Big Data in American Intelligence Agencies

From SI410
Jump to: navigation, search

The term “big data” was first coined by the data analyst Roger Mougalas in 2005 [1]. By definition, it refers to large sets of diverse information that arrive at in increasingly large volumes and at an increasingly rapid rate. [2] In general, big data is placed into two categories: structured, which is usually numerical data, and unstructured, which doesn’t follow any concrete format, and can include data gathered from social media [2]. The use and analysis of big data has become commonplace in most areas of modern society, such as healthcare and business, and has become an integral part of the efforts of American intelligence agencies, such as the National Security Agency and the Central Intelligence Agency. After the terrorist attacks of September 11th, 2001 that targeted the Pentagon in Washington, D.C. and the World Trade Center in New York City, American intelligence moved towards a more anticipatory model, in order to prevent such attacks from happening in the future. A large part of that shift involved the widespread adoption of predictive analytics fed by big data, with intelligence analysts attempting to find hidden correlations buried in large volumes of data, and generating/refuting hypotheses based on that data [3]. Initiatives such as the PATRIOT act, the Directorate in Digital Innovation (DDI)[4], the Intelligence Community Information Technology Enterprise (ICITE)[5], PRISM [6], Sentry Eagle, and more contribute to the ever-growing effort by the United States government to implement data analytics into their national security efforts. However, many American citizens have expressed their concerns about government invasion of personal privacy, and some, such as Edward Snowden in 2013[7], have gone as far as to leak classified government documents pertaining to digital surveillance conducted by the government.

Uses in American Intelligence

Patriot Act

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, or USA PATRIOT Act, was passed nearly unanimously by the Senate and the House of Representatives, and was enacted by Congress on October 26th, 2001 as a response to the terrorist attacks the month prior [8]. In the statement of purpose of the Patriot Act, it says that it is intended to "deter and punish terrorist acts in the United States and around the world", as well as to "enhance law enforcement investigatory tools, and for other purposes" [9].In short, the Patriot act increased the capabilities of government surveillance in four main areas [10]:

  • Records searches - expanding the ability of the government to obtain individual’s data held by third parties.
  • Secret searches - expanding the government’s ability to search personal property without a warrant. For example, the FBI can conduct a wiretap on an American citizen’s phone without an outstanding warrant.
  • Intelligence searches - expanding an exception through the Fourth Amendment that was originally used for the collection of foreign intelligence. For example, the CIA has the ability to identify the requirements for domestic intelligence, allowing for widespread surveillance on collectives of American citizens such as protest groups.
  • “Trap and trace” searches - expanding a second exception in the Fourth Amendment that allows the government to collect information about the origin and destination of communications between parties (for example, tracking calls made to a certain telephone number).

These powers correspond to the following sections of the Patriot Act [11]:

  • Section 201 - Authority to intercept wire, oral, and electronic communications relating to terrorism
  • Section 206 - Roving surveillance authority under the Foreign Intelligence Surveillance Act of 1978
  • Section 210 - Scope of subpoenas for records of electronic communications
  • Section 213 - Authority for delaying notice of the execution of a warrant
  • Section 214 - Pen register and trap and trace authority under FISA

Common examples of big data collected by government agencies as permitted by the Patriot Act include telephone communications (caller IDs for incoming/outgoing calls, voicemail messages, etc.) computer records, credit history, and banking information [12]. Such information on American citizens is obtained by the use of a federal investigative tool called National Security Letters (NSL’s), which are most commonly employed by the FBI. Similar to subpoenas, NSL's possess the authority to demand customer data from credit reporting agencies, financial institutions, travel agencies, and telecommunications providers for use in federal investigations [13]. Unlike subpoena's, NSL's can be granted without a judge’s approval [10], and companies who are recipients of an NSL are legally forbidden to state that they have received one [9].

The U.S. Government’s aimed to use the data collected by the powers granted by the Patriot Act to ensure national security in an anticipatory model rather than a reactionary model. The belief was that by conducting surveillance while avoiding alerting potential suspects, by obtaining personal information (such as business records) without the suspect’s knowledge, and also facilitating a more cooperative relationship of data allocation between government agencies like the FBI/CIA/NSA, the likelihood of terrorist attacks being committed on American soil could be greatly reduced [8]. Additionally, the U.S. government believed that updating federal law to reflect the presence of new technologies, such as the internet, would greatly increase the effectiveness of investigative efforts. However, much controversy surrounds the Patriot Act. Groups of American citizens believe that the sections of the act that permit search and seizure without a warrant violate the Fourth Amendment, which states that the government cannot conduct a search without first obtaining probable cause and a court-approved search warrant [10].

