UFA Civil Liberties and Privacy Report on the NSA

In August 2013, President Obama announced several initiatives to give the public greater confidence in the oversight of the NSA's foreign intelligence programs. The creation of a full-time Civil Liberties and Privacy Officer at NSA was among the reforms cited, and recently they have issued this report PDF ; the following image is taken from it:

US Freedom Act "Frontdooring" procedure

US Freedom Act "Frontdooring" procedure

To illustrate the process, assume an NSA intelligence analyst identifies or learns that phone number (202) 555-1234 is being used by a suspected international terrorist. This is the “specific selection term” or “selector” that will be submitted to the FISC (or the Attorney General in an emergency) for approval using the RAS standard. Also assume that, through NSA’s examination of metadata produced by the provider(s) or in NSA’s possession as a result of the Agency’s otherwise lawfully permitted signals intelligence activities (e.g., activities conducted pursuant to Section 1.7(c)(1) of Executive Order 12333, as amended), NSA determines that the suspected terrorist has used a 202 area code phone number to call (301) 555-4321. The phone number with the 301 area code is a “first-hop” result. In turn, assume that further analysis or production from the provider(s) reveals (301) 555-4321 was used to call (410) 555-5678. The number with the 410 area code is a “second-hop” result.

Once the one-hop results are retrieved from the NSA’s internal holdings, the list of FISC-approved specific selection terms, along with NSA’s internal one-hop results, are submitted to the provider(s). The provider(s) respond to the request based on the data within their holdings with CDRs that contain FISC-approved specific selection terms or the one-hop selection term. One-hop returns from providers are placed in NSA’s holdings and become part of subsequent query requests, which are executed on a periodic basis. Historical bulk data collected under Section 215 of the USA PATRIOT Act will never be included when querying internal holdings.

Absent information to the contrary, NSA must presume that each user of each of the phone numbers in the above example is a U. S. person, since each phone number has a U.S. area code. NSA’s FISC- approved minimisation procedures for the USA FREEDOM Act prohibit NSA from disseminating any known or presumed U.S. person information that does not constitute foreign intelligence information related to international terrorism or information necessary to understand foreign intelligence information related to international terrorism or assess its importance or is not evidence of a crime. In addition, the minimisation procedures require NSA to destroy promptly any CDRs that are determined not to contain foreign intelligence information. The procedures also set a maximum retention period for CDRs obtained pursuant to the FISC’s orders of no more than 5 years after initial delivery to NSA, except that NSA may retain any CDR (or information derived therefrom) that was the basis of a properly approved dissemination of foreign intelligence information.

How the NSA collects your data

How the NSA collects your data

Filtering out hostname spam in Google Analytics

This is the weirdest kind of spam, I guess that's what it is; Intended to make the people who read the reports check the fake sounding hostnames? Probably so they can get a drive-by infection - makes sense I guess since these are people with websites, quite a good target.

I made a regular expression to help me filter out hostname spam from my reports:

First I exclude my own sites using this regex, the customisations are mostly to deal with .com and .co since many of my sites use the quite unique NZ TLD:


This provides a filtered 5 year view with these spam domains showing - great!

Hostname Spam in Google Analytics

Hostname Spam in Google Analytics

From here I created the following regex to outright block TLDs that I don't use, and even the (not set) hostnames I found:

not set|us$|cn$|\.ru$|info$|eu$|br

Luckily the block known bots feature works so well, and removes the need for this type of action, however, this can be useful for looking at historic reports.

GA Bot Filtering

GA Bot Filtering

Forever Free Website Hosting

Do you want a website? Call it insane, but TCorp has just announced totally forever free website hosting - for all my clients over $400 - now you don't have to be a personal friend of mine  to get an abnormally cheap website. Lookin' at you Junior aka crossbeat.funk.nz and KathyReady.net! Oh and my contra-deal with Aum Productions (aum.co.nz) since I'm paid in tickets to their awesome Psy-Trance music festival events.

Our direct debit agreement is like insurance against big website bills because your monthly bill will never go up unless you agree to it! Our "pay what you think it's worth" retainer based system is based on an internally calculated rolling average of the time we have used on your project.

Your regular payment will never go up by surprise or without your express consent usually confirmed as a single click on an email proposal. But you can call and email me with questions and issues to sort without concern for bills; I will only ask for an increase if I feel the amount of time spent is becoming too large.

Cancellation is just as simple by email and never results in any drop in service and your website stays online hosted in USA at Dreamhost.

But seriously, paying pros to make websites can get expensive so depending on your skill and ability to put in effort to *build your own website yourself with my help*, it's usually between $160 and $800 for me to set you up with whats called self-hosted WordPress, and I can even do fixed monthly service to pay off a large project over longer period.

Our hosting is forever free so that we can just focus on providing great service to you, not milking you for cost-free automation and toiling over quotes and project sign-offs.

See our services page for more info. Basically dream up something that will use at least $400 of my time, which at $80/hr would be about 5 hours, and boom.... you're own website sorted. Whether you pay in one hit, or ten payments of forty, it can work.

Fine Print

See here for the legal stuff - but there's no catch, it's sensible: no illegal / objectionable content, and no personal backups - just websites.