I'm Bill Binney, former NSA Tech Director. Worked for NSA 37 years. I know that you can have your liberty W/O sacrificing security! AMA.

What is the biggest threat to U.S. citizens? How can citizens combat it?

The biggest threat to U.S. citizens is the U.S. government.

Fire everyone in DC!

If I am anywhere in the USA, and am talking on my cellphone, can the government hear me? And are they recording? And can they use it against me at any time?

Yes. See the program Fairview.

https://upload.wikimedia.org/wikipedia/commons/b/b2/US-990_Fairview_Map_-_crop.jpg

Estimate of 80% collection of content (inc. text and audio) and metadata in the Upstream program.

https://en.wikipedia.org/wiki/Upstream_collection

So i've always wondered what employees thoughts are when asked to do questionable things like some of the stuff the NSA does. Back when you were an employee, what was the general consensus around the "office" when asked to create a civilian surveillance program?

Were your coworkers all gung-ho and convinced they were doing the right thing? Did they think it was awful, but it paid the bills? Or was it something that was just never discussed?

Most of them did not like the program and opposed it (Stellar Wind). But the vast population of NSA are ISTJ on the Myers Briggs scale, which means they are afraid to stand up and oppose things to avoid conflicts.

https://en.wikipedia.org/wiki/Myers%E2%80%93Briggs_Type_Indicator

Thank you for doing this. Out of curiosity, what is the oversight process for budgets and spending at the NSA?

Edit: word.

There is NO oversight of NSA spending! They are not audited at all.

What's your opinion on Deep Web, Tor and other untraceable internet-browsing systems?

Do you think a user is compelled to resort to such tools to protect their privacy and information?

Part of the Treasuremap program includes approx 1000 trace route programs embedded in switches and servers, to trace the route of packets through the network, and they are using this to attack Tor, which I believe they still have problems following.

Google the NSA program Treasuremap for more info.

Why didn't you ever leak anything? What do you think about Snowden and Manning?

Because I designed most of what they are using and I didn't think I needed to take anything with me and Congress knew I did.

I think they are both whistleblowers who have tried their best to defend the constitution and inform the public of things they need to know.

What can people do to protect themselves and attain as close to anonymity if they choose?

What do you think it will take for this issue to be raised on a political level with actual results instead of mere foot stomping and rhetoric? Would it matter if other countries didn't buy in and went full 1984 surveillance on its citizens.

Thank you for your time and for continuing to raise awareness to the public at large.

Use smoke signals! With NSA's budget of over $10bill a year, they have more resources to acquire your data than you can ever hope to defend against.

This has to be addressed in law and legislation. Call your local governmental representative and complain, otherwise, if you sit and do nothing... you are fucked!!!

Who are some other whistleblowers that you respect and honor for doing what they did?

Jesselyn Radack, Tom Drake, Kirk Wiebe, John Kiriakou, Julian Assange, Chelsea Manning, Jeffrey Stirling, Russ Tice... I cant remember them all. All the ones that the government has sent to jail to cover up their crimes.

[deleted]

No. the programs I worked on to put in place were based on behaviours and interactions with KNOWN individuals of interest, for criminal activity or terrorism. So you had to be associated with them to be looked at.

We had an auditing software that would audit who was doing what with the system. If they started targeting people outside of this, such as political dissenters, it would flag this. They wouldn't have been able to do "LOVEINT" or things like that.

Any targeting of data in the system had to be justified with reasons for adding them and conform with laws such as FISA and other regulations.

Would ThinThread be effective at all against encrypted data transmissions?

Yes. Its metadata based, which is not encrypted. Because thats what's used to route data through the system.

How efficient are these surveillance programs compared to classical police work in detecting and stopping unlawful actors?

The program answers in milliseconds, humans take much longer to find and take action, and the system verified data before executing. People dont necessarily do that. Example: drone strikes.

My question was more about how many actual threats are being detected by the programs, not about speed.

ThinThread was killed in 2001 and so is not producing any threat assessments now, but prior to that it was producing intel everyday on targets that were not terrorist related. All the programs currently in use by NSA have failed to produce results on anything, but are really good at bulk collection.

What is your opinion of the context-sensitive metadata collection efforts?