PRISM

One method that the NSA uses to collect data on American citizens in its intelligence efforts is PRISM, or SIGAD US-984XN [14]. Originally top-secret until made public by Edward Snowden, this program was launched under the Protect America Act of 2007 by President Bush and the FISA Amendments act of 2008, which allowed intelligence agencies to collect data from digital communications of American citizens for up to a week without a warrant [14]. PRISM has the ability to request and collect any data from internet platforms such as Yahoo, Google and Microsoft, as long as the data matches the court-approved search terms, according to section 702 of FISA Amendments act[14]. This data isn't collected in bulk, but in a targeted manner, with specified selectors such as email addresses, and not by names or keywords [14].According to certain documents, PRISM accounts for approximately 91% of all the raw data used in NSA analytics, making it the number one data source for the agency[14]. In terms of data that PRISM collects, it does not have access to telephone records. Rather, it has access to a broad range of internet communications, such as [14]:

  • Email
  • Voice and video chat
  • File transfers
  • Social media details
  • Videos
  • Video conferencing
  • Social media activity (logins, etc.)

Although the NSA makes most use out of PRISM, the actual collection of data is done by the FBI with the Data Interception Technology Unit (DITU)[14]. DITU collects all data from providers that fall under the specified selector, and then sends them to the NSA, where they’re stored in sorted databases that are accessible to the FBI and the CIA as well[14]. PRISM can request any internet data from providers as long as the data passes through servers located in the United States, which allows the United States government to conduct surveillance on foreign citizens in addition to American citizens. Former Director of National Intelligence James Clapper stated on June 7th, 2013 that collecting such data on foreign citizens was a defense effort against national security threats, and was not an effort to “intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.”[14]

DDI

The Directorate for Digital Innovation, or DDI, is a program launched by the Central Intelligence Agency on October 1, 2015 to enhance the agency's capabilities in the digital arena [15]. The first new directorate created by the CIA in around 50 years, it aimed to boost its cyber capabilities through a sweeping modernization of its IT systems [15]. The goal of introducing this new directorate was to provide CIA analysts with a wider range of options for tools, as well as greater analytical insight, to use to prevent and investigate threats to national security in a more timely manner[15]. There are three main components to the program [15].:

  • Open source data center
  • Center for cyber threats and operations
  • CIA IT enterprise

Although gradual, the implementation of more modern technology in the digital sector, as well as expanding the cybersecurity budget of the CIA has furthered the agency's goals to greater utilize technological data in its intelligence endeavors in a manner similar to the NSA.

ICITE

The Intelligence Community Information Technology Enterprise, or ICITE (pronounced: eyesight) is an effort made by the Director of National Intelligence to shift IT framework from agency-centric to a more collaborative platform, in order to facilitate the sharing of technological resources and information between American intelligence agencies [16]. The goal of ICITE is to improve the access and ease of exploitation of data collected across agencies, while also providing tools to protect and organize data in order to improve the effectiveness of data analytics, and subsequently decisions based on said data [16]. ICITE mimics the capabilities provided by Apple's iTunes and Android's Google Play through the IC Cloud; by providing a common framework for applications and collaborative tools that foster connection and collaboration between agencies in order to support the maintenance of national security [16]. Each agency affiliated with ICITE has a designated role within the IC cloud, and agency personnel have the ability to access ICITE resources through designated IC locations [16].

Sentry Eagle

Sentry Eagle, the codename for the National Initiative Protection Program, is a part of the NSA's surveillance efforts, and was revealed to the American public as a part of the leaks by Edward Snowden in 2013 [17]. The goal of the program is to protect American cybersecurity interests, and also include the NSA's efforts to attack enemy cyberspace through Computer Network Attacks (CNA) [17]. The program includes six sub-programs: Sentry Hawk, Sentry Falcon, Sentry Raven, Sentry Condor, Sentry Osprey and Sentry Owl [17].

