 Well, thank you all for coming on a sunny Friday afternoon. I just want to begin by noting that I'm going to make extensive use of publicly available but still classified data. So if you happen to have a security clearance and it's not extremely high security clearance, you should probably leave. I want to begin with three major changes in the posture of the National Security Agency from the mid-90s to say the middle of the last decade. The first concern is the severity of volume. In the mid-90s, the volume of communications was one of the foremost problems for the NSA talked about constantly in their internal literature. But by the mid-2000s, we've found out about email titers where volume is thought to be our friend, in which leveraging volume has been turned into an ally leading to what, by 2010, they called the golden age of SIGINT, Signals Intelligence, their job of listening to signals that they are not supposed, that are not intended for them. So volume. Secondly, the legality of kinds of queries that they can do on kinds of data. In the late 1990s, towards the end of the Clinton administration, the Department of Justice ruled that it was not legitimate for the NSA to do what is called contact chaining, that is producing social graphs on the basis of people's telephony records. I cannot get access to this ruling. I've not succeeded in FOIA with them. But quickly, it has changed. Where did it go? By 2008, a secret Department of Justice memo rules that contact chaining and other metadata analysis do not qualify as interception or selection of communication. And because they are not interception, they do not violate the Fourth Amendment. Thirdly, so we have volume, the legality of certain kinds of queries. And thirdly, the hacking into computers around the world as a practice. In 1997, after an enternescene battle with other parts of the armed services, the NSA is given the role to be the primary aspect of the US government to produce instruments for what it was called computer network attack and instruments for exploiting computers by hacking into them. By the mid-2000s, there's a worldwide database called xKeyScore, which is a distributed set of Linux clusters, which allow you things like the option to show me all the exploitable machines in country x. By 2013, the US government states bluntly that the United States government has mature capabilities and effective processes for cyber collection at scale. Hacking had become banal, a standard practice, and a huge scale throughout the United States, throughout the world. So this is indeed a drawing. This is one of the key Snowden documents. And every yellow dot on this diagram is an instance of a place where the United States government has implanted something into a computer, a router, a printer, in order to access communications or prepare for a computer network attack. This is probably a radical underestimation of what it is, but it is a worldwide phenomenon. The name they used internally was that they watched to own the net. And they did this through passive listening, a worldwide platform of passive listening, of managing hacking. And strangely, they are a profoundly Janus-faced agency. On the one hand, and many of you probably know this, they have the fundamental job of protecting the communications, particularly of national security and military communications, but also in the design of things to protect all kinds of communication, so-called communication security. And on the other hand, they have a fundamental job of exploiting those communications. And indeed, they've fully recognized for many years that this tension is a problematic one. The current director of the NSA just announced this week that these two divisions were going to be folded into one another, making the contrast even more problematic. One of the aspects of this is that it seems, as best we can tell, that overall, the exploitation of signals and of computers has taken a priority to the security needs of other parts of the government and indeed in all of us. That secret risk analyses have decided that national security is best served by weakening encryption in many cases and by allowing a large number of malware exploits to exist. The EFF has been doing a lot of work to get into the process of these vulnerabilities. So by 2008, one talk at the NSA said that they were going to be in your interwebs, exploiting your data. You might say, and many a commentator has said this, well, duh, their job is precisely to listen to communication, to collect and analyze. What else can you expect them to do? So many people have rightly said, for all that's come out as a result of Snowden and other whistleblowers, maybe we're just making too much of this. So what has changed? Is there been a change? I'll argue that there's a sort of radical twofold difference that we need to look at here. And that difference has an element that I call breadth and an element that I call depth. Now by depth, what I mean is this, that in the post-911 world, the NSA has become far more involved in accessing communications of people far beyond its traditional domestic target foreign targets of leaders and militaries and intelligence. Not just communications between phones and computers, but access to the full contents of computers, phones and routers. That diagram of the full range of computers around the world that they've exploited is an indication of the depth of this. The other side, and this is what's absorbed most of the