Is the National Security Agency collecting and storing data on fewer telephone calls than we thought? So say reports in the Wall Street Journal, Washington Post, andNew York Times."Although intelligence officials have indicated since last summer that the National Security Agency was vacuuming up nearly every American telephone record for counter-terrorism investigations," the L.A. Times reports says the LA Times in its version, "officials acknowledged Friday that the spy agency collects data from less than a third of U.S. calls because it can't keep pace with cellphone usage."

That's a momentous development.

If true, virtually every news article and analysis piece you've read about the phone dragnet overstated how comprehensive it is. The L.A. LA Times story continues:

Rather than sweeping in all U.S. call records, officials said, the NSA is gathering toll records from most domestic land line calls, but is incapable of collecting those from most cellphone or Internet calls ... calls... The officials, who spoke on condition of anonymity because much of the program remains classified*, said they did not correct the public record because they did not want to tip off potential adversaries to obvious gaps in the coverage. "We didn't want to tell the bad guys to go out and get a cellphone," one senior intelligence official said.

What perplexes me is why anyone in the executive branch would want this out there. It there: it can't help but reflect poorly on the national-security national security state. If these stories are false, you understand, current and former U.S. officials are lying. And if the stories are true, even in a narrow, accurate-but-misleading sense? If the NSA really collects just a third of phone metadata and almost no cellphone cell metadata under Section 215? That would prove that important NSA overseers have little idea what's going on. It would prove that more effort needs to be put into oversight.

Think about it:

1) Numerous members of Congress, including legislators with a particular interest in surveillance issues (e.g., Justin Amash, James (e.g. Amash, Sensenbrenner, etc.) have operated for months now under the belief that data on virtually all calls is tracked under Section 215. As James Sensenbrenner put it in a letter to Eric Holder, "the administration has collected the details of every call made by every American, even though the overwhelming majority of these calls have nothing to do with terrorism." Is this widespread belief among legislators wrong, and if so, isn't that alarming?

What else don't they understand?

2) Two federal judges have ruled on the constitutionality Constitutionality of the Section 215 program, reaching opposite conclusions. But if you read their opinions, both of them believed that metadata was being gathered on virtually every telephone call in the United States, States., and that belief played a non-trivial role in their published opinions.

Here's Judge William H. Pauley, who ruled in the Obama Administration's favor (emphasis added):

This blunt tool only works because it collects everything. Such a program, if unchecked, imperils the civil liberties of every citizen. Each time someone in the United States makes or receives a telephone call, the telecommunications provider makes a record of when, and to what telephone number the call was placed, and how long it lasted. The NSA collects that telephony metadata. If plumbed, such data can reveal a rich profile of every individual as well as a comprehensive record of people's associations with one another.

In response to the unauthorized disclosure of the Secondary Order, the Government acknowledged that since May 2006, it has collected this information for substantially every telephone call in the United States, including calls between the United States and a foreign country and calls entirely within the United States.

Later in the opinion he says this:

The ACLU argues that the category at issue-all telephony metadata-is too broad and contains too much irrelevant infonnation. That argument has no traction here. Because without all the data points, the Government cannot be certain it connected the pertinent ones. As FISC Judge Eagan noted, the collection ofvirtually all telephony metadata is "necessary" to permit the NSA, not the FBI, to do the algorithmic data analysis that allow the NSA to determine "connections between known and unknown international terrorist operatives.

If the government now acknowledges that it has less than a third of the data points anyway, one of the judge's specific arguments against the ACLU falls apart.

And here's Judge Richard Leon, who ruled that the Section 215 metadata program is unconstitutional:

Straining mightily to find a reason that plaintiffs nonetheless lack standing to challenge the metadata collection, the Government argues that Judge Vinson's order names only Verizon Business Network Services as the recipient of the order, whereas plaintiffs claim to be Verizon Wireless subscribers. The Government obviously wants me to infer that the NSA may not have collected records from Verizon Wireless (or perhaps any other non-VBNS entity, such as AT&T and Sprint). Curiously, the Government makes this argument at the same time it is describing in its pleadings a bulk metadata collection program that can function only because it "creates an historical repository that permits retrospective analysis of terrorist-related communications across multiple telecommunications networks, and that can be immediately accessed as new terrorist-associated telephone identifiers come to light."

Put simply the government wants it both ways. Virtually all of the government's briefs and arguments to this Court explain how the Government has acted in good faith to create a comprehensive metadata database that serves as a potentially valuable tool in combatting terrorism–in which case, the NSA must have collected metadata from Verizon Wireless, the single largest wireless carrier in the United States, as well as AT&T and Sprint, the second and third-largest carriers. Yet in one footnote, the Government asks me to find that plaintiffs lack standing based on the theoretical possibility that the NSA has collected a universe of metadata so incomplete that the program could not possibly serve its putative function. Candor of this type defies common sense and does not exactly inspire confidence!

In a footnote, Judge Leon tries to capture how important the premise of a cell-phone inclusive, comprehensive dragnet is to the state's argument. "To draw an analogy," he writes, "if the NSA's program operates the way the Government suggests it does, then omitting Verizon Wireless, AT&T, and Sprint from the collection would be like omitting John, Paul, and George from a historical analysis of the Beatles. A Ringo-only database doesn't make any sense, and I cannot believe the Government would create, maintain, and so ardently defend such a system."

Wouldn't it be alarming if both of the federal judges who've ruled on these cases didn't have a core piece of factual information directly relevant to their opinions?

