NSA Can't Search Its Own Email

cycoj writes "The NSA says that there is no central method to search its own email. When asked in a Freedom of Information Act request for emails with the National Geographic Channel over a specific time period, the agency, which has been collecting and analyzing the data of hundreds of millions of Internet users, says it can only perform person-per-person searches on its own email."

big surprise

[Sparticus789]

Perfect example of "do as I say, not as I do". But this isn't just a NSA problem, it is a government problem.

Re:big surprise

[Anonymous Coward]

More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

Re:big surprise

[rickb928]

Consequences. They're cute when they say that.

Re:big surprise

[Sancho]

FOIA does not require that you make it easy to comply with FOIA requests. Nothing in there says you have to have globally searchable e-mail or document storage, in fact. And the costs to fulfill the request are paid by the requestor, not the agency. By using an archaic, difficult to use system, they can legitimately make the costs of fulfilling FOIA requests prohibitively high. Thus they follow the letter of the law, though not the spirit.

Re:

[ttucker]

More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

Consequences? What, for the requester? I think we both know that nothing will happen. If it ever turns into a real scandal, the president will just say something stupid about George Zimmerman, wait for everyone to go insane, rinse, repeat.

Re:

[crath]

More likely a case of somebody lying to get around a FOIA request,...

I agree. Telling porkies is their specialty.

... for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations.

Now you're dreaming in Technicolor. The liar might get a promotion for their behavior, but there certainly won't be any negative consequences.

Re:

[Jane Q. Public]

"More likely a case of somebody lying to get around a FOIA request, for which there will be consequences. All government agencies have very strict regulations concerning record keeping and FOIA, with jail time possible for anyone who fails to abide by those regulations."

Agreed. It's either BS, or (literally criminal) incompetence. Based on what we have been told so far, I would have to guess BS.

Re:

[mendax]

This comment is spot on. This is a blatant lie by the NSA and National Geographic should be lining up their expert witnesses to back up such a claim in order to get the judge to force the NSA to "create" such a capability.... quickly. A computer-savvy high school kid can build an e-mail system search tool. There is no reason why someone at the NSA can't do something similar in a short period of time.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

it is a government problem.

Government is a problem that has never been a solution to anything but other governments and the failures of society. In shrot, it is a self-propogating problem. It is merely a patch for the failures of society. The bigger the government the more screwed up society is and one condition mirrors the other. "That which governs the best governs the least." Therein true anarchy (anarchy being a purposely corrupted word as used today, much like "hacker" or "liberal" etc ) would be best,

Re:

[rullywowr]

Probably using Lotus Notes r7. Search function blows.

NSA *Won't* Search Its Own Email

[TWiTfan]

FTFY

Re:NSA *Won't* Search Its Own Email

[interkin3tic]

It's pretty shocking that after having been caught lying to congress about the program, they're STILL LYING ABOUT IT. They must not think much of us. I guess they've been reading all our e-mails, they probably know us pretty well and are right to think that we'll let it slide.

Re:NSA *Won't* Search Its Own Email

[TWiTfan]

Why wouldn't they continue to lie? Congress, the President, and the American public have made it abundantly clear that there will be no consequences for lying. So, why not?

Re:

[shentino]

Correction.

They are right to think that their buddies in DC will protect them and that we can't do shit about it.

Re:

[bfandreas]

I'm still going with "can't".

If they were asked to produce all relevant correspondence then a simple search algorithm won't be relyable enough.
If that is the case and that's how they interpret that request then it is further proof that red tape is thicker than their mission statement. Cooperation looks differently. This is a bureaucracy trying to weather a storm. And this is why the NSA should be dismantled and their place should be taken by somebody who understands their mission and takes it a little bi

Exchange

[daninaustin]

There are lots of products that do this for exchange. I would bet that it's a security issue or they just don't want the feature.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Karl Cocknozzle]

There are lots of products that do this for exchange. I would bet that it's a security issue or they just don't want the feature.

For that matter, it does it out of the box and has for several years and revisions...

Re:

[meta-monkey]

Citizen, you seem upset.

"Upset" is a condition in which one's reality is found to not match one's expectations. Frequently because of faulty expectations.

Now, what mistaken expectation did...ah, yes, here:

They're EMPLOYEES OF OURS, not our masters

Wherever did you get that idea, Citizen?

umm

[easyTree]

var irony = UInt64.MaxInt;

Re:

[easyTree]

Arguably. Let me just run a quick hadoop query over every email with a north american correspondent to get a feel for the consensus.

Right...

[sjbe]

The NSA says that there is no central method to search its own email.

