Dangerously Underpowered NSA Begging Legislators For Permission To Go To Cyberwar
from the poor,-neglected-NSA dept
Cyber-this and cyber-that. That's all the government wants to talk about. The NSA, which has always yearned for a larger slice of the cybersecurity pie, is pushing legislators to grant it permission to go all-out on the offensive to protectNSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.Yes, we (or rather, our representatives) are expected to believe the NSA is just barely getting by when it comes to cyber-capabilities. Somehow, backdoors in phone SIM cards, backdoors in networking hardware, backdoors in hard drives, compromised encryption standards, collection points on internet backbones, the cooperation of national security agencies around the world, stealth deployment of malicious spyware, the phone records of pretty much every American, access to major tech company data centers, an arsenal of purchased software and hardware exploits, various odds and ends yet to be disclosed and the full support of the last two administrations just isn't enough. Now, it wants the blessing of lawmakers to do even more than it already does. Which is quite a bit, actually.
The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.That was four years ago -- a lifetime when it comes to an agency with the capabilities the NSA possesses. Anyone who believes the current numbers are lower is probably lobbying increased power. And they don't believe it. They'd just act like they do.
Unfortunately, legislators may be in a receptive mood. CISA -- CISPA rebranded -- is back on the table. The recent Sony hack, which caused millions of dollars of embarrassment, has gotten more than a few of them fired up about the oft-deployed term "cybersecurity." Most of those backing this legislation don't seem to have the slightest idea (or just don't care) how much collateral damage it will cause or the extent to which they're looking to expand government power.
The NSA knows, and it wants this bill to sail through unburdened by anything more than its requests for permission to fire.
The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.In the meantime, Section 215 languishes slightly, as Trevor Timm points out. But that's the least of the NSA's worries. It has tech companies openly opposing its "collect everything" approach. Apple and Google are both being villainized by security and law enforcement agencies for their encryption-by-default plans. More and more broad requests for user data are being challenged, and (eventually) some of the administration's minor surveillance tweaks will be implemented.
Section 215 may die. (Or it may keep on living even in death, thanks to some ambiguous language in the PATRIOT Act.) But I would imagine the bulk phone metadata is no longer a priority for the NSA. It has too many other programs that harvest more and face fewer challenges. The NSA wants to be a major cyberwar player, which is something that will only increase its questionable tactics and domestic surveillance efforts. If it gets its way via CISA, it will be able to make broader and deeper demands for information from tech companies. Under the guise of "information sharing," the NSA will collect more and share less. And what it does share will be buried under redactions, gag orders and chants of "national security." Its partnerships with tech companies will bear a greater resemblance to parasitic relationships than anything approaching equitable, especially when these companies will have this "sharing" foisted upon them by dangerously terrible legislation.
But until it reaches that point, the NSA will keep claiming it's under-equipped to handle the modern world. And it will continue to make the very dubious claim that the best defense is an unrestrained offense.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: admiral mike rogers, cyberattacks, cyberwar, nsa
Reader Comments
Subscribe: RSS
View by: Time | Thread
The NSA and it's British counterpart don't have a whole lot of friends in the tech sector right now and it seems that's not likely to change any time soon.
[ link to this | view in thread ]
Is it the 90's again already
[ link to this | view in thread ]
[ link to this | view in thread ]
How come all our browsers & routers can be hacked in 15 minutes?
[ link to this | view in thread ]
Re: Passwords
[ link to this | view in thread ]
Old School Solution
[ link to this | view in thread ]
Simple solutions
Good people have done bad things for good reasons, but before you do that be sure you ARE doing that otherwise it's just organized crime or worse fascism.
[ link to this | view in thread ]
All about pushing his stated agenda
This is all about this. No more no less.
So sad indeed...
[ link to this | view in thread ]
[ link to this | view in thread ]
Fox and Friends
The mistake we are all making is not murdering thousands or hundreds of thousands for the state.
I'm looking at you british empire... you set the precedent
[ link to this | view in thread ]
Never mind they should be doing this, but even as they want to, just what the hell do they think they need?. Pick 10 more jerks, sit them behind a general purpose OS and computer and tell them to have at it.
You's thing there was some super-special network attack school the NSA was barred from attending or something, or really special equipment, and lots of it, needed. Hell, if they even want exploits or malware, they can damn well buy them and rent botnets (and then take them over if they want) out of the huge existing commercial market.
