If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused

from the because-they-have dept

We've already pointed out that, for all the talk from NSA defenders that there have been almost no abuses of the system because of these supposedly foolproof "audits," none of those audits caught what Ed Snowden did, and it appeared that around 1,000 other people had the same sort of access that Snowden did. If anyone thinks that Snowden was the only one who used it to access documents he wasn't supposed to, that seems tremendously naive.

As Zeynep Tufekci notes, anyone who claims that the NSA's data hasn't been misused would have to know more about the NSA's system than the NSA does, since they don't seem to have a way to make sure it wasn't abused.
Given this reality, can anyone truly deny the possibility that a malevolent Snowden or a foreign government that might have placed a sysadmin mole into NSA has NOT scooped up personal information on influential and important politicians and is now (or will in the future) blackmailing them? Can we be sure that there is not already massive “unauthorized” snooping at lower levels? There is already a whistle blower who claims Barack Obama was wiretapped by the NSA along with a whole number of high-level US politicians. The possibilities for mischief—ranging from the small potatoes cases of scorned lovers to significant political and personal blackmail and deep privacy violations—is vast. And the scary truth is that nobody really knows for sure what has already happened, nor can anyone claim or guarantee that it won’t. Not the pundits, not the NSA itself, and not any individual sysadmin because, as I’ve already argued, digital unknowns can stay buried forever if tracks are covered with expertise and root access.
This, right here, is a key part of the problem. If there has been abuse (beyond what's already been reported), we probably wouldn't even know about it because the only ones who do know about it are those involved. And that's what's so scary here. The defenders of this system seem to have astounding and naive levels of trust that everyone working for them is trustworthy when that's almost certainly not true. The system itself is broken, and the claims from its defenders aren't unbelievable because they're unbelievable, they're unbelievable because what they're saying is impossible.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 1:29pm

    I've pointed this out over and over and over again: there are two ways to gather intelligence.

    One is to go get it. This is hard. It's expensive. It's tedious. Sometimes it's risky. It's a pain in the ass.

    The other is to wait for someone else to go get it, and then copy it from them. Often much easier, cheaper and expedient.

    The NSA has spent tens of billions of US taxpayer dollars making the second alternative vastly more attractive to every other country on earth. After, if a junior contract system administrator can walk out the door with a big bundle of goodies, what could a senior, trained, full-time employee who's spent twenty years gaining access go home with?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 1:30pm

    By expanding their role and size NSA have left themselves open to infiltration and abuse. Congress should wake up to the fact that a large spy agency which tries to gather all available information is as much a danger as it is a help.

     

    reply to this | link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Sep 13th, 2013 @ 1:56pm

    Same reasoning applies to Google and Facebook.

    You don't know what they're officially up to, nor what employees are doing unofficially.

    Ties and payoffs go deep and are WEIRD. For instance, here's the Pentagon fighting against NASA subsidizing Google billionaires!

    Google Jet Fleet Loses a Pentagon Fuel Perk

    http://online.wsj.com/article/SB10001424127887323864604579069730686941454.html?mod=WSJ_hpp_M IDDLENexttoWhatsNewsForth

    Spying is the main 'business model' of the internet, especially for Google and Facebook.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    That One Guy (profile), Sep 13th, 2013 @ 2:18pm

    Re: Same reasoning applies to Google and Facebook.

    I know by now I'd have more luck trying to convince a brick wall to shift a few inches to the left but...

    You can opt out of using google and facebook, you cannot opt out of NSA/government surveillance.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Mike Masnick (profile), Sep 13th, 2013 @ 2:28pm

    Re: Re: Same reasoning applies to Google and Facebook.

    You can opt out of using google and facebook, you cannot opt out of NSA/government surveillance.


    Also, the government has guns and jails. Google/Facebook do not.

    These things kind of matter.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 2:49pm

    ootb really needs to go on the Googlewagon. He's drank too much of the koolaid.

    As has been mentioned over and over, Google is a choice that won't lock you up or shoot you if you chose not to use them. The government and its agencies give you no such choice.

    I wonder sometimes if this database was not purposely designed this way to cover the tracks of those intending unofficially to use it in this very manner. I suspect the phrase that Gen Alexander gets what he wants might just have hidden depths to it. Not that he necessarily used it but someone in the background with less visibility very well could.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 4:16pm

    Who is to say NSA is not already using the information to influence politicians to say given NSA more funding or the NSA will reveal your deepest secrets.

