Yesterday I discussed the retro-scope of information-gathering and I probably should have mentioned that President Obama – along with commuting Chelsea Manning’s sentence – handed the citizens of the US a great big “F.U.” Just before leaving office he quietly changed how the NSA is allowed to share information, considerably expanding the power of the intelligence apparatus.
The original charter of the NSA was to collect foreign communications. Following the iron law of bureaucracy, the NSA’s charter has always been subject to “mission creep.” First, there was the rather obvious question of what to do with foreign communications where one end of the communication was in the US: collect it. Then, there was the fig-leaf that the attempt was made to filter out US-to-US communications abroad, or to only “look” at the foreign side. As I’ve mentioned elsewhere the NSA slices language extremely fine when they talk about looking at data. When it became clear that the NSA had been unconstitutionally collecting bulk communications [timeline of NSA domestic spying] within the US as well as outside, the Bush administration a) retroactively forgave them b) expanded their powers. That catches us up to the present.
As of a couple weeks ago, the NSA was still doing a fan-dance that the FBI or DEA or any other federal agency that wanted to query their data-pile had to something something mumble FISA court something classified mumble before they could get access. That’s in spite of mounting evidence that one of the “stove pipes” the Obama Administration aggressively broke down was the separation of data between CIA, NSA, and FBI. The NSA’s data-pile was the “crown jewels” of the intelligence community and they sat atop it like Smaug the Dragon, “mine, all mine!”
That was two weeks ago. On his way out the door, Obama broke down the last stovepipe: [New York Times]
WASHINGTON — In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.
The New York Times’ reporting on security is consistently from the perspective of a lackey to power: they minimize and downplay the significance of things that are not in the service of the establishment. Notice in the sentence above, “before applying privacy protections”? That’s orwellian double-speak for: “throwing privacy protections out” – what the Obama Administration did was make NSA data available for query by other federal agencies without requiring them to even go through the effort to rubber-stamp things through the FISA court (which has never refused to issue a warrant, when requested).
The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.
The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.
Remember when NSA was still doing the “it’s just metadata” dance? This confirms my earlier point that: if it was just metadata, nobody’d want it. It’s all the messages they have been collecting for years. So now if the DEA wants to see all of your SMS texts going back to when you started SMS’ing? They can just get them from NSA. It’s the best internet-based messaging backup system you can fit in a gigantic data warehouse.
The New York Times omits to mention, or are perhaps unaware, that the NSA’s data pile is not just a view of the present, it’s a time-scope into the unknown past. They’ve become good lapdogs and apologists for authoritarianism but won’t they be surprised if they discover themselves being investigated for years-old errors of judgement? And, by the way, the NSA’s data pile may also reveal a lot about journalists’ sources, retroactively. I’m deeply disappointed that the New York Times has nothing courageous to say about this, but I suppose I should have expected it.
The new regulations for sharing NSA’s data are significantly more relaxed [pdf] – basically it says that the NSA may do a bulk search for an agency and dump them the whole output, “Here, have fun. Our hands are clean.”
As long as the endpoint agency can protect the data adequately, that is. Which is funny, because NSA’s history of securing their own data is pretty embarrassing.
It’s dangerous to make predictions about this stuff, but as an information security practitioner, one thing I forsee is: more leaks. The cat will be out of the bag about what NSA collects, since there will now be 19 federal agencies digging through it, and the fig-leaves are going to fall pretty fast. It’s possible that from a technical standpoint, they already fell years ago (which is what I suspect) but the Obama Administration looked at the Snowden disclosures and decided, “whatever.” Now that a fraction of the truth is out there, the rest is inevitably going to be inferred. We may see an acceleration of political rubbish-rummaging, because now more politicians’ communications will be accessible by more agencies. Imagine what happens if someone in Air Force intelligence discovers that someone who was thinking of challenging the F-35 program budget had a past fondness for buying drugs on the dark web? Let a thousand fishing expeditions begin!
I heard the most horrible comment about this, ever, the other day: “Well, what Obama did was probably not as bad as what Trump would have done, so I guess it’s OK.” Talk about excusing Obama’s shredding the 4th amendment in the name of lesser evilism! I don’t care which political party whatever totalitarian claims to work for, they’re still totalitarians. They are still increasing the power of the police state. They are still increasing the likelihood that the US will turn into a data-driven dictatorship.