Bruce Schneier Speculates On NSA Double Laundering Information It Obtains Via Network Infiltration
from the double-reverse-parallel-construction dept
Bruce Schneier has a worth-reading post about the latest reports on the NSA infiltrating the network connections for Google and Yahoo’s datacenter, making a number of good points about that story. We’ll discuss a few of the points, but I wanted to focus in on this one first:
In light of this, PRISM is really just insurance: a way for the NSA to get legal cover for information it already has. My guess is that the NSA collects the vast majority of its data surreptitiously, using programs such as these. Then, when it has to share the information with the FBI or other organizations, it gets it again through a more public program like PRISM.
While it’s just speculation, there is some reason to suggest it might be the case, and that would show just how far the NSA goes in some cases. After all, until June, PRISM itself was a secret. Yet, now, it’s possible that the secret PRISM program was really just a way to put a legal-looking coat of paint on far more invasive activities. After all, it’s already been revealed that the NSA and others make use of what they call “parallel construction” to “refind” evidence that they found through means they don’t want to be challenged in court. As we said, this is just a way of laundering illegally obtained evidence. If Schneier’s suspicion is right, then the NSA was actually probably happy that PRISM info came out first, since it does have at least some claims to being legal under Section 702.
But, if he’s correct, it would mean that the NSA has secretly backdoored its way into networks, sucking up pretty much everything — and then when it finds something useful, it will then use Section 702 under the FAA and the FISA Court to come up with some reasoning why that same info should be “collected” via either PRISM or the upstream telco traps, and then it can do more with it. This might not be true, but layering secret programs on top of secret programs to hide how the info was actually obtained would be something.
Other key points from Schneier are that we cannot assume it was just Google and Yahoo infiltrated this way. It’s likely that others have been as well, just under different programs. And, more importantly, this demonstrates how legislative change to fix these things likely won’t be enough. If you block the NSA from getting the data from door number 1, they’re already in doors numbered 2, 3, 4, 5 and 6. Not only does there need to be a full independent investigation of everything the NSA is doing, but we need to build much more secure systems at the same time.