In the late 90's I co-created the program "ThinThread" which was the perfect alternative to mass surveillance - but it was ditched by NSA for money.

ThinThread was a fully automated system that could monitor signals then filter and alert on genuine threats in near real time. It did this all whilst protecting citizens rights to privacy. Its efficacy was down to its being metadata focused.

About me: https://en.wikipedia.org/wiki/William_Binney_(U.S._intelligence_official)

See more about the film of ThinThread's story and my career here. Currently screening in CPH:DOX Copenhagen and will screen in NYC on the 15th Nov. http://agoodamerican.org/

Here's proof of me being live now: https://twitter.com/AGAmovie/status/664481877890195457

Edit 1:45PM EST. Sorry, we need to quit in 15 mins.

Edit 2:05PM Thank you all for your great questions! Its been a good conversation.

Comments: 2858 • Responses: 41  • Date: 

honeyduckling11391 karma

What is the biggest threat to U.S. citizens? How can citizens combat it?

IamBillBinney3942 karma

The biggest threat to U.S. citizens is the U.S. government.

Fire everyone in DC!

umm_umm_1177 karma

If I am anywhere in the USA, and am talking on my cellphone, can the government hear me? And are they recording? And can they use it against me at any time?

IamBillBinney1622 karma

Yes. See the program Fairview.

https://upload.wikimedia.org/wikipedia/commons/b/b2/US-990_Fairview_Map_-_crop.jpg

Estimate of 80% collection of content (inc. text and audio) and metadata in the Upstream program.

https://en.wikipedia.org/wiki/Upstream_collection

jerryk4141021 karma

So i've always wondered what employees thoughts are when asked to do questionable things like some of the stuff the NSA does. Back when you were an employee, what was the general consensus around the "office" when asked to create a civilian surveillance program?

Were your coworkers all gung-ho and convinced they were doing the right thing? Did they think it was awful, but it paid the bills? Or was it something that was just never discussed?

IamBillBinney1551 karma

Most of them did not like the program and opposed it (Stellar Wind). But the vast population of NSA are ISTJ on the Myers Briggs scale, which means they are afraid to stand up and oppose things to avoid conflicts.

https://en.wikipedia.org/wiki/Myers%E2%80%93Briggs_Type_Indicator

_korbendallas_726 karma

Thank you for doing this. Out of curiosity, what is the oversight process for budgets and spending at the NSA?

Edit: word.

IamBillBinney1683 karma

There is NO oversight of NSA spending! They are not audited at all.

Stefano-628 karma

What's your opinion on Deep Web, Tor and other untraceable internet-browsing systems?

Do you think a user is compelled to resort to such tools to protect their privacy and information?

IamBillBinney982 karma

Part of the Treasuremap program includes approx 1000 trace route programs embedded in switches and servers, to trace the route of packets through the network, and they are using this to attack Tor, which I believe they still have problems following.

Google the NSA program Treasuremap for more info.

noflag583 karma

Why didn't you ever leak anything? What do you think about Snowden and Manning?

IamBillBinney1227 karma

Because I designed most of what they are using and I didn't think I needed to take anything with me and Congress knew I did.

I think they are both whistleblowers who have tried their best to defend the constitution and inform the public of things they need to know.

Lanhdanan531 karma

What can people do to protect themselves and attain as close to anonymity if they choose?

What do you think it will take for this issue to be raised on a political level with actual results instead of mere foot stomping and rhetoric? Would it matter if other countries didn't buy in and went full 1984 surveillance on its citizens.

Thank you for your time and for continuing to raise awareness to the public at large.

IamBillBinney1450 karma

Use smoke signals! With NSA's budget of over $10bill a year, they have more resources to acquire your data than you can ever hope to defend against.

This has to be addressed in law and legislation. Call your local governmental representative and complain, otherwise, if you sit and do nothing... you are fucked!!!

Orangutan477 karma

Who are some other whistleblowers that you respect and honor for doing what they did?

