Dangerously Underpowered NSA Begging Legislators For Permission To Go To Cyberwar

(Mis)Uses of Technology

from the poor,-neglected-NSA dept

Thu, Mar 26th 2015 2:36pm — Tim Cushing

Cyber-this and cyber-that. That's all the government wants to talk about. The NSA, which has always yearned for a larger slice of the cybersecurity pie, is pushing legislators to grant it permission to go all-out on the offensive to protect ~~foreign-owned movie studios~~ the USofA from hackers.

NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.

Yes, we (or rather, our representatives) are expected to believe the NSA is just barely getting by when it comes to cyber-capabilities. Somehow, backdoors in phone SIM cards, backdoors in networking hardware, backdoors in hard drives, compromised encryption standards, collection points on internet backbones, the cooperation of national security agencies around the world, stealth deployment of malicious spyware, the phone records of pretty much every American, access to major tech company data centers, an arsenal of purchased software and hardware exploits, various odds and ends yet to be disclosed and the full support of the last two administrations just isn't enough. Now, it wants the blessing of lawmakers to do even more than it already does. Which is quite a bit, actually.

The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.

That was four years ago -- a lifetime when it comes to an agency with the capabilities the NSA possesses. Anyone who believes the current numbers are lower is probably lobbying increased power. And they don't believe it. They'd just act like they do.

Unfortunately, legislators may be in a receptive mood. CISA -- CISPA rebranded -- is back on the table. The recent Sony hack, which caused millions of dollars of embarrassment, has gotten more than a few of them fired up about the oft-deployed term "cybersecurity." Most of those backing this legislation don't seem to have the slightest idea (or just don't care) how much collateral damage it will cause or the extent to which they're looking to expand government power.

The NSA knows, and it wants this bill to sail through unburdened by anything more than its requests for permission to fire.

The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.

In the meantime, Section 215 languishes slightly, as Trevor Timm points out. But that's the least of the NSA's worries. It has tech companies openly opposing its "collect everything" approach. Apple and Google are both being villainized by security and law enforcement agencies for their encryption-by-default plans. More and more broad requests for user data are being challenged, and (eventually) some of the administration's minor surveillance tweaks will be implemented.

Section 215 may die. (Or it may keep on living even in death, thanks to some ambiguous language in the PATRIOT Act.) But I would imagine the bulk phone metadata is no longer a priority for the NSA. It has too many other programs that harvest more and face fewer challenges. The NSA wants to be a major cyberwar player, which is something that will only increase its questionable tactics and domestic surveillance efforts. If it gets its way via CISA, it will be able to make broader and deeper demands for information from tech companies. Under the guise of "information sharing," the NSA will collect more and share less. And what it does share will be buried under redactions, gag orders and chants of "national security." Its partnerships with tech companies will bear a greater resemblance to parasitic relationships than anything approaching equitable, especially when these companies will have this "sharing" foisted upon them by dangerously terrible legislation.

But until it reaches that point, the NSA will keep claiming it's under-equipped to handle the modern world. And it will continue to make the very dubious claim that the best defense is an unrestrained offense.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: admiral mike rogers, cyberattacks, cyberwar, nsa

27 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 26 Mar 2015 @ 2:47pm

I feel I should take this time and repeat what Ed Snowden recently said: "We're making everyone less safe by being always offensive and never defensive."

The NSA and it's British counterpart don't have a whole lot of friends in the tech sector right now and it seems that's not likely to change any time soon.
[ link to this | view in chronology ]
Al, 26 Mar 2015 @ 2:56pm

Is it the 90's again already
Poor NSA back then they only had crappy CRAY's, when home machines where getting so powerful and distributed computing was up and comming SETI had more than them, I remember this and in the early 90's when I was young and stupid I actually felt sorry for them.
[ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 2:59pm

Or maybe the majority of hacking problems could be solved by not allowing passwords to be the word "password".
[ link to this | view in chronology ]
- Al, 26 Mar 2015 @ 3:39pm
  
  Re: Passwords
  My Password file contains many passwords that are not "password" once upon a time I worked for sony...
  [ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 3:23pm

How come all our browsers & routers can be hacked in 15 minutes?
People who live in glass houses shouldn't throw stones.
[ link to this | view in chronology ]
Capt ICE Enforcer, 26 Mar 2015 @ 3:39pm

Old School Solution
What ever happened to let's talk it out first before we destroy each other mentality. The NSA sounds like my ex wife's divorce attorney. Give us everything. Or else.
[ link to this | view in chronology ]
Al, 26 Mar 2015 @ 4:07pm