  • Sentry Hawk: Involving both the CIA and the FBI, the Sentry Hawk program aims to exploit digital infrastructure such as computing networks (firewalls, operating systems, applications) and the facilities that store them, computers, servers, and other publicly accessible networks. This part of the program operates jointly with US companies in the commercial sector [17].
  • Sentry Falcon: This part of the program aims to defend computer networks with a focus on attack attribution [17].
  • Sentry Raven: This subsection of Sentry Eagle aims to secretly weaken the commercial encryption software and systems of potential national security threats in order to make them more susceptible for SIGINT, or Signals Intelligence, software [17]. In order to achieve their goals with this program, U.S. intelligence employs the use of super computers equipped with cryptanalytic software in order to break through ciphers[17]. Companies on US soil are often the target of Sentry Raven.
  • Sentry Condor: The Sentry Condor program helps American intelligence identify potential targets, via digital recognition tools and techniques that help identify potential targets for a computer network attack [17].
  • Sentry Osprey: Sentry Osprey is a collaborative effort between the CIA, National Clandestine Service (NCS), FBI, and Defense Clandestine Service sector of the Defense Intelligence Agency. Together, they work to achieve Target Exploitation (TAREX) of enemy communication infrastructure [17].
  • Sentry Owl: The Sentry Owl program is the undercover operations sector of Sentry Eagle. Either undercover NSA agents, or civilian government personnel, are employed to run SIGINT operations on both foreign and domestic corporate communications. The main goal of the program is to collect data and metadata about the customers of the companies in which they've infiltrated [17].

Controversies

Edward Snowden

Edward Snowden [18]

Edward Joseph Snowden, born June 21st, 1983 in Elizabeth City, NC, U.S., is a former American government contractor and famed whistleblower who in 2013 revealed the existence of then-secret government data collection programs such as PRISM[7]. Snowden briefly enlisted in the United States Army as a Special Forces Candidate during the Iraq War, but was discharged due to injury [19]. After, he was hired by the CIA in 2006 in the global communications division, due to his technical prowess. In 2009, he began work as a government contractor for Dell, where he began illegally downloading hundreds of thousands of classified documents describing electronic surveillance programs conducted by the American Government[19]. In 2013, Snowden started working for the consulting firm Booz Allen Hamilton, in order to gather more data about the NSA's surveillance practices.

Snowden began compiling information on the NSA’s secret surveillance programs due to his belief that they were government overreach and needed to be exposed to the public. It is estimated that over his tenure at the CIA and as a government contractor, he gathered approximately 50-200,000 NSA documents, in addition to 15,000 Australian intelligence files and 58,000 British intelligence files. After gathering the necessary information, Snowden fled to Hong Kong, and conducted interviews with journalist Glenn Greenwald from The Guardian and documentary filmmaker Laura Poitras based on the intelligence he had secretly acquired over the years[7]. One of the main leaks that was published as a result of these interviews were 41 PowerPoint slides which detailed the then top-secret PRISM data collection program that the NSA had kept secret from the American public. Initially, Snowden disclosed around 9,000-10,000 documents, and subsequent articles were published in The Guardian, The Washington Post, The New York Times, Le Monde, and other notable international publications [19]. Snowden's identity was originally kept secret, but he revealed it several days after the initial leaks.

Besides exposing the existence of PRISM, Snowden also revealed that the U.S. government was conducting surveillance on both its allies (such as Brazil, France, and Mexico) and prominent world leaders such as former German Prime Minister Angela Merkel[20]. After revealing his identity as the whistleblower, Snowden was charged with unauthorized communication of national defense information, theft of government property, and willful communication of classified communications intelligence[20]. Snowden then fled to Russia in order to escape extradition, where he was eventually granted citizenship in September 2022 [19]. The exposure of NSA activity by Edward Snowden caused great public outcry, and many American citizens voiced their displeasure regarding their lack of knowledge surrounding the government’s usage of their personal information. Many U.S. government officials condemned his efforts, stating the release of top-secret information as a threat to national security, while others praised his efforts, labeling him a patriot for exposing the government’s wrongdoings. According to surveys conducted by Pew Research Center after the leaks, 56% of American adults felt as if courts weren't putting adequate limitations on government data collection, and 70% believed that the government was using personal data for reasons other than anti-terrorist efforts [21]. As a result of the leaks, President Obama assigned teams to conduct an internal investigation on the NSA's surveillance policies. Afterwards, new laws and regulations were introduced in order to limit the length of time personal data could be retained by government agencies, and limited how data could be used in intelligence efforts[20]. Many government officials condemned Snowden's efforts, however, with figures such as former Director of National Intelligence James Clapper stating the leaks did "huge, grave damage" to the capability of U.S. intelligence agencies, and former House Intelligence Committee chairman Mike Rogers stating that the leaks gave terrorists a tactical advantage and put U.S. troop's lives at risk[19].