IamBillBinney960 karma

Jesselyn Radack, Tom Drake, Kirk Wiebe, John Kiriakou, Julian Assange, Chelsea Manning, Jeffrey Stirling, Russ Tice... I cant remember them all. All the ones that the government has sent to jail to cover up their crimes.

Arachnocentric385 karma

[deleted]

IamBillBinney403 karma

No. the programs I worked on to put in place were based on behaviours and interactions with KNOWN individuals of interest, for criminal activity or terrorism. So you had to be associated with them to be looked at.

We had an auditing software that would audit who was doing what with the system. If they started targeting people outside of this, such as political dissenters, it would flag this. They wouldn't have been able to do "LOVEINT" or things like that.

Any targeting of data in the system had to be justified with reasons for adding them and conform with laws such as FISA and other regulations.

Tr0user_Snake355 karma

Would ThinThread be effective at all against encrypted data transmissions?

IamBillBinney397 karma

Yes. Its metadata based, which is not encrypted. Because thats what's used to route data through the system.

alexch_ro299 karma

How efficient are these surveillance programs compared to classical police work in detecting and stopping unlawful actors?

IamBillBinney423 karma

The program answers in milliseconds, humans take much longer to find and take action, and the system verified data before executing. People dont necessarily do that. Example: drone strikes.

alexch_ro178 karma

My question was more about how many actual threats are being detected by the programs, not about speed.

IamBillBinney463 karma

ThinThread was killed in 2001 and so is not producing any threat assessments now, but prior to that it was producing intel everyday on targets that were not terrorist related. All the programs currently in use by NSA have failed to produce results on anything, but are really good at bulk collection.

Angoth270 karma

What is your opinion of the context-sensitive metadata collection efforts?

For example:

  • You get a call from a STD testing center that lasts 3 minutes.
  • You call your wife for 6 minutes
  • You call your doctor for 20 minutes
  • You call your wife for 12 minutes
  • You call your doctor back for 4 minutes
  • You call an AIDS information center for 26 minutes
  • You call your wife back for 13 minutes

Is anyone confused about the discussion taking place? Enough metadata and the content of the conversations is largely irrelevant.

IamBillBinney294 karma

What you are talking about is transactional relationships within your community that suggests a certain problem, and yes they do do that kind of analysis.

EmperorFlipFlops238 karma

  1. If the US under so much of a threat that constant surveillance is necessary or is it just a "safe guard"?
  2. Does the NSA track/servey anyone outside the US? (From Ireland)
  3. Are OS's today "safe" from tracking and/or surveillance?

IamBillBinney442 karma

Bulk surveillance is not necessary to protect anybody. NSA tries to track everyone on the planet. google: the program Treasuremap. OS's are absolutely not safe!

[deleted]-5 karma

[deleted]

IamBillBinney8 karma

Sorry I dont know.

Damadar229 karma

Can you go into more detail about how ThinThread works? How did it protect privacy? What technology did it use? How is it different than the current metadata programs the NSA is using?

IamBillBinney324 karma

It protected privacy by encrypting attributes that identify people and filtering out and collecting ONLY specifically targeted data.

DerpicaJR163 karma

How would you recommend that people in tech give back to their country (eg: civic hacking, DoD contracting, going into US Digital Services, policy making, working for an agency)?

IamBillBinney293 karma

Im all for infiltration! And when you do that you bring with it your integrity and character.

yyyyymmdd140 karma

How efficient was the identification of targets in ThinThread? It's a difficult balancing act in statistical data classification to achieve a high hit-rate (catch all the bad guys) AND a low false-alarm rate (don't single out any good guys as a bad guys).

IamBillBinney152 karma

It was built on reliable attributes used to route data through the network. That was metadata we used to do the selection and it was spot on.