[cough] Bullshit [/cough]

Re:

[mapsjanhere]

Well there is, but they'd have to kill you if they tell you about it.

Re:

[TWX]

Yeah... Perhaps a congresscritter should ask during a joint committee meeting, and if this answer is provided, the individual should be held for being In Contempt of Congress...

Re:Right...

[NatasRevol]

I think you forget that they're on the same side. That ain't gonna happen.

Re:

[dkleinsc]

Yup: They won't use Contempt of Congress to deal with this, which is why I have Contempt for Congress.

Re:Right...

[runeghost]

The Director of the NSA has openly admitted he lied to Congress, and his punishment is... nothing. Not even harsh language, much less prosecution or losing his job.

Re:

[ColdWetDog]

OK, the comfy chair it is!

Re:

[shentino]

That's because only the President can actually fire him.

For Congress to get rid of him, he has to be impeached.

As for prosecution, the President is also head of the DOJ that would be in charge of prosecuting him.

Do they license their email system?

[Dareth]

Do they license their email system? It may the only one in the world secure FROM them.

Re:

[Tom]

Yes and no.

This is political. There are two possibilities here: Either, the guy who said that is an old-school politician, or he is of the new breed.

The new breed outright lies to you, straight into your face. That's the kind of people that run our governments today.

The old-school guys, however, will not lie. Well... not outright. In this case, he would say something that is technically the truth. For example, if they have several seperate and independent internal mailing systems - which is quite likely giv

Don't worry.

[auric_dude]

I'm sure GCHQ https://www.gchq.gov.uk/Pages/homepage.aspx [gchq.gov.uk] will search your mail and that CESG https://www.gchq.gov.uk/AboutUs/Pages/CESG.aspx [gchq.gov.uk] will advise you on how to fix your problem.

what is good for the goose is good for the gander

[Anonymous Coward]

Maybe they should run all their internal email through their PRISM system, that way it can be searched for keywords and META data much easier. Problem solved.

Re:

[g0bshiTe]

No doubt a trusting agency such as that would already be scanning their internal emails looking for leaks.

Re:

[Zorpheus]

Maybe they should use the PRISM system to search the inbox of National Geographic for emails from the NSA. These should be in the system already.

Suuuuure

[Anonymous Coward]

That's such a line of shit.

It's not that they cannot search their emails. It's that they have chosen to not create a search mechanism, because they have found this excuse is accepted by the courts to deny information requests. They will use every trick available to them to avoid adhering to laws they don't like.

Do you really believe anything they say?

Re:

[idontgno]

People seem to be all worked up about the use of the word "can't".

It's a perfectly legitimate, honest, non-fibbing word to use in this context. The context being "We can't be arsed to search that email."

Like I said, perfectly appropriate in context.

Re:

[ImprovOmega]

It costs money to build that search mechanism. And you would basically only be doing it to fill FOIA or subpoena requests. It's hard to justify spending the scratch for the benefit of outside agencies.

"Can't" vs. "Don't Want To"

[Anonymous Coward]

I suspect the real reason is that they don't want to, not that they can't. In the NSA's defense, when an organization works with highly compartmentalized information, having the ability to scan all employees' email is not wise from a security perspective.

Re:

[Sparticus789]

Even the government is not stupid enough to run multiple Exchange servers within the same intranet. They probably run a version of Exchange with some add-ons they bought from Microsoft to handle classification controls. Even with multiple Exchange servers, in order for e-mail to actually be sent between subnets, they need to be connected. NSA is 30,000+ people, so we're talking about a cloud (hate that word) environment for managing that many e-mails. Querying for data from the "cloud" is not complicate

Re:

[Firethorn]

Plus let us consider how many of those 30,000+ people are not analysts or anything of the sort.

Indeed. While I'd expect the NSA to generally have it's stuff together, everybody needs to realize that large organizations can have varying levels of competence(and incompetence) in varying areas and tasks.

For the NSA, the lion's share of it's resources goes towards providing security and exploiting security holes. It has multiple 'defensive'(not in the news much) and 'offensive'(been in the news much more) cells, and they tend to not talk to each other. You have the mentioned admin people, but they're

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:"Can't" vs. "Don't Want To"

[djmurdoch]

Suppose that instead of "National Geographic", someone at the NSA wanted to search every email that was sent to Snowden's Gmail account from within the NSA.

Do you think they would be able to do that? Not being able to do that sounds like a security problem.

Re:

[Em Adespoton]

Suppose that instead of "National Geographic", someone at the NSA wanted to search every email that was sent to Snowden's Gmail account from within the NSA.

Do you think they would be able to do that? Not being able to do that sounds like a security problem.

