Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
IT

NSA Can't Search Its Own Email 165

cycoj writes "The NSA says that there is no central method to search its own email. When asked in a Freedom of Information Act request for emails with the National Geographic Channel over a specific time period, the agency, which has been collecting and analyzing the data of hundreds of millions of Internet users, says it can only perform person-per-person searches on its own email."
This discussion has been archived. No new comments can be posted.

NSA Can't Search Its Own Email

Comments Filter:
  • big surprise (Score:5, Insightful)

    by Sparticus789 ( 2625955 ) on Wednesday July 24, 2013 @10:13AM (#44370437) Journal

    Perfect example of "do as I say, not as I do". But this isn't just a NSA problem, it is a government problem.

    • Re:big surprise (Score:5, Informative)

      by Anonymous Coward on Wednesday July 24, 2013 @10:52AM (#44370881)

      More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

      • by rickb928 ( 945187 ) on Wednesday July 24, 2013 @11:17AM (#44371167) Homepage Journal

        Consequences. They're cute when they say that.

      • Re:big surprise (Score:5, Insightful)

        by Sancho ( 17056 ) on Wednesday July 24, 2013 @11:40AM (#44371443) Homepage

        FOIA does not require that you make it easy to comply with FOIA requests. Nothing in there says you have to have globally searchable e-mail or document storage, in fact. And the costs to fulfill the request are paid by the requestor, not the agency. By using an archaic, difficult to use system, they can legitimately make the costs of fulfilling FOIA requests prohibitively high. Thus they follow the letter of the law, though not the spirit.

      • More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

        Consequences? What, for the requester? I think we both know that nothing will happen. If it ever turns into a real scandal, the president will just say something stupid about George Zimmerman, wait for everyone to go insane, rinse, repeat.

      • by crath ( 80215 )

        More likely a case of somebody lying to get around a FOIA request,...

        I agree. Telling porkies is their specialty.

        ... for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

        Now you're dreaming in Technicolor. The liar might get a promotion for their behavior, but there certainly won't be any negative consequences.

      • "More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations."

        Agreed. It's either BS, or (literally criminal) incompetence. Based on what we have been told so far, I would have to guess BS.

      • by mendax ( 114116 )

        This comment is spot on. This is a blatant lie by the NSA and National Geographic should be lining up their expert witnesses to back up such a claim in order to get the judge to force the NSA to "create" such a capability.... quickly. A computer-savvy high school kid can build an e-mail system search tool. There is no reason why someone at the NSA can't do something similar in a short period of time.

    • by houghi ( 78078 )

      I would call it a human problem. Many parents tell their kids not to smoke, while they do so themselves. Same will go for driving under influence. People telling their SO not to cheat on them, while they do so themselves.

      I am sure you can find many more examples.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      it is a government problem.

      Government is a problem that has never been a solution to anything but other governments and the failures of society. In shrot, it is a self-propogating problem. It is merely a patch for the failures of society. The bigger the government the more screwed up society is and one condition mirrors the other. "That which governs the best governs the least." Therein true anarchy (anarchy being a purposely corrupted word as used today, much like "hacker" or "liberal" etc ) would be best,

  • by TWiTfan ( 2887093 ) on Wednesday July 24, 2013 @10:14AM (#44370445)

    FTFY

    • by interkin3tic ( 1469267 ) on Wednesday July 24, 2013 @10:49AM (#44370845)
      It's pretty shocking that after having been caught lying to congress about the program, they're STILL LYING ABOUT IT. They must not think much of us. I guess they've been reading all our e-mails, they probably know us pretty well and are right to think that we'll let it slide.
    • I'm still going with "can't".

      If they were asked to produce all relevant correspondence then a simple search algorithm won't be relyable enough.
      If that is the case and that's how they interpret that request then it is further proof that red tape is thicker than their mission statement. Cooperation looks differently. This is a bureaucracy trying to weather a storm. And this is why the NSA should be dismantled and their place should be taken by somebody who understands their mission and takes it a little bi
  • umm (Score:4, Funny)

    by easyTree ( 1042254 ) on Wednesday July 24, 2013 @10:14AM (#44370449)

    var irony = UInt64.MaxInt;

  • Right... (Score:5, Insightful)

    by sjbe ( 173966 ) on Wednesday July 24, 2013 @10:15AM (#44370461)

    The NSA says that there is no central method to search its own email.

    [cough] Bullshit [/cough]

    • Well there is, but they'd have to kill you if they tell you about it.
    • by TWX ( 665546 )
      Yeah... Perhaps a congresscritter should ask during a joint committee meeting, and if this answer is provided, the individual should be held for being In Contempt of Congress...
    • Do they license their email system? It may the only one in the world secure FROM them.