attention in the media, is the NSA's domestic presence. That it is involved in now slightly changed, but systematic collection of domestic telephony and until recently internet metadata. That it is actively involved in collecting all kinds of communications in the United States, subject to a very complicated legal regime, but nevertheless a very important one. And it is involved in one which it can potentially keep all encrypted communications indefinitely. So, just to clarify some of the axes of debate, and these often get confused by the different communities that are involved, I think there's three that are important and it's not just privacy and security. Privacy and security is rather crucial. And usually the debates cast this way, we have one set of values of our privacy and another set of values of the security that's necessary to confront that security. We're seeing this played out again in the current debates about encryption and the idea that the FBI is very concerned that they're going dark. This concerns, of course, take most of the energy in the media, but they're augmented by a kind of bigger debate. One that I think is central if you want to understand what happened with the encryption wars in the late 90s, which is very much one about security versus security. This is very much in the minds of those cryptographers outside of government who are adamant that the creation of any back doors for governmental purposes undermines the security in fundamental ways. A final way that this debate plays out, and this is not one that we see publicly, but internally, within the intelligence community and the military, there's a massive debate between operations and espionage, between attacks and collections. This is a history we know very much about, but it's hinted at everywhere on the document. So what kind of history do we want to do about this? Now, 9-11 isn't sort of easy point, and it's very easy to say, pin this on someone like Dick Cheney or others. But it doesn't offer the possibilities of understanding the conditions under which these transformations came to be. And it makes it too easy for us to forget the series of decisions, technological and legal and societal, that enabled and indeed set up things in such a way that the events that followed in the wake of 9-11 and subsequent other attacks could happen. So what I'm interested in as a historian is in some sense giving a structural account of those transformations in technology and science, in the law and in governmental postures that were then actualized, that were available to the people in the Bush administration in the wake of 9-11. And why I'm a historian of science, why does that matter? Well, one thing historians of science and technology are very interested in is sort of pushing back against claims when someone says this technology exists in this way, therefore society is going to have to change in a particular way. And in this case, the creation of new communications and analytic technologies require us to think differently about the law. Now, my sources are varied and everything I'm doing here is very much reasoning under uncertainty because we don't know a lot about the NSA. We know a lot more because of Snowden. In fact, one of the things I'm operating under is a rather grave challenge that on Tuesday a document came out that is about data mining at GCHQ and NSA. That document I've barely had time to digest. I'll talk about it just very briefly. But I'm using declassified documents, open source intel, in some cases forensics on weapons in the wild and indeed the Snowden documents. All of this is publicly available. Many of the things from the Snowden documents, of course, are still classified. But I'm reasoning under uncertainty and I'm often horrified to look at a Twitter feed before I give a talk because I'll find that I'm wrong about something. Okay, exploitation. So exploitation is a word, is a term of art within the intelligence community and within the signals intelligence community. And to get at this, I need to tell you a little about two kinds of arcana. Some of you will be very familiar with this. Some of you won't know anything. One, intelligent communications. And the other, in national security law. A lot of us have been getting a quick education in this since Snowden started coming out. A lot of this involves what Calvin called the verbing, weirding language. There's a lot of strange language use that is central to the way things work in the intelligence and national security world that is very odd to us. In particular, there's a lot of actors' categories that are not the way we would understand something. So collection, for example, in the ideolect of the intelligence community is confined to that. Those data that have been accumulated and have been received, quote, by an employee of a DoD intelligence component. So when Clapper testified before Congress, he typically is using a particular ideolect. And so within that frame of mind, he wasn't in fact lying to Congress about it with uncertain claims. But it's a highly specific vocabulary that has legal significance. And it's not, I think, exclusively rhetorical. It's not only about pulling wool over someone's life, but it's central to the worldview and the legal categories of what's going on. The central term that exploitation is used for within the intelligence community is the phrase exploiting signals. To exploit a signal roughly means to make it available for analysis, to enable. So to exploit Angola Merkel's cell phone is precisely to make all the communications on it available to us. To exploit a keynote in the internet black bone is to be able to capture all the evidence for it. Now what I'm going to argue is something very much like this is happening with the law. And that's much of what we've seen in the last period. That the law has been exploited, and I mean this in the ideolect way, it has been made available for the extension of the collection and analysis of signals. And this is nearly an actor's category. So in the documents we have about the evolution of the law in the wake of 9-11, they often talk about the need to create legal theories that will allow different kinds of collection and analysis. And this is an activity that happens in the executive branch, in the judicial branch, and then the legislative, and it also happens in the parts of NSA and DOJ that are actively involved in rewriting the legislation in countries around the world, such as the German privacy law or Australian laws constricting this. And it's, like I said, almost an actor's category. So in an important SIGINT strategy document of 2012. Okay, so an actor's category, I'm sorry, I'm using my own ideolect, wonderful question. Actor's category is typically used by anthropologists to mean the categories in which people were studying talk about things themselves rather than the categories we would frame them in. So instead of imposing some external vocabulary of analysis using their own. And so I'm using exploitation, I would say almost as an actor's category. So they say, this is under Keith Allen's ed, for SIGINT to be optimally effective, legal policy and process authorities must be adaptive and dynamic as the technological and operational advances we see to exploit. We aggressively pursue legal authorities in a policy framework mapped more fully to the information law, information age. So what I'm gonna talk about in most of the rest of the talk is two moves about modernizing the law and then the adoption and transformation of some of the analytical technologies captured in the umbrella term of data mining, which is something that's actively used within the intelligence communities. Now by modernizing the law, there's two major things that I'm gonna be interested in. One that's received a lot of attention in the media. Another you have to be in particular sets of the media. But the first one is the transformation from the legality of intercepting without a warrant the dialing information of a single phone, of a person's single phone line. This gets transformed into the ability to capture bulk metadata worldwide, including US metadata. There's been a change in how this is done in the United States, but it's still something that is done warrantlessly. And secondly, a transformation in how we understand espionage from a particular set of communications or breaking into a building and getting something to cracking computers at great scale. Now, why this is, why we need to put some attention to this is because we will find vocabulary constantly that says the technology has changed and therefore the law must be modernized. And I want to say we need to step back and look at the decisions that made that a thinkable inference. Because modernizing the law in this way is playing a funny kind of game. Internally, the great interest in collecting things at bulk is driven by something that almost everyone in this center is probably greatly aware of, the way in which scale enables you to do certain kinds of analytical operations you couldn't do otherwise. But legally, the transformations justifying that scale are often premised on ignoring the implications of the scale to say that a law that was about individual things can be extended to talk about bulk things. So internally, volume is our friend because it allows us to leverage scale externally and particularly in the legal realm. A very strong argument that the scale doesn't change a thing about the way we understand the Fourth Amendment. So let's start with a paradigm shift about volume. 1996, the deputy director of the NSA, William Crowell says, let me add to that the third biggest challenge facing us and that is volume. I could end the sentence there and everything is said then there's a huge paragraph redacted. This gives you some idea of the daunting challenge volume presents. In a report issued by Jim Clapper, then a private contractor on the scientific advisory board were not allowed to see the volume growth because I don't know it's top secret for some reason though it's taken from a corporate report but it mandates a new paradigm in the collection of signals intelligence. Indeed, it was a shift to what they called digital network intelligence which meant collecting the communications on the internet worldwide. It involved an exploitation of a vast number of things, routers, servers, fixed satellites, GPS, phones, modems, faxes. In a transition document 2001, written for the administration coming in, either Gore or Bush, like everyone else, they didn't know who it was gonna be. They said, the Fourth Amendment is as applicable to electronic signal as it is to the signal of yesterday and today. And then I wanna put some attention to this. The information age will however cause us to rethink and reapply the procedures, policies and authorities born in an earlier electronic surveillance environment. The information age, it continues, make no mistake. NSA can and will perform