I thought their excuse was that they could do a search for a single email address, just not a complete domain. So snowden@nsacontractor.com would work, but *@natgeo.org wouldn't.

Others seem to be arguing that they're saying that they can only search against one employee as well.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[djmurdoch]

Now that you've revealed this hole in NSA security, they'll be after you. Those damn spies are going to sign up for their own domain names, and send their secrets to a different username @stolensecrets.com every time!

Doesn't add up

[sjbe]

having the ability to scan all employees' email is not wise from a security perspective.

NOT having the ability to scan email is not wise from a security perspective. If someone is doing something they ought not to be doing, exactly how is the NSA going to find out? They claim they need this ability to find out if civilians are dangerous so why would the same logic not apply to their internal operations? Makes NO sense whatsoever.

Smart design.

[intermodal]

Isn't this pretty much what privacy adocates have advised for years? The NSA is one of the groups gathering people's data against their will. If anyone knows what possibilities to avoid if you don't want people in your data, it's them.

Get Snowden to do it

[charnov]

Snowden didn't seem to have a problem finding information. Maybe they just need a contractor to come in and do it for them...

Re:

[1s44c]

Snowden didn't seem to have a problem finding information. Maybe they just need a contractor to come in and do it for them...

It is highly unlikely that Snowden knows everything the NSA is involved in. The stuff he released might be inflamatory but there will be plenty more he never knew about.

Re:

[Salgak1]

Indeed. To release something, you need to know it exists in the first place. We've all heard tales of programs that don't, officially, exist. I'm sure all the Intelligence agencies have a plethora of them, but you could never prove it. Which is kind of the point of such programs. . . .

Yep. The Men in Black have the data, and the NSA is THEIR cover (grin)

And we accept this excuse?

[gman003]

If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency. This is like a Navy that can't figure out how to dock a battleship, or a tax agency that doesn't know what all the valid exemptions are. Complete and utter incompetence.

What's saddest is that this almost certainly isn't true. They've got these capabilities. They're just trying to hide something ("everything" qualifies as something, for their purposes). *Maybe* they're telling the truth, if they've got some custom, highly-encrypted system where emails can only be decrypted by the users. But that doesn't seem like the phrasing used here.

What's saddest is that "we're completely fucking incompetent" is not just the excuse they went with, but that it actually works.

Re:And we accept this excuse?

[1s44c]

If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency.

Not an option. The NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government. Nobody will oppose those who could end their career in a few keystrokes. ...Or maybe I'm just paranoid.

Re:

[Em Adespoton]

If I were in charge, and the agency responsible for technological espionage and information security told me they couldn't search through their own emails, I would fire them. Every single one of them. Bam. Agency dissolved, someone go think of a new TLA for the new agency.

Not an option. The NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government. Nobody will oppose those who could end their career in a few keystrokes. ...Or maybe I'm just paranoid.

I'm sure some oppose those who could end their career in a few keystrokes... you just haven't heard about those people for obvious reasons.

Re:

[Rockoon]

he NSA has a portfolio of affairs, abuses of power, criminal behavior, tax fraud, drug abuse, etc. on every member of the government.

I would like to believe that there are at least a couple members of government for which a portfolio containing that sort of data would be empty. The idea that of the hundreds of congressmen and senators, that none of them at all have avoided committing these serious violations of the law just doesnt seem reasonable. Its reasonable to suppose that most of them are guilty of serious violations of the law, but not all of them.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[1s44c]

Paranoia doesn't not exclude the possibility that they really are after you.

Next we find out that the X-files was based on deliberately leaked government files just to discredit the truth if it ever came out, and that FEMA really is planning a government takeover real soon now.

Re:

[Anonymous Coward]

They may have some sort of distributed email system, based on something old / classified. Think of it from NSA's side for a moment. You have this network of people with some of the most secret stuff in the US, and you are in charge of designing an email system. You're worried that someone could gain access to the servers, maybe even physical access, and you want to minimize such damage if it happens.

I could easily imagine that each person or workgroup would have physically separated mail servers.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: And we accept this excuse?

[SpaghettiPattern]

What makes you think this is incompetence? It actually may well be competence in bullshitting the people.

Re:

[Jmc23]

What's saddest is that "we're completely fucking incompetent" is not just the excuse they went with, but that it actually works.

Not sure if you've noticed, but that's been the US governments MO for decades for hiding their true purposes.

Re:

[SleazyRidr]

If I were in charge,

I've found that most of the time when someone begins a statement with "If I were..." they usually continue to describe one of the reasons they aren't. The people in charge are fully comlicit with what the NSA is doing. The NSA are the ones keeping them in charge.

