NSA Chief Says NSA Doesn't Need Access To Your Info… As Whistleblowers Say They're Already Getting It

from the cyber-security? dept

The American Enterprise Institute (AEI) recently held an event about cybersecurity and cybersecurity legislation. The keynote speech was from NSA boss General Keith Alexander. He of course talked about why he supports cybersecurity legislation, such as CISPA and other proposals that will make it easier for the NSA access private content from service providers — much of which, reports claim, they’re already capturing and storing. Alexander has claimed that the NSA doesn’t have “the ability” to spy on American emails and such, and reiterates that claim during the Q&A in this session, insisting that the Utah data center doesn’t hold data on Americans’ emails (and makes a joke about just how many emails that would be to read). That’s nice for him to say, but so many people with knowledge of the situation claim the opposite.

In fact, in a story that has received almost no attention, the EFF was able to get three whistleblowers to speak out on the NSA’s massive spying infrastructure:

In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the “secret room” at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.

So it’s interesting to pay attention to what Alexander has to say in pushing for cybersecurity legislation. You can watch the full video below, if you’d like:

Much of what he talks about online involves basic malware and hack attacks. These are definitely issues — but are they issues that we need the military (which the NSA is a part of) to step in on? His “quote” line is that these attacks represent the “greatest transfer of wealth in history.” That is a pretty broad statement, and there’s almost no evidence to support it. He points to studies from Symantec and McAfee on the “costs” of dealing with security issues — but remember, those are two of the biggest sellers of security software, and have every incentive in the world to inflate the so-called “costs.” Also, seriously? The “greatest transfer of wealth in history”? Has he paid absolutely no attention to what’s happened on Wall Street and the financial world over the past decade? Does anyone honestly believe that the amount of money “transferred” due to hack attacks is greater than the amount of money transferred due to dodgy financial deals and the mortgage/CDO mess? That doesn’t pass the laugh test.

He does insist that worse attacks are coming, but provides no basis for that (or, again, why the NSA needs your info). In fact, according to a much more believable study, the real risks are not outside threats and hackers, but internal security screwups and disgruntled inside employees. None of that requires NSA help. At all.

But it sure makes for a convenient bogeyman to get new laws that take away privacy rights.

Alexander, recognizing the civil liberties audience he was talking to, admits that the NSA neither needs nor wants most personal info, such as emails, and repeatedly states that they need to protect civil liberties (though, in the section quoted below, you can also interpret his words to actually mean they don’t care about civil liberties — but that’s almost certainly a misstatement on his part):

One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us… at network speed. It doesn’t require the government to read their mail — or your mail — to do that. It requires them — the internet service provider or that company — to tell us that that type of event is going on at this time. And it has to be at network speed if you’re going to stop it.

It’s like a missile, coming in to the United States…. there are two things you can do. We can take the “snail mail” approach and say “I saw a missile going overhead, looks like it’s headed your way” and put a letter in the mail and say, “how’d that turn out?” Now, cyber is at the speed of light. I’m just saying that perhaps we ought to go a little faster. We probably don’t want to use snail mail. Maybe we could do this in real time. And come up with a construct that you and the American people know that we’re not looking at civil liberties and privacy, but we’re actually trying to figure out when the nation is under attack and what we need to do about it.

Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there’s a great approach there.

Now all that’s interesting, because if that’s true, then why is he supporting legislation that would override any privacy rules that protect such info? If he really only needs limited information sharing, then why isn’t he in favor of more limited legislation that includes specific privacy protections for that kind of information? He goes back to insisting they don’t care about this info later on in the talk, but never explains why he doesn’t support legislation that continues to protect the privacy of such things:

The key thing in information sharing that gets, I think, misunderstood, is that when we talk about information sharing, we’re not talking about taking our personal emails and giving those to the government.

So make that explicit. Rather than supporting cybersecurity legislation that wipes out all privacy protections why not highlight what kind of information sharing is blocked right now and why it’s blocked? Is it because of ECPA regulations? Something else? What’s the specific problem? Talking about bogeymen hackers and malicious actors makes for a good Hollywood script, but there’s little evidence to support the idea that it’s a real threat here — and in response, Alexander is asking us all to basically wipe out all such privacy protections… because he insists that the NSA doesn’t want that kind of info. And, oh yeah, this comes at the same time that three separate whistleblowers — former NSA employees — claim that the NSA is getting exactly that info already.

So, this speech is difficult to square up with that reality. If he really believes what he’s saying, then why not (1) clearly identify the current regulatory hurdles to information sharing, (2) support legislation that merely amends those regulations and is limited to just those regulations and (3) support much broader privacy protections for the personal info that he insists isn’t needed? It seems like a pretty straightforward question… though one I doubt we’ll get an answer to. Ever. At least not before cybersecurity legislation gets passed.

Filed Under: , , , , ,
Companies: american enterprise institute, at&t, mcafee, symantec

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Chief Says NSA Doesn't Need Access To Your Info… As Whistleblowers Say They're Already Getting It”

Subscribe: RSS Leave a comment
Loki says:

His “quote” line is that these attacks represent the “greatest transfer of wealth in history.”

