description, along with all available information such as (I'm guessing here), last known location (most likely according to their last internet login and/or cellphone ping), full transcripts of their emails, chat, voip conversations, etc..?

But how does the system match the photo to the name? [The app 'NSA' would like access to your Facebook Photos. This app will not be able to post on your behalf."]?

[mpyne]

I have no clue on how it works other than the linked article.

It's not hard to make reasonable guesses based on fundamental systems engineering principles though. E.g. the interface might simply be "Here's a known picture of the guy, find all matches to this picture" and start seeing which connections pop up. Almost like a Facebook Graph Search based on an image identifier instead of a Facebook UID.