    • by Tom ( 822 )

      Yes and no.

      This is political. There are two possibilities here: Either, the guy who said that is an old-school politician, or he is of the new breed.

      The new breed outright lies to you, straight into your face. That's the kind of people that run our governments today.

      The old-school guys, however, will not lie. Well... not outright. In this case, he would say something that is technically the truth. For example, if they have several seperate and independent internal mailing systems - which is quite likely giv

  • Don't worry. (Score:5, Interesting)

    by auric_dude ( 610172 ) on Wednesday July 24, 2013 @10:15AM (#44370469)
    I'm sure GCHQ https://www.gchq.gov.uk/Pages/homepage.aspx [gchq.gov.uk] will search your mail and that CESG https://www.gchq.gov.uk/AboutUs/Pages/CESG.aspx [gchq.gov.uk] will advise you on how to fix your problem.
  • by Anonymous Coward on Wednesday July 24, 2013 @10:15AM (#44370473)

    Maybe they should run all their internal email through their PRISM system, that way it can be searched for keywords and META data much easier. Problem solved.

    • No doubt a trusting agency such as that would already be scanning their internal emails looking for leaks.
    • Maybe they should use the PRISM system to search the inbox of National Geographic for emails from the NSA. These should be in the system already.
  • Suuuuure (Score:4, Insightful)

    by Anonymous Coward on Wednesday July 24, 2013 @10:17AM (#44370503)

    That's such a line of shit.

    It's not that they cannot search their emails. It's that they have chosen to not create a search mechanism, because they have found this excuse is accepted by the courts to deny information requests. They will use every trick available to them to avoid adhering to laws they don't like.

    Do you really believe anything they say?

    • People seem to be all worked up about the use of the word "can't".

      It's a perfectly legitimate, honest, non-fibbing word to use in this context. The context being "We can't be arsed to search that email."

      Like I said, perfectly appropriate in context.

    • It costs money to build that search mechanism. And you would basically only be doing it to fill FOIA or subpoena requests. It's hard to justify spending the scratch for the benefit of outside agencies.
  • by Anonymous Coward

    I suspect the real reason is that they don't want to, not that they can't. In the NSA's defense, when an organization works with highly compartmentalized information, having the ability to scan all employees' email is not wise from a security perspective.

    • Even the government is not stupid enough to run multiple Exchange servers within the same intranet. They probably run a version of Exchange with some add-ons they bought from Microsoft to handle classification controls. Even with multiple Exchange servers, in order for e-mail to actually be sent between subnets, they need to be connected. NSA is 30,000+ people, so we're talking about a cloud (hate that word) environment for managing that many e-mails. Querying for data from the "cloud" is not complicate

      • Plus let us consider how many of those 30,000+ people are not analysts or anything of the sort.

        Indeed. While I'd expect the NSA to generally have it's stuff together, everybody needs to realize that large organizations can have varying levels of competence(and incompetence) in varying areas and tasks.

        For the NSA, the lion's share of it's resources goes towards providing security and exploiting security holes. It has multiple 'defensive'(not in the news much) and 'offensive'(been in the news much more) cells, and they tend to not talk to each other. You have the mentioned admin people, but they're

      • by datavirtue ( 1104259 ) on Wednesday July 24, 2013 @11:04AM (#44370999)

        The only thing they have to hide is how little they actually do at work.

        You've obviously have never worked in government. There is no need to hide how little you actually do--furthermore, working hard or working extra will ultimately get you in trouble (we call it "getting your hand slapped").

    • by djmurdoch ( 306849 ) on Wednesday July 24, 2013 @10:33AM (#44370673)

      Suppose that instead of "National Geographic", someone at the NSA wanted to search every email that was sent to Snowden's Gmail account from within the NSA.

      Do you think they would be able to do that? Not being able to do that sounds like a security problem.

      • Suppose that instead of "National Geographic", someone at the NSA wanted to search every email that was sent to Snowden's Gmail account from within the NSA.

        Do you think they would be able to do that? Not being able to do that sounds like a security problem.

        I thought their excuse was that they could do a search for a single email address, just not a complete domain. So snowden@nsacontractor.com would work, but *@natgeo.org wouldn't.

        Others seem to be arguing that they're saying that they can only search against one employee as well.

        • Seems then that a simple script run against a dump of the account names would work.

        • Now that you've revealed this hole in NSA security, they'll be after you. Those damn spies are going to sign up for their own domain names, and send their secrets to a different username @stolensecrets.com every time!

    • having the ability to scan all employees' email is not wise from a security perspective.

