US stepping up plans to prevent spying on its spies
The US government is quietly funding research to prevent phone company employees and other eavesdroppers from seeing who the US is spying on, The Associated Press has learned.
The research is being carried out as the Obama administration considers moving the collection of those records from the National Security Agency (NSA) to storing them with phone companies or elsewhere.
The Office of the Director of National Intelligence has paid at least five research teams across the US to develop a system for high-volume, encrypted searches of electronic records that are kept outside the government’s possession.The project would allow the government to discontinue storing US citizens’ phone records, but would still be able to search them when needed.
According to interviews obtained by the AP with the researchers involved, corporate executives and government officials as well as public documents, US data mining would be shielded by secret coding, which would conceal identifying details from outsiders and even the owners of the databases concerned.
In a separate development Monday, the US Justice Department and leading Internet companies agreed a compromise with the government that would allow firms such as Google and Microsoft to reveal to the public how often they are ordered to turn over information about their customers in national security investigations.
Internal documents describing the Security and Privacy Assurance Research project, as it is known, do not cite the NSA, but if the project was to prove successful it could basically allow them to carry out secure searches without having to bother storing any of the phone records.
A spokesman for the Office of the Director of National Intelligence (DNI), Michael Birmingham, said there has been “interest throughout the intelligence community” but warned it may be some time before the technology is used.
Birmingham confirmed that the research is aimed for use in a “situation where a large sensitive data set is held by one party which another seeks to query, preserving privacy and enforcing access policies.”
It is unclear how much money the government has spent on the project to date, as the DNI does not disclose detailed budget figures.
Steven Bellovin, a Columbia University computer sciences expert, said that the project could be within place within the next year or two.
“If the NSA wanted to deploy something like this it would take one to two years to get the hardware and software in place to start collecting data this way either from phone companies or whatever other entity they decide on,” he said.
Bellovin explained that the coding could shield both the extracted metadata and the identities of those conducting the searches so the government could then use encrypted searches to ensure that its analysts were not leaking information or abusing people’s privacy during their data searches. The technique could then also be used by the NSA to search and retrieve internet metadata such as e-mails.
Daniel Weitzner, the principal research scientist at MIT’s Computer Science and Artificial Intelligence Laboratory and former deputy chief technology officer for the Obama administration warned about the system being abused.
“There’s no silver bullet that guarantees the intelligence community will only have access to the records they’re supposed to have access to. We also need oversight of the actual use of the data,” he said.