Tuesday, December 10, 2013

NSA’s Three Degrees of Phone Separation

I’ve been thinking about the NSA’s Three-Hop Rule. This is the law that allows it to monitor your phone calls without judicial review. It is not that it is so hard for the NSA to get a court’s approval to monitor someone’s phone calls. I have to assume, as a blogger who writes regularly about sensitive topics ranging from the health dangers of nuclear waste to the radio boycott of the Dixie Chicks, that the NSA has court approval to monitor my phone calls specifically. Of course, I don’t know that, and if I did know, it would be a felony for me to say it, but it seems a safe assumption. It is certainly not much of a stretch to imagine given the estimates that the NSA has obtained approval to monitor a few million specific individuals. Once it has court approval to monitor a person, the Three-Hop Rule allows the NSA to monitor all phone lines within three degrees of separation of that person’s phone lines, looking back apparently over a five-year period of phone records. This gives each court order — and remember, there are millions of such orders — a broad reach that includes almost everyone who talks on the phone.

Let’s start with me as a hypothetical case. There are several patterns in my phone calling that probably put you within two hops of me.

  • I have used several phones in recent years: cell phone, desk phone, etc.
  • I place calls to banks, insurance companies, and retail stores. If you have ever called the same banks, insurance companies, and retail stores, you are two hops away from me.
  • Occasionally other people use my phones, calling many more numbers that I would never call myself.
  • I place calls over the Skype network. Skype calls go out over a limited set of phone numbers, so if you have ever received a Skype phone call — and there would be no way for you to tell, since they are just ordinary phone calls — there is a strong chance that you are just one hop away from me, according to the NSA rules.
  • I receive calls from political pollsters and robo-calls from Republican political candidates. These calls originate from a mere handful of phone numbers, so if you are a registered U.S. voter, it is all but certain that you are two phone network degrees of separation from me.
  • Spam fax services place calls to my cell phone. If you have ever picked up the phone to hear fax tones, then you are two hops away from me.

Here we already have at least 300 million U.S. phone numbers, and remember, I am only talking about a single court order, and there are millions of secret court orders, and only two hops, when the rule allows three hops. When you go to three hops, to add in everyone who knows anyone in the two-hop group, it is hard to imagine how a phone number could be off limits to the NSA.

I used myself as a starting point for this analysis, but that is just a gimmick. The spam fax services are key to this analysis because they call, along with many other phone numbers, every business in the country. This means if you have ever called a business, or if a business has ever called you, you are two hops away from most of the country.

The Three-Hop Rule, then, means that the NSA has the legal authorization to monitor probably every phone in the United States and the vast majority of phones in the world. It is no wonder that some observers have suggested that the law that allows this broad collection of data is reaching too far.