Arguing for NSA-Level Internet Surveillance

Jack Goldsmith argues that we need the NSA to surveil the Internet not for terrorism reasons, but for cyberespionage and cybercrime reasons. Daniel Gallington argues -- the headline has nothing to do with the content -- that the balance between surveillance and privacy is about right.

Posted on October 29, 2013 at 5:54 AM • 64 Comments

Comments

Frank WilhoitOctober 29, 2013 6:40 AM

So this is what it comes down to: a debate -- sterile, even if it had not already been foreclosed -- between "let's take our chances" and "we have no chances".

Without surveillance: inestimable risk of unknowable disaster.

With surveillance: the absolute certainty, a priori, of utter and continuous degradation.

When you look at it this way, it becomes clear that the degradation is the point. Surveillance has no other purpose than to humiliate. It is purely a manifestation of sadism.

BenOctober 29, 2013 6:56 AM

Response to both, as someone else said:

"Fourth amendment, bitch."

The problem is not that they tapped Angela Merkel's phone, or their surveillance of the communications of foreign and domestic diplomats, suspected criminals and terror suspects. That's their legitimate job.

The problem is that they did and continue to do it to vast swathes of the population of the USA, Europe, and other countries, without any probable cause to believe that in the case of most of those individuals there was any need to do so.

That goes for foreign nationals too. The right to be secure from unreasonable searches and surveillance is incorporated into the European Convention on Human Rights as Article 8, in the Universal Declaration of Human Rights as Article 12, and in the International Covenant on Civil and Political Rights, as Article 17. The USA ratified the ICCPR with reservations but there was no reservation from Article 17. The UK ratified it without reservations.

Clearly Merkel doesn't understand this, as she thinks it's fine for them to tap her citizen's phones just not hers: Which is the wrong way around.

BrettOctober 29, 2013 7:04 AM

Ok, why is it the Government's job to protect the internet for all americans as they go about their "cyber-operations?" The Government should protect their own infrastructure and each person / business should be responsible for their own.

More talk like this and it will be just another Government entitlement for everyone.

We can look at like normal crime. The Government / Police can't keep someone from breaking into your house or business, they just show up after to do an investigation. Cyber-Crime (I hate the "cyber" terms thrown around) should be no different.

BrettOctober 29, 2013 7:06 AM

One more thing came to me right after I hit the submit button......

If the help is after a crime there is still no need to capture the data continuously. You look at the traces left behind in logs, access reports, etc. you do not need someone capturing all traffic.

rdmOctober 29, 2013 7:21 AM

Perhaps worth pointing out (or, honestly: reminding you) that individuals will have their own reasons and perspectives while larger groups will in a sense act as organisms or constructs with their own reasoning and goals.

This, of course, can make people feel crazy when they start noticing how things work at different levels of abstraction.

And, social media? Invites people to start noticing these things. But, at the same time, offers the chance to participate in new and different sorts of communities and constructs.

But once you start tying those different levels of abstraction together? (Assuming you can tolerate enough) all that craziness works together in amazingly useful ways.

Or that has been my experience. So far. ;)

WinterOctober 29, 2013 7:24 AM

"but for cyberespionage and cybercrime reasons."

They spy on us and they commit crimes (violating all computer crime laws).

So, do I have to interpret this sentence as meaning that cyberespionage and cybercrime are inherently seen as good and that is why the US TLAs commit them?

wumpusOctober 29, 2013 8:21 AM

The elephant in the room is transparency. While the NSA might be vastly more communicative than the old cold-war era Never Say Anything organisation, it is still maintains a cult of silence.

This cuts both ways. While I'm sure that in a generation, all the stored data will get dumped on the then-edition of wiki-leaks due to a member of the facebook generation simply assuming that privacy is valueless (this could easily be 2030 NSA policy), right now all your privacy violations are going down a black hole that is easy to ignore (unless you know someone with the appropriate TS-SCI clearance willing to do some LOVEINT).

The catch is that the NSA certainly won't provide court evidence that might compromise the cult of secrecy. Secrecy is the NSA's turf, and protecting that is any agency's first mission, regardless of the official mission. Presumably the FBI could take over this position (it also has a long and ignoble history of spying on Americans), and most of the issues shouldn't be that hard to pick up (well, not for readers here. Trying to build such an organisation starting with political cronies at the top might be another story).

JacobOctober 29, 2013 8:29 AM

The Germans/French/Spanish can really show their displeasure by issuing a state prosecutor's order to the NSA chief to come to Europe to testify and provide information about the hackers (i.e. NSA employees) who penetrated European comm/computer equipment and caused collateral financial damage to their operations. And if the chief disregards the order, to send an extradition warrant against him.

The USA knows very well how to demand to extradite European hackers who have penetrated USG systems, thus violating US laws. I hardly see a logical argument why single hackers can be dealt with in that way but agencies could not.
(in practical terms, this will never happen, but still the judicial order will show the seriousness of the situation, while still keeping some friendliness between the rulers - "Oh Barak, I am so disturbed to hear that. I didn't ask for this. It was the judiaciary")

A worthy note: the NYT says today that USG officials admitted that the tapping of Merkel's phone extracted not only meta data, but content as well, since the division between meta and content applies only to US persons.

Dawn CohenOctober 29, 2013 8:30 AM

Ummm...on the very front page of the NSA's website, prime real estate, it says "The NSA/CSS core missions are to protect U.S. national security systems and to produce foreign signals intelligence information." I don't think their mandate is to prevent cyberespionage or cybercrime.

paulOctober 29, 2013 8:36 AM

Goldsmith's article seems pretty much self-refuting to me. If NSA surveillance were going to help take down Syrian hackers and all the other evils of the online world, wouldn't it have done so already? But instead of helping people secure themselves and patch weaknesses in the underlying infrastructure, the NSA exploits those weaknesses, keeps silent about them and works to introduce new ones.It's a little like arguing that we don't need a fourth amendment because of all the burglaries that have been committed since locks were outlawed.

ramriotOctober 29, 2013 8:49 AM

I read through the first article and was so enraged by the complete wrong headedness and double-speak that was enclosed I felt compelled to comment there, BUT. After looking at the authors other articles I realised that they are either Terminally ill-informed or a purvayor of click bait of the highest order.

For example: They say that because of security vulnerabilities in our systems that we should hand over the protection keys to a government organisation. The same organisation who we know tries to get those same vulnerabilities put into security systems for their own ends.

"Here Mr Fox, guard my hen-house for me"

kashmarekOctober 29, 2013 9:16 AM

The purpose of the NSA data collection, if it is really happening as what seems to be reported (and denied in some venues), is for influence, intimidation, and control. In the past, the legitimate data collection done by the IRS for the purposes of taxation, seemed to be the largest that we have dealt with and survived. There has been (to the best of my knowledge) no undertaking as large as has been implied by the NSA data collection. As such, making sense of all that data will be a monumental task. To date, there has been no sense (or nonsense if you like) made of that data, except some 2 digit after the fact event count and announcement that such data collection has protected us from terror (unsubstantiated of course). There is no attempted balance between surveillance and privacy - it is all surveillance and no privacy (except for the privileged and ignored).

They never will make any sense of all that data. Eventually, it becomes too expensive to collect and maintain, so technology must improve to make it cheaper and easier. When that happens, all old data is left to "rust" away as it will cost too much to convert to new technology and there won't be time enough to make it happen. Sooner or later, only the bad data is collected in order to cut down on costs and processing (any "good" data collected now won't be used anyway; bad means bad for you, good means it won't be used or allowed to protect you or your rights).

All in all, that data has little value. The money should be spent on good investigative police work, not marginal broad brush solutions. The really sad part is that once this all collapses, the rest of us still have to pay salaries, benefits and the accumulated long term expense of this wasted effort. The only thing that can come out of this is committing a large number of our population to a modern day gulag.

CuriousOctober 29, 2013 9:32 AM

The following is a skewed 'enemy combatant' argument:

I had actually written a wall of text for this comment here, but I suspect that the shock value of what I am about to suggest is as interesting enough.


Aren't NSA or at least some politicians concerned with how they might end up being considered as being a direct and present threat equal to that of someone being perceived as 'enemy combatants' by spying or even having been spying on everyone?


Why would people in general feel anyting at ease with potentially being on the receiving end of some nation gone amok with their statehood priviliges.

USA is a country on a "warpath" here and there. Given the tech angle of this blog I am not going to make a set of awkwards statements in Bruce's blog so I hope the "warpath" notion is sufficient to underpin the seriousness of just how problematic things could possibly become when issues of 'trust' perhaps becomes the least of ones concerns, for when being concerned with ones immediate personal security and safety or if just paranoia kicks in.

Now one might imagine how a hypothetical problem of having ones personal security and safety compromised is replaced by an awkward problem: with US surveillance and/or monitoring outsourced to other countries, whitewashing all the initiatives and so presenting an extremely difficult challenge for anyone knowing if USA have taken an interest in you as a person somehow or not.

The globe perhaps becoming one big police "departement"?

And some might say, "Why worry, your country probably doesn't assassinate pople, only USA tend to do that and that tend to happen on the other side of the planet".

At the end here I suppose all of this is more of a side comment, as the linked article seems to perhaps be about some purported surveillance efforts limited in scope and not necessarily leading to the in your face drone bombing, torture, harassment or imprisonment.

John CampbellOctober 29, 2013 9:56 AM

I sometime wonder if, in a world full of surveillance, if we need to have places where we can all browse through ANY information available about ANYONE (kind of like the denouement from Brunner's "Shockwave Rider")... so the loss of provacy hits EVERYONE up and down the economic ladder.

The problem with the current surveillance model is that the data is being closely held by a small-- more like tiny-- portion of the population, so, we have a divide between the "information haves" and the larger proportion being the "have nots".

