Lawyer Who Gave President Bush Legal Cover For Warrantless Wiretapping Now Claims We'll Come To Love An Intrusive NSA

from the because-he's-clueless dept

Mon, Oct 14th 2013 9:45am — Mike Masnick

Late last week, an incredibly dishonest piece was published in The New Republic by Jack Goldsmith arguing not just that we "need" an "invasive NSA," but further, that we'll all come to love and appreciate the NSA snooping on all of our electronic communications (including snooping through the "contents" rather than just metadata). Why? Because of that old bogeyman "hackers"! We'll dig through the blatant cluelessness of the piece in a moment, but just to set the context, it's important to note that Goldsmith, back when he was a lawyer in the George W. Bush White House, wrote the memo that gave legal cover for Bush's warrantless wiretapping efforts. The legal argument was ridiculous: it was, more or less, "if the President does it, it's okay, because he's like powerful and stuff."

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

Got that? It's not the 4th Amendment he was worried about infringing on, but rather the "assigned powers of the President," which he argued included ignoring the 4th Amendment's requirement for a warrant before wiretapping. Anyway, so that gives you some sense of the kind of person writing this defense of an intrusive NSA. He believes that if the President is doing it for a good reason (as, apparently, decided by the President), then it's perfectly legal, because separation of powers is another concept that can be ignored.

Okay, back to his present... screed. The key argument here seems to be to puff up cybersecurity FUD as much as possible to argue that it won't be long until we're all begging the NSA to spy on us to stop hackers from defacing websites. His big "example" of this is the recent hacking of the NY Times' website by the Syrian Electronic Army. That story got a bit of attention for about two days, and then fell off the map -- which is precisely why Goldsmith is wrong. For all the FUD NSA supporters and big defense contractors keep claiming over cybersecurity, they seem to be unable to get past the fact that when someone hacks a website and defaces it, while it may be a nuisance, no one dies. Yes, they like to talk up how many cybersecurity attacks there are going on these days, but they won't discuss the fact that in all of them exactly zero people have died.

The story of the NY Times hacking disappeared almost as quickly as it happened, because the consequences weren't particularly large or important. Yet, Goldsmith is arguing, effectively, that the NSA needs access to all networks in order to prevent the SEA from hacking the NYT again.

The U.S. government can fully monitor air, space, and sea for potential attacks from abroad. But it has limited access to the channels of cyber-attack and cyber-theft, because they are owned by private telecommunication firms, and because Congress strictly limits government access to private communications. “I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Such access, he thinks, will give the government a fighting chance to find the needle of known malware in the haystack of communications so that it can block or degrade the attack or exploitation. It will also allow it to discern patterns of malicious activity in the swarm of communications, even when it doesn’t possess the malware’s signature. And it will better enable the government to trace back an attack’s trajectory so that it can discover the identity and geographical origin of the threat.

This makes two big assumptions -- one of which is false and the other of which is misleading. The first is that the NSA could or would actually successfully stop such a hack. This is false. Just like the NSA was unable to actually predict the Boston Marathon bombings, the idea that it could somehow catch a simple phishing trick is laughable. Goldsmith goes on at length about "malware" -- which he seems to grant mystical powers to -- but ignores that the reason the NYT's website got hacked was because of social engineering (via someone phishing an employee at a domain registrar), not malware. The NSA isn't going to catch that.

Secondly, there's the assumption that the NSA will actually "block or degrade the attack or exploitation." This appears to ignore pretty much everything that's come out about the NSA's activities lately, including its regular buying of exploits, placing backdoors in products and security standards, and its general focus on using such things offensively rather than defensively.

Goldsmith just keeps repeating these silly claims with ever grander claims over and over in the piece, as if he repeats it enough, perhaps someone will believe it. Frankly, Goldsmith comes off as an authoritarian-loving lawyer who is almost entirely technologically illiterate. He seems over-awed by the technology and thus insists that (1) the NSA needs to spy on everything to "protect" us and (2) that the government somehow will actually be the best party to protect insecure systems (totally ignoring the fact that the same government actively weakened those same technologies). For example, he goes back to the claim that some computer vandalism will make people open their arms to a spying NSA:

The first is that the cybersecurity threat is more pervasive and severe than the terrorism threat and is somewhat easier to see. If the Times’ website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security. The point generalizes: As cyber-theft and cyber-attacks continue to spread (and they will), and especially when they result in a catastrophic disaster (like a banking compromise that destroys market confidence, or a successful attack on an electrical grid), the public will demand government action to remedy the problem and will adjust its tolerance for intrusive government measures.

Except, again, there's little indication that any such attack would shatter people's trust in the market. This seems to presuppose an incredibly stupid populace, not one that can process basic information like "this website was hacked, and it may be inconvenient, but we'll get over it." Ditto the bogeyman of "hacking the electric grid." The NSA has talked up this "electric grid" threat for years and it's bogus. Actual experts have (literally) called such claims "a bunch of hooey." And even if hackers could take down an electric grid for some period of time, we have at least some sense of what will happen, thanks to the Northeast blackout of 2003, which took down a massive section of power in the northeast and midwest. And this was soon after 9/11, so people were especially sensitive to threats of terrorism... and they didn't freak out or destroy society. They waited for things to get sorted out, and people moved on with life. No biggie.

So the whole claim that "the cybersecurity threat is more pervasive and severe than the terrorism threat" is ridiculous.

Goldsmith may want to support his beloved surveillance state, which he personally helped expand a decade ago, but fear mongering is no way to make a compelling argument -- especially when it appears so clueless about the basics of technology and the threats out there.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: george w. bush, jack goldsmith, nsa, nsa surveillance

37 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 14 Oct 2013 @ 9:58am

And even if hackers could take down an electric grid for some period of time, we have at least some sense of what will happen, thanks to the Northeast blackout of 2003, which took down a massive section of power in the northeast and midwest.

There was also the storm back in summer of 2012 that left large chunks of the D.C. region without power for a substantial chunk of a week. It was annoying, but people just waited for the power companies to restore power.

Which is pretty much how power outages go in general. They're common enough that people know how to deal with them, and while lengthy ones are annoying, that's pretty much the extent of it. It's difficult to imagine hackers bringing down enough of the power grid to cause substantially more damage than a particularly bad storm.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Dec 2013 @ 2:03pm
  
  Response to: Anonymous Coward on Oct 14th, 2013 @ 9:58am
  [ link to this | view in chronology ]
SolkeshNaranek (profile), 14 Oct 2013 @ 10:00am

Learn to love the NSA
I think it would be far easier to get genital warts plus hemorrhoids and learn to love them.
[ link to this | view in chronology ]
- Anonymous Coward, 14 Oct 2013 @ 11:05am
  
  Re: Learn to love the NSA
  I get "Doctor strange love" and "we need a strong man" from the story.
  
  Fascism and "the mad lone terrorist" are very disturbing to see appreciated to such a degree as from sir Goldsmith in this instance!
  
  Hopefully it is satire. I dont believe people can genuinely be diluted enough to see the fourth amendment as anti-americanism and FISA as unconstitutional on ground of being a limiting power for the president.
  [ link to this | view in chronology ]
  - Anonymous Coward, 14 Oct 2013 @ 11:25am
    
    Re: Re: Learn to love the NSA
    I think you mean "deluded", but the "diluted" term also has a fair amount of meaning as well.
    [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 14 Oct 2013 @ 10:01am

Well, you're not the audience.
But manifestly a large portion of the populace fell for the imperialist militaristic "father state" jingoism while reviling the "nanny state" as "socialism". Else Limbaugh, Hannity, O'Reilly, Coulter and all of FOX "news" wouldn't have an audience. Heck, I don't even call 'em "dishonest" because they actually believe the pseudo-religious fascist surveillance state is necessary to survive against the supposedly rabid Mohammedist hordes. It's amazing, but there they are.

As for rest: but banking could easily be taken off line and the country would grind to a halt. Or did you miss the EBT outage this weekend? Looks to me like a test of succh control. (Two purposes were served: the poor are enraged against "Republicans" who shut down the gov't, while "conservatives" are amused at that because consider the poor on food stamps all "freeloaders" and it's high time to make them grovel. Meanwhile, both groups miss The Rich who are actually running the country AND the real freeloaders.)
[ link to this | view in chronology ]
- Gwiz (profile), 14 Oct 2013 @ 10:41am
  
  Re: Well, you're not the audience.
  Or did you miss the EBT outage this weekend? Looks to me like a test of succh control.
  
  Actually it's a much wider conspiracy than all of that, Blue.
  
  It's all being orchestrated by Big Tinfoil to drive up prices and you have fallen right into their trap.
  [ link to this | view in chronology ]
- Anonymous Coward, 14 Oct 2013 @ 11:21am
  
  Re: Well, you're not the audience.
  You keep banging the rich in the NSA/Google stories yet in copyright related stories you brown nose these very same people.
  
  So which is it blue? Do you love them or hate them?
  [ link to this | view in chronology ]
  - Pragmatic, 15 Oct 2013 @ 5:38am
    
    Re: Re: Well, you're not the audience.
    Now that the Crazy Copyright Lady has realised that copyright is a tool of The Rich, she has amended her stance to "copyright for the masses, but not the upper classes."
    