      NOT having the ability to scan email is not wise from a security perspective. If someone is doing something they ought not to be doing, exactly how is the NSA going to find out? They claim they need this ability to find out if civilians are dangerous so why would the same logic not apply to their internal operations? Makes NO sense whatsoever.

  • Isn't this pretty much what privacy adocates have advised for years? The NSA is one of the groups gathering people's data against their will. If anyone knows what possibilities to avoid if you don't want people in your data, it's them.

  • Snowden didn't seem to have a problem finding information. Maybe they just need a contractor to come in and do it for them...

    • by 1s44c ( 552956 )

      Snowden didn't seem to have a problem finding information. Maybe they just need a contractor to come in and do it for them...

      It is highly unlikely that Snowden knows everything the NSA is involved in. The stuff he released might be inflamatory but there will be plenty more he never knew about.

      • by Salgak1 ( 20136 )

        Indeed. To release something, you need to know it exists in the first place. We've all heard tales of programs that don't, officially, exist. I'm sure all the Intelligence agencies have a plethora of them, but you could never prove it. Which is kind of the point of such programs. . . .

        Yep. The Men in Black have the data, and the NSA is THEIR cover (grin)

  • by gman003 ( 1693318 ) on Wednesday July 24, 2013 @10:21AM (#44370547)

    If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency. This is like a Navy that can't figure out how to dock a battleship, or a tax agency that doesn't know what all the valid exemptions are. Complete and utter incompetence.

    What's saddest is that this almost certainly isn't true. They've got these capabilities. They're just trying to hide something ("everything" qualifies as something, for their purposes). *Maybe* they're telling the truth, if they've got some custom, highly-encrypted system where emails can only be decrypted by the users. But that doesn't seem like the phrasing used here.

    What's saddest is that "we're completely fucking incompetent" is not just the excuse they went with, but that it actually works.

    • by 1s44c ( 552956 ) on Wednesday July 24, 2013 @10:35AM (#44370703)

      If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency.

      Not an option. The NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government. Nobody will oppose those who could end their career in a few keystrokes. ...Or maybe I'm just paranoid.

      • If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency.

        Not an option. The NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government. Nobody will oppose those who could end their career in a few keystrokes. ...Or maybe I'm just paranoid.

        I'm sure some oppose those who could end their career in a few keystrokes... you just haven't heard about those people for obvious reasons.

      • he NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government.

        I would like to believe that there are at least a couple members of government for which a portfolio containing that sort of data would be empty. The idea that of the hundreds of congressmen and senators, that none of them at all have avoided committing these serious violations of the law just doesnt seem reasonable. Its reasonable to suppose that most of them are guilty of serious violations of the law, but not all of them.

      • by houghi ( 78078 )

        Paranoid would be nice, because then you only THINK they are following you. However they ARE actually following you.

        • by 1s44c ( 552956 )

          Paranoia doesn't not exclude the possibility that they really are after you.

          Next we find out that the X-files was based on deliberately leaked government files just to discredit the truth if it ever came out, and that FEMA really is planning a government takeover real soon now.

    • by Anonymous Coward

      They may have some sort of distributed email system, based on something old / classified. Think of it from NSA's side for a moment. You have this network of people with some of the most secret stuff in the US, and you are in charge of designing an email system. You're worried that someone could gain access to the servers, maybe even physical access, and you want to minimize such damage if it happens.

      I could easily imagine that each person or workgroup would have physically separated mail servers.

    • Anything can be done with digital information, but if they have to hire a contractor to do it or even write a script they can say it inaccessible for FOIA purposes.

    • What makes you think this is incompetence? It actually may well be competence in bullshitting the people.
    • by Jmc23 ( 2353706 )

      What's saddest is that "we're completely fucking incompetent" is not just the excuse they went with, but that it actually works.

      Not sure if you've noticed, but that's been the US governments MO for decades for hiding their true purposes.

    • If I were in charge,

      I've found that most of the time when someone begins a statement with "If I were..." they usually continue to describe one of the reasons they aren't. The people in charge are fully comlicit with what the NSA is doing. The NSA are the ones keeping them in charge.

    • by Tom ( 822 )

      *Maybe* they're telling the truth, if they've got some custom, highly-encrypted system where emails can only be decrypted by the users.

      Incredibly unlikely. The NSA would be the #1 top candidate for a list of "organisations that know what key escrow is for".

      If you work in the intelligence sector, you should understand that people can go missing or become no-longer-trustworthy very unexpectedly and you definitely do not want to lose access to their data. And in the later case, you absolutely want access to their data, especially communications, to check if they did any damage and what they knew.