Arachnocentric70 karma

[deleted]

IamBillBinney105 karma

Its evaluating a combination of factors; numbers such as IPV4, IPV6, MAC Numbers, User ID Service Provider, Phone Numbers and like factors and comparing to historical records to help verify accuracy.

thatisreasonable2132 karma

In 2014, you and 27 other signatories of the Veteran Intelligence Professionals for Sanity sent a letter to German chancellor Angela Merkel telling her to be suspicious of U.S. intelligence regarding the alleged invasion of Russia in Eastern Ukraine.

  1. Has this letter received any response from Chancellor Merkel? Do you have any fear for you and yours well being, regarding the US retaliating.

I hope you'll get to my questions but I most importantly want to thank you personally for your sacrifices and dedication to the world in exposing this destruction of our civil rights. I've watched you every time on DemocracyNow! and learned so much. Thank you.

edit: removed stupid part of question /s

IamBillBinney95 karma

  1. No. Not that I know of.

Thanks!

kulkke92 karma

Hello Mr. Binney and firstly, I want to thank you for everything you have done.

The Nation magazine quotes you saying that "the United States has created a police state with few parallels in history" and a direct quote from you as “It’s better than anything that the KGB, the Stasi, or the Gestapo and SS ever had.” Can you expound this a little bit?

As a second question, what do you think about American mass surveillance of non-US citizens?

IamBillBinney158 karma

Yes thats a quote from Wolfgang Schmidt, a former Lieutenant Colonel in the Stasi, concerning NSA surveillance. “You know, for us, this would have been a dream come true.”

I dont think much of mass surveillance of everybody. Because it dumps too much data on analysts and makes them dysfunctional, and invades privacy of everyone.

kcell86 karma

Mr. Binney, thank you for coming here and taking questions. I have been in/around Intel at DIA, Army G6 and others as a civilian for over 15 years.

How much of Government overreach would you attribute to the publics misunderstanding of mission stress and financial disincentives?

For example, I subscribe to the fact that agencies constantly struggle to justify funding and scoop up the latest gagets and programs from vendors to try and keep the cycle going, not necessarily because they "need" the tools and powers they have. That we've reached the ceiling and now are pushing the legal limits to try and carve out space for continuing the spending cycle.

IamBillBinney193 karma

They had duped the public into thinking they need to do bulk surveillance and this has allowed them to almost triple their budgets.

kcell70 karma

Right, but my core question is:

Does the NSA actually think they need to do this to catch bad guys or are they doing it because results=more funding?

IamBillBinney227 karma

They are doing this purposely to get the money. Their track record is that they continuously fail using bulk collection, and they know it.

haveyougoogle73 karma

Can you say if the free software and open-source software and also OS's like GNU\Linux distros and BSD are "safe" or not, from surveillance or tracking issues?

IamBillBinney175 karma

I dont think any software is safe from surveillance.

CuddlePirate42067 karma

The NSA has such a bad reputation, so how/why should we trust anything you tell us or any of the answers you give us?

IamBillBinney183 karma

Im a whistleblower against NSA's mass surveillance for 14 years. Its up to you if you want to believe me.

_zorch_47 karma

How has that worked out for you financially?

Did you lose your pension?

Are you employable?

IamBillBinney185 karma

I still have my retirement, but they killed all opportunity to do work anywhere else in the United States.

You can see more about this in the movie: 'A Good American' - Im in it.

francoisellis61 karma

Bill, as a Cyber Security worker myself, are you in favor of a national personal information regulatory agency? I've gone back and forth on this several times, and keep landing on the fact that personal information needs a centralized enforcement agency, similar to the IRS, with the power to force institutions to use standards and policies that make sense, and assure the safe keeping of everyone's personal data. Additionally, what do you think of a national two step verification system for every persons Social Security number?

IamBillBinney81 karma

No.

IamBillBinney71 karma

That just gives governments another opportunity to collect information on everybody!

n0ttsweet57 karma

What are real steps we as citizens can take to combat the infringement of our privacy in the tech sector? As in, aside from just letting people know on Facebook to contact our representatives... What practical method do you recommend to reverse the flow?

