NSA Graciously offers to Quit Harvesting Phone Metadata


The NSA recently offers that it was willing to stop bulk collection of domestic-only phone call meta data, in respect to the privacy rights of citizens. It was the first and only public move by the NSA to recognize that personal privacy has any value.

The truth is quite different, when you understand the underlying technologies.

The truth is that the NSA no longer needs to collect phone records on every phone call from the phone companies because it already gets this information from other sources.

Here is the technical point missed by most reporters:

Phone traffic is largely routed over the Internet or on the same fiber routes. When you place a call on Verizon or Frontier or AT&T the call is either routed over the Internet or on a dark fiber running point to point between the carriers. Either way, it runs through the mysterious closets with half-taps going to the NSA.

Traditional SS7 used for network signaling is very much like SIP in that it carries all of the phone calls meta-data. (https://en.m.wikipedia.org/wiki/Signalling_System_No._7) SS7 used to run on a network of private lines, but now it is often encapsulated and run over the Internet through either SIGTRAN (http://en.wikipedia.org/wiki/SIGTRAN) or what is sometimes called SS7oIP.

Thus, the NSA is able to slurp up all phone call records by tapping the SS7 signaling. While SS7 traffic is able to be partially encrypted, most of it is not secured in any way. The minimal encryption that is possible is easily hacked using SnoopSnitch. The minimal encryption is defeated through an automated means state authorities have to provide the keys. And, the NSA can directly decrypt the small amount of SS7 traffic that is encrypted because the root-level keys have been compromised.

So it is simply unnecessary for every telephone company to provide bulk data to the NSA anymore. All of this data is readily available to the NSA throw its existing domestic surveillance programs.

The offer by the administration to end phone call bulk data collection is simply disingenuous.

Colin Berkshire