its missions consistent with the Fourth Amendment but senior leadership, that means the president and his close advisors must understand that today and tomorrow's mission will demand a powerful permanent presence on a global telecommunications network that will host the protected communications of Americans as well as the targeted communications of adversaries. So before Bush or Gore comes into office, NSA is internally making an argument that the information age is going to require a modernization of the way we understand the Fourth Amendment. And that's going to require collecting protected communications. Their concern here, and this is again, this is a diagram that shouldn't be top secret because it's taken from a public set but it's top secret nonetheless. The point being that large numbers of communications on the internet that are foreign foreign are transiting the United States. And in order to collect those, the NSA was going to need authorities to collect things transiting, but along the way, they were likely to collect large numbers of signals of US persons in the homeland. So to modernize the law meant being able to capture foreign communications and it also was going to require domestic launching points for information warfare. All of a sudden, domestic law enforcement and foreign intelligence were going to have to be mishmashed in a way. And this was going to require this transformation of the Fourth Amendment. Now, they said the information age and at the end of the 20th century, this was a common way of speaking, but it's a very loose and imprecise thing. Do ages have causal effect? One fact, there is a major argument that goes on within military and defense intellectuals in think tanks and in a large number of bodies that begin thinking through what the information age means for traditional divisions about intelligence and law enforcement, other things. As one report notes, the issue of domestic intelligence gathering and surveillance needs to be revisited. This is the framework in which the NSA is thinking before 9-11 of the transformations it needs. In a presentation internal to the NSA and then disseminated in its internal sort of house magazine, Cryptologue, it's available for download, I recommend it to. A form of this argument was set out that we had overcome the agrarian and industrial ages and we were entering a radically transformative information age in which the ultimate destructive capacity is going to be critical information deletion and we were entering a phase of information warfare. This was everywhere in a book that caused many people embarrassment to be admitting was a central source but was everywhere read called War and Anti-War about the cheap new wars that would be coming and the need to accommodate the information war. And it was set on a grand view of history that from 1648 until the end of the 20th century we were living in a so-called Westphalian order in which we had sovereign territorial nations with clear divisions between foreign and domestic. That was no longer true in the information age. We were now in a de-territorialized post-Westphalian, they said, information age. And age were law enforcement and foreign intelligence were gonna be mixed. And this was involved with a deep concern about asymmetric warfare in the homeland. In report after report the language that became part of all of our lives in the wake of 9-11 of homeland security, of the loss of sanctuary, of the sorts of concerns was set out. It was set out by bodies like the Defense Science Board but also centrist groups like the Hart-Rudman Commission. It saturates novels like Clancy's Debt of Honor and it figures centrally into the creation of the Central Infrastructure Protection Directives of the United States government. DSB, the Defense Science Board in Rand, played, worked this out, how there was going to be no front line in information warfare and the US homeland is not gonna provide a sanctuary. We were therefore going to have to develop a new legal regime. In one DSB report, they noted that there was a lot of resistance within the Department of Justice and among civil libertarians to any of this thinking. But they noted, a sophisticated attack on public and private networks will likely make cooperation not just politically acceptable but politically necessary. When this happens, the legal regime needed to respond to the attack will likely be put in place quickly by politicians anxious to be seen part of the solution. Well, they were right. So what I'm talking about is some internal moves within the government and within advisors to the government to think radically about the possibility of domestic intelligence. Now, many of the things that these people were calling for didn't happen in the 90. There was great resistance to, but much of it happened in the Patriot Act. So it's not accidental. The Patriot Act emerges within weeks of 9-11 because everyone has the stuff in their desk drawer. So it's not just little bits of legislation. It is a worldview. But in the meantime, it was profoundly contested. The law enforcement intelligence axis lost the so-called crypto wars at the very end of the 90s. NSA, to many people, was seen as a Cold War relic. And it seemed unlikely that NSA was gonna get its modernization. And indeed, the Office of Legal Counsel in the Klanera gave several legal setbacks to this in the very end of it. This just didn't seem very likely and it rejected the plan to contact chain US