    In another few months perhaps you'll come around to our way of thinking.
    [ link to this | view in chronology ]
Kel (profile), 14 Oct 2013 @ 10:08am

But it hurts someone's wallet
Well it may be technically true that no one has died (yet) from defacing a corporate web site, the author of this unprovoked and simplistic attack piece forgets one import thing. There is something on the line here far more important than mere life. Someone lost *money* because of those nasty, smelly, hippy hackers. It is quite easy for the author to overlook this when it is someone else's share holders at risk.
[ link to this | view in chronology ]
Internet Zen Master (profile), 14 Oct 2013 @ 10:09am

So basically what Goldsmith is trying to say is
"Keep Calm and Love the NSA"

Yeah... How about no.
[ link to this | view in chronology ]
Anonymous Anonymous Coward, 14 Oct 2013 @ 10:17am

Market Confindence?

"As cyber-theft and cyber-attacks continue to spread (and they will), and especially when they result in a catastrophic disaster (like a banking compromise that destroys market confidence"

I do believe that the current stalemate in congress over the debt limit and funding the government will go a whole lot further to 'destroying market confidence' than anything the NSA could prevent.
[ link to this | view in chronology ]
- Anonymous Coward, 14 Oct 2013 @ 10:24am
  
  Re: Market Confindence?
  The next financial bubble bursting will do more to "destroy market confidence" than anything the NSA could prevent.
  [ link to this | view in chronology ]
That Anonymous Coward (profile), 14 Oct 2013 @ 10:24am

Obligatory...
http://xkcd.com/932/
[ link to this | view in chronology ]
dcfusor (profile), 14 Oct 2013 @ 10:26am

Nice when shills self-identify
Title says it all.
[ link to this | view in chronology ]
John Fenderson (profile), 14 Oct 2013 @ 10:26am

What if he's right?
If all his scaremongering comes to pass, my reaction would certainly not be to embrace further intrusion by the NSA or anyone else. It would be to raise holy hell about companies and agencies placing critical systems on the internet at all.

The way it's supposed to work is this: critical systems are not on the internet. For example, systems that allow access to data such as the NYT website, are not actually reaching into the company's working database. It's using a copy devoted to the public-facing access. The idea is that even if the public-facing system is 100% compromised and destroyed, nothing of real importance has been lost as there is no way to get to internal systems from the public-facing ones, and all that was there was a copy of the data being offered up.

This has all been established best practice for longer than the internet itself has been open to the public. If a company or agency is failing to adhere to best practices, the solution isn't further encroachment on everyone's privacy, but to punish the company or agency for their idiotic practices.
[ link to this | view in chronology ]
Anonymous Coward, 14 Oct 2013 @ 10:45am

You'd think with all the data-hoovering the NSA has been doing, they'd have hoovered up some common sense by now.
[ link to this | view in chronology ]
- Anonymous Coward, 14 Oct 2013 @ 2:44pm
  
  Re:
  Not a chance, to a spy agency, data is like crack, they cannot get enough of it.
  [ link to this | view in chronology ]
Michael, 14 Oct 2013 @ 10:56am

If the Times� website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security

So we start this statement with not one, but two big "if's" and then move onto an "or" - making it a somewhat useless statement to begin with.

But no! Ite gets worse!

We then move on to the editorial staff at the NYT re-thinking their proper balance of privacy and security. I have spent years reading the times and I'm not convinved the editorial staff has ever really done much thinking in the first place.
[ link to this | view in chronology ]
Anonymous Coward, 14 Oct 2013 @ 11:05am

The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States.

Since when were Americans foreigners in their own coutry.
[ link to this | view in chronology ]
- Brazenly Anonymous, 14 Oct 2013 @ 1:32pm
  
  Re:
  I'd be a bit more concerned about the "enemy forces" label than the "foreign affairs" label. Additionally, this label is being applied to our allies' citizens as well. Something tells me it isn't really a good idea from a diplomatic standpoint to be identifying foreign non-combatants as "enemy forces."
  [ link to this | view in chronology ]
TheLastCzarnian (profile), 14 Oct 2013 @ 11:07am

Come on!
Everyone knows, if the President does it, it's not illegal.
Wait, where have I heard that before?
[ link to this | view in chronology ]
Wolfy, 14 Oct 2013 @ 11:07am

I think I prefer the US Constitution the way it was written.
[ link to this | view in chronology ]
Cosmicrat, 14 Oct 2013 @ 11:12am

Intellectual theft of the cyber war meme
What stands out to me is his conflation of IP "theft" with national security.

The national hero Keith Alexander and his brave troops at Cyber Command are working valiantly to protect America's nuclear missiles, air traffic control systems, critical infrastructure and Miley Cyrus songs from Cyber Attack by terrorists, rogue states and copyright infringers.
[ link to this | view in chronology ]
otb (profile), 14 Oct 2013 @ 11:26am

Full Frontal
::waves watch::

You WILL love the NSA. You WILL love the NSA. You HATE your privacy. Privacy leads to EVIL. You WILL love the NSA. You will LOVE the NSA. You no longer need your parents. You only need a nanny state. We are your parents now. We are your parents now.

