[ExI] [IP] NSA report

[Eugen Leitl]

----- Forwarded message from Dave Farber <dave at farber.net> -----

Date: Sat, 23 Nov 2013 14:56:20 -0500
From: Dave Farber <dave at farber.net>
To: ip <ip at listbox.com>
Subject: [IP] NSA report
Message-ID: <CAKx4trhUOu7dOpsXqKO=JFWg6L9sCwKv1fqL-Dx1wwqmNMHBVQ at mail.gmail.com>
Reply-To: dave at farber.net

[image: The New York Times] <http://www.nytimes.com/>

------------------------------
November 22, 2013
N.S.A. Report Outlined Goals for More PowerBy JAMES
RISEN<http://topics.nytimes.com/top/reference/timestopics/people/r/james_risen/index.html>
 and LAURA POITRAS

WASHINGTON — Officials at the National Security
Agency<http://topics.nytimes.com/top/reference/timestopics/organizations/n/national_security_agency/index.html?inline=nyt-org>,
intent on maintaining its dominance in intelligence collection, pledged
last year to push to expand its surveillance powers, according to a
top-secret strategy document.

In a February 2012
paper<http://www.nytimes.com/interactive/2013/11/23/us/politics/23nsa-sigint-strategy-document.html>
laying
out the four-year strategy for the N.S.A.’s signals intelligence
operations, which include the agency’s eavesdropping and communications
data collection around the world, agency officials set an objective to
“aggressively pursue legal authorities and a policy framework mapped more
fully to the information age.”

Written as an agency mission statement with broad goals, the five-page
document said that existing American laws were not adequate to meet the
needs of the N.S.A. to conduct broad surveillance in what it cited as “the
golden age of Sigint,” or signals intelligence. “The interpretation and
guidelines for applying our authorities, and in some cases the authorities
themselves, have not kept pace with the complexity of the technology and
target environments, or the operational expectations levied on N.S.A.’s
mission,” the document concluded.

Using sweeping language, the paper also outlined some of the agency’s other
ambitions. They included defeating the cybersecurity practices of
adversaries in order to acquire the data the agency needs from “anyone,
anytime, anywhere.” The agency also said it would try to decrypt or bypass
codes that keep communications secret by influencing “the global commercial
encryption market through commercial relationships,” human spies and
intelligence partners in other countries. It also talked of the need to
“revolutionize” analysis of its vast collections of data to “radically
increase operational impact.”

The strategy document, provided by the former N.S.A. contractor Edward J.
Snowden, was written at a time when the agency was at the peak of its
powers and the scope of its surveillance operations was still secret. Since
then, Mr. Snowden’s revelations have changed the political landscape.

Prompted by a public outcry over the N.S.A.’s domestic operations, the
agency’s critics in Congress have been pushing to limit, rather than
expand, its ability to routinely collect the phone and email records of
millions of Americans, while foreign leaders have protested reports of
virtually unlimited N.S.A. surveillance overseas, even in allied nations.
Several inquiries are underway in Washington; Gen. Keith B. Alexander, the
N.S.A.’s longest-serving director, has announced plans to
retire<http://www.reuters.com/article/2013/10/16/us-usa-nsa-transition-idUSBRE99F12W20131016>;
and the White House has offered proposals to disclose more information
about the agency’s domestic surveillance activities.

The N.S.A. document, titled “Sigint Strategy 2012-2016,” does not make
clear what legal or policy changes the agency might seek. The N.S.A.’s
powers are determined variously by Congress, executive orders and the
nation’s secret intelligence court, and its operations are governed by
layers of regulations. While asserting that the agency’s “culture of
compliance” would not be compromised, N.S.A. officials argued that they
needed more flexibility, according to the paper.

Senior intelligence officials, responding to questions about the document,
said that the N.S.A. believed that legal impediments limited its ability to
conduct surveillance of terrorism suspects inside the United States.
Despite an overhaul of national security law in 2008, the officials said,
if a terrorism suspect who is under surveillance overseas enters the United
States, the agency has to stop monitoring him until it obtains a warrant
from the Foreign Intelligence Surveillance Court.

“N.S.A.’s Sigint strategy is designed to guide investments in future
capabilities and close gaps in current capabilities,” the agency said in a
statement. “In an ever-changing technology and telecommunications
environment, N.S.A. tries to get in front of issues to better fulfill the
foreign-intelligence requirements of the U.S. government.”

Critics, including some congressional leaders, say that the role of N.S.A.
surveillance in thwarting terrorist attacks — often cited by the agency to
justify expanded powers — has been exaggerated. In response to the
controversy about its activities after Mr. Snowden’s disclosures, agency
officials claimed that the N.S.A.’s sweeping domestic surveillance programs
had helped in 54 “terrorist-related activities.” But under growing
scrutiny, congressional staff members and other critics say that the use of
such figures by defenders of the agency has drastically overstated the
value of the domestic surveillance programs in counterterrorism.

Agency leaders believe that the N.S.A. has never enjoyed such a target-rich
environment as it does now because of the global explosion of digital
information — and they want to make certain that they can dominate “the
Sigint battle space” in the future, the document said. To be “optimally
effective,” the paper said, “legal, policy and process authorities must be
as adaptive and dynamic as the technological and operational advances we
seek to exploit.”

Intent on unlocking the secrets of adversaries, the paper underscores the
agency’s long-term goal of being able to collect virtually everything
available in the digital world. To achieve that objective, the paper
suggests that the N.S.A. plans to gain greater access, in a variety of
ways, to the infrastructure of the world’s telecommunications networks.

Reports based on other documents previously leaked by Mr. Snowden showed
that the N.S.A. has infiltrated the cable
links<http://www.nytimes.com/2013/10/31/technology/nsa-is-mining-google-and-yahoo-abroad.html>
to
Google and Yahoo data centers around the world, leading to protests from
company executives and a growing backlash against the N.S.A. in Silicon
Valley.

Yet the paper also shows how the agency believes it can influence and shape
trends in high-tech industries in other ways to suit its needs. One of the
agency’s goals is to “continue to invest in the industrial base and drive
the state of the art for high performance computing to maintain pre-eminent
cryptanalytic capability for the nation.” The paper added that the N.S.A.
must seek to “identify new access, collection and exploitation methods by
leveraging global business trends in data and communications services.”

And it wants to find ways to combine all of its technical tools to enhance
its surveillance powers. The N.S.A. will seek to integrate its
“capabilities to reach previously inaccessible targets in support of
exploitation, cyberdefense and cyberoperations,” the paper stated.

The agency also intends to improve its access to encrypted communications
used by individuals, businesses and foreign governments, the strategy
document said. The N.S.A. has already had some success in defeating
encryption, The New York Times has
reported<http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html>,
but the document makes it clear that countering “ubiquitous, strong,
commercial network encryption” is a top priority. The agency plans to fight
back against the rise of encryption through relationships with companies
that develop encryption tools and through espionage operations. In other
countries, the document said, the N.S.A. must also “counter indigenous
cryptographic programs by targeting their industrial bases with all
available Sigint and Humint” — human intelligence, meaning spies.

The document also mentioned a goal of integrating the agency’s
eavesdropping and data collection systems into a national network of
sensors that interactively “sense, respond and alert one another at machine
speed.” Senior intelligence officials said that the system of sensors is
designed to protect the computer networks of the Defense Department, and
that the N.S.A. does not use data collected from Americans for the system.

One of the agency’s other four-year goals was to “share bulk data” more
broadly to allow for better analysis. While the paper does not explain in
detail how widely it would disseminate bulk data within the intelligence
community, the proposal raises questions about what safeguards the N.S.A.
plans to place on its domestic phone and email data collection programs to
protect Americans’ privacy.

N.S.A. officials have insisted that they have placed tight controls on
those programs. In an interview, the senior intelligence officials said
that the strategy paper was referring to the agency’s desire to share
foreign data more broadly, not phone logs of Americans collected under
the Patriot
Act<http://topics.nytimes.com/top/reference/timestopics/subjects/u/usa_patriot_act/index.html?inline=nyt-classifier>
.

Above all, the strategy paper suggests the N.S.A.’s vast view of its
mission: nothing less than to “dramatically increase mastery of the global
network.”

Other N.S.A. documents offer hints of how the agency is trying to do just
that. One program, code-named Treasure Map, provides what a secret N.S.A.
PowerPoint presentation describes as “a near real-time, interactive map of
the global Internet.” According to the undated PowerPoint presentation,
disclosed by Mr. Snowden, Treasure Map gives the N.S.A. “a 300,000 foot
view of the Internet.”

Relying on Internet routing data, commercial and Sigint information,
Treasure Map is a sophisticated tool, one that the PowerPoint presentation
describes as a “massive Internet mapping, analysis and exploration engine.”
It collects Wi-Fi network and geolocation data, and between 30 million and
50 million unique Internet provider addresses — code that can reveal the
location and owner of a computer, mobile device or router — are represented
each day on Treasure Map, according to the document. It boasts that the
program can map “any device, anywhere, all the time.”

The documents include addresses labeled as based in the “U.S.,” and because
so much Internet traffic flows through the United States, it would be
difficult to map much of the world without capturing such addresses.

But the intelligence officials said that Treasure Map maps only foreign and
Defense Department networks, and is limited by the amount of data available
to the agency. There are several billion I.P. addresses on the Internet,
the officials said, and Treasure Map cannot map them all. The program is
not used for surveillance, they said, but to understand computer networks.

The program takes advantage of the capabilities of other secret N.S.A.
programs. To support Treasure Map, for example, the document states that
another program, called Packaged Goods, tracks the “traceroutes” through
which data flows around the Internet. Through Packaged Goods, the N.S.A.
has gained access to “13 covered servers in unwitting data centers around
the globe,” according to the PowerPoint. The document identifies a list of
countries where the data centers are located, including Germany, Poland,
Denmark, South Africa and Taiwan as well as Russia, China and Singapore.

Despite the document’s reference to “unwitting data centers,” government
officials said that the agency does not hack into those centers. Instead,
the officials said, the intelligence community secretly uses front
companies to lease space on the servers.

Despite the N.S.A.’s broad surveillance powers, the strategy paper shows
that N.S.A. officials still worry about the agency’s ability to fend off
bureaucratic inertia while keeping pace with change.

“To sustain current mission relevance,” the document said, Signals
Intelligence Directorate, the N.S.A.’s signals intelligence arm, “must
undertake a profound and revolutionary shift from the mission approach
which has served us so well in the decades preceding the onset of the
information age.”

James Risen reported from Washington, and Laura Poitras from Berlin.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/25094221-ddf8422b
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----