NSA Chief Says NSA Doesn't Need Access To Your Info... As Whistleblowers Say They're Already Getting It

from the cyber-security? dept

The American Enterprise Institute (AEI) recently held an event about cybersecurity and cybersecurity legislation. The keynote speech was from NSA boss General Keith Alexander. He of course talked about why he supports cybersecurity legislation, such as CISPA and other proposals that will make it easier for the NSA access private content from service providers -- much of which, reports claim, they're already capturing and storing. Alexander has claimed that the NSA doesn't have "the ability" to spy on American emails and such, and reiterates that claim during the Q&A in this session, insisting that the Utah data center doesn't hold data on Americans' emails (and makes a joke about just how many emails that would be to read). That's nice for him to say, but so many people with knowledge of the situation claim the opposite.

In fact, in a story that has received almost no attention, the EFF was able to get three whistleblowers to speak out on the NSA's massive spying infrastructure:
In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the "secret room" at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.
So it's interesting to pay attention to what Alexander has to say in pushing for cybersecurity legislation. You can watch the full video below, if you'd like:
Much of what he talks about online involves basic malware and hack attacks. These are definitely issues -- but are they issues that we need the military (which the NSA is a part of) to step in on? His "quote" line is that these attacks represent the "greatest transfer of wealth in history." That is a pretty broad statement, and there's almost no evidence to support it. He points to studies from Symantec and McAfee on the "costs" of dealing with security issues -- but remember, those are two of the biggest sellers of security software, and have every incentive in the world to inflate the so-called "costs." Also, seriously? The "greatest transfer of wealth in history"? Has he paid absolutely no attention to what's happened on Wall Street and the financial world over the past decade? Does anyone honestly believe that the amount of money "transferred" due to hack attacks is greater than the amount of money transferred due to dodgy financial deals and the mortgage/CDO mess? That doesn't pass the laugh test.

He does insist that worse attacks are coming, but provides no basis for that (or, again, why the NSA needs your info). In fact, according to a much more believable study, the real risks are not outside threats and hackers, but internal security screwups and disgruntled inside employees. None of that requires NSA help. At all.

But it sure makes for a convenient bogeyman to get new laws that take away privacy rights.

Alexander, recognizing the civil liberties audience he was talking to, admits that the NSA neither needs nor wants most personal info, such as emails, and repeatedly states that they need to protect civil liberties (though, in the section quoted below, you can also interpret his words to actually mean they don't care about civil liberties -- but that's almost certainly a misstatement on his part):
One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed. It doesn't require the government to read their mail -- or your mail -- to do that. It requires them -- the internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it.

It's like a missile, coming in to the United States.... there are two things you can do. We can take the "snail mail" approach and say "I saw a missile going overhead, looks like it's headed your way" and put a letter in the mail and say, "how'd that turn out?" Now, cyber is at the speed of light. I'm just saying that perhaps we ought to go a little faster. We probably don't want to use snail mail. Maybe we could do this in real time. And come up with a construct that you and the American people know that we're not looking at civil liberties and privacy, but we're actually trying to figure out when the nation is under attack and what we need to do about it.

Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there's a great approach there.
Now all that's interesting, because if that's true, then why is he supporting legislation that would override any privacy rules that protect such info? If he really only needs limited information sharing, then why isn't he in favor of more limited legislation that includes specific privacy protections for that kind of information? He goes back to insisting they don't care about this info later on in the talk, but never explains why he doesn't support legislation that continues to protect the privacy of such things:
The key thing in information sharing that gets, I think, misunderstood, is that when we talk about information sharing, we're not talking about taking our personal emails and giving those to the government.
So make that explicit. Rather than supporting cybersecurity legislation that wipes out all privacy protections why not highlight what kind of information sharing is blocked right now and why it's blocked? Is it because of ECPA regulations? Something else? What's the specific problem? Talking about bogeymen hackers and malicious actors makes for a good Hollywood script, but there's little evidence to support the idea that it's a real threat here -- and in response, Alexander is asking us all to basically wipe out all such privacy protections... because he insists that the NSA doesn't want that kind of info. And, oh yeah, this comes at the same time that three separate whistleblowers -- former NSA employees -- claim that the NSA is getting exactly that info already.