persons. But nonetheless, it's set in motion a particular set of technological developments as well as legal ones. In one of these, Defense Science Board, this is like an internal advisory board of scientists and industry leaders to the Defense Department, wrote in 1997 in a report on the transnational threats that called for, quote, the application of evolving techniques that are already employed widely in the industrial sector for searching, merging, sorting, and correlating data in multiple independent databases can be applied to the transnational terrorist problem. So the highest advisory board to the scientific research of the DOD called precisely for leveraging the developments that were widely known as data mining precisely about these questions of terrorist threats domestically and in foreign intelligence. And hence my story comes to data mining. I'm sorry, it took me a little while to get here. Now, data mining is a term that's very widely used in the intelligence community up to today and it has many glosses. The one that was very important in the 90s is knowledge discovery in databases. I was talking about this yesterday with a bunch of great people at the AMPF Lab. In one form, it particularly grew out of the concern within the database community that they had produced wonderful forms of storage of data. They had produced ways of securing transactions, the entire conception of the acid database that they had been able to build that in robust ways. But as one writer wrote, a large data store today in practice is not very far from being a grand right-only data tomb. Data mining drew on the resources of multiple disciplines, database and its concerns with the storage of data and the efficiency of operations, statistics and machine learning for a whole series of algorithms. And just as the NSA and many people in the defense intellectual community made technological determinist arguments for why the law had to change within the broader data mining community, an argument was made that the sheer amount of data, both in number of points and its dimensionality, would mean that we would need to transform the way that we produce knowledge. That is a new paradigm. With new experts and new expectations of privacy. The promise of threat is very much that data mining would provide not just better truths about aggregates in a kind of traditional, very, very traditional undergraduate statistics way, but rather better understanding of individuals as we all know from recommender engines and political campaigns and for the NSA telephony metadata. It is exactly this that this defense science board called for the defense research community and particularly DARPA, the research wing of the DOD, to begin funding. And what they called for was something like this, an interactive multimedia distributive exploitation and analysis network. This provided the support and intellectual infrastructure for something that became notorious almost instantly, total information awareness, which had this unbelievably ill thought out diagram of Masonic temple viewing the entire earth. Now I call this the complete irony on awareness office, but I think that lack of irony about doing this, it's much more understandable when you think about this framework I've given you for how common it was for certain kinds of intellectuals and policy makers in the middle of the 90s to think that we were going to need something like this. So total information awareness included a whole series of efforts including with the sort of I think most probably important in the long term to the development of the data sciences, an effort called evidence extraction link discovery, which was about automated discovery extraction and linking of sparse evidence in large amounts of classified and unclassified data sources. It will link together related items that comprise potential terrorist groups or scenarios and learn patterns of different groups. And they had many, many diagrams of what they were going to do. In particular, as this slide says, they're going to extract evidence from unstructured text data and discover relationships and learn patterns of activity. This is probably very familiar to all this. It funded a wide variety of academic centers, most of them doing very high quality work, including here at Berkeley. So it funded all sorts of things. Malat, if you do anything with topic modeling is something that gets heavily funded. Mining graph data is an early textbook, funded heavily. Kojak, I don't actually know how many people use this. Total information awareness, envisioned individual analysts having access to the full range of machine learning and other statistical algorithms in databases that were efficient. And it was particularly focused, as you might expect, on doing sort of graph analysis. And it funded a wide variety of efforts, both in government contractors, but also in, so this is various attempts to do, say, graph-based supervised learning, unsupervised learning. But TIA wasn't the only part of the government. Internally, the defense community, I mean, the intelligence community had another effort, which was called, in the most bland name ever, the Advanced Research and Development Activity, novel intelligence from massive data, in which massive data would be investigated, but also the analytic tools would be applied to the analysts at the NSA, who were apparently all white people from the 80s. It was precisely about human interaction with information in a way