If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused

from the because-they-have dept

Fri, Sep 13th 2013 1:13pm — Mike Masnick

We've already pointed out that, for all the talk from NSA defenders that there have been almost no abuses of the system because of these supposedly foolproof "audits," none of those audits caught what Ed Snowden did, and it appeared that around 1,000 other people had the same sort of access that Snowden did. If anyone thinks that Snowden was the only one who used it to access documents he wasn't supposed to, that seems tremendously naive.

As Zeynep Tufekci notes, anyone who claims that the NSA's data hasn't been misused would have to know more about the NSA's system than the NSA does, since they don't seem to have a way to make sure it wasn't abused.

Given this reality, can anyone truly deny the possibility that a malevolent Snowden or a foreign government that might have placed a sysadmin mole into NSA has NOT scooped up personal information on influential and important politicians and is now (or will in the future) blackmailing them? Can we be sure that there is not already massive “unauthorized” snooping at lower levels? There is already a whistle blower who claims Barack Obama was wiretapped by the NSA along with a whole number of high-level US politicians. The possibilities for mischief—ranging from the small potatoes cases of scorned lovers to significant political and personal blackmail and deep privacy violations—is vast. And the scary truth is that nobody really knows for sure what has already happened, nor can anyone claim or guarantee that it won’t. Not the pundits, not the NSA itself, and not any individual sysadmin because, as I’ve already argued, digital unknowns can stay buried forever if tracks are covered with expertise and root access.

This, right here, is a key part of the problem. If there has been abuse (beyond what's already been reported), we probably wouldn't even know about it because the only ones who do know about it are those involved. And that's what's so scary here. The defenders of this system seem to have astounding and naive levels of trust that everyone working for them is trustworthy when that's almost certainly not true. The system itself is broken, and the claims from its defenders aren't unbelievable because they're unbelievable, they're unbelievable because what they're saying is impossible.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: abuse, nsa, nsa surveillance

29 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 13 Sep 2013 @ 1:29pm

I've pointed this out over and over and over again: there are two ways to gather intelligence.

One is to go get it. This is hard. It's expensive. It's tedious. Sometimes it's risky. It's a pain in the ass.

The other is to wait for someone else to go get it, and then copy it from them. Often much easier, cheaper and expedient.

The NSA has spent tens of billions of US taxpayer dollars making the second alternative vastly more attractive to every other country on earth. After, if a junior contract system administrator can walk out the door with a big bundle of goodies, what could a senior, trained, full-time employee who's spent twenty years gaining access go home with?
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 1:30pm

By expanding their role and size NSA have left themselves open to infiltration and abuse. Congress should wake up to the fact that a large spy agency which tries to gather all available information is as much a danger as it is a help.
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 13 Sep 2013 @ 1:56pm

Same reasoning applies to Google and Facebook.
You don't know what they're officially up to, nor what employees are doing unofficially.

Ties and payoffs go deep and are WEIRD. For instance, here's the Pentagon fighting against NASA subsidizing Google billionaires!

Google Jet Fleet Loses a Pentagon Fuel Perk

http://online.wsj.com/article/SB10001424127887323864604579069730686941454.html?mod=WSJ_hpp_M IDDLENexttoWhatsNewsForth

Spying is the main 'business model' of the internet, especially for Google and Facebook.
[ link to this | view in thread ]
That One Guy (profile), 13 Sep 2013 @ 2:18pm

Re: Same reasoning applies to Google and Facebook.
I know by now I'd have more luck trying to convince a brick wall to shift a few inches to the left but...

You can opt out of using google and facebook, you cannot opt out of NSA/government surveillance.
[ link to this | view in thread ]
Mike Masnick (profile), 13 Sep 2013 @ 2:28pm

Re: Re: Same reasoning applies to Google and Facebook.
You can opt out of using google and facebook, you cannot opt out of NSA/government surveillance.

Also, the government has guns and jails. Google/Facebook do not.

These things kind of matter.
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 2:49pm

ootb really needs to go on the Googlewagon. He's drank too much of the koolaid.

As has been mentioned over and over, Google is a choice that won't lock you up or shoot you if you chose not to use them. The government and its agencies give you no such choice.

I wonder sometimes if this database was not purposely designed this way to cover the tracks of those intending unofficially to use it in this very manner. I suspect the phrase that Gen Alexander gets what he wants might just have hidden depths to it. Not that he necessarily used it but someone in the background with less visibility very well could.
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 4:16pm

Who is to say NSA is not already using the information to influence politicians to say given NSA more funding or the NSA will reveal your deepest secrets.

Blackmail is a powerful tool, especially if trying to influence politicians where reputation is everything.