Re:

[Tom]

*Maybe* they're telling the truth, if they've got some custom, highly-encrypted system where emails can only be decrypted by the users.

Incredibly unlikely. The NSA would be the #1 top candidate for a list of "organisations that know what key escrow is for".

If you work in the intelligence sector, you should understand that people can go missing or become no-longer-trustworthy very unexpectedly and you definitely do not want to lose access to their data. And in the later case, you absolutely want access to their data, especially communications, to check if they did any damage and what they knew.

Re:

[Meneth]

Mod parent +1 Insightful.

Re:

[johnny cashed]

As experts in security and infomration gathering, maybe the NSA knows how to keep their email compartmentalized and secure from being searched, even by their own people.

That is what I first thought. They want to compartmentalize internal emails to keep things compartmentalized. +1 indeed sir!

Re:

[johnny cashed]

And this may yet expose a flaw in deep compartmentalization. Should there be a super-user who can do such searches? Maybe someone that has to get keys from other users to do such a search. I would assume every employee can search their own email. National Geo. could certainly know which employees exchanged email with the NSA, and narrow their request.

Remove funding, destr their systems, fire them all

[Picass0]

It's time for Congress to disassemble this agency. Their track record of protecting the American public is horrible.

Re:

[Sparticus789]

Disassemble? No disassemble Johnny 5!

Re:

[account_deleted]

Comment removed based on user account deletion

Epic Fail

[jebus187]

What a bunch of lying douches.

incompetence

[O('_')O_Bush]

Too incompetent to be transparent, then too incompetent to have power like with Prism.

Same ol' NSA protocol

[GameboyRMH]

Lie, lie, lie, until you get caught, 'cause there's nothing to lose and everything to gain.

Sounds like the Onion..

[sylivin]

.. but ends up as truth.

Seriously though, the NSA is directly involved in lying to Congress. Do you think they would have any system that would allow easy discoverability of their misdeeds? I am sure their processes are in place to make any type of lawsuit or congressional oversight as difficult as possible.

Of course, any results this poor fellow would have received anyway would be just pages and pages of blacked out text with the headers and footers as they only "public" information.

Re:

[shentino]

Congress cannot fire him, only the president can do that.

And don't hold your breath waiting for impeachment.

NSA

[Anonymous Coward]

NSA doesn't fund their operations primarily with drug running anymore. Insider trading is the best source of funding. And they have all the information they need to do this.

Re:

[johnny cashed]

NSA drug running? Really? I thought that is what the CIA does to top up the slush fund. That and arms trading. Who know how many Libyan small arms they've just acquired for future distribution when they need deniability.

Easy fix. Supply the Metadata then.

[sl4shd0rk]

Or whatever large glob of crap they store the email in. They do have servers, right? Somewhere on those servers is a file, RAID array, partition, SAN or JBOD, Most likely encrypted. Hand over the disks, the encryption keys and whatever else is needed to access that Metatdata.

Have the court appoint someone approved by the EFF to sign an NDA/Gag order/whatever and sift through the Metadata removing items which are of key importance. If those top brass military brats think they are above the law, go around

Smarsh

[raind]

Does a good job tracking emails....

being difficult is not an excuse

[Dale512]

Not wanting to or it being hard isn't an excuse to not comply with a valid FOIA request. Finding email correspondence is a pretty routine thing that they should be able to handle. If we truly had checks and balances in the system they would be punished for failure to comply.

I can see one way

[Chelloveck]

I can see one way in which this might be both true and proper. If each account was individually encrypted with keys that only the users had, what they're saying would be completely true. And I think it would be completely proper and even laudatory to run an email system that way. They could search individual accounts by having the users decrypt them, but they couldn't do a wholesale search of the entire email system. This is the way email should be!

A somewhat more likely approach would be that by policy, users are not allowed to keep email on the server. All email must be downloaded or deleted. No online folders, ridiculously small INBOX quotas, maybe a read-once policy where as soon as the mail is retrieved the server auto-deletes it. I can actually understand this being done; I've worked with corporate lawyers who would love to have the email system set up this way for the express purpose of defeating global searches. Anything can be twisted and used against you, so save nothing, leave no evidence. I certainly don't agree with that mindset, but I've worked with people who are like that.

Not that I think it actually is done either of those ways. I think it's far more likely that they're simply lying and refusing to comply. It's probably simply policy to refuse such blanket FOIA requests, and there's undoubtedly a clause buried in the FOIA itself that allows them to require that requests be specific and narrow. You know, in the way that searches of private individuals are supposed to be.

Sounds unbelievable

[ElitistWhiner]

Then it is.

this is what

[SlashDread]

The NSA flipping their finger at you looks like.

