From the glimpses I’ve seen of it over the last few days, the news appears to have been dominated with talk about a US government surveillance operation referred to as “Prism”. I don’t really have much idea what Prism is, or does, nor do I suspect do most of the folk who’ve been wittering on about it. It partly reminded me of Glimmerglass, but there again, I don’t really know what that tech does…; it also made me ponder the extent to which, if there are surveillance taps built in to various systems, they can be co-opted and subverted. As a code word, however, Prism sounds like it could be suitably sinister, although perhaps not quite at the level of “SPECTRE” or “Quantum”, so it’s a great opportunity for the press to play at spooks.
One thing I have noticed is that the reporting has also started referring to the notion of metadata. For example, the Guardian/Observer mention it thus (Boundless Informant: the NSA’s secret tool to track global surveillance data):
The focus of the internal NSA tool is on counting and categorizing the records of communications, known as metadata, rather than the content of an email or instant message.
In the case of email, this could include sender and recipient information, as well as the message timestamp, and maybe data about the size of the email, whether there were any attachments, and so on. For web transactions, the time you viewed a page and the address of that page would count as metadata about that transaction.
One thing I haven’t seen mention of is the signals intelligence (SIGINT) technique known as traffic analysis. In an article on The Origination and Evolution of Radio Traffic Analysis: World War II, a definition of “traffic analysis” from another report is presented as follows:
Traffic analysis comprises the study of enemy communications for the purpose of gathering information of military value without recourse to cryptanalysis of the text of intercepted messages. From such studies a certain amount of special intelligence of a tactical and strategical nature with regard to the enemy order of battle. direction of movements, massing of troops, probable intention, withdrawals. etc., can be derived. In addition … a large amount of technical intelligence valuable to the intercept and cryptanalytic functions of the Signal Security Service is obtained. In general, the technical information obtained from such studies, when applied to global intercept and cryptanalytic problems, must be derived from a global analysis of traffic. For the proper functioning of units collecting data upon which such studies will be based, their administrative control also must parallel the administrative direction of global intercept and cryptanalytic functions.
The local commander can obtain considerable benefit from the results of traffic analysis as regards special tactical and strategical intelligence derived therefrom, because such special intelligence is based primarily upon enemy communications in close proximity to his sphere of activity …
While it is not so far reaching in consequence as that which might be obtained from a successful cryptanalytic study of a high grade enemy cryptographic system, the results may sometimes be available instantaneously, and are subject only to proper interpretation on the part ofthe local staffand prompt coordination ofthe pertinent data bythe central agency.
The focus of traffic analysis is, therefore, an analysis of the metadata associated with a set of communications, rather than an analysis of the actual content of those communications. Traffic analysis (and social network analysis) is one of the reasons why it be useful in intelligence terms to collect metadata around communications.
For some worked examples around traffic analysis, see for example:
- Traffic Analysis of Anonymity Systems – includes a review of how folk might still be able to tell what web pages you’re visiting even if you use an anonymising proxy;
- Exploration of Communication Networks from the Enron Email Corpus
- Some introductory ideas about Inferring Social Network Structure using Mobile Phone Data and a more worked up example: Forensic Analysis of Phone Call Networks
And so on…
PS see also this glimpse of a social network as built by the NSA (also this review of it. How does all this play out in the context of mosaic theory, eg as framed in the sense of states acting against their own citizens and building up incriminating (and possibly hallucinated) pictures of them?