Or Blackmail newpaper editors.... the list goes on.
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 4:40pm

"The defenders of this system seem to have astounding and naive levels of trust that everyone working for them is trustworthy when that's almost certainly not true."

And the same is true of every enterprise that employs more than one person. If several people must have access then the data are not secure.
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 4:54pm

Re: Re: Same reasoning applies to Google and Facebook.
if you ever figure out how to get a brick wall to do that...

let us know
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 6:36pm

The chosen ones
Roughly 1000 people, with probably unlimited access to the largest collection of information about others ever conceived.

It must be odd, knowing you are one of a select few, with powers and abilities coveted by so many other powerful people.
[ link to this | view in thread ]
Anonymous Coward, 13 Sep 2013 @ 7:22pm

Mr Masnick-
you have the following trackers/scripts/beacons on this page:

google
google +1
facebook
facebook connect
twitter
nativo
quantcast
reddit
repost.us
rp-api
double-click.net
gravatar
scorecar dresearch.com
quantiserve

...and that's just the first level that I can see without allowing them to run past NoScript, Ghostery, and RequestPolicy. often these things call in there friends when they're run...

If a person doesn't proactively protect their privacy, they can't even read Techdirt without being spyed on by google and facebook, and all those other companies.

Google is not bound by law to honor a request to not track, and you have to give them your information just to make that request. Requesting not to be tracked 'opting out', could actually help them track you.

Mr Masnick, I love your writing man, in fact you're one of my favorite journalists ever- and I understand this analytics stuff helps techdirt pay the bills and know what to write about. I sincerely appreciate that techdirt doesn't require the use of the scripts/beacons to read. You would lose me as a reader if it did.

When people say something so absurd and meaningless as 'you can opt out of google/facebook'- you shouldn't just hand wave at it. You know better, don't you? The (frankly suspicious as its often unsolicited and off topic) statement is ignorant, misleading, and that attitude is really part of the problem. Subverting corporate surveillance is a PITA and breaks a lot of the Internet. there is no meaningful 'opt out'. There is 'I refuse to run your scripts on my machine, to store your beacon gifs/content in my cache, or to respond to your marketing servers' and by technical means even those actions can be tracked by IP.
[ link to this | view in thread ]
Anonymous Coward, 14 Sep 2013 @ 6:47am

'If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused'

or if they have!!
[ link to this | view in thread ]
Mr. Tibbs, 14 Sep 2013 @ 11:55am

Re: Re: Same reasoning applies to Google and Facebook.
Really? If the NSA actually offered you the option to opt out, and you took it, do you think they would really opt you out, or would they simply lie about it like everything else? Facebook and Google's scruples are no better. Why do you think they NSA is so patently attracted to them?
[ link to this | view in thread ]
Mr. Tibbs, 14 Sep 2013 @ 12:04pm

Re: Re: Re: Same reasoning applies to Google and Facebook.
They do have paid security who have guns and can have someone jailed. No one is safe when there is money to be made.
[ link to this | view in thread ]
Mr. Tibbs, 14 Sep 2013 @ 12:14pm

Re:
Absolutely. These "Stepford Representatives" do as they're told, because they know what will happen if they don't. Also they get more monetary contributions than those who say no.
[ link to this | view in thread ]
Anonymous Coward, 14 Sep 2013 @ 2:21pm

If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused
Of course they can - afterall, they get to define (and then redefine as often as needed) what the word "abuse" means. By simply changing the meaning so that it excludes any "preceived wrong-doing", they ensure there is no abuse!
[ link to this | view in thread ]
nasch (profile), 16 Sep 2013 @ 5:54am

Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
They do have paid security who have guns and can have someone jailed.

Since when can security guards put people in jail?
[ link to this | view in thread ]
nasch (profile), 16 Sep 2013 @ 5:56am

Re: Re: Re: Same reasoning applies to Google and Facebook.
Facebook and Google's scruples are no better.

You can opt out by not using their services, unless you're arguing that Facebook and Google are spying on people who don't even use Facebook or Google. If that's the case, I would be interested to see any evidence for that.
[ link to this | view in thread ]
nasch (profile), 16 Sep 2013 @ 5:58am

Re:
that's just the first level that I can see without allowing them to run past NoScript, Ghostery, and RequestPolicy.