References

  1. Foote, K. (2017, December 15). A Brief History of Big Data - DATAVERSITY. DATAVERSITY. https://www.dataversity.net/brief-history-big-data/
  2. 2.0 2.1 Segal, T. (2022, March 28). Big Data. Investopedia. https://www.investopedia.com/terms/b/big-data.asp
  3. Colmenajero, A. (2019, April 10). The Influence of Big Data in the Intelligence Cycle. The Security Distillery. https://thesecuritydistillery.org/all-articles/the-influence-of-big-data-in-the-intelligence-cycle
  4. Xanderscho. (n.d.). How the CIA is Reinventing a Case for Big Data - SmartData Collective. Https://Www.smartdatacollective.com/. Retrieved January 26, 2023, from https://www.smartdatacollective.com/how-cia-reinventing-case-big-data/
  5. Phil Goldstein. (2018, December 6). CIA CIO Sees Data as the “Tip of the Spear” in Intelligence. FedTech Magazine. https://fedtechmagazine.com/article/2018/12/cia-cio-sees-data-tip-spear-intelligence
  6. Priestley, T. (2013, June 10). Big Data and Analytics: The Hero or the Villain ? Wired. https://www.wired.com/insights/2013/06/big-data-and-analytics-the-hero-or-the-villain/
  7. 7.0 7.1 7.2 Ray, M. (2018). Edward Snowden | Biography & Facts. In Encyclopædia Britannica. https://www.britannica.com/biography/Edward-Snowden
  8. 8.0 8.1 Department of Justice. (2019). The USA Patriot Act: Preserving life and liberty. Justice.gov; Department of Justice. https://www.justice.gov/archive/ll/highlights.htm
  9. 9.0 9.1 Burney, B. (2007). The Patriot Act. GPSolo, 24(5), 26–30. http://www.jstor.org/stable/23673431
  10. 10.0 10.1 10.2 American Civil Liberties Union. (2022). Surveillance Under the USA/PATRIOT Act. American Civil Liberties Union. https://www.aclu.org/other/surveillance-under-usapatriot-act
  11. Dispelling the Myths. (2020). Justice.gov. https://www.justice.gov/archive/ll/subs/add_myths.htm
  12. PATRIOT Act. (n.d.). EPIC - Electronic Privacy Information Center. https://epic.org/issues/surveillance-oversight/patriot-act/
  13. National Security Letters: FAQ. (2014, March 5). Electronic Frontier Foundation. https://www.eff.org/issues/national-security-letters/faq#1
  14. 14.0 14.1 14.2 14.3 14.4 14.5 14.6 14.7 14.8 Prism. (2022, June 1). Wikipedia. https://en.wikipedia.org/wiki/Prism
  15. 15.0 15.1 15.2 15.3 Lyngaas, S. (2015, October 1). Inside the CIA’s new Digital Directorate. FCW. https://fcw.com/security/2015/10/inside-the-cias-new-digital-directorate/207156/
  16. 16.0 16.1 16.2 16.3 What is IC IT Enterprise (IC ITE)? Leadership Is All In. (n.d.). https://www.dni.gov/files/documents/IC%20ITE%20Fact%20Sheet.pdf
  17. 17.0 17.1 17.2 17.3 17.4 17.5 17.6 17.7 17.8 17.9 Sentry Eagle. (2020, February 24). Wikipedia. https://en.wikipedia.org/wiki/Sentry_Eagle
  18. Edward Snowden - Concordia University. (n.d.). Www.concordia.ca. Retrieved February 9, 2023, from https://www.concordia.ca/research/lifestyle-addiction/events/symposium2021/programme/speakers/edward-snowden.html
  19. 19.0 19.1 19.2 19.3 19.4 Edward Snowden. (2021, October 6). Wikipedia. https://en.wikipedia.org/wiki/Edward_Snowden#:~:text=His%20disclosures%20revealed%20numerous%20global
  20. 20.0 20.1 20.2 History.com Editors. (2018, June 26). Edward Snowden discloses U.S. government operations. HISTORY. https://www.history.com/this-day-in-history/edward-snowden-discloses-u-s-government-operations
  21. Geiger, A. (2018, June 4). How Americans have viewed government surveillance and privacy since Snowden leaks. Pew Research Center; Pew Research Center. https://www.pewresearch.org/fact-tank/2018/06/04/how-americans-have-viewed-government-surveillance-and-privacy-since-snowden-leaks/
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Big_Data_in_American_Intelligence_Agencies&oldid=114566"