that permits intelligence analysts to spot the telltale's kinds of strategic surprise in massive data sources. And so what's very interesting about these efforts, whose exact ramifications in the NSA are opaque to us, is that they focused very heavily on building databases, but also enabling individual analysts to draw upon a whole suite of algorithms for their development. That was the goal, a kind of highly personalized platform for individual data miners in the analytic people in the intelligence community. Now internally, we know a lot was going on the NSA. The NSA, of course, had been more concerned with large volumes of information than anyone else since the Second World War, unlike most of the computing work that had been done, say, in the nuclear and atomic energy areas, the NSA had large volumes of data, at least large volumes by any sense, and had been looking at that for a very long time, indeed, building up what we don't actually know what they developed. Internally, they're very worried about precisely the sets of questions of data mining, and they're very worried about things like anomaly detection. So one paper, I've tried to FOIA this, they're stonewalling me, well, maybe in five years. I'll get it. But they have a whole series of papers like things to be careful about when doing anomaly detection or why epidemiologists are almost always wrong. Now, as I said, a few days ago, Corey Doctorow on the website Boing Boing released this, a very highly classified document from the analog of the NSA in the UK called GCHQ, and it is the Data Mining Research Problem Book. And it gives us a sense of where things stood within the research community of NSA and its partners in the Anglophone Intelligence world. And I can, this is a long document, I haven't fully digested, but there's several remarkable things that I'll mention for those of you in the data community that the NSA was very early on, friends of random forests, through direct contact with someone, perhaps someone right here, that was advised to be an important algorithm for them. But they were very deeply worried about interpretability of random forests. They were worried about the black box nature and thought that analysts needed something else. But above all, the document reveals that they continue to try to be pushing the edge for looking at large-scale graphs. Now, we know from a large number of sort of national security journalist accounts that in the wake of all the new data that they were accumulating after 9-11, they did not have, they had the storage capacity, but not the analytic capacity to make sense of all the data they were finding. They pushed the edge very hard and continued to do this. In this 2011 document, it is the biggest focus is anomaly detection on streaming graphs in real time. It's equally worried about data mining, about finding suspicious activities, about botnets of information warfare or espionage around the world. This is an active project. And it's all done, and this is more public, after the sort of, about say 2008, I believe. It's all being done with an implementation of Google's big table that is customized for the NSA so that they're doing Hadoop analytics on distributed clusters around the world. Okay, now let's come back to the law. So, I'm gonna talk about two things. Metadata, which has been so much the focus of the conversation, and then computer network exploitation, which is hacking into computers and stealing data. So metadata, well, we're not allowed to know the definition, but in 1979, there's a crucial Supreme Court decision that took back some privacy rights. This decision, Smith versus Maryland, said that users of telephony have no reasonable exploitation in privacy in the numbers they dial. So the decision said that for a given copper landline, you could do warrantless wiretapping only of the numbers going out and the numbers coming in. You couldn't get the content without a warrant, but it made a sharp distinction. The word metadata is not uttered, but the idea, the conceptual idea there, and they argue, because you're giving the phone number to the phone company, you do not reasonably, you cannot, well, as it says, you could not have been calculated, you cannot calculate to preserve your privacy. It is this way of dividing up communications and information about communications that gets hacked in order to justify bulk data connection. And this happens in the executive branch, where metadata is deemed not to be interception. It happens in the judicial branch, where the FISC, the secret court, comes to agree with this, and it also happens in the reworking of statutory law. So what happens is the device that you use to capture phone numbers is called a pen register, and it's an acceptable form of warrantless wiretapping. So what happens is it gets rewritten in the Patriot Act. So the Patriot Act is mostly really fine rewritings of really arcane bits of legislation, but they rewrite, change the definition of pen register such that it is no longer just about a telephone on copper, but now becomes something that is about dialing, rooting, or addressing, and changes signaling information, processing and transformation of wire electronic communications so as not to include the content of any wire electronic communications. What happens here is a potentially licit transformation in which something that is about a old kind of telephone technology now becomes extended to a vast array of other telecommunications