I don't think this balance is sustainable. While my personal affairs can cure insomnia, I would think it unfair that these folks can look into my life while I can't look into theirs.

Who watches the watchers?

Clive RobinsonOctober 29, 2013 10:22 AM

OFF Topic slightly...

It would appear that Diane Finklstien Lor however you spell it) has started changing her tune and is now not such a rabidly pro NSA supporter.

Perhaps she has found that she has been buying from the same jokers that have been selling the Emporer his new atire, and thus every one can see through the illusion to her dirty laundry...

EldoranOctober 29, 2013 10:27 AM

Why not take an inspiration on 1984? Cameras / microphones everywhere - the state has to keep its inhabitants safe from child molestation, murder rape, theft, right?

Or as a "single big crime" is "obviously" better than a few small ones, why not do the "right thing" and eradicate humanity - it would be a 100% effective prevention of ALL crimes.

All this newspeak surrounding the NSA/law enforcement... the law is merely a collection of rules, which should in theory be based on the common consensus on desirable human interaction and backed by the law enforcement. there is no inherent mechanism that would prevent that ANY crime (according to the current law) to be made legal by codifying it into a law. So "law != right".

PhilippeOctober 29, 2013 10:34 AM

The United States spies on its ennemies as do all tyrants and totalitarian regimes and their real ennemy is their own populations. As a side bonus they can also spy on foreign leaders and have been caught doing it. Do not mistake the outrage of the foreign leaders, they are not angry that the U.S.A. spies on their citizens but on themselves.

naibanOctober 29, 2013 11:01 AM

“We brought in the FBI, and the FBI said this had all the hallmarks of hacking by the Chinese military,”

and OF COURSE that is what they would say if the hack had all the hallmarks of the NSA!

BeseigedOctober 29, 2013 11:02 AM

So if it's about cybercrime and cyberespionage, and the scope of this monitoring is so broad and so deep, why am I still getting an endless stream of phishing emails? Especially the ones that the TLAs themselves say are from non-US state actors?

naibanOctober 29, 2013 11:04 AM

“I can’t defend the country until I’m into all the networks,” General Alexander

I'd like to know if the NSA is working with telco's to duplicate business networking data such as MPLS. My assumption is YES OF COURSE THEY ARE.

Preemption and JusticeOctober 29, 2013 11:11 AM

@Brett "We can look at like normal crime. The Government / Police can't keep someone from breaking into your house or business, they just show up after to do an investigation."

Posted on Bitmessage:

Subject: Preemption and justice

I've been wondering lately whether the policy of preempting crime is just.

This comes up as a consequence of the massive surveillance by the NSA, and how they are using that information.

NSA whistleblower Thomas Drake has pointed out that the future/present is like the movie Minority Report, where "precrime" is detected and preempted before it happens.

No one wants to be the victim of crime, but to put the machinery of law enforcement on the path of preventing crime rather than punishing crime has some serious ramifications.

In order to enforce the law, everything about everyone must now be known by the government. There must be no privacy. Statistical analysis of all people will produce psychographic profiles on each person.

Deviation from expected norms defined by the authorities will set off red flags in a computer somewhere. Psychological signatures will identify hostile thoughts and behaviors, putting in motion strikes against potential criminals.

Zersetzung officers will be dispatched to change thoughts and behaviors that have been found to end in crime in some cases. A little accident here, a little tweak to Google search results there, and ahh the statistics show that a crime is now 5% less likely.

No doubt crimes will be prevented, but there is simply no limit to how far this type of abuse can go.

To punish someone before they commit a crime by messing with their life is unjust. It's a violation of individual rights and due process of law.

The legal system must be constrained to punishing crime, not preempting it if we want to avoid a totalitarian nightmare.

NSA mass surveillance must be shut down.

naibanOctober 29, 2013 11:29 AM

"does anything that Snowden revealed require changes in our laws or regulatory practice?"

it requires ENFORCEMENT OF EXISTING LAWS AND REGULATIONS and the repeal of laws that are clearly in contradiction to universal human rights and freedoms!

One point both of these articles miss is that the NSA using offensive hacking does everyone a diservice by weakening the security capabilities of the systems we all rely on. This watering down not only enables the NSA to spy, it enables criminals and other nations to exploit those weaknesses too.

If any private citizen took similar actions they would be tossed in jail, so clearly the agency is above the law. When a democratic society allows their insitutions extra-judicial freedoms and restricts the freedoms afforded society in the name of security democracy is lost.

When a Nation State elevates itself above all others and declares 'we are the enforcers of good, at all costs' the enemy of freedom and democracy becomes apparent, as these losses are the first costs that come to bear.

Ben RichardsOctober 29, 2013 11:33 AM

So mister Goldsmith thinks we should accept this surveillance because some people can't be bothered to take basic (non-tin foil) steps to keep their systems clean. I'll gladly clean someone's computer but I'm not going to tolerate government listening to my private communications just to protect people who don't even take the most basic steps to protect themselves.

