Security

NSA Must Examine All Internet Traffic to Prevent Cyber Nine-Eleven, Top Spy Says

The nation’s top spy, Michael McConnell, thinks the threat of cyberarmageddon! is so great that the U.S. government should have unfettered and warrantless access to U.S. citizens’ Google search histories, private e-mails and file transfers, in order to spot the cyberterrorists in our midst. That’s according to a sprawling 18-page story on the Director of […]
Image may contain Crowd Audience Human Person Speech Press Conference Hand Home Decor and Face

Mcconnell_500px
The nation's top spy, Michael McConnell, thinks the threat of cyberarmageddon! is so great that the U.S. government should have unfettered and warrantless access to U.S. citizens' Google search histories, private e-mails and file transfers, in order to spot the cyberterrorists in our midst.

That's according to a sprawling 18-page story on the Director of
National Intelligence by Lawrence Wright in the January 21 edition of the New Yorker. (The story is not online).

In the piece, McConnell returns, in flamboyant style, to his exaggerating ways, hyping threats and statistics to further his bureaucratic aims. For example, McConnell regurgitates the hoary myth that computer crime costs America $100 billion a year. THREAT LEVEL traced down the source of that fake-factoid in September to a former privacy officer for the state of Colorado.

Presumably using unsupported stats like that, in May 2007 McConnell convinced President Bush that a massive cyber-attack on a single U.S. bank would be worse for the economy than than the deadly terrorist attacks of September 11, the article reports. In response, the NSA developed a mind-boggling, but still incomplete, plan to eavesdrop on the internet in order to protect it.

In order for cyberspace to be policed, Internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer, or Web search. "Google has records that could help in a cyber-investigation," he said. Giorgio warned me, "We have a saying in this business: 'Privacy and security are a zero-sum game.'"

It says something ominous about McConnell's priorities if he believes a DDOS attack on Bank of America, or even a computer intrusion that wiped out its database (and magically purged its backup tapes), would be worse than an attack that killed 3,000 Americans.

Still, it's hardly a surprising plan – given that McConnell was one of the main backers of the Clipper Chip, the government's failed, early 1990's proposal to put a backdoor in every encryption product.

McConnell also makes an astounding assertion that the secretive Foreign Intelligence Surveillance Court recently crippled the NSA's overseas signals intelligence collection with a string of soft-on-terror rulings.

McConnell said that federal judges had recently decided, in a series of secret rulings, that any telephone transmission or e-mail that incidentally flowed into U.S. computer systems was potentially subject to judicial oversight. According to McConnell the capacity of the NSA to monitor foreign-based communications had consequently been reduced by seventy per cent.

In other words, McConnell claims the NSA couldn't intercept a terrorist's e-mail by tapping a fiber optic cable in Pakistan, if there was a chance the message would pass through a U.S. router or end up in a Hotmail account.

I'm no rich man, but I'll bet any reader $1,000 that, when and if those rulings are ever released, we'll see they say no such thing. Send me an e-mail to take me up this bet. U.S. government officials are welcome to participate.

The FISA law that created the Foreign Intelligence Surveillance Court only applies to intercepts that physically happen within the borders of the United States. The NSA has always been free to intercept foreign communications overseas – the mission for which they were created and funded – even if the call passes through a U.S. switch.

So in the case of the now debunked Iraqi kidnappers anecdote that leads off the New Yorker story, the NSA would only have needed to get a court order if its Iraqi targets initiated communications that flowed through U.S. servers or switches and the NSA decided to tap them physically at a United States internet or telecom facility, by burglarizing it, digging up its cables or getting the company to cooperate. (As for why that happens and how common it is, check my story: NSA's Lucky Break: How the U.S. Became the Switchboard to the World.)

Simply put, the FISA law is intended to prevent the NSA from operating inside the United States.

In any event, that restriction collapsed this summer with the fear-induced, strong-armed passage of the so-called Protect America Act. That law radically re-architected the nation's surveillance apparatus.
Now the NSA can turn Gmail's servers and AT&T's switches into de facto arms of the surveillance industrial complex without any court oversight.

And though the law ostensibly sunsets in February, any orders in effect at that time will have power for another 12 months. Moreover, Senate Majority Leader Harry Reid (D-Nevada) is reportedly planning to discard legislative attempts to rein in these new powers and will instead simply push to extend the current scheme another 12 months.

In short, McConnell's politically convenient exaggerations have already worked well for him in winning domestic spying powers, despite their flimsiness under any real scrutiny.

That track record bodes ill for anyone concerned about his new plans to push for sweeping and unnecessary powers to put the NSA in the wires of the internet in order to prevent a computer attacks.

The Wall Street Journal's intelligence guru Siobhan Gorman's take is here. Gorman wrote a groundbreaking story on the cyberspace initiative last September while at The Baltimore Sun.

UPDATE: Ex-spook Michael Tanji guest-posting over at Danger Room writes:

It's bad enough that the Director of National Intelligence is trotting out a bogus threat so the government can snoop on all Internet traffic. What's worse is that this kind of mass surveillance is a pretty lame way to catch the honest-to-God bad guys.

Of more interest to observers of intelligence activities is the issue of quality vs. quantity and the slow creep towards doom that these efforts foretell. The fact that we are essentially attempting to gill-net bad guys is a fairly strong indicator that the intelligence community has yet to come up with an effective strategy against information-age threats.

[...] Its not a question of listening in to you whispering sweet nothings into the ear to your significant other, it is simply a case of – as the late Sam Kinison joked – going where the food is. That our intelligence agencies can intercept adversary communications is largely a given, they just want to do it from the convenience of the homeland, not some remote switch in the darkest hinterlands.

(Photo: AP/ Cook)

See Also: