Welcome to ...

The place where the world comes together in honesty and mirth.
Windmills Tilted, Scared Cows Butchered, Lies Skewered on the Lance of Reality ... or something to that effect.


Wednesday, November 13, 2013

Is the NSA ready to adopt (and adapt to) its real mission?

by Myrddin
  
Plenty has been said on what the NSA has done to break the Internet. They have attacked the Internet fabric at every level, they have collected data indiscriminately and illegally.
The NSA lawyers claim otherwise of course, and I know that in the modern US army there is nothing that happens without the sanction of a lawyer. The guy sitting in the seat next to a drone pilot isn’t the co-pilot, he is a lawyer and his function is to tell the drone pilot whether his actions are legal according to the law of war. Or rather, that is the theory. The real role of the lawyer is similar to the role of a priest at an execution: to absolve the state from the sin of the act they are about to commit. John Yoo immunized the members of the Bush cabinet against prosecution for war crimes and now the lower ranks demand the same protection.
Among the spurious legal theories concocted by the surveillance state is the notion that bulk interception of all traffic is not a ‘search,’ provided that nobody looks at the actual data without first getting a court warrant. According to this theory, the NSA can put me under Internet surveillance 24 hours a day for twenty years, collect every message I send, whether public or private, and do all of this without any court authority whatsoever. They can perform surveillance on the entire country just in case someone later is suspected of being a terrorist.
The term terrorist is of course a notoriously fuzzy one. It is never applied to heads of state, unless they are officially enemies. So General Pinochet can murder tens of thousands of people without getting slapped with the ‘terrorist’ label, and Saddam Hussein can start a war that kills over a million and still be considered a good guy right up to the point where he threatens the West’s oil supply, when it is suddenly remembered that he is a monster.

The less frequently asked question is ‘why?’

If the NSA really believed that what they were doing was essential to national security, why would they spend so much time boasting about it and stroking each other’s egos?
It is almost a quarter century since the fall of the Berlin wall. US and NATO security needs have changed dramatically since, but the obsession with collecting tanks and planes and ships continues. The US military is by far the country’s biggest jobs program.
While the men and women in uniform are always paraded, they’re not the real beneficiaries of the national security state. It is the ‘defense’ contractors that make the fortunes, and they buy up politicians in both parties to keep the cash spigot open full. Congress believes that there isn’t enough money for food stamps, or children’s nutrition programs, or Medicare or Social Security for that matter, but they just voted to buy yet more tanks that even the Pentagon says they don’t need.
Edward Snowden
Edward Snowden
Reading through the Snowden documents on the NSA budget, I was rather shocked to see that the rationale the NSA leadership gave for increasing the NSA budget was based on the age and demographic profile of NSA employees, rather than an assessment of actual national security needs.
Unlike most military institutions, a majority of NSA employees are civilian, about 80%. But most of the management positions are for military officers. As in the career civil service, the majority of the civilian employees know that however well they do their job, virtually all the top positions are reserved for appointments from a different candidate pool.
As in the civil service, there is a culture clash between the leadership and the bulk of the employees whose career ambitions are severely truncated. But unlike a political appointee, whose career horizons are rarely longer than the next election cycle, US military officers are expected, indeed required, to be ambitious for promotion. Officers who don’t make their promotions on time are required to retire. All it takes to end a military career is one poor performance review, one reprimand.
The naïve would imagine that such a scheme would ensure that every officer is anxious to do their job. But since an officer’s performance review is written by their commanding officer, the ambitious officer is better advised to help his commanding officer convince his own superior that he is doing his job well.
So now imagine what happens when the officer commanding the NSA gives the order that the agency is going be the biggest baddest espionage agency it can be, collecting all the information it can, through all the means available – the order that Gen. Alexander gave when he took over the leadership of the NSA from Hayden.
Everyone in the agency chain of command is suddenly on notice that they must deliver the intelligence goods, or start looking for work in the private sector, or at the very least appear to be delivering the goods. Preferably in some really impressive Powerpoint slides that will be left on an internal sharepoint server run by a 29 year old sysadmin with a girlfriend who works as a stripper (sorry, pole dancer).

NSA is already almost certainly penetrated by every major foreign power

And don’t forget that any intelligence agency that can be penetrated and rolled in 18 months by a 29 year old working without accomplices is almost certainly penetrated by every major foreign power with the inclination to do so (remembering of course that many powers may have recently acquired the inclination to do so by reading the Snowden data dump).
People in US intelligence circles frequently ask why China spends so much time and effort trying to steal US industrial secrets. Well maybe they have penetrated the NSA top to bottom and have to create a cover story to conceal the origin of the terabytes of data they are pulling from the NSA feeds every day.
The Snowden documents are themselves a form of intelligence, albeit not one the NSA intended to produce. When reading such documents I first ask why the document was written, who the intended audience is and what the intended change in their behavior was. The NSA documents are for me an illustration of the boasting generals problem, rather than the more thoroughly researched Byzantine generals problem.
Did the NSA really introduce moles into the Internet Engineering Task Force (IETF) to subvert and disrupt the standards process? I suspect not, but they certainly produced documents that strongly imply that they did.
What sort of tradecraft produces codenames like PRISM and MUSCULAR? None that I know. PRISM immediately suggests splitting light ,which immediately suggests tapping some sort of fiber optic. These are not the type of names that are chosen to obscure the purpose of a program, they are chosen to boost the egos of the generals who direct them.

NSA 2.0 must become NSA 3.0

Understanding why the NSA acted as it did does not make their actions any better. They have committed egregious criminal acts for which there will almost certainly be no criminal accountability. They have acted without any discipline or self control.
The last time the NSA faced a situation like the present one is when the Church Committee tried to assess the damage caused when US intelligence agencies ran amok for two decades, hijacking democratic governments and replacing them with brutal dictators.
By the time the NSA had recovered, electronic cipher machines had replaced the Enigma-style electromechanical schemes. Virtually all government communications were now beyond reach. What saved the NSA from irrelevance was the rise of the Internet — and NSA 2.0 was born, gleefully hoovering up all the data it could from the electronic commons.
What was missed in the change of targets was the fact that the Internet is not merely a communications medium, it is now the medium for virtually all international and national change. The Internet is a critical infrastructure, a fact that the NSA itself acknowledges. Yet the NSA was attacking that infrastructure.
NSA 2.0 is or will shortly be dead. Much of the NSA’s information gathering capability is going to be lost as pervasive encryption replaces pervasive surveillance. More importantly, foreign governments are going to be attacking the US Internet with the same techniques and tools.
I don’t know what shape NSA 3.0 should take, I am an engineer, not a manager. But I do know what its mission should be: To protect US and allied information systems from attack. All else must be secondary.

No comments: