Only Legislation Can Resolve NSA’s Conflicting Mandates, Say Panelists, Lawmakers
Technology solutions will never address the inherent security problems created by the government’s surveillance programs, said panelists at a New America Foundation (NAF) event Monday. Tech solutions are “fundamentally around the edges,” said Bruce Schneier, a longtime security technologist and fellow at the NAF’s Open Technology Institute and Harvard’s Berkman Center for Internet and Society. “The single most important thing you can do is agitate for political change.” Recent reports (CD July 7 p11) on the number of non-targets swept up in the government’s Internet surveillance “reinforces the importance” of legislative action, said Google Privacy Policy Counsel David Lieber.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Panelists and lawmakers highlighted two starter amendments to alter the NSA’s operations. The most recent amended a House appropriations bill to forbid the use of funds to search the agency’s Internet database without a warrant (CD June 23 p14). “The result was overwhelming,” said Rep. Zoe Lofgren, D-Calif., who sponsored the amendment, in a recorded message. Another amendment to a National Science Foundation budget bill cut the requirement that the National Institute of Standards and Technology (NIST) consult the NSA when creating its encryption standards, responding to reports the NSA had been intentionally weakening NIST standards for surveillance purposes (CD Sept 9 p8). “NIST no longer has to be a short order cook,” said a recorded message from Rep. Alan Grayson, D-Fla., who sponsored the amendment. “We need the Senate to follow suit,” Lofgren said.
Amendment proponents have pointed to a recent Washington Post study of documents leaked to them by former NSA consultant Edward Snowden that found nine out of 10 accounts picked up in the NSA’s foreign Internet surveillance program are not targets (http://wapo.st/1xyyGZF). “Maybe a year ago this language [in the amendments] might have seemed unnecessary, but now it’s required to establish trust,” said Lieber. Google supported both amendments, he said. “Under current law, effectively the intelligence community can turn a blind eye to the fact that there is a large cache of U.S. persons’ communications that are being collected, and that are being searched, without the protections that the Fourth Amendment would normally afford,” Lieber said. He conceded it’s “unclear” whether either amendment will “survive the entire appropriations process."
The NSA’s bifurcated missions -- long “complementary” -- now “collide,” Schneier said. “There is the attack them and defend us.” Before the Internet, attacking another country’s communications had no effect on U.S. communications, he said. “What’s changed with the Internet is that everyone uses the same stuff,” said Schneier. To attack another country’s communications, we're weakening our own defenses, he said. “And that’s where the problem is.”
The NSA’s Quantum program is an example, said panelists. Through Quantum, the NSA creates an imitation website to replace the actual website a target is trying to visit, said Joe Hall, Center for Democracy & Technology chief technologist. While the target browses the imitation website, the NSA places malware onto the target’s browser and computer, Hall said. This “old hacker tool” is a “massive vulnerable opening” that allows “the NSA to track probably legitimate targets while at the same time, leaving all of us vulnerable,” said Schneier. By choosing to attack targets in this manner, instead of shutting down this hacking method, the agency is abrogating its defense mandate, he said.
Google’s Lieber said he wasn’t sure if NSA was using Quantum against the search engine. “There’s certainly the possibility, or even likelihood, it may be happening with our services,” he said. “It just doesn’t inspire confidence in the use of services.” For Schneier, Quantum highlights a problem that only will be settled on Capitol Hill: “The fundamental issue is: Should we compromise the security of everybody in order to access the data of a few?”