    Blackmail is a powerful tool, especially if trying to influence politicians where reputation is everything.

    Or Blackmail newpaper editors.... the list goes on.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 4:40pm

    "The defenders of this system seem to have astounding and naive levels of trust that everyone working for them is trustworthy when that's almost certainly not true."

    And the same is true of every enterprise that employs more than one person. If several people must have access then the data are not secure.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 4:54pm

    Re: Re: Same reasoning applies to Google and Facebook.

    if you ever figure out how to get a brick wall to do that...

    let us know

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 6:36pm

    The chosen ones

    Roughly 1000 people, with probably unlimited access to the largest collection of information about others ever conceived.

    It must be odd, knowing you are one of a select few, with powers and abilities coveted by so many other powerful people.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 7:22pm

    Mr Masnick-
    you have the following trackers/scripts/beacons on this page:

    google
    google +1
    facebook
    facebook connect
    twitter
    nativo
    quantcast
    reddit
    repost.us
    rp-api
    double-click.net
    gravatar
    scorecar dresearch.com
    quantiserve

    ...and that's just the first level that I can see without allowing them to run past NoScript, Ghostery, and RequestPolicy. often these things call in there friends when they're run...

    If a person doesn't proactively protect their privacy, they can't even read Techdirt without being spyed on by google and facebook, and all those other companies.

    Google is not bound by law to honor a request to not track, and you have to give them your information just to make that request. Requesting not to be tracked 'opting out', could actually help them track you.

    Mr Masnick, I love your writing man, in fact you're one of my favorite journalists ever- and I understand this analytics stuff helps techdirt pay the bills and know what to write about. I sincerely appreciate that techdirt doesn't require the use of the scripts/beacons to read. You would lose me as a reader if it did.

    When people say something so absurd and meaningless as 'you can opt out of google/facebook'- you shouldn't just hand wave at it. You know better, don't you? The (frankly suspicious as its often unsolicited and off topic) statement is ignorant, misleading, and that attitude is really part of the problem. Subverting corporate surveillance is a PITA and breaks a lot of the Internet. there is no meaningful 'opt out'. There is 'I refuse to run your scripts on my machine, to store your beacon gifs/content in my cache, or to respond to your marketing servers' and by technical means even those actions can be tracked by IP.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 6:47am

    'If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused'

    or if they have!!

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Mr. Tibbs, Sep 14th, 2013 @ 11:55am

    Re: Re: Same reasoning applies to Google and Facebook.

    Really? If the NSA actually offered you the option to opt out, and you took it, do you think they would really opt you out, or would they simply lie about it like everything else? Facebook and Google's scruples are no better. Why do you think they NSA is so patently attracted to them?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Mr. Tibbs, Sep 14th, 2013 @ 12:04pm

    Re: Re: Re: Same reasoning applies to Google and Facebook.

    They do have paid security who have guns and can have someone jailed. No one is safe when there is money to be made.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Mr. Tibbs, Sep 14th, 2013 @ 12:14pm

    Re:

    Absolutely. These "Stepford Representatives" do as they're told, because they know what will happen if they don't. Also they get more monetary contributions than those who say no.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 2:21pm

    If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused

    Of course they can - afterall, they get to define (and then redefine as often as needed) what the word "abuse" means. By simply changing the meaning so that it excludes any "preceived wrong-doing", they ensure there is no abuse!

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    nasch (profile), Sep 16th, 2013 @ 5:54am

    Re: Re: Re: Re: Same reasoning applies to Google and Facebook.

    They do have paid security who have guns and can have someone jailed.

    Since when can security guards put people in jail?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    nasch (profile), Sep 16th, 2013 @ 5:56am

    Re: Re: Re: Same reasoning applies to Google and Facebook.

    Facebook and Google's scruples are no better.

    You can opt out by not using their services, unless you're arguing that Facebook and Google are spying on people who don't even use Facebook or Google. If that's the case, I would be interested to see any evidence for that.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    nasch (profile), Sep 16th, 2013 @ 5:58am

    Re:

    that's just the first level that I can see without allowing them to run past NoScript, Ghostery, and RequestPolicy.