technology. It, in some sense, creates a category of metadata out of that earlier division of telephone technology, which is about giving phone numbers over copper lines to one company. You have a bifurcation of communications. Metadata does not appear in the Patriot Act, but the demarcation is here. The FBI says, and it's a very defensive fact sheet, that it updated the law to the technology. So this meant, if you read Smith versus Maryland, the users of telephony have no reasonable expectation of privacy, has moved from telephones, old style telephones, to all of communications metadata, a totally non-innocent transformation. Have the technology changed? Yes. Did the technology mean this inference? Is this clear? Not accidental that the definition of metadata is classified. Now, the way the courts understood this is that they denied that scale mattered. So this is from the fifth court. They write, so long as no individual has a reasonable expectation of privacy in metadata, the large number of persons whose communications will be subjected to the surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur. Scale doesn't matter. Bulk is the same. Bulk needs to be understood as just a sum of individual. If there's no privacy violation in any of those individuals, there is no privacy violation. They say it again. Put it another way. When one individual does not have a Fourth Amendment interest, grouping together a large number of similarly situated individuals cannot result in the Fourth Amendment interest springing into being ex nihilo. Again, they transform the definition and then deny the salience of scale. Now, one of course, the major transformations in sort of an older style kind of statistics between aggregation and the kind of things that data mine of promises, that data mining precisely is about often learning to know individuals better. But what's remarkable is the NSA were the great pioneers of this long before anyone else was. The reason was is that they undertook in the wake of the inability to decrypt Soviet communications, something they called the traffic analytic revolution, which they saw. Now, traffic analysis, this revolution was the recognition that cryptologic tech can reveal information of value even when it is successful only in recovering the externals of intercepted communications. In other words, the great success of the NSA in the middle of the Cold War was precisely learning how to use what would later be called metadata because they couldn't read the Soviet. They couldn't get the Soviet full tech. In other words, aggregation really mattered because aggregation allows you to understand something. In SIGINT, there's a huge division between cryptological where you decrypt plain text and traffic analysis where you reconstruct networks of communication without access to content. This is a central domain for them and it is central to intelligence. And as I say, again and again in their internal house magazine, they celebrate their real achievements in this traffic analytic revolution. Even when unable to produce plain text, they could provide valuable, even lifesaving information to consumers, revolutionize the field. And in a recent history, they explained it, it's just like if all you had to do, if all you had were the outsides of envelopes but you had them at scale, you know a lot about people. Now, that form of reasoning is rejected by the United States, the judiciary of the United States. So this is an argument. The traffic analysis works precisely because of scale. That logic is currently not operative in our judicial branch. It is not operative in our executive branch and it is not operative in our legislative branch. But it is central to the practice and successes of our intelligence agencies since, well from before the World War. And they do this very well. In a classified annex to the executive order issued by President Reagan, which is called 12 triple three. It's the fundamental document that regulates the intelligence community. It's incredibly interesting. But in its classified annex, they're very clear when they define interception that it means the acquisition by the system but not including the examination of the technical characteristics of signal without reference to information content carried by the signal. So the practice of looking at the external communications and its legal foundations are set in stone long before the very salience of that importance of scale is denied in the law, in the wake of 9-11. So now why does this matter? Well, traffic analysis in the Cold War was about military diplomatic and political communications. But after 9-11, it was about threats in the homeland. It was massively in symmetric and went both deep into American, deep into international communications and deep into American communication. Okay, last section, then I'll wrap up. The other place where there was a radical shift involved hacking into computers known as computer network exploitation. So when pushed on this, the US says something like this. This is from the Obama administration. The United States has made clear it gathers intelligence in the same way as any other states. We hack, they hack. And this is part of the reason when OPM was hacked and the personal data of millions of government employees, several of the directors of the NSA kind of begrudgingly admired the hack because it's not illegal. It's espionage. This too is given a technologically determinist narrative. CNE, that's computer