For example:

• You get a call from a STD testing center that lasts 3 minutes.
• You call your wife for 6 minutes
• You call your doctor for 20 minutes
• You call your wife for 12 minutes
• You call your doctor back for 4 minutes
• You call an AIDS information center for 26 minutes
• You call your wife back for 13 minutes

Is anyone confused about the discussion taking place? Enough metadata and the content of the conversations is largely irrelevant.

What you are talking about is transactional relationships within your community that suggests a certain problem, and yes they do do that kind of analysis.

1. If the US under so much of a threat that constant surveillance is necessary or is it just a "safe guard"?
2. Does the NSA track/servey anyone outside the US? (From Ireland)
3. Are OS's today "safe" from tracking and/or surveillance?

Bulk surveillance is not necessary to protect anybody. NSA tries to track everyone on the planet. google: the program Treasuremap. OS's are absolutely not safe!

[deleted]

Sorry I dont know.

Can you go into more detail about how ThinThread works? How did it protect privacy? What technology did it use? How is it different than the current metadata programs the NSA is using?

It protected privacy by encrypting attributes that identify people and filtering out and collecting ONLY specifically targeted data.

How would you recommend that people in tech give back to their country (eg: civic hacking, DoD contracting, going into US Digital Services, policy making, working for an agency)?

Im all for infiltration! And when you do that you bring with it your integrity and character.

How efficient was the identification of targets in ThinThread? It's a difficult balancing act in statistical data classification to achieve a high hit-rate (catch all the bad guys) AND a low false-alarm rate (don't single out any good guys as a bad guys).

It was built on reliable attributes used to route data through the network. That was metadata we used to do the selection and it was spot on.

[deleted]

Its evaluating a combination of factors; numbers such as IPV4, IPV6, MAC Numbers, User ID Service Provider, Phone Numbers and like factors and comparing to historical records to help verify accuracy.

In 2014, you and 27 other signatories of the Veteran Intelligence Professionals for Sanity sent a letter to German chancellor Angela Merkel telling her to be suspicious of U.S. intelligence regarding the alleged invasion of Russia in Eastern Ukraine.

1. Has this letter received any response from Chancellor Merkel? Do you have any fear for you and yours well being, regarding the US retaliating.

I hope you'll get to my questions but I most importantly want to thank you personally for your sacrifices and dedication to the world in exposing this destruction of our civil rights. I've watched you every time on DemocracyNow! and learned so much. Thank you.

edit: removed stupid part of question /s

1. No. Not that I know of.

Thanks!

Hello Mr. Binney and firstly, I want to thank you for everything you have done.

The Nation magazine quotes you saying that "the United States has created a police state with few parallels in history" and a direct quote from you as “It’s better than anything that the KGB, the Stasi, or the Gestapo and SS ever had.” Can you expound this a little bit?

As a second question, what do you think about American mass surveillance of non-US citizens?

Yes thats a quote from Wolfgang Schmidt, a former Lieutenant Colonel in the Stasi, concerning NSA surveillance. “You know, for us, this would have been a dream come true.”

I dont think much of mass surveillance of everybody. Because it dumps too much data on analysts and makes them dysfunctional, and invades privacy of everyone.

Mr. Binney, thank you for coming here and taking questions. I have been in/around Intel at DIA, Army G6 and others as a civilian for over 15 years.

How much of Government overreach would you attribute to the publics misunderstanding of mission stress and financial disincentives?

For example, I subscribe to the fact that agencies constantly struggle to justify funding and scoop up the latest gagets and programs from vendors to try and keep the cycle going, not necessarily because they "need" the tools and powers they have. That we've reached the ceiling and now are pushing the legal limits to try and carve out space for continuing the spending cycle.

They had duped the public into thinking they need to do bulk surveillance and this has allowed them to almost triple their budgets.

Right, but my core question is:

Does the NSA actually think they need to do this to catch bad guys or are they doing it because results=more funding?

They are doing this purposely to get the money. Their track record is that they continuously fail using bulk collection, and they know it.

Can you say if the free software and open-source software and also OS's like GNU\Linux distros and BSD are "safe" or not, from surveillance or tracking issues?

I dont think any software is safe from surveillance.