CallMeLateForSupperOctober 29, 2013 12:02 PM

@ Clive (Re: Diane Feinstein becoming a less rabid supporter of NSA)

I think it's theatre. Feinstein said:
"The White House has informed me that collection on our allies will not continue, which I support. But as far as I'm concerned, Congress needs to know exactly what our intelligence community is doing. To that end, the committee will initiate a major review into all intelligence collection programs." http://preview.tinyurl.com/lznejzj
BUT!... on this very day she is in the final stages of readying legislation to (allegedly) right the wrong of spying on friendlies, thus putting the cart before the horse. One would expect that any legislation would *follow* the "major review".

Also, I am disturbed by the time that elapsed between the break of the story about Merkel being targeted and Feinstein's speaking out about it. Why the delay?

ScottOctober 29, 2013 12:04 PM

Isn't the best way to stop cyberespionage and cybercrime to work on making our systems more secure?

*End to end encryption of the internet could make espionage significantly more difficult.

*Modularized open standards and implementations of cryptographic protocols with a set of guidelines and best practices to make validation as easy as possible could reduce the prevalence of exploits

*The government can insist on using public, open source software, firmware, and drivers where possible to increase prevalence of open source software in order to reduce exploits and backdoors

*Agencies like the NSA actually informing vendors about exploits in software so that they can be patched, thus increasing security of public and private systems

Instead, all of these things are actually things that the government doesn't want, specifically so they can exploit them. The problem is that our government uses the software and systems they are trying to weaken, making espionage easier and private companies and individuals use them, making corporate espionage and cybercrime easier. Also, one other thing we should have if we want to reduce cybercrime:

*A payment protocol in which the account number is not submitted to the payment processor, but instead a payee identifier and a secret are used to authenticate the transaction. This could be a username/email and password combination, or randomly generated identifiers and keys (possibly asymmetric) that each device would have to register with the bank.

F!#$EARR#$%^&*&!!!???October 29, 2013 12:27 PM

This is the first time I have ever felt that I don’t want my children to grow up in in the U.S.. Those who feel they are being watched change their behaviour. What would be the psychological damage on a developing mind? How can they be free to grow and explore if they feel they must watch every step in fear of an omnipotent force judging their every move?

Douglas KnightOctober 29, 2013 12:27 PM

I should have asked this question earlier, but what does NSA think its target is?

On page 4 of the egotistical giraffe slides, listing who uses tor, it says "Terrorists!" and "Other targets too!" What is the meaning of the exclamation points? ironic detachment? Also, "terrorists" is in red, which suggests to me that they want to be targeting terrorists, but know they really aren't.

brahmapOctober 29, 2013 12:43 PM

@ F!#$EARR#$%^&*&!!!???

A good question to ask those who grew in East Germany or USSR.

ScottOctober 29, 2013 12:58 PM

@F!#$EARR#$%^&*&!!!???

If it's surveilance it's nuclear weapons, it's terrorists or immigrants, it's pronography or video games. How do you propose the elites/government/corporations control us if we don't have something to fear?

dumbiedoreOctober 29, 2013 1:18 PM

It sounds to me that most of the NSA supporting voices are coming from the jewish establishment. Could it be that one of the foremost job of the NSA is also to protect jews and monitor anti jewish movements electronically?

ArdentOctober 29, 2013 1:45 PM

Both authors miss out on the fact that history hasn't been kind to either the NSA or the USG when it comes to security, auditability, access control, reliability, need-to-know, or fairness... or even legality in some cases. The list of abuses, mistakes, and errors is long and sordid.

Ironically, Goldsmith's argument is precisely the sort of mission creep that POTUS and his apologists have claimed would not happen.

The road to Hell is paved with good intentions.

Bauke Jan DoumaOctober 29, 2013 2:02 PM

Come on guys/girls, all of you.
You're spending way too many words on all of this.

The Social Contract, anyone remember that? Probably not because
it is SO implicit in much of anything that you do from the cradle to
the grave.

And thus: clearly people like Alexander have a sociopathic streak
(whether or not acquired is up to his lawyers).

You just have to remove them from society or at least from being
able to do any (more) destructiuon to its fabric. Everthing else --
trust et al., anyone remember tat?-- derives from that, society's
will, intention and possibility to deal with parasites like Keith
Alexander.

Good luck, I wish you well, because the outcome, as usual will be
a model for much of the rest of the Western world.

boogOctober 29, 2013 2:28 PM

Does Jack Goldsmith really think the NSA sabotaging encryption (for whatever reason - surveillance, "protection", take your pick) makes us safer from cyberespionage and cybercrime? So the NSA "helps" us (with unwanted secret protection, mind you) by dismantling our security and making it easier for cybercriminals? The thing about back doors: bad guys can use them too.

