Snowden leak: NSA uses warrantless web surveillance to watch cyberattacks
Classified documents from the trove of former intelligence contractor Edward Snowden now reveal that the United States National Security Agency secretly had its powers expanded under Pres. Obama to go after hackers.
A report published on Thursday this week by journalists with the
New York Times and ProPublica shows that sensitive NSA documents
disclosed by Snowden detail how the Department of Justice agreed
in 2012 to give the spy agency new authorities with regards to
monitoring cyberattacks unfolding on US-linked networks.
That year, the joint report reveals, two previously secret memos
authored by the DoJ lawyers gave NSA analysts the go ahead
“to begin hunting on internet cables, without a warrant and
on American soil, for data linked to computer intrusions
originating abroad,” according to the journalists.
Although the Justice Dept. ultimately agreed only to let the NSA
monitor attacks believed to be stemming from foreign government
involvement, the documents show that the agency wanted to have
the power to target hackers even in instances where a link
couldn’t be established.
“It should come as no surprise that the US government gathers
intelligence on foreign powers that attempt to penetrate US
networks and steal the private information of US citizens and
companies,” Brian Hale, the spokesman for the Office of the
Director of National Intelligence, told the reporters, adding
that “targeting overseas individuals engaging in hostile
cyber activities on behalf of a foreign power is a lawful foreign
intelligence purpose.”
It’s not just the Patriot Act. The NSA has another secret legal interpretation of surveillance law. http://t.co/iPOdzQGUql#SnowdenDocs
— Julia Angwin (@JuliaAngwin) June 4, 2015
Two years ago this week, the first news articles to make use of
pilfered NSA documents from the Snowden trove surfaced in the
press, paving the way for a discussion on the US intelligence
community’s use of previously unpublicized surveillance tools and
tactics. Yet while the first spy program exposed through those
leaks – the bulk collection of millions of phone records on a
regular basis by the NSA – was reined in to a degree as recently
as this week, other endeavors revealed through the Snowden leak
concerning the agency’s operations remain well in effect.
US law authorizing the NSA’s activities prohibits the agency from
targeting American citizens. As with past programs unveiled
through the Snowden disclosures, though, critics say the broad
powers provided to the government nevertheless raise questions
about whether or not the privacy of innocent Americans is being
compromised.
According to this week’s report, the Justice Dept. gave the NSA
approval in 2012 to query unique “cybersignatures” and internet
addresses linked to attacks against American computer networks.
The Snowden documents show that the DoJ interpreted a previous
secret surveillance court ruling involving the monitoring of
foreign governments to justify the decision, yet ensured
restrictions were in place to rule out the collection of
US-specific information.
“That rule, the NSA soon complained, left a ‘huge collection
gap against cyber threats to the nation’ because it is often hard
to know exactly who is behind an intrusion,” the journalists
wrote. “So the NSA, in 2012, began pressing to go back to the
surveillance court and seek permission to use the program
explicitly for cybersecurity purposes. That way, it could monitor
international communications for any ‘malicious cyber activity,’
even if it did not yet know who was behind the attack.”
The FBI has access to the NSA's wiretaps of the fiber optic cables that make up the Internet backbone pic.twitter.com/EnsFt2t2BM
— Trevor Timm (@trevortimm) June 4, 2015
At the same time, their report continues, the FBI began to
benefit from an arrangement that allowed them to use the NSA’s
system to monitor traffic going through internet “chokepoints
operated by US providers through which international
communications enter and leave the United States.”
Jonathan Mayer, a cybersecurity scholar at Stanford Law School,
told the Times and ProPublica reporters that the revelations put
the activities of NSA, an organization tasked with international
intelligence gathering, “smack into law enforcement
land.”
“That’s a major policy decision about how to structure
cybersecurity in the US and not a conversation that has been had
in public,” he said.
In the aftermath of one of the biggest single acts of
intelligence gathering reform in modern American history, Rep.
Zoe Lofgren (D-California), a critic of the NSA’s surveillance
operations, told the Guardian that the revelations suggest
further changes are still needed, and needed urgently.
Contrary to those who hailed the USA Freedom Act, the NSA reform
bill passed earlier this week, Lofgren said the Times and
ProPublica report exemplifies the fact that passage “did not
end bulk collection of communications and data.”
“To add insult to injury, under this program victims of
cybercrime are doubly harmed when their government collects and
searches their private stolen communications and data,” she
said.
