• United States



NSA whistleblower discusses ‘How the NSA tracks you’

Aug 07, 20175 mins

William Binney, who quit the NSA because it engages in the 'total invasion of the privacy rights of everybody on the planet,' presented ‘How the NSA tracks you’ at the hacker conference SHA2017.

At the outdoor hacker camp and conference SHA2017, which is taking place in the Netherlands, NSA whistleblower William Binney gave the talk, “How the NSA tracks you.”

As a former insider, Binney knew about this long before Snowden dropped the documents to prove it is happening. Although he didn’t say anything new, Binney is certainly no fan of the NSA’s spying — he calls the NSA the “New Stasi Agency.” If you are no fan of surveillance, then his perspective from the inside about the “total invasion of the privacy rights of everybody on the planet” will fuel your fury at the NSA all over again.

In today’s cable program, according to Binney, the NSA uses corporations that run fiber lines to get taps on the lines. If that fails, they use foreign governments to get taps on the lines. And if that doesn’t work, “they’ll tap the line anywhere that they can get to it” — meaning corporations or governments won’t even know about the taps.

The companies are involved at the next step — the PRISM program, which includes collection directly from the servers of U.S. service providers. However, Binney said PRISM is the minor program when compared to Upstream, which includes collecting data from the taps on fiber-optic cables in hundreds of places around the world. “That’s where they are collecting off the fiber lines all the data and storing it.”

PRISM was for show-and-tell purposes, to show Congress and courts what the NSA was doing and to say we have warrants and are abiding by the laws. Upstream was the one that allowed the NSA to “take everything off the line.”

Regarding worldwide SIGINT, CNE (computer network exploitation) was the big one. Implants in hardware or software, let’s say switches or servers, make them “do anything they want” because the NSA pwned them.

That feeds the NSA’s Treasure Map, which provides a map of the entire internet in near real-time; “any device, anywhere, all the time” — every minute of every day. As Binney put it, “So it’s not just collecting what you’re saying — encrypted or not — but it’s also monitoring where you are when you do it.”

Treasure Map is also how intelligence agencies use GPS from cell phones to target drone attack victims. Binney noted there are at least 1.2 million people on the drone hit list.

He also mentioned the programs that include the input of all phone data, “fixed, mobile, satellite — any kind of phone” — which both the FBI and CIA can directly access “so that when they want to see who did what, they have an index, all, to everything they ever said in their database.”

“All the data is collected without warrants … so it’s a basic violation of the rights of every human,” Binney said.

Other agencies access NSA data

He also covered how other agencies can directly access the NSA’s data, Five Eyes, CIA, FBI, DEA and DIA. The police can access it via the FBI’s system.

The NSA could choose to look at the right targets, but doesn’t. The NSA may “collect it all,” but that’s not the same as intelligence, as understanding all of what was collected. If you use one of the hot keywords in an email, for example, it will get flagged for review. But planned attacks happen because analysts are so buried beneath the data they can’t see the attacks coming. Binney previously tried to convince the U.K. that “bulk data kills people.”

While all this data isn’t helping to stop attacks, having all the data gives the intelligence community the “power to manipulate anyone they want.” It’s like “J. Edgar Hoover on super steroids” — all the collected data gives intelligence agencies the means to target anyone. Then parallel construction is used after the fact to go back and build a separate basis for an investigation to cover up the fact that the data was obtained unconstitutionally.

Before taking questions from conference attendees, Binney pointed out an icon on a slide as a teaser to his startup, which will “advise on ways you can do privacy and security by design.” He came to Europe, since they can’t get anything done in the U.S. “The U.S. and U.K. are too dense to realize it can be done” — it also goes against their agenda for more “money, power and control.”

Can we expect more NSA employees to blow the whistle? Perhaps, but the people in power there are “corrupt,” Binney said. During the portion of the talk when attendees could ask questions, he talked about how the NSA has employed a lot of introverts, people with ISTJ personalities, making them easy to threaten. Binney added that the See Something, Say Something (about your fellow workers) program inside the NSA is “what the Stasi did. They’re picking up all the techniques from the Stasi and the KGB and the Gestapo and the SS; they just aren’t getting violent yet — that we know of — internally in the U.S.; outside is another story.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.