  • It's time for Congress to disassemble this agency. Their track record of protecting the American public is horrible.

    • Disassemble? No disassemble Johnny 5!

    • That is probably one of the dumbest comments I've seen on slashdot for some time. It's like one of those comments you would see on YouTube or something. I'm no fan of government anything, but to say that the NSA has a terrible track record of protecting the American public is just stupid.

  • Epic Fail (Score:5, Insightful)

    by jebus187 ( 1629435 ) on Wednesday July 24, 2013 @10:23AM (#44370569)
    What a bunch of lying douches.
  • Too incompetent to be transparent, then too incompetent to have power like with Prism.
  • Lie, lie, lie, until you get caught, 'cause there's nothing to lose and everything to gain.

  • .. but ends up as truth.

    Seriously though, the NSA is directly involved in lying to Congress. Do you think they would have any system that would allow easy discoverability of their misdeeds? I am sure their processes are in place to make any type of lawsuit or congressional oversight as difficult as possible.

    Of course, any results this poor fellow would have received anyway would be just pages and pages of blacked out text with the headers and footers as they only "public" information.

    • Congress cannot fire him, only the president can do that.

      And don't hold your breath waiting for impeachment.

  • NSA (Score:4, Insightful)

    by Anonymous Coward on Wednesday July 24, 2013 @10:38AM (#44370723)

    NSA doesn't fund their operations primarily with drug running anymore. Insider trading is the best source of funding. And they have all the information they need to do this.

    • NSA drug running? Really? I thought that is what the CIA does to top up the slush fund. That and arms trading. Who know how many Libyan small arms they've just acquired for future distribution when they need deniability.
  • Or whatever large glob of crap they store the email in. They do have servers, right? Somewhere on those servers is a file, RAID array, partition, SAN or JBOD, Most likely encrypted. Hand over the disks, the encryption keys and whatever else is needed to access that Metatdata.

    Have the court appoint someone approved by the EFF to sign an NDA/Gag order/whatever and sift through the Metadata removing items which are of key importance. If those top brass military brats think they are above the law, go around

  • Does a good job tracking emails....

  • Not wanting to or it being hard isn't an excuse to not comply with a valid FOIA request. Finding email correspondence is a pretty routine thing that they should be able to handle. If we truly had checks and balances in the system they would be punished for failure to comply.
  • by Chelloveck ( 14643 ) on Wednesday July 24, 2013 @11:22AM (#44371229) Homepage

    I can see one way in which this might be both true and proper. If each account was individually encrypted with keys that only the users had, what they're saying would be completely true. And I think it would be completely proper and even laudatory to run an email system that way. They could search individual accounts by having the users decrypt them, but they couldn't do a wholesale search of the entire email system. This is the way email should be!

    A somewhat more likely approach would be that by policy, users are not allowed to keep email on the server. All email must be downloaded or deleted. No online folders, ridiculously small INBOX quotas, maybe a read-once policy where as soon as the mail is retrieved the server auto-deletes it. I can actually understand this being done; I've worked with corporate lawyers who would love to have the email system set up this way for the express purpose of defeating global searches. Anything can be twisted and used against you, so save nothing, leave no evidence. I certainly don't agree with that mindset, but I've worked with people who are like that.

    Not that I think it actually is done either of those ways. I think it's far more likely that they're simply lying and refusing to comply. It's probably simply policy to refuse such blanket FOIA requests, and there's undoubtedly a clause buried in the FOIA itself that allows them to require that requests be specific and narrow. You know, in the way that searches of private individuals are supposed to be.

  • The NSA flipping their finger at you looks like.

  • The working phrase here is: "Plausible Deniability", kinda like: "Above The Law".
  • They could be lying, or their system could be deliberately designed this way, to limit the amount of information a mole could find.

  • Thus NSA demonstrating, in the digital era, "quis custodiet ipsos custodes". A little bit scary because it raises the question, if the NSA empowers its people to such a degree, but there is not even a similar capacity within the organization to police itself, is there then a potential for abuses on an individual level? Have such individual abuses occured?
  • The NSA should simply host their email with Google and it will be instantly searchable through PRISM.

    Infact the NSA should compete with google and offer its own free email and search engine, PRISM. Just PRISM it!

    • Who do you think wrote gmail?
      I am reading a spy novel at the moment that relies a lot on email intercepts to move the story along. I was thinking to myself that a great way to get all the "bad guys" email would be to create a free "anonymous" email service, or get someone else to do it for you.
      Since this book is mostly concerned with middle eastern terrorists I thought they could call it: Allahmail

Many aligators will be slain, but the swamp will remain.

Working...