So they're not running. So what's the problem?
[ link to this | view in thread ]
Pragmatic, 16 Sep 2013 @ 6:26am

Re:
You haven't seen that rant of hers (you'll have to search for it) in which she declares that Google and FB are fronts for the NSA.
[ link to this | view in thread ]
jsf (profile), 16 Sep 2013 @ 7:49am

Potentially Bigger Issues
Even worse is the possibility that their systems have been compromised, not by insiders or even foreign agents, but by criminal organizations such as the spammers/scammers that we all encounter daily.
[ link to this | view in thread ]
Anonymous Coward, 16 Sep 2013 @ 9:12am

Re: Re:
Not everyone who reads this site is savvy. It's possible that by trying to advertise, Mike is opening the site up to attack or espionage. That's the argument here.
[ link to this | view in thread ]
nasch (profile), 16 Sep 2013 @ 10:07am

Re: Re: Re:
It's possible that by trying to advertise, Mike is opening the site up to attack or espionage.

I haven't heard that one before. Is there really a risk to the host?
[ link to this | view in thread ]
Anonymous Coward, 16 Sep 2013 @ 12:38pm

If/when you start paying attention to how sites work, and what's hidden on them (gifs, beacons, scripts) you'll see all the proof you need that google/facebook...etc's tracking goes way beyond people that use there services. For instance those social media buttons you see everywhere (share/post/like/tweet...etc) are all loaded from there respective service providers, regardless of the page your on. If you see those buttons, you're been tracked, at minimum- your IP goes in a data base with the date/time and site you where on.

"So they're not running. So what's the problem?"

I applaud techdirts decision not to require them, not all sites do this- that's part of the problem. The main problem is that most people don't understand that this is being done, they don't understand when they read a website they're also telling a dozen data mining companies what/when they're reading on that website. This is not at all an intuitive relationship.

"You haven't seen that rant of hers (you'll have to search for it) in which she declares that Google and FB are fronts for the NSA."

I never said that they are Fronts- that's plainly absurd. But I was ranting, which could be why you missed what I did say. Sorry for that. They are legitimate business's, their data mining makes business records, and those records are fair game to (or are just, flat out sold to) the intelligence groups- ergo they "effectively" do alot of spying that those agencies would not be legally allowed to do on their own. I don't see how that could be considered being a front, as those actions have nothing to do with the companies reason for existing. It's a symbiotic relationship, not exclusive.

Basically, by using 3rd party business records (in which you have no expectation to privacy) the gov is able to subvert it's own laws which are meant to function as checks and balances. This is a breakdown of the system. It allows toothless laws, and lie-less lies- loopholes and subversion.

Datamining and profiling themselves are not intrinsically bad or good- they are simply very powerful tools. They can and will do both great harm, and great good- it's not one or the other, it's both. It's a very difficult line to draw as to what's acceptable and not- and objectively, external factors are what really make up the paradigm of consequence.
[ link to this | view in thread ]
Anonymous Coward, 16 Sep 2013 @ 2:07pm

Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
They can't. They might have limited detainment powers, but those would only pertain to their post, which would be on Google property.
[ link to this | view in thread ]
Anonymous Coward, 17 Sep 2013 @ 12:08am

Re:
If/when you start paying attention to how sites work, and what's hidden on them (gifs, beacons, scripts) you'll see all the proof you need that google/facebook...etc's tracking goes way beyond people that use there services. For instance those social media buttons you see everywhere (share/post/like/tweet...etc) are all loaded from there respective service providers, regardless of the page your on. If you see those buttons, you're been tracked, at minimum- your IP goes in a data base with the date/time and site you where on.

Spoken like someone new to the conversation that hasn't taken the time to learn the stances. You can still avoid using even these hidden services by just a tiny bit of computer savvy. The easiest is using such add-ons as NoScript, which lets nothing run unless you explicitly allow it.
[ link to this | view in thread ]
Anonymous Coward, 17 Sep 2013 @ 10:54am

"Spoken like someone new to the conversation that hasn't taken the time to learn the stances..."

It seams like you didn't actually read what I wrote. I can't understand why else you'd say that. My aforementioned rant is in the 'latest casualty of nsa spying: advertising based tracking' comments= the core of the post is on how to subvert corporate surveillance. Please enlighten me on these 'stances' if you read my post and still feel that way.
[ link to this | view in thread ]
Mr. Tibbs, 18 Sep 2013 @ 12:22am

Re: Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
I didn't say "jail someone", I said "have someone jailed". The end result is the same. Are you so naive as to believe big money can't buy off the cops?
[ link to this | view in thread ]
nasch (profile), 18 Sep 2013 @ 6:20am

Re: Re: Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
Are you so naive as to believe big money can't buy off the cops?

Buy them off to get out of something maybe. Pay them to arrest someone innocent? I've never heard of that happening the US. I'm sure it has somewhere but it doesn't sound like something that's common or that just any wealthy company or individual could do.
[ link to this | view in thread ]