3) The Privacy and Civil Liberties Oversight Board, an independent executive branch agency, also reviewed the Section 215 program with access to classified data. Its Chairman, David Medine, gave written testimony to the House Judiciary Committee:

Detailed rules limit the NSA’s use of the telephone records it collects, and the Board’s report describes them at length. But while those rules offer many valuable safeguards designed to curb the intrusiveness of the program, in the Board’s view they cannot fully ameliorate the implications for privacy, speech, and association that follow from the government’s ongoing collection of virtually all telephone records of every American.

See the problem? If the latest Section 215 stories are true, people in all three branches of government, many with direct oversight responsibility and access to classified documents, were still ignorant about how the most well known NSA program works—ignorant works – ignorant in part because national-security national security officials misled them about the program.

Did whoever approved that anonymous leak realize that it would reveal NSA oversight to be inadequate, and make two judges, an executive-branch 2 judges, an executive branch overseer, and numerous legislators seem ignorant despite the security clearances that they enjoy?

__

_____

** For **For example:

• All seem to be referring to the bulk telephone metadata collection program allegedly authorized by Section 215 of the Patriot Act, though they're written in a way that makes it hard to tell. Could it be that the U.S. is collecting less metadata than was formerly thoughtunder that specific program, but is still collecting most U.S. cellphone cell phone metadata under a different authority, or else getting it from our surveillance partners at GCHQ?
• Why is this seemingly sanctioned leak coming out now?
• If U.S officials didn't want to tip off adversaries to gaps in the coverage, what changed?
• Seriously, "We didn't want to tell the bad guys to go out and get a cellphone"? How many terrorists were plotting from the land line at their home?
• By all accounts, the NSA believes it has a legal right to collect all cellphone cell phone metadata, and it has the desire to do so as well. Is it really plausible that they've just been leaving it untouched, given everything else we know about them? As I'll go on to explain, it contradicts so much of what we've been told.

I am unquestionably late to the party on Amulet, Kazu Kibuishi's young adult graphic novel series that kicked off in 2008 and has so far been serialized in five fantastic books. That's OK: it's a big world and there's plenty to read in it, and getting to Amulet this late merely meant that I had five books to inhale in one long session, which is, frankly, an amazing experience.

Amulet tells the story of Emily, a young girl whose family moves to her great-grandfather's tumbledown mansion after her father's tragic death. Shortly after their arrival, Emily and her mother and younger brother Navin find themselves in a parallel dimension where Emily's destiny awaits. Emily is descended from a line of "Stonekeepers," who are charged with protecting the alien world from mysterious forces, aided by gemstones that give them mystical powers, but also threaten to destroy them.

The first five volumes of Amulet are something of a marvel. They combine so many disparate elements that you'd swear it would all end up feeling like some kind of silly everything-but-the-kitchen-sink joke, but somehow, Kibuishi manages to give each element its due, so there's Star Wars-esque comedy droids; walking steampunk mecha houses, kaiju elves (who fight with walking steampunk houses!); aerial battles, anthropomorphic animals with swords; infinitely wise intelligent trees; brave zeppelin pilots; mystic secret societies; Ender's Game-style child pilots; and much more. But every single bit of it fits beautifully in an overall story that's mature without being too grown up for its kid audience.

I think a lot of it is down to the plot, which is a really keep-em-guessing affair. Even five volumes in, I'm still not sure who is trustworthy and who's secretly waiting to betray the heroes. On top of that, Kibuishi does some very nice things with the relationship of Emily and her brother to their mother -- sometimes they are rescuing their mother, sometimes they're reassuring her, sometimes they're being corrected, disciplined and led by her. I can't think of another child-adventure story where the presence of a parent is such a critical piece of how it moves along -- it's a wonderfully inventive change from the traditional kid-in-the-wilderness story, and somehow the presence of Emily's mother does not stop her from having her coming-of-age experiences.

Finally, there's the art, which is, well, genius. I loved Kibuishi's Explorer anthologies and had experienced his work there before, but that was just short stories. With multiple volumes to play with, Kibuishi isn't shy about letting the art speak for itself, with huge, double-page spreads, like the sky-eels and mecha/kaiju fight scenes above.

Five volumes may seem like a lot of reading to take on, but these ones flew past, and now I can't wait for volume six, which is apparently scheduled for next September.

The other thing I'm anticipating is my daughter getting just a little older: she turns six today, and she's still a bit too young for the series. I'm not worried about the complexity of the storyline, but I do think that some of the scenes might be too intense for her, especially the opening of volume one, which takes us through the trauma of a child watching as the car her father is trapped in falls over a cliff, killing him. As an adult, I found that scene hard to take, and I think I'll give it a year or two before I try it on the kid. You know the kids in your life best: judge accordingly, but don't err too far on the side of caution, as there is so very much here to love that it'd be a pity to needlessly deny a kid access to it all.

Amulet, vols 1-5

The New York Times has a 25-question, multiple choice survey about word usage and pronunciation (e.g., "How to you pronounce "aunt?").

I took the test and the pattern my dialect most closely matches is from Stockton, CA, Denver, or Aurora, CO. I was born in Denver and grew up nearby in Golden and Boulder. How well does the survey do in pinpointing where you grew up?

This animated gif of a chain-making machine is mesmerizing.

(Via Rafael R.)

The Chaos Computer Club's biometric hacking team has announced a successful attack on Apple's Iphone biometric fingerprint lock, using a variation on the traditional fingerprint-cloning technique. CCC's Starbug summarizes: "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access." Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown.

Chaos Computer Club breaks Apple TouchID (via Hacker News)