IamBillBinney173 karma

Again the problem here is that the NSA resources that are available are too great to overcome.

Eg, Google didnt even know that the 'Muscular' program existed, which tapped the transfer of data between their data centers. This gave NSA all the data that google had. And thats not the only tap program.

https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)

https://en.wikipedia.org/wiki/Upstream_collection

_zorch_57 karma

Is there any credibility to the claims that encryption is causing legitimate surveillance to "go dark"?

Doesn't thin thread's mode of operation make encrypted content irrelevant?

IamBillBinney77 karma

I do not believe thats true. And yes ThinThread makes encrypted content irrelevant.

Camel_Knight51 karma

Aliens from another planet, are they real?

IamBillBinney123 karma

The random probability is one... so yes.

foc4l44 karma

Is it possible to think that governments will come to the idea that selling citizens data to companies is totaly ok ?

IamBillBinney122 karma

They dont have to sell it, they are giving it to them now because the contractors run their databases. Indirectly they have access to it all. Eg. Ed Snowden and Booz Allen Hamilton.

yyyyymmdd31 karma

ThinThread is described as being able to identify targets efficiently using automated filtering while at the same time considering the privacy of non-targets by encrypting the data concerning them or by not storing it in the first place. Would it be fair to still call ThinThread a tool of mass surveillance since the data of everyone is under surveillance?

IamBillBinney60 karma

No. ThinThread looks at all data as it goes by, but filters out only targeted information and encrypts identities of people until it gets probable cause.

ImWatchinUWatchinMe31 karma

Reading through the responses, Thin Thread sounds like an AI like program, would that be a correct assumption?

Would thin thread dump non pertinent data rather than logging it?

IamBillBinney66 karma

It was a learning system, and yes it ONLY took in pertinent data and let the rest go right by.

Devoid_30 karma

What determines a person is affiliated with a group? Is it known communication with members? Can visiting say an ISIS website be enough for the government to deem you affiliated and increase scrutiny on you? Also secondary quick question do you know of any program to backdoor TAILS or Tor?

IamBillBinney43 karma

Because of NSA's bulk collection they cant do this on the fly, but retroactively yes, they make those associations. Communications or travel or human reports from the FBI or other Police organisations can add you to the target list. The idiots at NSA are probably still using a three hop approach.

sonicSkis29 karma

Hi Bill,

Could you please tell us what you think about the FISA court? Is there any place for a secret court in our Republic?

I'm also curious about the NSLs which come with gag orders such as the one that Yahoo fought and lost with regards to PRISM. Do you think that the courts would uphold the right of the government to gag the tech companies that want to tell their users what is going down?

IamBillBinney54 karma

They (FISC) need to be fired.

I would not replace it with anything except the existing Article III Courts.

NSLs have been ruled by the second court of appeals to be unconstitutional and are illegal.

Frajer25 karma

What is the rationale behind these programs?

IamBillBinney57 karma

The rationale is very simple, to stop threats to people. Thats the objective of intelligence.

Omfufu6 karma

If the system is so good, as you have said, why has it not been able to stop mass shootings like ones in Colorado or Oregon? IIRC the oregon dude had posted material about his future actions.

IamBillBinney29 karma

Because NSA and associated industrial partners killed the program in 2000/01!

halinttd5 karma

Why hire contractors instead of regular employees? I'm sure you can find the right talent if you position it properly, look at the U.K. for example. I would love to work with the NSA (Canadian, unfortunately), what credentials do you look for recruiting?

IamBillBinney21 karma

Because they want to build dependencies within the military industrial intelligence complex. Its an incestuous relationship, they are screwing everybody.

You have to be a US citizen or... a working member of the FVEYS.

https://en.wikipedia.org/wiki/List_of_people_under_Five_Eyes_surveillance