Hmm, Enron? Saving and loan scandals? Freddie Mac? Fannie Mae? Bear Sterns? The truth is the dude just hates the internet because it easily and quickly allows the dissemination of details about the real criminal enterprises that defraud millions of people a year of massive amounts of money.

John Fenderson (profile) says:

Re: I will say it once.....

Why do you think people aren’t grasping that concept? Do you think that intercepting and storing the information is OK if they never look at it? I certainly don’t.

The info is almost never reviewed without warrant

…the presence of the almost in there indicates that you think people are sometimes looking at the information without a warrant anyway. So what’s your point again?

Jay (profile) says:

What’s amazing is that no one here sees the abuse that coulda be caused by this complete access. You can destroy enemies with false claims as well as profit greatly on selling all of the information. What’s to stop the government from accusing someone from trafficking in child porn? Causing dissent? Becoming a menace? The fact is, the government is essentially continuing age old programs introduced during the cold war, which make no sense in the digital era. Someone should look up the Eisenhower Doctrine and how to sensationalize media. Or COINTELPRO and how the FBI took the law into it’s own hands. Fact is, these fights are the same ones as the ones in the 60s and 70s our even earlier time frames if only people would learn from history.

Anonymous Coward says:

Re: Re:

Hell, why dont we take it to the next level, and assume at some point it will be the norm for a company to “lobby” an “information analyst” in providing sensitive yet beneficial information on a particular deal they may have a vested interest in

Shucks, in a world like that, only the despicable would survive, seing as their ethics would see nothing wrong with it…….it’ll be, well, it’ll be, just business, i guess

A system built from the ground up to potentially fuck people over, and all it would take is someone who’s willing

They want to monitor us, but who will monitor the monitors, with vigilance, from its conception till its dismantle, and just for good measure, who will monitor the monitors who are monitoring the monitors *brain freeze*

Nah, im just being overdramatic, it’ll never happen, its not like were taking the first step, in that POTENTIAL future, first step***********SPYING****************second step*************STORING***********third step************”ANALYZING”**************

Wheres me tinfoil

Lord Binky says:

I’m really getting sick of this ‘but i don’t want to, make the government do it’ attitude.
“One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us… at network speed.”
You don’t need a law for that, you don’t need special access, you need the equivalent of a fire alarm. Why is the NSA trying to provide the equivalent of a home security system to anything? It is the owners of the critical infrastructure to have such services in place. Make it a requirement just like they are required to have a fire alarm, but there’s no reason the NSA needs to be cyber firefighters. In all his examples he states reactive responses to a security issue. That does not require additional information like they are asking for. What requires that additional information is predictive/premptive responses to a security issue that has yet to happen and that is where privacy > boogeymen. As nice as it to stop one bad thing from happening, it isn’t worth opening yourself up more more bad things that are more common and frequent.

Androgynous Cowherd says:

Hack attacks

Much of what he talks about online involves basic malware and hack attacks. These are definitely issues — but are they issues that we need the military (which the NSA is a part of) to step in on?

Yes, because that worked out so well in Terminator 3.

Now, cyber is at the speed of light. I’m just saying that perhaps we ought to go a little faster.

According to Einstein, you might have a wee bit of trouble with that. And by all reports Einstein was a fairly smart guy.

Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability.




Ah …




Ahh, gee …


Something involving computers that is 100% reliable.

That’ll be the day!

Digitalistically Speaking (profile) says:

What theats?

Is He afraid that some hacker somewhere will gain access to our critical infrastructure and cause it to malfunction?

Electrical grid?…Don’t connect to the internet!
Transportation?….Don’t connect to the internet!
Waterways?……… Is there a switch somewhere that you can flip and change the course of the Mississippi to east/west?
Probably not.But if there is, don’t connect it to the internet!
Drinking water? Don’t order Bottled water on the internet!
Railroads?…Don’t connect to the internet!
Oil and gas…That’s already being controlled my malicious types…No cyber security necessary.
Military?…No amount of security is gonna help there.
Governments?…All the foreign countries already have all the secrets they want.

So what’s left?

Whatever it is don’t connect it to the internet!

Cyber Security problem solved.

Ed C. says:

Re: What theats?

That’s fine and all, until someone wants to check their email or facebook, or has to order hookers and crack for the boss. Just one blundering fool with more IE toolbars than screen space, and more malware than sense, is all it takes to for those dirty Chinese or Iranian hackers to take down our entire national infrastructure. You might think that all we need are proper firewalls and network segregation to prevent any such travesty, but no! The only way to stop these attacks is to create unregulated programs that require shoveling unaccounted billions to government contractors for equipment to spy on everyone. I mean, they obviously can’t keep the children safe 24/7 if they aren’t spying everyone and everything, right?

Michael says:

The way these people talk, you’d think that there’s a looming threat everywhere and at all times. And what’s the magical do-all solution to all these (fabricated) boogeymen who are out to destroy us? Unfettered access to all private communications. The solution always comes at the expense of our civil liberties, our privacy, our Constitutional rights. Always, without exception.

I see a bigger concern involved in all this. Our security infrastructure (theatre) is basically one large net pointed inward to spy on and target Americans, not foreign enemies. Why do they need to monitor us like an ant farm? What exactly is the agenda here? I know this much: they wouldn’t spend billions creating such a huge data-gathering agency if they had nothing to gain from it. But what?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...