Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

Dangerously Underpowered NSA Begging Legislators For Permission To Go To Cyberwar

from the poor,-neglected-NSA dept

Cyber-this and cyber-that. That’s all the government wants to talk about. The NSA, which has always yearned for a larger slice of the cybersecurity pie, is pushing legislators to grant it permission to go all-out on the offensive to protect foreign-owned movie studios the USofA from hackers.

NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.

Yes, we (or rather, our representatives) are expected to believe the NSA is just barely getting by when it comes to cyber-capabilities. Somehow, backdoors in phone SIM cards, backdoors in networking hardware, backdoors in hard drives, compromised encryption standards, collection points on internet backbones, the cooperation of national security agencies around the world, stealth deployment of malicious spyware, the phone records of pretty much every American, access to major tech company data centers, an arsenal of purchased software and hardware exploits, various odds and ends yet to be disclosed and the full support of the last two administrations just isn’t enough. Now, it wants the blessing of lawmakers to do even more than it already does. Which is quite a bit, actually.

The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 – and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.

That was four years ago — a lifetime when it comes to an agency with the capabilities the NSA possesses. Anyone who believes the current numbers are lower is probably lobbying increased power. And they don’t believe it. They’d just act like they do.

Unfortunately, legislators may be in a receptive mood. CISA — CISPA rebranded — is back on the table. The recent Sony hack, which caused millions of dollars of embarrassment, has gotten more than a few of them fired up about the oft-deployed term “cybersecurity.” Most of those backing this legislation don’t seem to have the slightest idea (or just don’t care) how much collateral damage it will cause or the extent to which they’re looking to expand government power.

The NSA knows, and it wants this bill to sail through unburdened by anything more than its requests for permission to fire.

The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.

In the meantime, Section 215 languishes slightly, as Trevor Timm points out. But that’s the least of the NSA’s worries. It has tech companies openly opposing its “collect everything” approach. Apple and Google are both being villainized by security and law enforcement agencies for their encryption-by-default plans. More and more broad requests for user data are being challenged, and (eventually) some of the administration’s minor surveillance tweaks will be implemented.

Section 215 may die. (Or it may keep on living even in death, thanks to some ambiguous language in the PATRIOT Act.) But I would imagine the bulk phone metadata is no longer a priority for the NSA. It has too many other programs that harvest more and face fewer challenges. The NSA wants to be a major cyberwar player, which is something that will only increase its questionable tactics and domestic surveillance efforts. If it gets its way via CISA, it will be able to make broader and deeper demands for information from tech companies. Under the guise of “information sharing,” the NSA will collect more and share less. And what it does share will be buried under redactions, gag orders and chants of “national security.” Its partnerships with tech companies will bear a greater resemblance to parasitic relationships than anything approaching equitable, especially when these companies will have this “sharing” foisted upon them by dangerously terrible legislation.

But until it reaches that point, the NSA will keep claiming it’s under-equipped to handle the modern world. And it will continue to make the very dubious claim that the best defense is an unrestrained offense.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Dangerously Underpowered NSA Begging Legislators For Permission To Go To Cyberwar”

Subscribe: RSS Leave a comment
27 Comments
Al says:

Simple solutions

Enemies of the state can only be known State actors or Known actors of STATE powers, in a democracy or a free society the State does not have the right to prevent revolution, it might be asserted that it has the moral imperative to encourage it, the greeks though not the best models of nice people where not wrong to have a process where by the worst where not only banned but exiled, we are dealing with people and as I have said before if you really think there is a nuke about to go off in downtown wherever, fine do what you need to do, torture, murder, kick in doors whatever, but even in defense of the nation the behavior cannot go unpunished because it is repugnant to a civilized society, and is illegal for a reason, if wherever didn’t get blown up because of your actions a reasonable jury will show mercy for your transgressions but you shouldn’t have a get out of jail card what you did must be known and the people should judge you, anything else becomes a violation of others for your own gain.
Good people have done bad things for good reasons, but before you do that be sure you ARE doing that otherwise it’s just organized crime or worse fascism.

Kenpachi (profile) says:

All about pushing his stated agenda

NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.

This is all about this. No more no less.

So sad indeed…

orbitalinsertion (profile) says:

the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities

Never mind they should be doing this, but even as they want to, just what the hell do they think they need?. Pick 10 more jerks, sit them behind a general purpose OS and computer and tell them to have at it.

You’s thing there was some super-special network attack school the NSA was barred from attending or something, or really special equipment, and lots of it, needed. Hell, if they even want exploits or malware, they can damn well buy them and rent botnets (and then take them over if they want) out of the huge existing commercial market.

It’s all about convenience. They want more money (because they always do), and they want some laws on the books so they can continue to do all the things they already do, but a whistleblower or other exposure will not have individuals in the NSA having to go to some pointless meetings about it (no one likes sitting through those kind of stupid meetings).

Anonymous Coward says:

NSA will keep claiming it’s under-equipped to handle the modern world.

They are under-equipped to handle the modern world. Their tiny little brains can’t comprehend that there can exist people who don’t agree with them. Modern humans understand tradeoffs and the existence of dissent. The NSA clearly doesn’t.

Anonymous Coward says:

CISA is unconstitutional spying legislation for spying on Americans without a warrant. CISA will not prevent one cyber attack, but it will excel at warrantless spying on law-abiding American citizens.

Do not fear! The government only cares about “interesting” law-abiding citizens. If you piss the government off, you’re interesting. If you challenge the status quo, you’re interesting. If you work as a system administrator for a multi-million dollar company, you’re interesting. Etc…

sciamiko (profile) says:

NSA's misuse of resources

I very recently became aware of letters in the Notices of the American Mathematical Society under the title Mathematicians Discuss the Snowden Revelations. Although it dates back to June/July 2014, I think it’s relevant here.

http://www.ams.org/notices/201406/rnoti-p623.pdf

The letter from Keith Devlin is worth reading (no maths involved). He was involved in analysing how to extract valid information from very large amounts of data, and his conclusions were clear that if you want to find a tiny number of needles, then you need to target the analysis,
not grab all you can. A few quotes:

“I concentrate on whether indiscriminate “vacuuming up” of personal information that, according to the documents Edward Snowden has released, the NSA has routinely engaged in for several years can effectively predict terrorist attacks. I’ll say up front that, based on everything I learned in those five years, blanket surveillance is
highly unlikely to prevent a terrorist attack and is a dangerous misuse of resources that, if used in other ways, possibly could prevent attacks (such as the 2013 Boston Marathon bombing). Anyone with a reasonable sense of large numbers could surmise a similar conclusion. When the goal is to identify a very small number of key
signals in a large ocean of noise, indiscriminately increasing the size of the ocean is self-evidently not the way to go. “

“So when I hear officials from President Obama down say, “It’s just metadata,” I smell a deliberate attempt to mislead the population they are supposed to serve.”

“How could we take an impossibly large amount of data and produce a human-sized output that a trained analyst could make effective use of? It would involve filtering, condensing, fusing, and processing information to a truly gigantic degree to provide that analyst (actually a team of analysts) with something manageable. And that was just the first step. That analyst would have to take his or her
conclusions and start a cascade of persuasion and decision-making running up through the command chain until it landed on the desk of a person who could initiate an action—an action having huge ramifications for public safety, the pursuit of which would carry the risks of danger to many people and of possible massive political fallout.”

“Data mining systems don’t identify and take out terrorist groups; people do.”

GEMont (profile) says:

Re: NSA's misuse of resources

” …blanket surveillance is highly unlikely to prevent a terrorist attack…”

You might want to ask those same mathematicians whether or not mass vacuuming up of everyone’s communications and personal data indiscriminately would make the creation of large numbers of blackmail portfolios easier.

I’ll bet they come back with a whole different answer.

Juror8675309 says:

The Jury

One day your going to call Us for jury duty.
This will be a bad day for you.
We already had an oath and your unconstitutional actions are not in it.

You can ignore Us, but society already is in a cold civil war as I speak. It’s cold cause people aren’t say capping off corrupt cops from the mountain tops on their way to work yet.
You can bet your boots We are pissed off.

May your God help you!
Your day comes, the day you attacked Us.
You must be stopped.

Operations (growing economy, and solid monetary system based on silver and gold) under a constitutional republic will not be restored until we actually are a constitutional republic again, and that means you commie marxists who have infiltrated high government MUST go.

If you are breaking the oath, and going against the US Constitution you are an ENEMY of State. You can spin the words however you want. You infiltrated this country and you are the enemy!

GEMont (profile) says:

Re: The Jury

Ummm… two points.

1. They’re not Marxists, or Commies. They are Fascists – basically, businessmen disguised as statesmen.

If you’re gonna aim yer gun, you should make sure you’re aiming at the right targets. Otherwise ye can shoot all day and your real enemies will just sell you more bullets.

2. They did not infiltrate this country. They live here. In fact the billionaires liquidating America probably own more US property than the rest of the 99% combined.

So if yer looking for a foe that speaks and dresses funny, you’re gonna wind up getting backstabbed by those guys behind you, who look and act just like you.

me says:

All from

From a bunch of goofs who already spy on everything and everyone and quietly admit they cant effectively datamine the metadata they already have. This is nothing more than a fishbowl cultured bunch of turds deseprate to justify their own existence.

Just like the music industry, the movie industry and the like. Screw all of them.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...