Could 'Tailored Access Operations' Be An Alternative To 'Collect It All'?
from the easy-choices dept
One of the most contentious aspects of the NSA's surveillance is the central belief by General Alexander and presumably many others at the agency that it must "collect it all" in order to protect the public. To stand a chance of overturning that policy, those against this dragnet approach need to come up with a realistic alternative. An interesting article by Matt Blaze in the Guardian offers a suggestion in this regard that takes as its starting point the recent leaks in Der Spiegel about the extensive spying capabilities of the NSA's Tailored Access Operations (TAO). As Blaze points out:
if you are being individually targeted, you really don't stand a chance. The NSA's tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn't if you're a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more "wiretap friendly". The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering.
The key word there is "targeted": instead of building in to the Internet general weaknesses that allow everyone to be spied upon (and that can also be exploited by criminals or hostile nations), the NSA could use its elite TAO squad to gain access to the systems of particular individuals. This has several huge advantages over dragnet collection.
First, it avoids the whole problem of searching for possible needles in an enormous haystack -- the favorite metaphor of the NSA. Instead, it puts the emphasis on investigating just the needles. Secondly, it can't be applied indiscriminately:
as well as TAO works (and it appears to work quite well indeed), they can't deploy it against all of us -- or even most of us. They must be installed on each individual target's own equipment, sometimes remotely but sometimes through "supply chain interdiction" or "black bag jobs". By their nature, targeted exploits must be used selectively.
The final advantage is that because of the more limited scale of the surveillance, it is possible to require individual approval from a judge for every single operation before it is carried out. By scaling things back, meaningful oversight can be introduced in a way that is simply not possible when the crude "collect it all" approach is employed.
As Blaze concludes:
The intelligence community no doubt regards targeted collection methods like TAO as a method of last resort, to be used only when mass surveillance fails. We urgently need to reverse this. Yes, we can expect resistance from the NSA and its "five eyes" partners at any suggestion that they scale back mass collection in favor of targeted methods. It means doing things differently, not to mention that carefully focused targeting is likely more expensive than drinking from the fire hose to which they've become accustomed.
But if TAO is a bit more expensive, it also demonstrates that we have a real choice here. We can safely curtail mass collection, shore up needlessly "wiretap friendly" infrastructure and generally protect ourselves against mass surveillance, all without shutting down legitimate intelligence gathering. In a free society, this should be an easy choice to make.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bulk data collection, collect it all, nsa, surveillance, tailored access operations
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
It'll have to be cut down the hard way.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
No amount of alternatives are going to change that.
At best you manage to curtail such activities and behaviors only as long as the public is willing to maintain constant vigilance on their government activities. The minute that diligence wavers in even the slightest, the people running things now will go right back to what their mindset dictates.
The *only* way to ensure realistic change is to replace the people in charge with people who have a different mindset. Anything less is just blowing smoke in the wind and a waste of time.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
'Tailored Access Operations' or 'Collect It All'
http://i.imgur.com/nPoiPCA.jpg
[ link to this | view in chronology ]
Are we sure they are selective?
I'm not sure that I buy that TAO are being selective. Schneier has been highlighting items from TAO's catalog of tricks. The one's he's shown so far are exploits for dell and HP server machines and juniper network devices. These are not items you'd find in someone's home. They're items you'd find in a commercial company's data center.
[ link to this | view in chronology ]
Re: Are we sure they are selective?
[ link to this | view in chronology ]
You have to stop looking
[ link to this | view in chronology ]
[ link to this | view in chronology ]
We've seen any number of studies proving that the NSA's actions are doing nothing to actually fight terrorism. You think the NSA were completely unaware of the likely outcome of their actions? It's by design.
If terrorism was actually stopped, they wouldn't be able to justify everything they do by shouting "9/11!". They welcome terrorist attacks; they always have intel warning them about the likes of the Boston Bombing, but they would never do anything to stop them, because then they wouldn't be able to keep seizing more and more power in the name of "fighting terrorism".
[ link to this | view in chronology ]
My friend the
http://niqnaq.files.wordpress.com/2013/12/bawnccdceaeekoi-jpglarge.jpeg
[ link to this | view in chronology ]
ummm...
[ link to this | view in chronology ]
How come ...
[ link to this | view in chronology ]
For one, I don't think it's logistically possible to add reasonable and meaningful oversight. For another, the potential for accidentally spying on innocent people seems too high. The difference between TAO and a traditional (gagged or not) search warrant is that a search warrant is limited to a specific time; once the warrant is "done" the search stops. TAO however breaks the security of a device for its entire lifetime, no matter who that device is owned/operated by in the future. Finally, my trust in my government, and any reasonably realistic future government, has been shattered in this respect. This is a powerful tool and I do not think we as a species are ready to handle it responsibly.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Too many brave American patriots fought and gave their lives to make sure the American people would never have to live under that kind of unconstitutional tyranny and oppression.
[ link to this | view in chronology ]