NSA report renews data mining concerns

updated 9:45 p.m. ET May 11, 2006

WASHINGTON - If the National Security Agency is indeed amassing a colossal database of Americans’ phone records, one way to use all that information is in “social network analysis,” a data-mining method that aims to expose previously invisible connections among people.

Social network analysis has gained prominence in business and intelligence circles under the belief that it can yield extraordinary insights, such as the fact that people in disparate organizations have common acquaintances. Companies can buy social networking software to help determine who has the best connections for a particular sales pitch.

So it did not surprise many security analysts to learn Thursday from USA Today that the NSA is applying the technology to billions of phone records.

“Who you’re talking to often matters much more than what you’re saying,” said Bruce Schneier, a computer security expert and author of “Beyond Fear: Thinking Sensibly About Security in an Uncertain World.”

The NSA declined to comment. But several experts said it seemed likely the agency would want to assemble a picture from more than just landline phone records. Other forms of communication, including cell phone calls, e-mails and instant messages, likely are trackable targets as well, at least on international networks if not inside the U.S.

To be sure, monitoring newer communications services is probably harder than getting billing records from landline phones. USA Today reported that the NSA has collected call logs from the three largest U.S. phone companies, BellSouth Corp., AT&T Inc. and Verizon Communications Inc.

That level of cooperation confirmed the fears of many privacy analysts, who pointed out that AT&T is already being sued in federal court in San Francisco for allegedly giving the NSA access to contents of its phone and Internet networks. The charges are based on documents from a former AT&T technician.

It remains unclear whether other communications providers have been asked for their call logs or billing records.

Verizon Wireless spokesman Jeffrey Nelson definitively said his company was “not involved in this situation.” His counterparts at Cingular — an AT&T/BellSouth joint venture — and Sprint Nextel Corp. were less explicit and did not deny any participation.

In a statement e-mailed to The Associated Press Thursday, T-Mobile USA Inc. said it does not participate “in any NSA program for warrant-less surveillance and acquisition of call records, and T-Mobile has not provided any such access to communications or customer records.”

Even without cell phone carriers’ help, of course, calls between wireless subscribers and Verizon, AT&T and BellSouth landlines presumably would be captured.

Internet poses challenge
Among Internet service providers, representatives for AOL LLC said the company complies with individual government subpoenas and court orders but does not have a blanket program for broader sharing of customer data. Microsoft Corp. had “never engaged in the type of activity referenced in these articles,” according to a statement from Scott Charney, its vice president for trustworthy computing. Google Inc. spokesman Steve Langdon said his company does not participate, either. Yahoo Inc. officials say they comply with subpoenas, but refused to elaborate, saying they cannot comment on specific government interactions.

Even without full inside help, the NSA has proven itself adept at capturing communications or at least analyzing traffic information. The Echelon program, for example, is known to have tapped into satellite, microwave and fiber-optic phone links and even undersea cables in order to gain insights into what the rest of the world was talking about.

The Internet does present new challenges for snoops, which has led federal authorities to seek an expansion of a key surveillance law so that it applies to new kinds of Web services.

But even now authorities can tap into data feeds. There is a relatively small number of major Internet backbones and data junctions where networks hand information off to each other.

And while e-mail, Internet calls and other data packets splinter and take varying routes across networks, each packet has a header identifying its source and destination. It’s not obvious what the packet is part of — whether an e-mail, a Web page or an Internet phone call — but it still contains the equivalent of a phone billing record: who’s talking to whom.

MORE FROM SECURITY

Security Section Front

Check your junk mail: Might have a contract in it FTC warns of increase in Internet scams Man indicted in hacking of Palin's e-mail Tiny flash drives improve their security Fake YouTube pages used to spread viruses EU proposes more rights for Internet shoppers Gmail 'Mail Goggles' stymie drunk e-mailing Fraud plagues prepaid calling card market GPS 'spoofing' could threaten national security Chinese snoop on Skype, but are they alone? Security Section Front   Add Security headlines to your news reader: