NSA Chief Says NSA Doesn't Need Access To Your Info... As Whistleblowers Say They're Already Getting It
from the cyber-security? dept
The American Enterprise Institute (AEI) recently held an event about cybersecurity and cybersecurity legislation. The keynote speech was from NSA boss General Keith Alexander. He of course talked about why he supports cybersecurity legislation, such as CISPA and other proposals that will make it easier for the NSA access private content from service providers -- much of which, reports claim, they're already capturing and storing. Alexander has claimed that the NSA doesn't have "the ability" to spy on American emails and such, and reiterates that claim during the Q&A in this session, insisting that the Utah data center doesn't hold data on Americans' emails (and makes a joke about just how many emails that would be to read). That's nice for him to say, but so many people with knowledge of the situation claim the opposite.In fact, in a story that has received almost no attention, the EFF was able to get three whistleblowers to speak out on the NSA's massive spying infrastructure:
In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the "secret room" at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.So it's interesting to pay attention to what Alexander has to say in pushing for cybersecurity legislation. You can watch the full video below, if you'd like:
He does insist that worse attacks are coming, but provides no basis for that (or, again, why the NSA needs your info). In fact, according to a much more believable study, the real risks are not outside threats and hackers, but internal security screwups and disgruntled inside employees. None of that requires NSA help. At all.
But it sure makes for a convenient bogeyman to get new laws that take away privacy rights.
Alexander, recognizing the civil liberties audience he was talking to, admits that the NSA neither needs nor wants most personal info, such as emails, and repeatedly states that they need to protect civil liberties (though, in the section quoted below, you can also interpret his words to actually mean they don't care about civil liberties -- but that's almost certainly a misstatement on his part):
One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed. It doesn't require the government to read their mail -- or your mail -- to do that. It requires them -- the internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it.Now all that's interesting, because if that's true, then why is he supporting legislation that would override any privacy rules that protect such info? If he really only needs limited information sharing, then why isn't he in favor of more limited legislation that includes specific privacy protections for that kind of information? He goes back to insisting they don't care about this info later on in the talk, but never explains why he doesn't support legislation that continues to protect the privacy of such things:
It's like a missile, coming in to the United States.... there are two things you can do. We can take the "snail mail" approach and say "I saw a missile going overhead, looks like it's headed your way" and put a letter in the mail and say, "how'd that turn out?" Now, cyber is at the speed of light. I'm just saying that perhaps we ought to go a little faster. We probably don't want to use snail mail. Maybe we could do this in real time. And come up with a construct that you and the American people know that we're not looking at civil liberties and privacy, but we're actually trying to figure out when the nation is under attack and what we need to do about it.
Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there's a great approach there.
The key thing in information sharing that gets, I think, misunderstood, is that when we talk about information sharing, we're not talking about taking our personal emails and giving those to the government.So make that explicit. Rather than supporting cybersecurity legislation that wipes out all privacy protections why not highlight what kind of information sharing is blocked right now and why it's blocked? Is it because of ECPA regulations? Something else? What's the specific problem? Talking about bogeymen hackers and malicious actors makes for a good Hollywood script, but there's little evidence to support the idea that it's a real threat here -- and in response, Alexander is asking us all to basically wipe out all such privacy protections... because he insists that the NSA doesn't want that kind of info. And, oh yeah, this comes at the same time that three separate whistleblowers -- former NSA employees -- claim that the NSA is getting exactly that info already.
So, this speech is difficult to square up with that reality. If he really believes what he's saying, then why not (1) clearly identify the current regulatory hurdles to information sharing, (2) support legislation that merely amends those regulations and is limited to just those regulations and (3) support much broader privacy protections for the personal info that he insists isn't needed? It seems like a pretty straightforward question... though one I doubt we'll get an answer to. Ever. At least not before cybersecurity legislation gets passed.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, hackers, malware, nsa, spying, whistleblower
Companies: american enterprise institute, at&t, mcafee, symantec
Reader Comments
Subscribe: RSS
View by: Time | Thread
Hmm, Enron? Saving and loan scandals? Freddie Mac? Fannie Mae? Bear Sterns? The truth is the dude just hates the internet because it easily and quickly allows the dissemination of details about the real criminal enterprises that defraud millions of people a year of massive amounts of money.
[ link to this | view in chronology ]
Re: The Greatest Scam ever Told!
[ link to this | view in chronology ]
Re:
... though maybe wealth only as an intended consequence of power.
[ link to this | view in chronology ]
like the Minority Report - but with NSA computers deciphering emails...and putting people in jail for it:
Boy: Yea, that party is going to be the bomb! I can't wait.
