Secret Verizon records collection: What is NSA looking for?

It's possible that the National Security Agency's collection of Verizon records is related to a cybersecurity probe. Or, it could be related to the Boston Marathon bombing investigation.

Pedestrians are reflected in the store window of a Verizon Wireless store near the New York Stock Exchange in lower Manhattan, Thursday, in New York. The National Security Agency is currently collecting the telephone records of all Verizon business customers under a top secret court order, according to government documents leaked to Britain’s Guardian newspaper.

John Minchillo/AP

June 6, 2013

The Obama administration is secretly collecting all telephone records of Verizon business customers under a sweeping classified court order, according to government documents leaked to Britain’s Guardian newspaper.

This order may be just the tip of the US data-mining iceberg. Given the wide-ranging nature of the Verizon request, the US government probably has filed similar orders with AT&T and other communications firms, say national-security experts.

It’s important to note that this does not constitute wiretapping per se. The Federal Bureau of Investigation isn’t asking for the recorded contents of conversations. Instead, it is gathering phone number logs, call duration time, geographic location, and related communications “metadata,” as allowed under a controversial section of the Patriot Act.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

“On its face, the order reprinted in the article does not allow the government to listen in on anyone’s telephone calls,” says an administration official quoted by the Associated Press.

But the indiscriminate nature of the request has startled many privacy experts and raises the question, why? What sort of investigation is the United States pursuing here?

“Was the motivation behind collecting these telephone records a current national-security threat? Or was it something like building a database – to be able to pursue future threats?” asks NBC’s First Read blog Thursday morning.

One possible answer is that it’s related to a cybersecurity probe.

“My extremely [wild] guess is that this is part of a hacking investigation, possibly even the alleged Iranian hacking of power companies in the US,” writes national-security expert Marcy Wheeler on her Emptywheel blog.

Why Florida and almost half of US states are enshrining a right to hunt and fish

She bases her guess on the fact that the Verizon business-oriented enterprise targeted by the disclosed court order emphasizes cybersecurity when selling to customers, and that energy consumers are one of the enterprise's market strengths. At least one of its marketing case studies focuses on “Smart Grids,” power networks that use communication technology to run more efficiently – and that may be vulnerable to hacker sabotage.

“Precisely the kind of thing the government is most freaked out about right now,” Ms. Wheeler writes.

It’s also possible the court order is related to the Boston Marathon bombing investigation. It covers a period of time that began on the day of the bombing and ends in mid-July.

But if that’s the case, why does the court order cast such a wide net? It covers all Verizon business telephone metadata created in the US.

“[H]ow is it possible that all calls to, say, Dominos Pizza in Peoria, Illinois or all calls over a three-month period between two small businesses in Juno, Alaska would be ‘relevant’ to an investigation of events in Boston – even if we assume that the FBI did not know whom it was investigating in the Boston area and did not know whom that unknown person was communicating with?” writes Benjamin Wittes, senior fellow in governance studies at the Brookings Institution, on the Lawfare national-security legal blog.

Mr. Wittes writes that the only explanation he can think of is that there are ways of analyzing big data sets with algorithms that produce lots of interesting things – but only if the data set has all possibly relevant material. That way it’s sure to include any communications by the bombers.

“The trouble is that if that constitutes relevance for purposes of [Patriot Act] Section 215 – or for purposes of grand jury subpoena, for that matter – then isn’t all data relevant to all investigations?” Wittes writes.

That’s the implication here that troubles privacy experts the most. It’s possible that this shows the FBI, via National Security Agency collection and analysis abilities, has begun vast data-mine efforts.

“As such, it would seem to exceed any reasonable presumption of what the consent of the governed would allow,” writes Steven Aftergood, director of the Federation of American Scientists Project on Government Secrecy, on Secrecy News.