Even if you really believed (for some insane reason) that an invasive NSA might help protect us, surely the methods by which they invade our privacy are still terrible?

adviceanimalOctober 29, 2013 2:32 PM

@dumbledore

in my experience Jews {ethnicity} tend to be very involved in anything they're up to. This is also true of many smaller groups in society. That means they are more likely to be further right or left politically on some subject than in the center. All too often people who are center politically simply don't have an opinion. People who are centrist are either sophisticated in their political thought or more likely: fairly ignorant and therefore less motivated. Most people who put a lot of thought into it usually wind up with a mixture of left wing and right wing ideas and ideals.

Just by looking at the names of those involved in the surveillance debate, certainly you got a Feinstein on one side, but you got a Schneier and Appelbaum on the other side. That is not to say there isn't a Israeli conspiracy going on, because there likely is given the evidence we've seen to date of the NSA giving the full take to Israel (and the extraordinary media blackout on this issue), only to say that many people of Jewish descent are outraged at mass surveillance like you and I.

You could also see there is a 'rainbow' conspiracy because many well known people in technology circles are homosexual, like Peter Thiel, Jacob Appelbaum and most famously Alan Turing.

Obviously there is no such thing! It is interesting that so many minorities have a disproportionate affect on society in different areas, but that is tangential.

TLDR; Coming from any kind of average in society makes you more boring. Let's just say when you're a Lebanese Salafist lesbian dwarf on one leg with membership in PETA and the Tea Party, well, Things Are Going On!

ScottOctober 29, 2013 3:01 PM

@boog

I don't think they fully understand the implications of what weakening the software does. The subject is complicated, understanding the implications is difficult; to some, NSA backdoor means "something that only the NSA can possibly use." Combine that with an attitude of "If you have nothing to hide, you have nothing to worry about" and you get a massive organization like the NSA. With no oversight, we really don't even know how effective the programs are in the first place.

Personally, I say everyone has something to hide; I have things I like to hide; they would probably keep me out of a major elected office (not like I have any chance of winning anyway), but none of it would be a concern to pretty much anyone otherwise, or national security. So the question is, if you have no reason to suspect that I'm dangerous, why would you waste resources gathering intelligence on me?

GweihirOctober 29, 2013 3:02 PM

@Douglas Knight: Unless the NSA is comprised of all terminally dumb people, they know very well that not only are terrorists not a relevant target, but a pretext only, and they will also know that they are basically without a chance to stop terrorism.

Just look at their track record. Unless they preemptively murdered or abducted all future terrorists they found and did it so that nobody noticed, they have prevented zero terrorist attacks.

Why? If they had prevented any terrorist attacks, these people would find themselves in courtrooms and the press would write about them. I have not heard of anybody being arrested for preparing a terrorist attack in the last few years where the attack-plan had any chance of succeeding. (There were a few that were plain ridiculous and had no chance of succeeding, with the police lying about that little detail. You cannot set off containers of liquefied gas with fireworks, for example, they are for too robust for that.) That strongly indicates no actual terrorist plans were prevented at all and that all their fear-mongering about "terrorism" is a complete lie.

So why then are doing all this spying? Simple: Economic advantage, political advantage, and, likely, preparation for the establishment of a police state. There really is not reason to spy on your own population except the last one. The tip-offs to the DEA with subsequent lying to judges about the source of the information are already pure police-state tactics.

Bob TOctober 29, 2013 4:14 PM

"Daniel Gallington argues -- the headline has nothing to do with the content -- that the balance between surveillance and privacy is about right."

And war is peace, and freedom is slavery.

BenOctober 29, 2013 5:12 PM

@Bob T:


"Daniel Gallington argues -- the headline has nothing to do with the content -- that the balance between surveillance and privacy is about right."

And war is peace, and freedom is slavery.

Yes. The balance at present is: All Surveillance, No Privacy.

According to Daniel Gallington, that's about right.

Daniel Gallington is a traitor to the USA, its constitution, to its people and to humanity.

anonyOctober 29, 2013 5:27 PM

Dawn
"The NSA/CSS core missions are to protect U.S. national security systems and to produce foreign signals intelligence information." I don't think their mandate is to prevent cyberespionage or cybercrime.

Actually thought the NSA was to protect the military info system, not the commercial or govt systems.
They have their own Net, and are speciously arguing that comms to outlying bases are part of mil security, so they have a mission to "sanatize" the entire world to protect the military bases on our soil.

The fact is that NSA is also supposedly running contractor facilities in Canada so that they can run operations on citizens, on US soil, and claim they are not doing this "in" the US.
Supposedly, we are flying them in daily/weekly to do the work. No oversight on that either.

Also an article about dragnet accidentally picking up some NY bankers. Once they found out they were bankers, their contact info was whitelisted, and all further recon was banned.

Maybe the destruction of the US by bankers is the most important use of these tools that we could put them too. The so-called Chinese Wall between investement and banking has been defended by Wall St the entire time we are sending half of TARP funds to the EURO and GB banks.

boogOctober 29, 2013 5:46 PM

@Scott

No argument here. And the whole "nothing to hide" attitude sort of falls apart when you point out that the NSA keeps its privacy-invading activities secret.

65535October 29, 2013 6:10 PM

@boog

“…the whole "nothing to hide" attitude sort of falls apart when you point out that the NSA keeps its privacy-invading activities secret.”

I agree. And, when shan hits the fan people start to wonder who is feeding who a crap sandwich.

I’ll just examine to quotes from the NSA Cheerleaders:

“Bottom line: Could Snowden have raised all of his concerns responsibly? Sure, and there are established procedures for whistle blowers in the intelligence community to complain about even the most highly classified matters.” – Gallington

That line is a load of manure and smacks of talking points from The Powers That be. Ask Bolivian President Evo Morales what happened to his personal aircraft (it got re-routed and was searched) via more arm twisting from the NSA than a high school wrestling match.

Snowden has a knack for survival. If the CIA could get to him he would be in a federal cold drop and gone from sight by now.

“We Need And Invasive NSA” – Goldsmith

Goldsmith dredges up the talking points that any NSA K Street PR firm would project. The article is riddled with inconsistencies. You are at best a political lackey and at worst a shill for the NSA.

Mr. Goldsmith I suggest that you take the lead on this. Turn over to the NSA: all of your passwords to your email accounts, all of your digital copies of legal documents - redacted of course - of your work as legal counsel for the DOD, your pins to your bank account, credit cards and smartphone, your medical records, driving records, and said records of your family. You need the NSA parked in your driveway to keep you and your family from "cyber crime." Then, you can safely go about your life.

RobertTOctober 29, 2013 6:25 PM

@Ben Richards
" I'll gladly clean someone's computer ...."

How exactly does one "clean" away an NSA level "zero-day" virus?

I'd love to know the answer, personally I've got three perfectly good laptops locked in cupboards because I don't know how they're infected but they're definitely infected.

Dirk PraetOctober 29, 2013 7:50 PM

Though this be madness yet there is method in it: one Edward Snowden blows the lid off an unprecedented global surveillance dragnet by the USA's SIGINT agency. All three branches of the USG justify it as put in place to combat terrorism. As more details are published, the argument becomes completely laughable because these programs go way beyond that purpose. The credibility of the US and its tech industry lies in shambles whilst other spying nations are laughing their asses off about an adversary that on the international stage has zero moral authority left to accuse them of doing the exact same thing they've been exposed to do themselves.

Enter Jack Goldsmith. Realising nobody's buying into the terrorism argument anymore, the man proposes that henceforth the NSA will act as the agency in charge of protecting the nation from similar malicious cyber activities as those it has been revealed to inflict itself on world plus dog. To that purpose, it will carry on with the exact same resources, methods and authorities under which it has been operating in its previous capacity.

The first question this begs is if there is really anyone dumb enough to realise that this is nothing more than a PR overhaul just like Union Carbide changing its name to Praxair was in the wake of the Bhopal drama. The only thing it does is replacing "terrorism" by "cyberthreats", the new and popular hype that nobody actually understands but that everybody can be convinced to be really scared about.

In addition Mr. Goldsmith goes on to add that part of this new mission will be to "correct the market failures that plague cybersecurity" and to "control the stealth introduction of vulnerabilities during the manufacture of computer components". With which he shows a quite remarkable lack of understanding of what the NSA (alledgedly) has been up to in that particular space. Furthermore, he should ask himself to which extent this new role would not conflict with that of other agencies like the DHS and the US Cyber Command (also led by Gen. Alexander).

The Gallington piece is yet another boring iteration of the USG's view on the matter and its bottom-line conclusion at the end is particularly brain-dead in stating that "there are established procedures for whistle blowers in the intelligence community to complain about even the most highly classified matters". With about eight whistleblowers currently charged with espionage, this statement is about as credible as calling Daffyd Cameron an avid defender of the freedom of press.

@ CallMeLateForSupper, @ Clive

(Re: Diane Feinstein becoming a less rabid supporter of NSA)

I fully concur with @ CallMeLateForSupper's analysis. Devious Dianne is not having a change of heart. She is just trying to put on an air of salonfähigkeit in search of support for a new piece of legislation drafted by herself and Mike Rogers that - although thinly disguised as measures to rein in the NSA - in essence is rubberstamping all their current activities.

@ Dumbiedore

It sounds to me that most of the NSA supporting voices are coming from the jewish establishment. Could it be that one of the foremost job of the NSA is also to protect jews and monitor anti jewish movements electronically?

Grand prize for the dumbest remark I've seen on this forum in ages. I'm surprised @Moderator let it pass. And no, I'm not a jew.