    So they're not running. So what's the problem?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Pragmatic, Sep 16th, 2013 @ 6:26am

    Re:

    You haven't seen that rant of hers (you'll have to search for it) in which she declares that Google and FB are fronts for the NSA.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    jsf (profile), Sep 16th, 2013 @ 7:49am

    Potentially Bigger Issues

    Even worse is the possibility that their systems have been compromised, not by insiders or even foreign agents, but by criminal organizations such as the spammers/scammers that we all encounter daily.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Sep 16th, 2013 @ 9:12am

    Re: Re:

    Not everyone who reads this site is savvy. It's possible that by trying to advertise, Mike is opening the site up to attack or espionage. That's the argument here.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    nasch (profile), Sep 16th, 2013 @ 10:07am

    Re: Re: Re:

    It's possible that by trying to advertise, Mike is opening the site up to attack or espionage.

    I haven't heard that one before. Is there really a risk to the host?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Sep 16th, 2013 @ 12:38pm

    If/when you start paying attention to how sites work, and what's hidden on them (gifs, beacons, scripts) you'll see all the proof you need that google/facebook...etc's tracking goes way beyond people that use there services. For instance those social media buttons you see everywhere (share/post/like/tweet...etc) are all loaded from there respective service providers, regardless of the page your on. If you see those buttons, you're been tracked, at minimum- your IP goes in a data base with the date/time and site you where on.


    "So they're not running. So what's the problem?"

    I applaud techdirts decision not to require them, not all sites do this- that's part of the problem. The main problem is that most people don't understand that this is being done, they don't understand when they read a website they're also telling a dozen data mining companies what/when they're reading on that website. This is not at all an intuitive relationship.


    "You haven't seen that rant of hers (you'll have to search for it) in which she declares that Google and FB are fronts for the NSA."

    I never said that they are Fronts- that's plainly absurd. But I was ranting, which could be why you missed what I did say. Sorry for that. They are legitimate business's, their data mining makes business records, and those records are fair game to (or are just, flat out sold to) the intelligence groups- ergo they "effectively" do alot of spying that those agencies would not be legally allowed to do on their own. I don't see how that could be considered being a front, as those actions have nothing to do with the companies reason for existing. It's a symbiotic relationship, not exclusive.

    Basically, by using 3rd party business records (in which you have no expectation to privacy) the gov is able to subvert it's own laws which are meant to function as checks and balances. This is a breakdown of the system. It allows toothless laws, and lie-less lies- loopholes and subversion.

    Datamining and profiling themselves are not intrinsically bad or good- they are simply very powerful tools. They can and will do both great harm, and great good- it's not one or the other, it's both. It's a very difficult line to draw as to what's acceptable and not- and objectively, external factors are what really make up the paradigm of consequence.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Sep 16th, 2013 @ 2:07pm

    Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.

    They can't. They might have limited detainment powers, but those would only pertain to their post, which would be on Google property.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Sep 17th, 2013 @ 12:08am

    Re:

    If/when you start paying attention to how sites work, and what's hidden on them (gifs, beacons, scripts) you'll see all the proof you need that google/facebook...etc's tracking goes way beyond people that use there services. For instance those social media buttons you see everywhere (share/post/like/tweet...etc) are all loaded from there respective service providers, regardless of the page your on. If you see those buttons, you're been tracked, at minimum- your IP goes in a data base with the date/time and site you where on.

    Spoken like someone new to the conversation that hasn't taken the time to learn the stances. You can still avoid using even these hidden services by just a tiny bit of computer savvy. The easiest is using such add-ons as NoScript, which lets nothing run unless you explicitly allow it.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Sep 17th, 2013 @ 10:54am

    "Spoken like someone new to the conversation that hasn't taken the time to learn the stances..."

    It seams like you didn't actually read what I wrote. I can't understand why else you'd say that. My aforementioned rant is in the 'latest casualty of nsa spying: advertising based tracking' comments= the core of the post is on how to subvert corporate surveillance. Please enlighten me on these 'stances' if you read my post and still feel that way.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Mr. Tibbs, Sep 18th, 2013 @ 12:22am

    Re: Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.

    I didn't say "jail someone", I said "have someone jailed". The end result is the same. Are you so naive as to believe big money can't buy off the cops?

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    nasch (profile), Sep 18th, 2013 @ 6:20am

    Re: Re: Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.

    Are you so naive as to believe big money can't buy off the cops?

    Buy them off to get out of something maybe. Pay them to arrest someone innocent? I've never heard of that happening the US. I'm sure it has somewhere but it doesn't sound like something that's common or that just any wealthy company or individual could do.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This