Pages

11 June 2015

Is Latest NSA Revelation About Secret Hacker Monitoring Much Ado About Nothing?

Walter Pincus
June 9, 2015

NSA targeting of foreign hackers does not infringe on anyone’s privacy

What better way to celebrate the two-year anniversary of Edward Snowden’s first leak about the National Security Agency’s operations than to have the latest story from his cache of stolen government documents create another misleading public understanding of an NSA program, this one aimed at catching foreign hackers.

As with the initial Snowden-generated story about the NSA’s collection and storage of American telephone metadata (every call, date, time and duration) the newest story does not report any violation of law or misuse of the data that the NSA collected — only the implication that the program could be abused.

There also is no evidence, only the implication, that like the metadata program, the hacker program may incidentally sweep up Americans’ private information and that data could be misused. Moreover, key lawmakers and the court that oversees such intelligence operations were aware of the program and how it worked.

This NSA anti-hacker program was publicly disclosed Friday in a Page 1 New York Times article written in collaboration with ProPublica , the independent, nonprofit news organization.

A previously classified intelligence collection program, it has been in operation for at least five years, initially following Internet signatures associated with cyberthreats that originated from foreign or terrorist sources.

In 2012, the NSA sought to expand the program to include looking into signatures related just to “malicious cyber activity” and not linked to foreign or terrorist sources, according to a Snowden document posted on the Times’ Web site.

The Times story began: “Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.”

Many who read the story saw it as another example of the NSA gathering personal information about U.S. citizens.

One commentator, for instance, on the ProPublica Web site said, “Isn’t it interesting the way the scope of spying on Americans . . . seems to expand, often with only a few eyes within the system seeing the plan.”

The program carries out “warrantless” searches because it operates under Section 702 of the Foreign Intelligence Surveillance Act, which authorizes foreign intelligence collection programs after approval by a special court — but without requiring specific warrants from judges.

The Times story describes the “significant volumes of Americans’ information” that the U.S. government could gather as the NSA monitors what the hackers steal. The Times quotes a 2010 NSA Office of General Counsel briefing slide presentation, released by Snowden, that comments on the hacker program and warns analysts, “Hacker signatures pull in a lot.”

The General Counsel slide goes on to tell NSA analysts, “Focus on foreign target use of intrusion capabilities.” It adds that the “worst thing” the NSA could do is “to collect against a USP [U.S. person] hacker” because that would be using NSA surveillance capabilities “for LE [law enforcement] purpose without a warrant.”

Although the Times and ProPublica had that information, it was not published in the story.

If by following signatures NSA analysts inadvertently came across an American hacker, they were told to stop following that signature. If the U.S. hacker had gone into a “protected computer,” that was a violation of U.S. law and the analyst was to provide the facts to the General Counsel for transmission to the Justice Department.

The Times story raises the question about whether the NSA’s 2012 expanded authority, which includes supplying collected potential hacker data to the FBI, could be used to prosecute criminal cases in the United States. However, the Times does not note that federal employees — and particularly those involved in collecting and reviewing information (such as the Internal Revenue Service) — have an obligation to report potential federal criminal violations to the Justice Department.

The NSA slide briefing also advised that if analysts collected a foreign hacker’s download of Internet traffic from or about American individuals or companies, they were to limit what was not foreign intelligence and minimize retained information (remove American name identity) leaving only what was needed to show what the hacker was seeking and examples of what was obtained in order to do a damage assessment.

Ben Wittes, a senior fellow in governance studies at the Brookings Institution,wrote Friday on the Lawfare Web site that what the Times “breathlessly calls a ‘warrantless wiretapping’ of Americans’ Internet traffic” was “a rather predictable application of Section 702 . . . one it would be frankly shocking if NSA were not doing.”

In response, the Times’ Charlie Savage , who co-wrote the June 5 article, described it as “a transparency critique” of the anti-hacker program, explaining that its expansion “raises certain policy dilemmas about what the rules should be (especially for access to hacker victim data — fair game for querying or off limits) that merit public debate in a democracy.”

Ironically, Friday’s Times disclosure of this NSA anti-hacking program came at the same time the Obama administration released information about the hacking of records of 4 million current and former federal employees held by the Office of Personnel Management, allegedly by the Chinese.

In the wake of the NSA story and disclosure of the OPM hacking, legislators have talked about increasing rather than reducing the NSA’s anti-foreign hacking efforts.

On Fox News Sunday, Rep. Adam B. Schiff (D-Calif.), the ranking minority member on the House Permanent Select Committee on Intelligence, said the NSA program to identify hackers working for foreign states “is fundamentally what the American people expect of their government” and “we ought to be aggressively going after identifying and protecting the country from cyber hackers.”

Some Times readers agreed. As one commented in response to the article, “While we wring our hands over loss of privacy and government intrusion, the Chinese and others are stealing us blind. . . . I hate to break the news, but if you are on the Internet there is no such thing as privacy. Sorry.”

No comments:

Post a Comment