So, this speech is difficult to square up with that reality. If he really believes what he's saying, then why not (1) clearly identify the current regulatory hurdles to information sharing, (2) support legislation that merely amends those regulations and is limited to just those regulations and (3) support much broader privacy protections for the personal info that he insists isn't needed? It seems like a pretty straightforward question... though one I doubt we'll get an answer to. Ever. At least not before cybersecurity legislation gets passed.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Loki, Jul 11th, 2012 @ 9:34am

    His "quote" line is that these attacks represent the "greatest transfer of wealth in history."

    Hmm, Enron? Saving and loan scandals? Freddie Mac? Fannie Mae? Bear Sterns? The truth is the dude just hates the internet because it easily and quickly allows the dissemination of details about the real criminal enterprises that defraud millions of people a year of massive amounts of money.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 9:43am

    can't wait for the movie...

    like the Minority Report - but with NSA computers deciphering emails...and putting people in jail for it:

    Boy: Yea, that party is going to be the bomb! I can't wait.

    Woman: I was avoiding them like the plague.

    child: my father always beats me. we play checkers every night.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    rubberpants, Jul 11th, 2012 @ 9:48am

    Nice thing about cyber is that everything you do in cyber, you can audit.

    Cyber is a noun now?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Beta (profile), Jul 11th, 2012 @ 9:50am

    pronoun trouble

    "Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there's a great approach there."

    He might more accurately have said "everything you do in cyber, we can audit."

    (And I suppose I can dream of him saying "everything we do in cyber, you can audit.")

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    :Lobo Santo (profile), Jul 11th, 2012 @ 9:50am

    Re: The Greatest Scam ever Told!

    Yep, them poor government schmucks can't hardly get away with nothin! What with them "liberty" types spreading truth all over the internet... there outghta be a law!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    John Doe, Jul 11th, 2012 @ 9:55am

    Why not just monitor twitter?

    If they want to know about a missile flying overhead, why don't they just monitor the #missile hash tag on Twitter. Twitter is already public so no invasion of privacy there.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    lolzzzz, Jul 11th, 2012 @ 10:00am

    All i have to say to america is:

    LIAR LIAR PANTS ON FIRE

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Beta (profile), Jul 11th, 2012 @ 10:09am

    Re:

    "The grammar of Newspeak has two outstanding peculiarities. The first of these was an almost complete interchangeability between different parts of speech. Any word in the language (in principle this applied even to very abstract words such as if or when) could be used either as verb, noun, adjective, or adverb."

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Wally (profile), Jul 11th, 2012 @ 10:17am

    I will say it once.....

    ....I will say it again. There is so much information going through the computers at the NSA it doesn't matter. The info is almost never reviewed without warrant. I sort of hate it how people fail to grasp that concept.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Beta (profile), Jul 11th, 2012 @ 10:21am

    Re: I will say it once.....

    So why do they want more?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    John Doe, Jul 11th, 2012 @ 10:30am

    Re: I will say it once.....

    And you know this how? Also, how is it that this data can be collected w/o a warrant? Is the 4th amendment just a footnote now?

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Jay (profile), Jul 11th, 2012 @ 10:32am

    What's amazing is that no one here sees the abuse that coulda be caused by this complete access. You can destroy enemies with false claims as well as profit greatly on selling all of the information. What's to stop the government from accusing someone from trafficking in child porn? Causing dissent? Becoming a menace? The fact is, the government is essentially continuing age old programs introduced during the cold war, which make no sense in the digital era. Someone should look up the Eisenhower Doctrine and how to sensationalize media. Or COINTELPRO and how the FBI took the law into it's own hands. Fact is, these fights are the same ones as the ones in the 60s and 70s our even earlier time frames if only people would learn from history.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    John Fenderson (profile), Jul 11th, 2012 @ 11:15am

    Re:

    Cyber is a noun now?


