Gazing Back From the Abyss
Writing in the Washington Post, Susan Landau points out that one of the real dangers of the recently passed FISA law is that it might enable private hackers to get into the government’s systems and spy on private citizens as well.
Avoiding warrants for these cases sounds simple, though potentially invasive of Americans’ civil liberties. Most calls outside the country involve foreigners talking to foreigners. Most communications within the country are constitutionally protected — U.S. “persons” talking to U.S. “persons.” To avoid wiretapping every communication, NSA will need to build massive automatic surveillance capabilities into telephone switches. Here things get tricky: Once such infrastructure is in place, others could use it to intercept communications.
Grant the NSA what it wants, and within 10 years the United States will be vulnerable to attacks from hackers across the globe, as well as the militaries of China, Russia and other nations.
Such threats are not theoretical. For almost a year beginning in April 2004, more than 100 phones belonging to members of the Greek government, including the prime minister and ministers of defense, foreign affairs, justice and public order, were spied on with wiretapping software that was misused. Exactly who placed the software and who did the listening remain unknown. But they were able to use software that was supposed to be used only with legal permission.
Read the whole thing–this excerpt doesn’t do the argument justice.
There’s no question, in my mind, that the greatest threat posed by pervasive government surveillance is abuse of said surveillance. Still, the U.S. government isn’t exactly noted for the security of its computer systems, and the idea that any large-scale surveillance system can be easily hacked should, one would think, put pause to such efforts. It won’t, of course, because the boogeyman of terrorism will always be with us, giving power-hungry politicians ever more reasons to invade our privacy.
(link via Julian Sanchez)
I am glad we are starting to recognize how vulnerable our anti-terror resources are making ALL of us. Think about this – the last time you refinanced your home you had to fill out a from to be sure that you were not a terrorist refinancing for jihad. That form had all of the financial and personal information needed to easily and totally steal your identity. Where is that form now. Every other month you hear about stuff like this found in some dumpster. In the name of terror we are aggrgating data for identity thieves in low secutiry locations. It will be the same for simple rental applications soon. This scares me a lot more than the wire tap scenario.
As Colonel Potter would say, “Horse hockey.”
The esteemed privacy advocate Ms. Landau is conflating two entirely different things to make a grand scare story. NSA has the ability to monitor those communications today (and obviously, has had that capability for quite some time). The FISA bill provides them the warrentless authority to conduct that surveillance. It has nothing to do with how exploitable the US’s communication infrastructure may be.
Here’s the baseless claim she makes: “To avoid wiretapping every communication, NSA will need to build massive automatic surveillance capabilities into telephone switches.”
Oh, really? You’re that familiar with how NSA performs telephonic surveillance, and you can freely say that without violating any secrecy law protecting how the government collects intelligence? I don’t think so, Ms. Landau.
But even if we take her unsupported assertion as fact, nobody, I mean nobody, is better at or more paranoid about protecting intelligence collection methods, equipment and data than NSA. I spent my 20 year Navy career working directly or indirectly for NSA, and to believe that hackers could blithely tap into their intelligence collection networks either A) knows absolutely nothing about NSA and how they operate, and is pulling it out their @ss, or 2) is so deeply involved in the details of such a system that they’d make Vice President Cheney’s “undisclosed locations” look like Disney World, and would be the last person who would be writing
this crapan article for The Washington Post.Or I suppose there’s the possibility of iii) has her own personal agenda (that has no connection to reality) and is trying to draw attention to it.
I end as I began: horse hockey.
While I don’t necessarily believe Boyd’s assertion that the NSA’s systems are the best protected, he is absolutely right that the capability to perform the wiretaps already exists, and exists without being vulnerable to hackers.
I’ve worked on computers in the telecom industry, and while I know for a fact that their systems are not secure, creating a system to monitor telephone conversations is rather trivial, and can be setup so that outside parties have no access to it. Now, that said, it also wouldn’t surprise me if a telecom company made these systems available to anyone on their internal network, so all bet’s are off.
Since I acknowledge that I’m not anywhere near omniscient and that anything is possible, I’ll concede the possibility that something somewhere is more secure than NSA’s systems.
I’ve just never heard of anything approaching NSA’s security implementations, and I’m of the opinion that Ms. Landau’s “hackers will break into NSA’s telecom surveillance systems in 10 years” statement is utter crap.
It’s not so much that the NSA’s systems aren’t secure enough, it’s just that their systems are so big and so many, that the potential for a vulnerability is greater than would be for smaller systems. Add to that the fact that the NSA is still a government organization, which probably means that fixing any potential vulnerability takes months of approval and funding processes, and you can see that a hacker intrusion sometime in the next 10 years is certainly possible. Heck, one careless employee can make every security system they have irrelevant.
However, the key to security is always segregation, and if the NSA has done this right, that means that no single vulnerability can give a hacker access to everything, and the systems holding the more sensitive information will have the smallest possible exposure surface, and therefore the least likely to have a vulnerability.
Since the wiretapping system is incorporated into the telecom’s systems, they necessarily have a larger exposure surface. I also wouldn’t think these systems would be considered a top priority to secure, because they are a source of information, not a storage place for it.
You bring up some good points, Michael, and unfortunately the answers to these questions are unknowable by us “unwashed masses” (although my experience leads me to strongly disagree with your position that “I also wouldn’t think these systems would be considered a top priority to secure…” Until you’ve experienced it, you just can’t imagine how (appropriately, IMO) anal NSA is about systems security).
My main point is that Ms. Landau is as much a member of the unwashed masses as you and I. Her article is scare-mongering.