Woman: I was avoiding them like the plague.
child: my father always beats me. we play checkers every night.
[ link to this | view in chronology ]
Cyber is a noun now?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Sure, why not?
Since the use of the term "cyber" is a strong indication that the person using the term is ignorant in the first place, I don't mind what part of speech they want to use it as.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
The email is pretty amazing, too.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
pronoun trouble
He might more accurately have said "everything you do in cyber, we can audit."
(And I suppose I can dream of him saying "everything we do in cyber, you can audit.")
[ link to this | view in chronology ]
Why not just monitor twitter?
[ link to this | view in chronology ]
All i have to say to america is:
[ link to this | view in chronology ]
I will say it once.....
[ link to this | view in chronology ]
Re: I will say it once.....
[ link to this | view in chronology ]
Re: I will say it once.....
[ link to this | view in chronology ]
Re: I will say it once.....
...the presence of the almost in there indicates that you think people are sometimes looking at the information without a warrant anyway. So what's your point again?
[ link to this | view in chronology ]
Re: I will say it once.....
[ link to this | view in chronology ]
Re: I will say it once.....
Why do the NSA love successful terrorist attacks?
[ link to this | view in chronology ]
Re: I will say it once.....
[ link to this | view in chronology ]
Re: I will say it once.....
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Shucks, in a world like that, only the despicable would survive, seing as their ethics would see nothing wrong with it.......it'll be, well, it'll be, just business, i guess
A system built from the ground up to potentially fuck people over, and all it would take is someone who's willing
They want to monitor us, but who will monitor the monitors, with vigilance, from its conception till its dismantle, and just for good measure, who will monitor the monitors who are monitoring the monitors *brain freeze*
Nah, im just being overdramatic, it'll never happen, its not like were taking the first step, in that POTENTIAL future, first step***********SPYING****************second step*************STORING***********third step************"ANALYZING"**************
Wheres me tinfoil
[ link to this | view in chronology ]
"One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed."
You don't need a law for that, you don't need special access, you need the equivalent of a fire alarm. Why is the NSA trying to provide the equivalent of a home security system to anything? It is the owners of the critical infrastructure to have such services in place. Make it a requirement just like they are required to have a fire alarm, but there's no reason the NSA needs to be cyber firefighters. In all his examples he states reactive responses to a security issue. That does not require additional information like they are asking for. What requires that additional information is predictive/premptive responses to a security issue that has yet to happen and that is where privacy > boogeymen. As nice as it to stop one bad thing from happening, it isn't worth opening yourself up more more bad things that are more common and frequent.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Hack attacks
Yes, because that worked out so well in Terminator 3.
According to Einstein, you might have a wee bit of trouble with that. And by all reports Einstein was a fairly smart guy.
hehe
hehehe
*guffaw*
Ah ...
Ahahahahaha!
HAHAHAHAHAHAHAHAHAHAHA!
*ROTFL*
Ahh, gee ...
Yeah.
Something involving computers that is 100% reliable.
That'll be the day!
[ link to this | view in chronology ]
"Cyber" is not a noun.
[ link to this | view in chronology ]
say no more
[ link to this | view in chronology ]
[ link to this | view in chronology ]
....
[ link to this | view in chronology ]
What theats?
Electrical grid?...Don't connect to the internet!
Transportation?....Don't connect to the internet!
Waterways?......... Is there a switch somewhere that you can flip and change the course of the Mississippi to east/west?
Probably not.But if there is, don't connect it to the internet!
Drinking water? Don't order Bottled water on the internet!
Railroads?...Don't connect to the internet!
Oil and gas...That's already being controlled my malicious types...No cyber security necessary.
Military?...No amount of security is gonna help there.
Governments?...All the foreign countries already have all the secrets they want.
So what's left?
Whatever it is don't connect it to the internet!
Cyber Security problem solved.
[ link to this | view in chronology ]
Re: What theats?
[ link to this | view in chronology ]
I see a bigger concern involved in all this. Our security infrastructure (theatre) is basically one large net pointed inward to spy on and target Americans, not foreign enemies. Why do they need to monitor us like an ant farm? What exactly is the agenda here? I know this much: they wouldn't spend billions creating such a huge data-gathering agency if they had nothing to gain from it. But what?
[ link to this | view in chronology ]
Bull Sh*t
[ link to this | view in chronology ]
well
if there were better external security systems, they wouldn't have creamed BILLIONS from their faked "collapses" into personal accounts.
[ link to this | view in chronology ]