Working Phrase

[ThatsNotPudding]

The working phrase here is: "Plausible Deniability", kinda like: "Above The Law".

By design?

[goodmanj]

They could be lying, or their system could be deliberately designed this way, to limit the amount of information a mole could find.

Can't do `tail -f mbox`?

[FuzzNugget]

My ass

The Watcher

[znanue]

Thus NSA demonstrating, in the digital era, "quis custodiet ipsos custodes". A little bit scary because it raises the question, if the NSA empowers its people to such a degree, but there is not even a similar capacity within the organization to police itself, is there then a potential for abuses on an individual level? Have such individual abuses occured?

Simple fix...

[LoRdTAW]

The NSA should simply host their email with Google and it will be instantly searchable through PRISM.

Infact the NSA should compete with google and offer its own free email and search engine, PRISM. Just PRISM it!

Re:

[Capt.DrumkenBum]

Who do you think wrote gmail?
I am reading a spy novel at the moment that relies a lot on email intercepts to move the story along. I was thinking to myself that a great way to get all the "bad guys" email would be to create a free "anonymous" email service, or get someone else to do it for you.
Since this book is mostly concerned with middle eastern terrorists I thought they could call it: Allahmail

Re:sounds like they're running exchange

[jongalbreath]

As an Exchange administrator, I can say that searching across an entire mail database is absolutely possible, and also very simple to do from the Management Shell. They're either lying, or just don't want to do it.

Re:sounds like they're running exchange

[g0bshiTe]

I concur it's very simple to search across and pull user or timeframe emails. If they are like any other branches of the gov why are they not required to maintain backup copies of email? Wasn't there a big thing during the Clinton administration that resulted in Washington keeping emails on record after that?

Even if their server can't do it what about their backup repository.

Re:sounds like they're running exchange

[1s44c]

As an Exchange administrator, I can say that searching across an entire mail database is absolutely possible, and also very simple to do from the Management Shell. They're either lying, or just don't want to do it.

Of course it's possible with Exchange or with anything else for that matter. There is an exception to FOI requests where getting the information is expensive. What they mean is they can't do it within whatever small budget they allocate to serving FIO requests.

Re:

[shentino]

A budget that they make small on purpose.

Don't kid yourself, they are being difficult on purpose.

Re:

[morcego]

As an Exchange administrator, I can say that searching across an entire mail database is absolutely possible, and also very simple to do from the Management Shell. They're either lying, or just don't want to do it.

It is also possible on Notes, any Unix mailbox format (maildir, mbox, maildir+, w/e), and any other e-mail system I can think of.

Re:

[Attila Dimedici]

My inclination would be to believe that they have built their email system so that what they are saying is technically correct, but I would bet that is because they don't want to (of course, there is a significant chance that they are just lying). However, even if their email system does not technically allow them to search in the manner that they say it can't, there is almost certainly another way of doing so that would yield essentially the same results.

Re:

[ColdWetDog]

OK, fine.

Here's a solution: NSA takes their entire email database and dumps it out to Wikileaks.

We'll take it from there. Gratis.

Profit!

Re:

[ImprovOmega]

As an Exchange administrator, I can say that searching across an entire mail database is absolutely possible, and also very simple to do from the Management Shell. They're either lying, or just don't want to do it.

Also as an Exchange administrator, I can assure you that if your database is sufficiently large, such a request can *still* take forever to fill. You're basically looking at minimum 1 day per Terabyte of email. The interface is not quick, and it does crawl it mailbox by mailbox. Yes, you can do it with a single command, but it is prohibitive on staff time to setup/execute and lawyer time to redact the non-responsive bits.

Re:

[pipatron]

It could be that certain agencies are exempt from the law. For your own safety of course. It's better that you don't know.

Re:

[ArcadeX]

The bureaucracy is expanding to meet the needs of the expanding bureaucracy.

Re:

[minstrelmike]

Yeah this story sounds real. I am not seeing an accompanying article or evidence. Not saying it's not real, but it sounds like one of those government conspiracy theories like the government faked 9-11. Competent enough to stage 9-11 in front of cameras and people, with no one leaking it, then incompetent, for instance Snowden leaking information about the NSA. Who knows...

I suspect it is a very real FOIA excuse. Whether the excuse is valid or not is hard to say.
Within the bureaucracy, you can tell the FOIA officer your limitations and s/he sends them back to the requester.
Then it's on to step two: Natl Geog calling them full of congress and demanding information about their e-mail system (probably already available on a Chinese site).

And I'll bet the NSA is not lying.
I'll bet they have multiple different e-mail systems, all of them installed by different contractors at