Now lay back, this will only hurt a bit, and the frontal lobe of your brain is vestigial in 2013 anyway...

::picks up scalpel::
[ link to this | view in chronology ]
CommonSense (profile), 14 Oct 2013 @ 11:55am

"If the president does it, it's ok..."
This is really making me angry again at my parents generation for not impeaching and prosecuting to the full extent of the law that asshole Nixon for breaking the law while in office because "When the president of the united states does it, it's not illegal!"

FUCK THAT! It should be twice as illegal for a person of such power to break the law, and should be punished by a factor of 10 for the disgusting impact on the whole world. Bush, Obama, shit, maybe even Clinton, and almost certainly, unless they put an immediate end to these illegal programs upon taking office, even the next president should be put on trial, and sent to federal "pound-me-in-the-ass" prison.
[ link to this | view in chronology ]
- John Fenderson (profile), 14 Oct 2013 @ 2:40pm
  
  Re: "If the president does it, it's ok..."
  Exactly right. As a rule of thumb, the standards we hold people to and the penalties for abusing power should grow in proportion to the amount of power the job confers.
  [ link to this | view in chronology ]
Davey, 14 Oct 2013 @ 12:18pm

Love the NSA or else!
I don't read all of the comments here, so forgive me if this thought isn't original:

They say...
If you don't love the NSA and approve of its actions, then the terrorists have won.

I say...
You're right - the terrorists won when the US government decided that it needed to protect itself *from us*, rather than protect us. It has apparently decided that any/all of us may be linked to a terrorist via our electronic footprints.
[ link to this | view in chronology ]
Anonymous Coward, 14 Oct 2013 @ 1:31pm

i didn't realise that once you became a lawyer, you also became a complete fucking prick as well!
[ link to this | view in chronology ]
- otb (profile), 14 Oct 2013 @ 1:57pm
  
  Re:
  I thought that was common knowledge.
  [ link to this | view in chronology ]
Katie Rose, 14 Oct 2013 @ 3:25pm

"More, too, must be done to ... control the stealth introduction of vulnerabilities during the manufacture of computer components�vulnerabilities that can later be used as windows for cyber-attacks."

Perhaps we should shut down the NSA, so that they can't continue to do this?
[ link to this | view in chronology ]
Anonymous Coward, 14 Oct 2013 @ 8:32pm

Mike - Jack Goldsmith was never a lawyer in the George W. Bush (or any other) White House. It would take you all of 30 seconds of Googling to figure that out. You seem to hold others to very high standards of accuracy. Why not apply something similar to your own writing? Should we assume your other assertions are equally inaccurate?
[ link to this | view in chronology ]
- John Fenderson (profile), 15 Oct 2013 @ 10:51am
  
  Re:
  Here's what I found out in my Googling:
  
  "He was a law professor at the University of Chicago when in 2002, he joined the Bush administration as legal adviser to the General Counsel of the Department of Defense. In October 2003 he was appointed as an United States Assistant Attorney General, leading the Office of Legal Counsel in the Department of Justice under Attorney General John Ashcroft and Deputy Attorney General James Comey."
  
  So, you're technically right. Not a lawyer in "the white house" but certainly a lawyer in the administration. However, "the white house" is commonly used as a synonym for "the administration". In that light, your scolding is a bit disingenuous and petty.
  [ link to this | view in chronology ]
Anonymous Coward, 14 Oct 2013 @ 8:45pm

Cartman: ["I've done it. I've infiltrated the NSA, and gained their trust." A shot of Alec Baldwin and his date at a buffet restaurant. The camera pans across until it reachs the couple. Alec tries to hold his fork properly, but fails each time. "So far, I've not ascertained how they were able to keep track of everyone in the country, but I'm close. Very close. I just hope that I'm not found out as a whistleblower before I'm able to expose their entire operation."]

Date: What is that voice?

Alec Baldwin: Some little faggot in my head.
[ link to this | view in chronology ]
Anonymous Coward, 14 Oct 2013 @ 11:55pm

NSA:
http://www.youtube.com/watch?v=rwp60eYuie0
[ link to this | view in chronology ]
limbodog (profile), 15 Oct 2013 @ 8:02am

"It's kind of like being hit on the head with a 2x4 about once every few minutes. After a while, you kinda start to *like* it!" - Michael Garibauldi (Babylon 5)
[ link to this | view in chronology ]
BentFranklin (profile), 15 Oct 2013 @ 9:56am

Of course, next up is the false flag hacker attack to justify this position, just like the anthrax justified the Patriot Act, or as I call it "Cheneycare".
[ link to this | view in chronology ]