AnonOctober 29, 2013 8:23 PM

Anon

@Dirk

True whistle-blowers don't release classified information to the general public. Real whistle-blowers only release classified information to those with the appropriate security clearances. Snowden could have gone to the NSA IG, the DOD IG, the HPSCI, the SSCI, the FISC, or even in extraordinary cases members of the US Supreme Court. If all those people agree that what the NSA is doing is legal under US law, then it probably is and therefore, it would be immoral to disclose it to the public. How many of those 8 so called whistleblowers charged with espionage are real whistle-blowers and didn't disclose classified information to the public?

Mike AnthisOctober 29, 2013 9:29 PM

Would someone please leak a directory of Social Security Numbers, so we can stop using them as authenticators?

Dirk PraetOctober 29, 2013 9:31 PM

@ Anon

True whistle-blowers don't release classified information to the general public.

Feel free to follow the government's definition. I see it differently.

name.withheld.for.obvious.reasonsOctober 29, 2013 11:58 PM

-----BEGIN FISA/NSA HYPOCRISY ALERT-----
Version: pgg v0.2a

SOURCE: FISA
DOCUMENT: FISC MEMORANDUM
TITLE: FISC AMENDED MEMORANDUM OPINION ON SECTION 215 OF THE PATRIOT ACT
SUBJECT: Aug 9 Bulk Collection of Telephony Metadata under Section 215

// NWFOR: The lies continue...as repeated & stated before committees
// hearings that location data is not collected--than why does the
// term "trunk indentifier" appear in the data collection set
// specification? And what about "not limited to"?
// From page 2 footnotes

For purposes of this matter, "telephony metadata includes comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile station Equipment Identity (IMEI) number, International Mobile Subscriber Identity (IMSI) n umber, etc.), t runk identifier, telephone calling card numbers, and time and duration of call. Telephony metadata does not include the substantive content of any communication, as defined by 18 U.S.C. § 2510(8), or the name, address, or financial information of a subscriber or customer." App. at 4. In a ddition, the Court has explicitly directed that its authorization does not include "the production of cell site location information (CSLI)."
Primary Ord. at 3.
-----END FISA/NSA HYPOCRISY ALERT-----

Wesley ParishOctober 30, 2013 6:05 AM

@Gweihir

There were a few that were plain ridiculous and had no chance of succeeding, with the police lying about that little detail. You cannot set off containers of liquefied gas with fireworks, for example, they are for too robust for that.

Anyone who's done welding in secondary school or later knows that if you want to create an explosion with liquified gas containers with plausible deniability, you need a halfwit, an oxyacetylene torch and some fall guy to give the orders. Though if you really want a proper liquified gas explosion, you need to get it leaking over something that provides a meaty spark.

We aint got no swing
Except for the ring
Of that truncheon thing

Of course neither the pterorists nor their police handlers know anything about anything - the Authorities don't want anything realTM happening.

MeOctober 30, 2013 10:37 AM

Second article sounded to me like this:
"In order to deter cyber-attacks, we need the NSA to continue to make our infrastructure insecure by design. If the network is secured, then we wont be able to catch those that exploit the insecurities."

Mike the goatOctober 30, 2013 2:13 PM

RobertT: have you dumped out the BIOS and compared it against the "stock" version on the manufacturer's website? I would love to have such a machine but I don't know anyone interesting enough who has a legit sample!

OrwellOctober 30, 2013 6:52 PM

Is it good for any government to have an immense capability to identify crimes and criminals, via electronic or other surveillance? What happens when unjust laws are passed, as in pre-WW2 Germany? It becomes very easy for the government to find and prosecute "criminals" who only violated unjust laws.

DPGOctober 30, 2013 7:48 PM

@Dirk Praet

Acute analysis. But whether it has been fully articulated in this man's brain or not, this is a demonstrably stupid human being.

I am finding the rise in newspeak compelling. From "we don't listen to your calls since machines do it for us" to "whistle-blowing means talking to the government". Remarkable concepts.


OIMOOctober 31, 2013 4:59 AM

@Eldoran

"Why not take an inspiration on 1984? Cameras / microphones everywhere"

Like, say, Smartphones and Webcams?

I expect Joe Public would be far more concerned if mass NSA monitoring of those were disclosed.

Gustavo MusleraOctober 31, 2013 12:43 PM

There could be a case for surveillance against several ways of crime. But US is not doing just it. Is wakening cryptography, installing and forcing manufacturers to install backdoors, planting logical bombs, and plain spying with economical objectives. Some of the uses they are giving to it is criminal, and others helps criminals to do their job.

Also, are you willing to give up intellectual property too? Because the line that separates privacy from intellectual property is pretty thin, specially for what you write/say/sing/whatever, and is that what is being gathered.

name.withheld.for.obvious.reasonsNovember 2, 2013 6:29 AM

The problem of "follow the leader" where the NSA is the leader is starting to raise its ugly head.


  1. Other organizations; LEA, municipal and county sheriff, prosecutors, judges, and city, state, and federal legislatures have begun digesting the subconscious message that it is okay to use "what ever you want" to act, react, legislate, and discuss. I'd argue that the think tanks have just started booting this process and you can hear it from the talking-heads. The noise level of this hegemony is intense, it sounds similar to drums beating throughout the night.

  2. The language is be perverted and no one argues the point; I've witnessed panels, read opinions, and have read articles by pundits, academics, and journalists and am concerned that the narrative is being formed (more like conformed) to expand this "preemptive" social model that, if not checked, will cost even more--in a very ironic way, let me explain;

    • Expanded use of technology to observe, monitor, or track common, everyday behavior--this is a resource allocation that could for example be a text book, a membership to a historic special collection library, or food for a week.

    • Contraction of commercial and small business organizations, possible the loss of whole sectors of the economy. The conformist model requires adherence, there are many businesses that require ad-hoc and dynamism to react, solve, or deal with issues. Singular thinking is in vogue--and it does not portend good things for the future. I thought it was bad when it was binary thinking--now it is "Zed/nil/nil" thinking.

    • The wasted expenditure of effort, LEA's looking into screens and facebook pages to track a miscreant and not planting a tree.
    • Does nothing to address the "nervous" society. There is a cost to having/keeping people in fear...once the herd gets running it can become a runaway train.

  3. The hypocrisy here is that in calling for a preemptive model for law enforcement first changes law enforcement to crime prevention. This is a contractual change with society that has been made without the society. I suggest that the push back by the society will be to respond with a similar reaction, inconsiderate of what you want.. Get a clue idiots. You're as dumb as the people you are taking advantage of...
  4. If the belief that preemptive action is justified than it is just a short jump to causation...but...causation requires the intellectual capacity to actual recognize a problem and not just react to it.

KoinzellNovember 2, 2013 8:53 AM

I honestly don't care about the difficult stuff like the ''How many Americans have been saved by the NSA measures'' as we honestly don't know. How many real terrorists have been caught by it, but the thing is, IT DOESN'T MATTER. How can Americans be saved by snuffing behind the PM of Germany or any other country? Doesn't Merica have the obligation of trusting the country till it gives a reason to stop trusting it?
And IT'S AGAINST HUMAN RIGHT FOR PRIVACY?! It's one of the most basic human rights, and the US govt doesn't care about those rights?...

Lets me honest, this IS EXACTLY the same as the snuffing that the USSR did. And being part of the countries that survived through the invasion of Nazi Germany and USSR. I have to say that USSR was as paranoid and immoral, inhumane as a country can be (There was a saying back in the soviet days that ''The walls have ears, and this is basically the same.). Humans were just gears that they could replace if they found even the smallest possibility of them being ''terrorists'' (See the similarity?). The American government is the biggest power-hungry, despicable, controlfreak and immoral country in the world (And I think Merica is at the same level as Russia. And maybe even worse than Russia, if Russia isn't spying after its citizens, which I think it is.). The governments haven't matured at all above the policies that were in force when the 2nd world war was going on. There's no trust, and those in power try to have their daggers ready if there's anyone who might bare their fangs against them.

And I'm sorry but the example of ''But if we don't do that another 9/11 will happen'' is bullcrap because:
1. You can't steal an airplane without the airport finding out about it in 1 minute. The excuse of there being an aircraft event is again wrong.
2. You can't ram an building that's heavily reinforced with an extremely thick steel frame, and make it fall into dust.
3. The fact that the government LIED about the reason to go into the Vietnam war (The preemptive attack against an US vessel was a lie.), and 9/11 was another reason to make the public agree with the war against Iraq.


I hope that this will bite the Merican government heavily into the ass, because this is EXACTLY a reason that people should rise up against.

Supposedly AnonymousNovember 2, 2013 12:44 PM

@Gweihir: The tip-offs to the DEA with subsequent lying to judges about the source of the information are already pure police-state tactics.

I'd like to think that "parallel construction" was a prime motivator of Mr. Snowden's actions, and I'm disappointed that it's not receiving the media coverage it deserves. The federal executive branch providing cover for federal, state and local law enforcement agencies lying to the courts has to be about as subversive as things get.

kevinNovember 4, 2013 9:23 PM

Surely, we can do better than this.

For someone whose career has given him access to the highest secrets of government (while at DOJ) and ready access to cyber-security information (at Harvard Law's Berkman Center), the argument Goldsmith puts forward here is astonishingly naive. The "perimeter security" defense model he posits here (or rather, adopts whole-hog from the military's cyber-threat model) is about as current, and likely as effective, as the Maginot Line. And the notion that threats to be defended against will be "planned" in a modality susceptible to NSA's traffic-analysis--and thereby thwarted by the Cyber-Command which Alexander also heads--is, well, charmingly quaint.

The whole Goldsmith piece, it appears, begins conceptually with an embrace of the NSA's broad reach, and builds outward from there a fact-set hospitable to the original premise. The conclusion is, quite literally, a given.

WaelNovember 7, 2013 12:31 AM

Poor Angela Merkel
Thought she's in the inner circle
She heard what's said and done
Then screamed: Das kotzt mich an!
And wet her girdle

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..