Bruce Schneier Speculates On NSA Double Laundering Information It Obtains Via Network Infiltration

from the double-reverse-parallel-construction dept

Bruce Schneier has a worth-reading post about the latest reports on the NSA infiltrating the network connections for Google and Yahoo's datacenter, making a number of good points about that story. We'll discuss a few of the points, but I wanted to focus in on this one first:
In light of this, PRISM is really just insurance: a way for the NSA to get legal cover for information it already has. My guess is that the NSA collects the vast majority of its data surreptitiously, using programs such as these. Then, when it has to share the information with the FBI or other organizations, it gets it again through a more public program like PRISM.
While it's just speculation, there is some reason to suggest it might be the case, and that would show just how far the NSA goes in some cases. After all, until June, PRISM itself was a secret. Yet, now, it's possible that the secret PRISM program was really just a way to put a legal-looking coat of paint on far more invasive activities. After all, it's already been revealed that the NSA and others make use of what they call "parallel construction" to "refind" evidence that they found through means they don't want to be challenged in court. As we said, this is just a way of laundering illegally obtained evidence. If Schneier's suspicion is right, then the NSA was actually probably happy that PRISM info came out first, since it does have at least some claims to being legal under Section 702.

But, if he's correct, it would mean that the NSA has secretly backdoored its way into networks, sucking up pretty much everything -- and then when it finds something useful, it will then use Section 702 under the FAA and the FISA Court to come up with some reasoning why that same info should be "collected" via either PRISM or the upstream telco traps, and then it can do more with it. This might not be true, but layering secret programs on top of secret programs to hide how the info was actually obtained would be something.

Other key points from Schneier are that we cannot assume it was just Google and Yahoo infiltrated this way. It's likely that others have been as well, just under different programs. And, more importantly, this demonstrates how legislative change to fix these things likely won't be enough. If you block the NSA from getting the data from door number 1, they're already in doors numbered 2, 3, 4, 5 and 6. Not only does there need to be a full independent investigation of everything the NSA is doing, but we need to build much more secure systems at the same time.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bruce schneier, infiltration, nsa, nsa surveillance, prism

Reader Comments

Subscribe: RSS

View by: Thread

  1. identicon
    Andre Brisson, 4 Nov 2013 @ 11:49pm

    Schneier How is it he leads the most important debate on democracy?

    The public should question the real motives of Eric Snowden and Bruce Schneier as well as NSA

    By Richard H.L. Marshall, former Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) and
    André Brisson, founder Whitenoise Laboratories Canada Inc.

    Washington D.C. USA, Geneva, Switzerland and Vancouver, BC Canada – Almost daily, Mr. Bruce Schneier has generated incessant buzz about privacy and the National Security Agency (NSA) on his blog. From the sheer volume of his self-proclaimed insight and that of his sycophants, he would have us believe, like Chicken Little, that the sky is falling.

    It appears that one of the sources of Mr. Schneier’s information are documents leaked by E.Snowden, fugitive American living in Russia and former contractor with Booz Allen Hamilton, and Glenn Greenwald, a journalist who worked with Mr. Snowden. Mr. Schneier’s intentions clearly have nothing to do with his convictions about privacy, as much as business and profit motives. It must be emphasized that blogs are not journalism: they are marketing tools specifically designed to try to sell a product, not to get to the truth.

    Weeks of research regarding Mr. Schneier’s claims have highlighted one of the most frustrating problems with the internet age. Because virtually anyone lacking serious journalistic credentials can, and often does, write or post freely on any subject, the resulting sheer volume of information available may lead people to believe that the reporting is even-handed and well-researched. Unfortunately, in many circumstances nothing can be farther from the truth.

    We are currently wrestling with the wrongly defined issue of Privacy versus Security. Rather we should be asking ourselves how we balance Privacy AND Security. They are not mutually exclusive.

    Balancing privacy and security is one of the most pressing issues of our age, with far-reaching impact on democracy. It is also ever changing and evolving in real time, in response to terrorists, criminals, and dangerous malcontents. Because the very information analyzed and evaluated may result in policy, it absolutely demands that such information be subject to the highest and most stringent scrutiny and as such, deserves to be evaluated and vetted by verified experts, politicians, business leaders, and citizens with proven track records of integrity, honesty, and true concern for the public interest. It should not be done by those with a history of practicing self-interest over privacy and security.

    For many weeks, it has been noted that volumes of proselytizing and dissemination of “opinion-as-fact” come from unverified information through Mr. Schneier’s self-promoting blog, other blogs and various online sites, such as gamer’s sites, of unknown, dubious reputation and/or expertise in the critical areas of cryptography and privacy and not from reputable publications as The New York Times or The Washington Post.

    Mr. Schneier decries the NSA and mandated law enforcement agencies empowered by our laws. Yet, Mr. Schneier’s track record shows, significantly, that at least twice over the last decade he has turned a blind eye to workable security (but he complains about privacy.) He has actively engaged in disparaging workable security and communications for his own benefit, and most callously, withheld this information from both his readers and his current employers.

    As citizens and through our elected officials, we empower politicians with the creation of agencies and tools that are designed to protect us from the aforementioned threats. The system is not perfect, and must be updated and adjusted as times, technology and threats change. But we are all endangered if these various public servants are hobbled and cannot do their job. This is why Bruce Schneier’s style of journalism and lack of scientific integrity is dangerous.

    The primary cause for drifting a bit from original mandates of our law enforcement and defense agencies is a product of rapidly changing technology, the sheer volume of communications, and the exploding threats environment. These agencies have been pressured to react faster than policy can adapt. Part of the answer lies in using the improved security technology we have available to combat the fatal flaws of public key and asymmetric network systems and the algorithms that are currently used to encrypt our data. The other part lies in following the existing FISA protocols currently in place and improving them as need dictates to insure that telecommunication providers, law enforcement and intelligence agencies interface with the LAW and follow the spirit of our constitution as intended.

    In conclusion, as we best try to answer the most pressing question of our day, “How do we balance between Privacy and Security?” we believe that a key element of serving our democracies is the judicious evaluation of information written by true journalists using properly researched and sourced information and publishing them in reputable publications without hidden agendas. The collective conversation should not ping pong between extreme positions but rather recognize that privacy and security are both demanded by the constitution. With new technologies and considered thinking, privacy and security can be balanced and achieved easily and inexpensively.

    Learn more about Bruce Schneier’s current track record through “The Challenge That Black Hat Would Not Take but DEFCON Did” at: and

    Learn more about Bruce Schneier’s past track record at: and The History of Whitenoise Can't Be Broken

    For more information contact Richard H.L. Marshall at E-Mail:
    or visit:

    Mr. Marshall previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence Senior Executive Service (DISES). He was the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed the National Cyber Security Education Strategy, the Software Assurance, the Research and Standards Integration, and Supply Chain Risk Management programs. He was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shape the passage of the revised Foreign Intelligence Surveillance Act and was a key contributor to the Bush and Obama administration's Comprehensive National Cyber Security Initiative (CNCI).

    André Brisson conceived Whitenoise and founded Whitenoise Laboratories Canada Inc. (WNL) to exploit revolutionary and patented security technology. He was listed by the White House Office of Science and Technology Policy and the first US National Cyber Leap Year Summit as belonging in the top 100 cyber security and cryptography experts.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.