NSA Director Says More Domestic Surveillance Might Stop Foreign Hacking; Fails To Explain Why NSA Isn't Stopping Much Foreign Hacking

from the what-if-we-just-did-the-thing-we-already-do-but-not-through-the-back-door dept

Never let a good crisis go to waste. The federal government is always on the lookout for expansion opportunities and a bad actor known colloquially as “Current Events” keeps handing the government what it’s looking for.

On January 6th, a bunch of Trump fans, who thought it was possible to overturn certified election results, raided the Capitol building. Five people, including a Capitol police officer, died during the attack. This horrific event was turned into a chance to increase domestic surveillance by the incoming president, who threatened Americans with the sort of good time they’ve been afflicted with since October 26, 2001.

Domestic terrorism legislation was an administration “priority,” something that would free investigative and intelligence agencies to turn their surveillance programs inward and more directly target US citizens.

The blockbuster breach of widely-used SolarWinds network software affected dozens of federal agencies and millions of users around the world. In response to this travesty, the director of the NSA and its military counterpart CYBERCOM (Cyber Command) floated the idea of allowing the NSA (and others) to gaze inwardly at the country’s moving (computer) parts. Here’s Spencer Ackerman, writing for The Daily Beast:

“We truly need to look at the ability for us to see ourselves and right now it’s difficult for us to see ourselves,” [General Paul] Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.

“If we have a problem where we only see our adversaries when they operate outside of their country and we don’t see them when they operate inside our country it’s very difficult for us to be able to—to, as I say, connect those dots,” Nakasone said. “That’s something that—that the administration and obviously, others are addressing right now.”

The NSA thinks it doesn’t have enough visibility. And it’s true, information sharing has long been an intergovernmental problem. Information sharing between the government and private companies has also been less than ideal, largely due to the fact that the government demands more than it’s willing to share — and that includes known exploits and bugs it’s currently using to engage in worldwide surveillance.

What Nakasone is suggesting sounds like domestic surveillance of private networks to potentially thwart attacks and root out persistent threats. That doesn’t sound much like America though. And there’s no reason to believe the NSA and DoD are better qualified to do this job than the private sector. The NSA and others have suffered their own security breaches and carelessly handled sensitive tools/information. Giving up privacy (and some security) for nominal gains in “visibility” would be a really bad idea.

For what it’s worth, the NSA quickly walked back Nakasone’s statement… at least as much as it could. It claimed its director was not “advocating” for “additional authorities.” That may be true but dropping this hint in Congressional testimony is a handy way to submit a P.O. for a larger Overton Window for the NATSEC corner office.

But, more to the point, Nakasone’s testimony did not contain anything that should give anyone confidence the NSA is up to the task of thwarting foreign cyberthreats.

Nakasone did not testify that NSA or CYBERCOM was able to detect malicious campaigns like SolarWinds or Microsoft Exchange abroad before they entered American digital infrastructure, making it questionable whether expanding such detection across the domestic internet would be effective.

Hindsight is 20/20. Foresight appears to be almost nonexistent, even with the tech tools the NSA has at its disposal. If it couldn’t mitigate the damage before it turned federal agencies into unwitting honeypots for data exfiltration (and that includes the supposed securers of the Homeland, the Department of Homeland Security and its cybersecurity branch), it shouldn’t be given all access passes to domestic networks under the theory that it might be able to do marginally better with greater “visibility.”

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Director Says More Domestic Surveillance Might Stop Foreign Hacking; Fails To Explain Why NSA Isn't Stopping Much Foreign Hacking”

Subscribe: RSS Leave a comment
7 Comments
Anonymoussays:

Hindsight is 20/20. Foresight appears to be almost nonexistent,

When you can look at everything, you get distracted by all the false leads that exist, until a real event tells you where to look to figure out what happened. More data is not the answer, but rather much better targetting and reducing the amount of data to be analysed.

Anonymoussays:

When it turns out that companies and products have shitty security, as it inevitably does, there should be consequences which effectively motivate the relevant parties to do much, much better. They shouldn’t be allowed to play victim-only. This is like leaving keys in a running car – it’s your damn fault, both legally and ethically, as much as the fault of the earnest thief of teenage joyrider who steals it. The real victims are the one who live with the consequences of what happens next with that car.

Anonymous Herosays:

Re:

That’s a tough argument to make. I’m neither legally nor ethically required to lock my car so it doesn’t get stolen, much as I’m neither legally nor ethically required to put bars on my windows to prevent a break-in.

Victim blaming is a dangerous road to go down, with or without a stolen car.

Anonymoussays:

Re: Re:

I’m neither legally nor ethically required to lock my car so it doesn’t get stolen, much as I’m neither legally nor ethically required to put bars on my windows to prevent a break-in.

If a break-in will give someone access to private data you’re storing about others?for example, if you’re a doctor storing medical records?you are required to take reasonable steps to prevent it. That means locking your car if some records are there. It might even mean bars on the office windows.

Uriel-238says:

This smacks of when all you have is a hammer.

But the NSA traded its prior tool of collaborating with the public to create a robust culture of high-grade cybersecurity for a library of zero-day exploits, betraying that robust culture and exiling the public.

So they traded their socket spanner for a hammer, and now can’t even imagine a socket spanner.

The right thing to do is put the NSA budget and resources in the hands of an EFF-like entity that doesn’t capitulate to mission creep. We won’t get that.

But maybe after a few more successful, embarrassing attacks from foreign and corporate interests, they’ll recognize how useless their hammer is in this situation.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it