Simple solutions
Enemies of the state can only be known State actors or Known actors of STATE powers, in a democracy or a free society the State does not have the right to prevent revolution, it might be asserted that it has the moral imperative to encourage it, the greeks though not the best models of nice people where not wrong to have a process where by the worst where not only banned but exiled, we are dealing with people and as I have said before if you really think there is a nuke about to go off in downtown wherever, fine do what you need to do, torture, murder, kick in doors whatever, but even in defense of the nation the behavior cannot go unpunished because it is repugnant to a civilized society, and is illegal for a reason, if wherever didn't get blown up because of your actions a reasonable jury will show mercy for your transgressions but you shouldn't have a get out of jail card what you did must be known and the people should judge you, anything else becomes a violation of others for your own gain.
Good people have done bad things for good reasons, but before you do that be sure you ARE doing that otherwise it's just organized crime or worse fascism.
[ link to this | view in chronology ]
Kenpachi (profile), 26 Mar 2015 @ 4:48pm

All about pushing his stated agenda
NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.

This is all about this. No more no less.

So sad indeed...
[ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 5:15pm

They are already doing this, Belian Telicom, Gemalto many others. Once again this is just legitimizing what they already do retroactively.
[ link to this | view in chronology ]
al, 26 Mar 2015 @ 5:52pm

Fox and Friends
Who are we kidding running coke and organizing death squads only leads to PROFIT as ollie north haw proven.

The mistake we are all making is not murdering thousands or hundreds of thousands for the state.

I'm looking at you british empire... you set the precedent
[ link to this | view in chronology ]
orbitalinsertion (profile), 26 Mar 2015 @ 6:21pm

the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities

Never mind they should be doing this, but even as they want to, just what the hell do they think they need?. Pick 10 more jerks, sit them behind a general purpose OS and computer and tell them to have at it.

You's thing there was some super-special network attack school the NSA was barred from attending or something, or really special equipment, and lots of it, needed. Hell, if they even want exploits or malware, they can damn well buy them and rent botnets (and then take them over if they want) out of the huge existing commercial market.

It's all about convenience. They want more money (because they always do), and they want some laws on the books so they can continue to do all the things they already do, but a whistleblower or other exposure will not have individuals in the NSA having to go to some pointless meetings about it (no one likes sitting through those kind of stupid meetings).
[ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 7:08pm

It's possible that a major issue is an underpowered national defense due to the cyber threats posed by war criminals and terrorists that have acquired cyber weaponry.
[ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 7:25pm

I forsee a trend in snail mail coming ...
[ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 8:01pm

NSA will keep claiming it's under-equipped to handle the modern world.
They are under-equipped to handle the modern world. Their tiny little brains can't comprehend that there can exist people who don't agree with them. Modern humans understand tradeoffs and the existence of dissent. The NSA clearly doesn't.
[ link to this | view in chronology ]
- John Fenderson (profile), 27 Mar 2015 @ 1:11pm
  
  Re:
  "Their tiny little brains can't comprehend that there can exist people who don't agree with them."
  
  Oh, they comprehend that just fine. They call such people "the enemy".
  [ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 10:01pm

CISA is unconstitutional spying legislation for spying on Americans without a warrant. CISA will not prevent one cyber attack, but it will excel at warrantless spying on law-abiding American citizens.

Do not fear! The government only cares about "interesting" law-abiding citizens. If you piss the government off, you're interesting. If you challenge the status quo, you're interesting. If you work as a system administrator for a multi-million dollar company, you're interesting. Etc...
[ link to this | view in chronology ]
DB (profile), 26 Mar 2015 @ 10:42pm

I don't understand what they mean by needing an offensive capability against cyber attacks.

That's like saying you need an offensive capability against lightening strikes. What are you going to do, shoot at the clouds?
[ link to this | view in chronology ]
Anonymous Coward, 26 Mar 2015 @ 11:55pm

And so the warmongers move into cyberwarmongering. I thought America only started wars around oil, but I guess that's false.
[ link to this | view in chronology ]
Oliver (profile), 27 Mar 2015 @ 12:36am

CYBER, really?
Let's get something out of the way right from the beginning: Anybody that uses the BS term "cyber" looses all credibillity right away!
There is no meaning to the term "cyber", that does not make any sense at all. Call it what it really is, computer-something-something, internet-something-something, etc.

Just my §0.02 :-)
[ link to this | view in chronology ]
sciamiko (profile), 27 Mar 2015 @ 1:53am

NSA's misuse of resources
I very recently became aware of letters in the Notices of the American Mathematical Society under the title Mathematicians Discuss the Snowden Revelations. Although it dates back to June/July 2014, I think it's relevant here.

http://www.ams.org/notices/201406/rnoti-p623.pdf

The letter from Keith Devlin is worth reading (no maths involved). He was involved in analysing how to extract valid information from very large amounts of data, and his conclusions were clear that if you want to find a tiny number of needles, then you need to target the analysis,
not grab all you can. A few quotes:

"I concentrate on whether indiscriminate “vacuuming up” of personal information that, according to the documents Edward Snowden has released, the NSA has routinely engaged in for several years can effectively predict terrorist attacks. I’ll say up front that, based on everything I learned in those five years, blanket surveillance is
highly unlikely to prevent a terrorist attack and is a dangerous misuse of resources that, if used in other ways, possibly could prevent attacks (such as the 2013 Boston Marathon bombing). Anyone with a reasonable sense of large numbers could surmise a similar conclusion. When the goal is to identify a very small number of key
signals in a large ocean of noise, indiscriminately increasing the size of the ocean is self-evidently not the way to go. "

"So when I hear officials from President Obama down say, “It’s just metadata,” I smell a deliberate attempt to mislead the population they are supposed to serve."

"How could we take an impossibly large amount of data and produce a human-sized output that a trained analyst could make effective use of? It would involve filtering, condensing, fusing, and processing information to a truly gigantic degree to provide that analyst (actually a team of analysts) with something manageable. And that was just the first step. That analyst would have to take his or her
conclusions and start a cascade of persuasion and decision-making running up through the command chain until it landed on the desk of a person who could initiate an action—an action having huge ramifications for public safety, the pursuit of which would carry the risks of danger to many people and of possible massive political fallout."

"Data mining systems don’t identify and take out terrorist groups; people do."
[ link to this | view in chronology ]
- GEMont (profile), 27 Mar 2015 @ 3:27pm
  
  Re: NSA's misuse of resources
  " ...blanket surveillance is highly unlikely to prevent a terrorist attack..."
  
  You might want to ask those same mathematicians whether or not mass vacuuming up of everyone's communications and personal data indiscriminately would make the creation of large numbers of blackmail portfolios easier.
  
  I'll bet they come back with a whole different answer.
  
  ---
  [ link to this | view in chronology ]
Juror8675309, 27 Mar 2015 @ 1:54am

The Jury
One day your going to call Us for jury duty.
This will be a bad day for you.
We already had an oath and your unconstitutional actions are not in it.

You can ignore Us, but society already is in a cold civil war as I speak. It's cold cause people aren't say capping off corrupt cops from the mountain tops on their way to work yet.
You can bet your boots We are pissed off.

May your God help you!
Your day comes, the day you attacked Us.
You must be stopped.

Operations (growing economy, and solid monetary system based on silver and gold) under a constitutional republic will not be restored until we actually are a constitutional republic again, and that means you commie marxists who have infiltrated high government MUST go.

If you are breaking the oath, and going against the US Constitution you are an ENEMY of State. You can spin the words however you want. You infiltrated this country and you are the enemy!
[ link to this | view in chronology ]
- GEMont (profile), 27 Mar 2015 @ 3:35pm
  
  Re: The Jury
  Ummm... two points.
  
  1. They're not Marxists, or Commies. They are Fascists - basically, businessmen disguised as statesmen.
  
  If you're gonna aim yer gun, you should make sure you're aiming at the right targets. Otherwise ye can shoot all day and your real enemies will just sell you more bullets.
  
  2. They did not infiltrate this country. They live here. In fact the billionaires liquidating America probably own more US property than the rest of the 99% combined.
  
  So if yer looking for a foe that speaks and dresses funny, you're gonna wind up getting backstabbed by those guys behind you, who look and act just like you.
  
  ---
  [ link to this | view in chronology ]
  - John Fenderson (profile), 30 Mar 2015 @ 8:26am
    
    Re: Re: The Jury
    Exactly right.
    [ link to this | view in chronology ]
me, 27 Mar 2015 @ 3:52am

All from
From a bunch of goofs who already spy on everything and everyone and quietly admit they cant effectively datamine the metadata they already have. This is nothing more than a fishbowl cultured bunch of turds deseprate to justify their own existence.

Just like the music industry, the movie industry and the like. Screw all of them.
[ link to this | view in chronology ]
Padpaw (profile), 27 Mar 2015 @ 7:39am

let's give them even more abilities to make foreign nations mad enough to break alliances, remove trade deals or worst case attack. they already pushing it with their "do what I say not what I do actions"
[ link to this | view in chronology ]
Anonymous Coward, 27 Mar 2015 @ 11:16am

"Underpowered NSA"

F.....OFF

if anything, their extremely OVERPOWERED, ......dangerously so
[ link to this | view in chronology ]