RSS

NSA's motherlode

June 21, 2013, at 3:36 PM
 
Gen. Keith Alexander, head of the U.S. Cyber Command, and Rand Beers, director of the NSA, testify on June 12 before the Senate Appropriations Committee on Cybersecurity.

Gen. Keith Alexander, head of the U.S. Cyber Command, and Rand Beers, director of the NSA, testify on June 12 before the Senate Appropriations Committee on Cybersecurity. Photo: Mark Wilson/Getty Images

Now we know. The latest classified documents released by the Guardian and the Washington Post answer some of the bigger questions we've been asking about how the National Security Agency deals with content that belongs to what it calls a "U.S. person."

On the one hand, NSA has several iterative procedures in place designed to reduce the likelihood that such content will be inadvertently intercepted by analysts. In general, I think the analysts themselves have as much interest in spying on Americans as you or I do, which is to say that the idea repulses them.

But they do have much more power than you or I do, so it makes sense to hold that power accountable.

The rules suggest that the NSA hedges its bets in a big way, a way that ensures that the information you send that's most likely to be private and personal gets vacuumed up under an exception to those rules.

The rules appear to allow the NSA to collect and keep ALL data that contains information that would be useful for its technical databases and to help it do its job better in the future — to crack codes and to spy on foreigners. Another words, if an email seems to be protected by an unusual encryption method, they can collect it and study it even if it's an email that I send to someone overseas. That would be a reasonable exception aside from the fact that NSA decides what type of data is useful by subjecting ALL "enciphered" content to that loophole.

Since the NSA won't comment or explain further, I can't help but assume that the agency's computers are automatically designed to recognize any encryption and then store it, without subjecting the communication to any prior screening to determine its origin or destination.

As Christopher Sogohoian, the principal technologist for ACLU, puts it, "Encryption is a giant loophole."

Indeed, the government forces certain industries to encrypt their data, meaning that it basically forces their email communications into their unlockable lock-box automatically. Banks, for example, must encrypt the emails they send to you.

"Most of the stuff that is going to be the most private to you is going to be encrypted," Sogohoian said.

What we don't know is whether NSA exempts communication that travels to and from U.S. persons inside the United States along wires that keep the data from being routed overseas.

There's good reason to believe that telephone metadata is collected by NSA using switches installed at major telecom junctions. And if NSA has certified those sites as "facilities" from which they can legally collect international communications, then there's no reason to assume that they are not passively collecting other types of content there as well.

What this tells me is that if your Gmail message to a friend inside the U.S. happens to be routed overseas, the entire message would be kept in an NSA database indefinitely. It's enciphered and it would no doubt pass through an NSA filter at some point. I could easily be misreading the rules, which is why some clarity from the government would be helpful.

Since we don't exactly know what NSA is capable of doing to enciphered data, we can assume that the rationale for keeping all of it is to be able to connects dots in exigent circumstances well into the future if a major plot somehow revolves around messages that were sent from West Hollywood, CA at 12:33 in the afternoon on June 20. They wouldn't be able to look at them now, but in two years, when said plot might actually culminate in a mass casualty event, they can either ask FISA for a warrant to read the emails they've collected or ask Google for the unencrypted emails using the FISA orders in conjunction with their 702(a) foreign intelligence authorities.

 

THE WEEK'S AUDIOPHILE PODCASTS: LISTEN SMARTER

Facebook

Twitter

RSS

Subscribe to the Week