    Sure, why not?

    Since the use of the term "cyber" is a strong indication that the person using the term is ignorant in the first place, I don't mind what part of speech they want to use it as.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    John Fenderson (profile), Jul 11th, 2012 @ 11:19am

    Re: I will say it once.....

    Why do you think people aren't grasping that concept? Do you think that intercepting and storing the information is OK if they never look at it? I certainly don't.

    The info is almost never reviewed without warrant


    ...the presence of the almost in there indicates that you think people are sometimes looking at the information without a warrant anyway. So what's your point again?

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Al Bert (profile), Jul 11th, 2012 @ 11:36am

    Re:

    I think what he meant to say was "These attacks represent an opportunity to institute the greatest transfer of wealth in history"

    ... though maybe wealth only as an intended consequence of power.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Al Bert (profile), Jul 11th, 2012 @ 11:41am

    Re:

    Whenever I hear people pushing the "cyber" button, I always like to think they're kids on AOL in 1999. So i guess Alexander likes to audit his nightly masturbatory chat logs.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Lord Binky, Jul 11th, 2012 @ 11:44am

    I'm really getting sick of this 'but i don't want to, make the government do it' attitude.
    "One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed."
    You don't need a law for that, you don't need special access, you need the equivalent of a fire alarm. Why is the NSA trying to provide the equivalent of a home security system to anything? It is the owners of the critical infrastructure to have such services in place. Make it a requirement just like they are required to have a fire alarm, but there's no reason the NSA needs to be cyber firefighters. In all his examples he states reactive responses to a security issue. That does not require additional information like they are asking for. What requires that additional information is predictive/premptive responses to a security issue that has yet to happen and that is where privacy > boogeymen. As nice as it to stop one bad thing from happening, it isn't worth opening yourself up more more bad things that are more common and frequent.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    dwg (profile), Jul 11th, 2012 @ 11:46am

    Re:

    See also "cyber is at the speed of light."

    The email is pretty amazing, too.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Colin, Jul 11th, 2012 @ 12:22pm

    Re: Re:

    Holy. Shit.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 1:00pm

    Re:

    Hell, why dont we take it to the next level, and assume at some point it will be the norm for a company to "lobby" an "information analyst" in providing sensitive yet beneficial information on a particular deal they may have a vested interest in

    Shucks, in a world like that, only the despicable would survive, seing as their ethics would see nothing wrong with it.......it'll be, well, it'll be, just business, i guess

    A system built from the ground up to potentially fuck people over, and all it would take is someone who's willing

    They want to monitor us, but who will monitor the monitors, with vigilance, from its conception till its dismantle, and just for good measure, who will monitor the monitors who are monitoring the monitors *brain freeze*


    Nah, im just being overdramatic, it'll never happen, its not like were taking the first step, in that POTENTIAL future, first step***********SPYING****************second step*************STORING***********third step************"ANALYZING"**************

    Wheres me tinfoil

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Lozine, Jul 11th, 2012 @ 1:15pm

    Whoaaaaa. If this all crashes down on us, we're screwed.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Androgynous Cowherd, Jul 11th, 2012 @ 3:23pm

    Hack attacks

    Much of what he talks about online involves basic malware and hack attacks. These are definitely issues -- but are they issues that we need the military (which the NSA is a part of) to step in on?


    Yes, because that worked out so well in Terminator 3.

    Now, cyber is at the speed of light. I'm just saying that perhaps we ought to go a little faster.


    According to Einstein, you might have a wee bit of trouble with that. And by all reports Einstein was a fairly smart guy.

    Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability.


    hehe

    hehehe

    *guffaw*

    Ah ...

    Ahahahahaha!

    HAHAHAHAHAHAHAHAHAHAHA!

    *ROTFL*

    Ahh, gee ...

    Yeah.

    Something involving computers that is 100% reliable.

    That'll be the day!

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 3:37pm

    "Cyber" is not a noun.

    Is this the same guy that made the "series of tubes" speech? Because if he isn't, he's doing a great impersonation.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 3:55pm

    Re: I will say it once.....

    Wow, way to miss the point.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 4:49pm

    Re: Re:

    If you came at the speed of light, you came too fast.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 4:51pm

    Re: I will say it once.....

    I'll say it again. 9/11 was not stopped because of too much intelligence. They had the information but could not sort the urgent from the trivial none of their business stuff.

    Why do the NSA love successful terrorist attacks?

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 5:48pm

    Re: I will say it once.....

    I've read that they put out a list of keywords everyday and those correspondences that contain the keywords are tagged for review. This is done without warrant. I may be wrong but what if?

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 5:56pm

    Re: I will say it once.....

    You mean like "ALMOST never"?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 5:56pm

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jul 11th, 2012 @ 5:57pm

    echelon

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    shutup, Jul 11th, 2012 @ 6:06pm

    ....

    The country that has enjoyed only 12 years without a war since its inception is talking about the catastrophic effects of war... joke...

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Digitalistically Speaking (profile), Jul 11th, 2012 @ 6:43pm

    What theats?

    Is He afraid that some hacker somewhere will gain access to our critical infrastructure and cause it to malfunction?

    Electrical grid?...Don't connect to the internet!
    Transportation?....Don't connect to the internet!
    Waterways?......... Is there a switch somewhere that you can flip and change the course of the Mississippi to east/west?
    Probably not.But if there is, don't connect it to the internet!
    Drinking water? Don't order Bottled water on the internet!
    Railroads?...Don't connect to the internet!
    Oil and gas...That's already being controlled my malicious types...No cyber security necessary.
    Military?...No amount of security is gonna help there.
    Governments?...All the foreign countries already have all the secrets they want.

    So what's left?

    Whatever it is don't connect it to the internet!

    Cyber Security problem solved.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Ed C., Jul 11th, 2012 @ 9:38pm

    Re: What theats?

    That's fine and all, until someone wants to check their email or facebook, or has to order hookers and crack for the boss. Just one blundering fool with more IE toolbars than screen space, and more malware than sense, is all it takes to for those dirty Chinese or Iranian hackers to take down our entire national infrastructure. You might think that all we need are proper firewalls and network segregation to prevent any such travesty, but no! The only way to stop these attacks is to create unregulated programs that require shoveling unaccounted billions to government contractors for equipment to spy on everyone. I mean, they obviously can't keep the children safe 24/7 if they aren't spying everyone and everything, right?

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Michael, Jul 12th, 2012 @ 6:11am

    The way these people talk, you'd think that there's a looming threat everywhere and at all times. And what's the magical do-all solution to all these (fabricated) boogeymen who are out to destroy us? Unfettered access to all private communications. The solution always comes at the expense of our civil liberties, our privacy, our Constitutional rights. Always, without exception.

    I see a bigger concern involved in all this. Our security infrastructure (theatre) is basically one large net pointed inward to spy on and target Americans, not foreign enemies. Why do they need to monitor us like an ant farm? What exactly is the agenda here? I know this much: they wouldn't spend billions creating such a huge data-gathering agency if they had nothing to gain from it. But what?

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    George W., Jul 14th, 2012 @ 12:41am

    Bull Sh*t

    This General is making false leading claims. 70%+ of all hacks come from the "inside". Some accidental. Some not. Scare mongering when the USA is the only one that is mostly likely doing all these attacks. Sad ..

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Anonymous Coward, Aug 3rd, 2012 @ 3:22pm

    well

    "cybersecurity" HAS caused the greatest transfer of wealth in history...straight into the bank accounts of the board of directors of every major bank on earth.

    if there were better external security systems, they wouldn't have creamed BILLIONS from their faked "collapses" into personal accounts.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This