recommended reading

Researchers Say You Can Surveil Everyone and See Only the Criminals


When a criminal duo labeled the “High Country Bandits” robbed a series of Arizona and Colorado banks in 2009 and 2010, FBI investigators turned to the owners of local cell phone towers.

A federal judge signed a court order authorizing a “tower dump” of call metadata from towers nearby the robbery sites. (Such court orders have a lighter burden of proof than a warrant, which requires probable cause.) The metadata received by investigators contained 150,000 numbers in plain text. Only two phone numbers were present at every crime scene. Investigators traced these back to their owners, the bank robbers, who were arrested and later convicted.

In 2012, investigators—many of them local police departments—made over 9,000 such requests for cell tower data. Many were granted without a warrant, at the discretion of a judge. The NSA program known as CO-TRAVELER, which was exposed by the Snowden documents, collects similar data, tapping mobile phone networks with a purported intent of identifying associates of known intelligence targets. “Incidentally,” NSA documents say, the program can capture up to 5 billion mobile phone location records per day.

In the High Country Bandits case, such techniques obviously proved to be an effective law enforcement strategy. They are also a significant privacy infringement, containing the mobile phone records and potentially GPS data and network history of individuals en masse.

Yale computer scientists Aaron Segal, Bryan Ford, and Joan Feigenbaum may have a solution. In a paper presented at an August 18 conference on open communication, the researchers paint an idyllic picture of a potential surveillance environment that’s heavy on reach and light on breach. The paper, “Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance,” proposes combining a system of checks and balances with cryptographic techniques to let investigators identify records of interest without exposing anyone else’s data.

Here’s how it works:

It uses “privacy-preserving” algorithms

When the FBI received the tower dump data from the High Country Bandits case, they tracked down the bank robbers by finding the intersection of all data sets—in other words, the only phone numbers that made calls near each cell phone tower in question. The key to the Yale researchers’ protocol is a well-established cryptographic method known as “privacy-preserving” set intersection. “Privacy-preserving” means that the operation works on encrypted information and doesn’t reveal anything about the data except the intersecting elements. If the FBI had done things this way, they could have still found the criminals but avoided compromising 150,000 people’s information.

It creates checks and balances by distributing encryption

NSA surveillance programs like CO-TRAVELER are suspicious because they happen in a private, unchecked sphere. As the Yale researchers write:

“In short, the public must simply ‘trust’ the U.S. government’s evidence-free assertions that its mass ingestion and secret processing of privacy-sensitive data are (secretly) lawful and subject to adequate (secret) privacy protections and effective (secret) oversight.”

Checks on domestic agencies are more extensive. Most tower dumps require a court order and not a warrant, like the High Country Bandits case. If a judge deems a request too expansive, they might demand that the time window be narrowed or that a policy for handling extraneous personal data be specified.

The Yale protocol imposes stronger checks that work by distributing the actual encryption of the data. Once an agency like the FBI receives the data, it’s been encrypted three times over: once by a key held by the court that authorized the dump, once by a key held by the FBI themselves, and once by a key held by a legislative organization that oversees all requests for surveillance data. As long as the keys stay secure, it’s impossible for any single branch to operate on the data without the cooperation of the other two.

But it’s no catch-all

The protocol is a step up from the status quo, according to Christopher Soghoia, chief technologist for the American Civil Liberties Union. But under certain conditions, the metadata still wouldn’t be totally impermeable, he says. What’s more, law enforcement agencies might be slow to adopt the new technique due to red tape.

Some privacy advocates oppose any large-scale culling of personal metadata. In a string of critical tweets, security consultant Eleanor Saitta said the paper essentially endorsed over-surveillance. Rather than trying to limit surveillance with clever cryptography, which could eventually be compromised, the government should instead seek to limit its access outright.

That argument ignores the fact that big data is here to stay in one form or another, says Bryan Ford, one of the paper’s authors. Denying that, he says, is merely “living in a fantasy land.”

Reprinted with permission from Quartz. The original story can be found here

(Image via imagineerinx/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.