It's all about convenience. They want more money (because they always do), and they want some laws on the books so they can continue to do all the things they already do, but a whistleblower or other exposure will not have individuals in the NSA having to go to some pointless meetings about it (no one likes sitting through those kind of stupid meetings).
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Do not fear! The government only cares about "interesting" law-abiding citizens. If you piss the government off, you're interesting. If you challenge the status quo, you're interesting. If you work as a system administrator for a multi-million dollar company, you're interesting. Etc...
[ link to this | view in thread ]
That's like saying you need an offensive capability against lightening strikes. What are you going to do, shoot at the clouds?
[ link to this | view in thread ]
[ link to this | view in thread ]
CYBER, really?
There is no meaning to the term "cyber", that does not make any sense at all. Call it what it really is, computer-something-something, internet-something-something, etc.
Just my §0.02 :-)
[ link to this | view in thread ]
NSA's misuse of resources
http://www.ams.org/notices/201406/rnoti-p623.pdf
The letter from Keith Devlin is worth reading (no maths involved). He was involved in analysing how to extract valid information from very large amounts of data, and his conclusions were clear that if you want to find a tiny number of needles, then you need to target the analysis,
not grab all you can. A few quotes:
"I concentrate on whether indiscriminate “vacuuming up” of personal information that, according to the documents Edward Snowden has released, the NSA has routinely engaged in for several years can effectively predict terrorist attacks. I’ll say up front that, based on everything I learned in those five years, blanket surveillance is
highly unlikely to prevent a terrorist attack and is a dangerous misuse of resources that, if used in other ways, possibly could prevent attacks (such as the 2013 Boston Marathon bombing). Anyone with a reasonable sense of large numbers could surmise a similar conclusion. When the goal is to identify a very small number of key
signals in a large ocean of noise, indiscriminately increasing the size of the ocean is self-evidently not the way to go. "
"So when I hear officials from President Obama down say, “It’s just metadata,” I smell a deliberate attempt to mislead the population they are supposed to serve."
"How could we take an impossibly large amount of data and produce a human-sized output that a trained analyst could make effective use of? It would involve filtering, condensing, fusing, and processing information to a truly gigantic degree to provide that analyst (actually a team of analysts) with something manageable. And that was just the first step. That analyst would have to take his or her
conclusions and start a cascade of persuasion and decision-making running up through the command chain until it landed on the desk of a person who could initiate an action—an action having huge ramifications for public safety, the pursuit of which would carry the risks of danger to many people and of possible massive political fallout."
"Data mining systems don’t identify and take out terrorist groups; people do."
[ link to this | view in thread ]
The Jury
This will be a bad day for you.
We already had an oath and your unconstitutional actions are not in it.
You can ignore Us, but society already is in a cold civil war as I speak. It's cold cause people aren't say capping off corrupt cops from the mountain tops on their way to work yet.
You can bet your boots We are pissed off.
May your God help you!
Your day comes, the day you attacked Us.
You must be stopped.
Operations (growing economy, and solid monetary system based on silver and gold) under a constitutional republic will not be restored until we actually are a constitutional republic again, and that means you commie marxists who have infiltrated high government MUST go.
If you are breaking the oath, and going against the US Constitution you are an ENEMY of State. You can spin the words however you want. You infiltrated this country and you are the enemy!
[ link to this | view in thread ]
All from
Just like the music industry, the movie industry and the like. Screw all of them.
[ link to this | view in thread ]
[ link to this | view in thread ]
F.....OFF
if anything, their extremely OVERPOWERED, ......dangerously so
[ link to this | view in thread ]
Re:
Oh, they comprehend that just fine. They call such people "the enemy".
[ link to this | view in thread ]
Re: NSA's misuse of resources
You might want to ask those same mathematicians whether or not mass vacuuming up of everyone's communications and personal data indiscriminately would make the creation of large numbers of blackmail portfolios easier.
I'll bet they come back with a whole different answer.
---
[ link to this | view in thread ]
Re: The Jury
1. They're not Marxists, or Commies. They are Fascists - basically, businessmen disguised as statesmen.
If you're gonna aim yer gun, you should make sure you're aiming at the right targets. Otherwise ye can shoot all day and your real enemies will just sell you more bullets.
2. They did not infiltrate this country. They live here. In fact the billionaires liquidating America probably own more US property than the rest of the 99% combined.
So if yer looking for a foe that speaks and dresses funny, you're gonna wind up getting backstabbed by those guys behind you, who look and act just like you.
---
[ link to this | view in thread ]
Re: Re: The Jury
[ link to this | view in thread ]