Just another site

Insider threat and Hypothetical “Aldrich Ames Version 2” scenario and NSA’s metadata (thought experiment)

After listening to some of the testimony of Gen. Keith Alexander (DIRNSA) and others before the US House Permanent Committee on Intelligence of June 18 2013, it occurred to me that one concern with vast metadata databases on phone calls coul arise from malevolent insiders bent on selling metadata to the highest bidder, like an “Aldrich Ames Version 2”.  Gen. Alexander and the other panelists explained that queries by authorized personnel are logged, permitting auditing, and that auditing the log files or “logs” is part of the process of checking-up on employees.

Many will remember the case of traitor to the US Aldrich Ames.  Hypothetically, a malevolent insider might find a security flaw or a moment of laxity to squirrel away gigabytes or terabytes of phone records metadata and sell it to the highest bidder.  What’s an additional concern for me is that Snowden, while at Booz Allen Hamilton, could download and remove from premises TOP SECRET/NOFORN classified data, although admittedly not the “motherload”, i.e. 1000 docs say at 0.25 megabytes/doc ~~~= 250 megabytes, say 30% of one Compact Disk (CD) ‘s worth …  As others have pointed out, metadata on 100 000 000 calls/day x 100 days or 10 billion calls ~= 1000-2000 Gigabytes (1 to 2 Terabytes) might well approach a “motherload’s” worth, and be a very serious breach of privacy.  However, as I understand database concepts a bit dimly, queries are run against the database a few at a time, and the database itself in total or “in toto” or “in extenso” would be very very hard to squirrel away. Thus, an avenue of added assurance could be to strengthen the auditors team, those who do software assurance within NSA, write software to detect “unusual” acivity within intelligence systems, to reassure that a malevolent insider can’t leave or export out of nsa  significant amounts of database records.


Written by meditationatae

July 13, 2013 at 4:41 pm

Posted in History

%d bloggers like this: