Could 'Tailored Access Operations' Be An Alternative To 'Collect It All'?

from the easy-choices dept

One of the most contentious aspects of the NSA's surveillance is the central belief by General Alexander and presumably many others at the agency that it must "collect it all" in order to protect the public. To stand a chance of overturning that policy, those against this dragnet approach need to come up with a realistic alternative. An interesting article by Matt Blaze in the Guardian offers a suggestion in this regard that takes as its starting point the recent leaks in Der Spiegel about the extensive spying capabilities of the NSA's Tailored Access Operations (TAO). As Blaze points out:

if you are being individually targeted, you really don't stand a chance. The NSA's tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn't if you're a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more "wiretap friendly". The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering.
The key word there is "targeted": instead of building in to the Internet general weaknesses that allow everyone to be spied upon (and that can also be exploited by criminals or hostile nations), the NSA could use its elite TAO squad to gain access to the systems of particular individuals. This has several huge advantages over dragnet collection. First, it avoids the whole problem of searching for possible needles in an enormous haystack -- the favorite metaphor of the NSA. Instead, it puts the emphasis on investigating just the needles. Secondly, it can't be applied indiscriminately:
as well as TAO works (and it appears to work quite well indeed), they can't deploy it against all of us -- or even most of us. They must be installed on each individual target's own equipment, sometimes remotely but sometimes through "supply chain interdiction" or "black bag jobs". By their nature, targeted exploits must be used selectively.
The final advantage is that because of the more limited scale of the surveillance, it is possible to require individual approval from a judge for every single operation before it is carried out. By scaling things back, meaningful oversight can be introduced in a way that is simply not possible when the crude "collect it all" approach is employed. As Blaze concludes:
The intelligence community no doubt regards targeted collection methods like TAO as a method of last resort, to be used only when mass surveillance fails. We urgently need to reverse this. Yes, we can expect resistance from the NSA and its "five eyes" partners at any suggestion that they scale back mass collection in favor of targeted methods. It means doing things differently, not to mention that carefully focused targeting is likely more expensive than drinking from the fire hose to which they've become accustomed.

But if TAO is a bit more expensive, it also demonstrates that we have a real choice here. We can safely curtail mass collection, shore up needlessly "wiretap friendly" infrastructure and generally protect ourselves against mass surveillance, all without shutting down legitimate intelligence gathering. In a free society, this should be an easy choice to make.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bulk data collection, collect it all, nsa, surveillance, tailored access operations


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 9 Jan 2014 @ 7:24am

    Sound reasoning, and it seems to be a reasonable compromise of security vs. privacy, the biggest problem is the various spy agencies all appear to be flat out addicted to their mass surveillance, and weaning them off of that is going to be quite the hurdle, considering they haven't even managed the first step of dealing with addictions, that of admitting that there is a problem.

    link to this | view in thread ]

  2. icon
    Ninja (profile), 9 Jan 2014 @ 7:48am

    Re:

    Sadly they won't go Amy Winehouse on their addiction and I suspect rehab attempts will be just as effective.

    It'll have to be cut down the hard way.

    link to this | view in thread ]

  3. identicon
    Loki, 9 Jan 2014 @ 9:26am

    "realistic alternatives" is a useless ideology because you are dealing with a mindset here that believe that "protecting the public" is only possible by controlling the public.

    No amount of alternatives are going to change that.

    At best you manage to curtail such activities and behaviors only as long as the public is willing to maintain constant vigilance on their government activities. The minute that diligence wavers in even the slightest, the people running things now will go right back to what their mindset dictates.

    The *only* way to ensure realistic change is to replace the people in charge with people who have a different mindset. Anything less is just blowing smoke in the wind and a waste of time.

    link to this | view in thread ]

  4. icon
    saulgoode (profile), 9 Jan 2014 @ 9:30am

    One of the most contentious aspects of the NSA's surveillance is the central belief by General Alexander and presumably many others at the agency that it must "collect it all" in order to protect the public. To stand a chance of overturning that policy, those against this dragnet approach need to come up with a realistic alternative.
    A realistic alternative? How about "don't collect it all". Fire the people who have based the organization's operations on this failed policy of "collect it all" and hire people who can run the NSA in a manner that doesn't do massive harm to U.S. technology companies, doesn't subvert the efficacy and reputations of cybersecurity standards bodies, doesn't embarrass the U.S. government in the eyes of foreign leaders, and doesn't violate the U.S. Constitution.

    link to this | view in thread ]

  5. identicon
    DogBreath, 9 Jan 2014 @ 9:49am

    'Tailored Access Operations' or 'Collect It All'

    The fear this will be Governments only response...

    http://i.imgur.com/nPoiPCA.jpg

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 9 Jan 2014 @ 9:59am

    Re:

    Well, those people thought they were playing a Japanese game about pocket monsters, so...

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 9 Jan 2014 @ 10:14am

    Are we sure they are selective?

    they can't deploy it against all of us -- or even most of us. They must be installed on each individual target's own equipment, sometimes remotely but sometimes through "supply chain interdiction" or "black bag jobs". By their nature, targeted exploits must be used selectively.

    I'm not sure that I buy that TAO are being selective. Schneier has been highlighting items from TAO's catalog of tricks. The one's he's shown so far are exploits for dell and HP server machines and juniper network devices. These are not items you'd find in someone's home. They're items you'd find in a commercial company's data center.

    link to this | view in thread ]

  8. icon
    weneedhelp (profile), 9 Jan 2014 @ 10:17am

    You have to stop looking

    at this as a program to stop "terrorists." It is not about stopping terrorism... it's about control.

    link to this | view in thread ]

  9. icon
    MadAsASnake (profile), 9 Jan 2014 @ 10:27am

    The problem is that they have become so fixated on the haystack, and obtaining every possible view of it, that they aren't really looking for the needles. I'd also question whether TAO would be more expensive. You'd save massively on obtaining, storing and sifting the haystacks - a task that that appears to be totally valueless. If you just retasked the haystack money to TAO you'd be better off by exactly that amount.

    link to this | view in thread ]

  10. icon
    MadAsASnake (profile), 9 Jan 2014 @ 10:28am

    Re: Are we sure they are selective?

    Though the stuff in peoples homes is probably an awful lot easier to crack. Security on ISP routers is close to nil.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 9 Jan 2014 @ 10:29am

    They aren't trying to actually stop terrorism. If they were, they'd have specifically targeted terrorists from the very beginning, instead of just spying on everyone.
    We've seen any number of studies proving that the NSA's actions are doing nothing to actually fight terrorism. You think the NSA were completely unaware of the likely outcome of their actions? It's by design.
    If terrorism was actually stopped, they wouldn't be able to justify everything they do by shouting "9/11!". They welcome terrorist attacks; they always have intel warning them about the likes of the Boston Bombing, but they would never do anything to stop them, because then they wouldn't be able to keep seizing more and more power in the name of "fighting terrorism".

    link to this | view in thread ]

  12. icon
    weneedhelp (profile), 9 Jan 2014 @ 10:30am

    My friend the

    Octopus will help you know who "Tailored access" will be tailored to:
    http://niqnaq.files.wordpress.com/2013/12/bawnccdceaeekoi-jpglarge.jpeg

    link to this | view in thread ]

  13. icon
    rabbit wise (profile), 9 Jan 2014 @ 10:35am

    ummm...

    Didn't we get into this whole situation by people coming up with "reasonable alternatives" to the Constitution?

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 9 Jan 2014 @ 10:44am

    How come ...

    ... every time I read "five eyes" I think "ten rings"?

    link to this | view in thread ]

  15. icon
    beltorak (profile), 9 Jan 2014 @ 11:00am

    I've done some serious thinking about this (and posted a reply to reddit's /r/privacy a few days ago). I don't think this is a good idea.

    For one, I don't think it's logistically possible to add reasonable and meaningful oversight. For another, the potential for accidentally spying on innocent people seems too high. The difference between TAO and a traditional (gagged or not) search warrant is that a search warrant is limited to a specific time; once the warrant is "done" the search stops. TAO however breaks the security of a device for its entire lifetime, no matter who that device is owned/operated by in the future. Finally, my trust in my government, and any reasonably realistic future government, has been shattered in this respect. This is a powerful tool and I do not think we as a species are ready to handle it responsibly.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 9 Jan 2014 @ 12:12pm

    unless someone is a known member of an organisation, destined to do harm to others for no particular reason other than they want to, their should be no surveillance at all!!

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 9 Jan 2014 @ 12:22pm

    Re:

    Reasonable compromise? TAO and other NSA programs are not about security, its espionage. The security theater is only for getting the funding from US taxpayers. How about starting a mind-your-own-fucking-business program, which will ensure that foreigners don't eye services and equipment from US companies with suspicion, and can have some privacy?

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 9 Jan 2014 @ 5:38pm

    If a warrant and probable cause come back into the equation. Then I'll support it, but I will never support bulk, unconstitutional dragnet spying. Never!

    Too many brave American patriots fought and gave their lives to make sure the American people would never have to live under that kind of unconstitutional tyranny and oppression.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 10 Jan 2014 @ 7:14am

    Re:

    Must of missed the section in the constitution that authorizes the creation of the nsa.........apart from that, SPOT ON my friend

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.