network exploitation, evolved as a natural transition of the foreign intelligence mission. As communications moved from Telex to computers and switches, NSA pursued those same communications. But I think we all will agree that listening to a transmission, a wireless transmission, is something different from hacking into a computer and copying a hard drive. Doing that at scale is something again. Their project for this is called tailored access operations and you build custom malware to enable access into routers and computers and printers and all kinds of good things and you shoot it using something called quantum. But in 1997, it wasn't obvious to anyone that this was a standard form of espionage. Indeed, in the first document that set out the information warfare posture of the US government, information, the concept of warfare, precisely included hacking into computers because it didn't seem like espionage. Now over the course of the next few years, the hacking into a computer, as opposed to destroying the computer or deleting data, those begin to be divided legally. A new legal category is created. One in which computer network attack comes to be separated from intelligence. This new category, computer network exploitation, comes to be enshrined into law. And it's a fundamental division in which an attack on a computer, deleting data or something like that, is part of the laws of warfare. But hacking into a computer to acquire information is held to be simply espionage. In a document which is paid, they pay an outside contractor to think through the law on this. And they argue, it seems, oh, the treatment of espionage under international law may help us make an educated guess as to how the international community will react to the information operations activities. Information operations is that at that moment, the current idiom for information warfare, which seemed too violent. If the activity results only in a breach of perceived reliability of an information system, it seems unlikely that the world community will be much exercised. In short, information operation activities are likely to be regarded much as is espionage. Not a major issue unless significant practical consequences can be demonstrated. So a radical technological difference that is hacking computers is flattened out and put into a category of espionage, which is something that is domestically illegal, but doesn't have a particular status in international law, and is separated from activities of attack. This is the posture that we currently exist in. But we now do it, not just of individual computers, but at scale. And we can ask things of our massively distributed database called X-keyscore, which captures large amounts of the total internet activity at various places around the world to say, show me every computer that I can exploit in an entire country. And we have a system called Turbine, which is precisely about managing this at immense scale. And the documents, some of the Snowden documents, it showed that there was a push to make this hacking happen at even greater scale, to make it not individualistic. Now, many people have noted that this is a very funny kind of espionage. In one article, two authors note, espionage used to be a lot more different, cold warriors did not anticipate the wholesale plunder of our industrial secrets. The techniques of cyber espionage and cyber attack are often identical. And cyber espionage is usually a necessary prerequisite for cyber attack. They continue, cyber espionage, far from being the copying of information from a system, ordinarily requires some form of cyber maneuvering that makes it possible to exfiltrate information. This maneuvering requires exactly the same kind of operations that an attack does. So this difference is a distinction without a difference, even though it is enshrined into our law. Now, who are the tenured radicals arguing this? A colonel in the US Air Force and a lieutenant colonel in the US Air Force that do not accept this partitioning of the technology into an existence kind of law. This argument stems back from this divide between the services and the intelligence agencies about things, but it gets at something really fundamental, that the legal transformations that have made hacking banal are not technologically obvious. So in a remarkable document, and one thing I'll say is that, as many of you know, the NSA is filled with not just skilled mathematicians and skilled computer science and skilled engineers, but people are deeply reflective about the pathologies of the agency of its failures, as well as its fights with other parts of the intelligence community. In a remarkable document, about the changing transformation of NSA culture from the 80s to the 21st century, an author whose name is redacted wrote, NSA valued in the 1980s accuracy, deep knowledge, thorough expertise, productivity, and reputation. Reminder that people working on the Soviet problem in the 80s were Soviet experts, as well as mathematicians. But then this author wrote, NSA valued in the 2000 speed, getting it 80% right now can make all the difference in saving lives. And then offered this really, I think, amazing pathetical. Of course, if it were targeting information, that would mean killing innocent 20% of the time. In his report, in 1999, calling for a transformation of the NSA, Jim Clapper concluded like this, a concluding conclusion to do nothing is not an option. I think he was probably right. Thank you.