The NSA has such a bad reputation, so how/why should we trust anything you tell us or any of the answers you give us?

Im a whistleblower against NSA's mass surveillance for 14 years. Its up to you if you want to believe me.

How has that worked out for you financially?

Did you lose your pension?

Are you employable?

I still have my retirement, but they killed all opportunity to do work anywhere else in the United States.

You can see more about this in the movie: 'A Good American' - Im in it.

Bill, as a Cyber Security worker myself, are you in favor of a national personal information regulatory agency? I've gone back and forth on this several times, and keep landing on the fact that personal information needs a centralized enforcement agency, similar to the IRS, with the power to force institutions to use standards and policies that make sense, and assure the safe keeping of everyone's personal data. Additionally, what do you think of a national two step verification system for every persons Social Security number?

No.

That just gives governments another opportunity to collect information on everybody!

What are real steps we as citizens can take to combat the infringement of our privacy in the tech sector? As in, aside from just letting people know on Facebook to contact our representatives... What practical method do you recommend to reverse the flow?

Again the problem here is that the NSA resources that are available are too great to overcome.

Eg, Google didnt even know that the 'Muscular' program existed, which tapped the transfer of data between their data centers. This gave NSA all the data that google had. And thats not the only tap program.

https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)

https://en.wikipedia.org/wiki/Upstream_collection

Is there any credibility to the claims that encryption is causing legitimate surveillance to "go dark"?

Doesn't thin thread's mode of operation make encrypted content irrelevant?

I do not believe thats true. And yes ThinThread makes encrypted content irrelevant.

Aliens from another planet, are they real?

The random probability is one... so yes.

Is it possible to think that governments will come to the idea that selling citizens data to companies is totaly ok ?

They dont have to sell it, they are giving it to them now because the contractors run their databases. Indirectly they have access to it all. Eg. Ed Snowden and Booz Allen Hamilton.

ThinThread is described as being able to identify targets efficiently using automated filtering while at the same time considering the privacy of non-targets by encrypting the data concerning them or by not storing it in the first place. Would it be fair to still call ThinThread a tool of mass surveillance since the data of everyone is under surveillance?

No. ThinThread looks at all data as it goes by, but filters out only targeted information and encrypts identities of people until it gets probable cause.

Reading through the responses, Thin Thread sounds like an AI like program, would that be a correct assumption?

Would thin thread dump non pertinent data rather than logging it?

It was a learning system, and yes it ONLY took in pertinent data and let the rest go right by.

What determines a person is affiliated with a group? Is it known communication with members? Can visiting say an ISIS website be enough for the government to deem you affiliated and increase scrutiny on you? Also secondary quick question do you know of any program to backdoor TAILS or Tor?

Because of NSA's bulk collection they cant do this on the fly, but retroactively yes, they make those associations. Communications or travel or human reports from the FBI or other Police organisations can add you to the target list. The idiots at NSA are probably still using a three hop approach.

Hi Bill,

Could you please tell us what you think about the FISA court? Is there any place for a secret court in our Republic?

I'm also curious about the NSLs which come with gag orders such as the one that Yahoo fought and lost with regards to PRISM. Do you think that the courts would uphold the right of the government to gag the tech companies that want to tell their users what is going down?

They (FISC) need to be fired.

I would not replace it with anything except the existing Article III Courts.

NSLs have been ruled by the second court of appeals to be unconstitutional and are illegal.

What is the rationale behind these programs?

The rationale is very simple, to stop threats to people. Thats the objective of intelligence.

If the system is so good, as you have said, why has it not been able to stop mass shootings like ones in Colorado or Oregon? IIRC the oregon dude had posted material about his future actions.

Because NSA and associated industrial partners killed the program in 2000/01!

Why hire contractors instead of regular employees? I'm sure you can find the right talent if you position it properly, look at the U.K. for example. I would love to work with the NSA (Canadian, unfortunately), what credentials do you look for recruiting?

Because they want to build dependencies within the military industrial intelligence complex. Its an incestuous relationship, they are screwing everybody.

You have to be a US citizen or... a working member of the FVEYS.

https://en.wikipedia.org/wiki/List_of_people_under_Five_Eyes_surveillance