Extraordinary times and measures: How the NSA might justify its injust actions

There’s a long history in the United States of backing the hero doing the wrong thing for the right reason.  We love movies like Dirty Harry, Lethal WeaponBeverly Hills Cop, and Hard Boiled where the good guy (usually a cop) finds no other way to get the bad guy than to break the law.  At the same time, some of the best villains are seen to have done the wrong thing for the right reason: Gen. Hummel in The Rock exemplifies this when he takes hostages to force the government to tell the truth about the deaths of Special Forces soldiers over the years.

While those are fantasy worlds, there’s also a long history of sympathy for those real people who break the law for what society (or parts of it) deem to be the right reason.  From those who resort to cannibalism to survive to those who refuse to disperse while in largely peaceful protest to a president who ignored separation of powers and ordered military trials of civilians, we look upon them with approval or at least forgiveness because we realize that sometimes extraordinary times require extraordinary measures.

But most of these approvals of real actions are in hindsight.  At the time of the action, they are often controversial, even unpopular.  But perhaps there’s another aspect to them that is often overlooked: they’re not happening to us.  When an action doesn’t directly affect a person, they’re less likely to take a strong negative view on it than when they see a real or potential impact in their own lives.

This happens when we hear about the reality of combat, especially if we know someone who has been in the fighting.  Even if we disagree with the war, we tend to give the benefit of the doubt to the individual because we want to trust that they did the right thing at the time even if it was illegal or usually considered immoral or unethical.  But when we specifically are caught in the cross-fire, literally or figuratively, we tend to have a very different view.

And that’s what I think has caused the uproar over the NSA surveillance.  Don’t get me wrong–I have some serious issues with it, too–but when there was reason to believe that it was primarily happening to people in other countries or to potential terrorists in the United States, people didn’t get too worked up over it.

Now that the Snowden documents have revealed ever-increasing surveillance of many millions of Americans–perhaps nearly all of them–it’s suddenly hit home that the average person could come under suspicion for the simple act of making or taking a phone call, visiting a website, or chatting with a friend.  We start to worry that in connecting various dots, we could become a dot, and the known protections against this are nebulous at best.  We have only claims from the government which include a court that has little or no adversarial activity.  And that’s not good enough.

It doesn’t help that for most people, the NSA is a faceless entity.  Most people don’t know anyone who works there, or if they do they don’t realize it as those who draw an NSA paycheck generally don’t advertise it.  When we can’t put a familiar face on an activity, the motives become questionable, even sinister, because we have no one to question.

I’ve known some who have worked for some of these agencies.  One shared trait is not talking about foreign affairs, usually for the same reason.  From the inside, those with a TOP SECRET/SCI clearance see things that change their view of the world.  I’ve been told by someone who would know that the average stay in the NSA’s counter-terrorism group is two years or less; after that, they burn out.  They see so much that the general public not only doesn’t get but doesn’t want to see that they can’t talk even about things not covered by their clearance.  It’s just too frustrating.

And maybe that’s led to scope creep.  The analysts and their bosses are, at least in their minds, dealing with extraordinary times and they require extraordinary measures.  If we had just done this one other thing, maybe we would have caught the attack before it could do damage.

I imagine this happens fairly regularly.  Someone comes up with an idea, someone else expresses discomfort, it gets bounced around the lawyers and perhaps the White House, and then a rationale is provided.  I expect not everything is approved.  Some things are too complex, too expensive, too niche, or just too blatantly unconstitutional.  And sometimes there’s very strong push-back.  But someone, somewhere, comes up with a legal reasoning and those who are not steeped in the law tend to go with it.  It becomes easy to justify: We’re not the legal experts, we need this capability, it will save lives.  Extraordinary times, extraordinary measures.  That’s what they tell themselves.

But in extraordinary times, it takes extraordinary people to stand up against the illegal and unconstitutional.  It’s critical that those protecting us remember what is being protected.  People are being protected, but so is the foundation on which the country was built.  That foundation has served for more than 200 years as an inspiration to people everywhere.  The personal rights enshrined in the United States Constitution have largely become the accepted way that things should be around the world.  When they’re set aside by stretched reasoning, even for extraordinary times,  it undermines the very foundation of our society.  Edward Snowden remembered that, and whatever his personal faults and mistakes, his actions have opened our eyes and caused an international discussion about how much is enough.

Yes, something might slip through.  Another Boston Marathon bombing may happen.  But even in its aftermath the country and–more importantly–its ideals survive.  There are times when the wrong thing is the right thing to do.  But it’s the exception, never the rule.  Extraordinary measures used every time become ordinary–and wrong.  And we must remember that, whether we are an average citizen, a police officer, a soldier, an intelligence analyst, or a president.

The NSA’s Attention Span: Widely Focused on the Narrow

When the power of a nation-state is directed upon you, they have resources that completely boggle the mind.  This applies even if it’s a minor power: Estonia, Hungary, and Cambodia all have their own capabilities and, while very small compared to some, your ability to hide from a country that makes you Priority One is limited.  They have seasoned pros that are in all likelihood a lot better than you are, and the allies they call in when they need help are even more dangerous to you.

But of all the agencies, the National Security Administration possesses perhaps the most impressive capability for finding information on the planet.  This comes largely from being funded at a level that completely dwarfs every other nation (he NSA’s actual budget is classified, but it is believed to have received at least $10 billion and perhaps as much as $20 billion in the 2012-13 intelligence community budget) and having access to an array of locations and technologies that few if any other nations possess. Many of its listening posts (not including temporary posts on ships, in aircraft, and set up in vehicles or shacks) are known even if exactly what each does is not, and their presence around the world shows the reach the NSA has through US allies.  Their technological edge includes supercomputers, interception methods, and hacking capabilities that render most defenses nearly moot.

The previous article discussed the difficulties associated with encryption, both in getting it right and in circumventing it by accessing the data via other means when it’s not encrypted.  In short, it requires some very careful planning to make sure that your implementation, both from a technical and an operational perspective, are as solid as they can be, and this is where most people fail.

This is not to say that encryption is useless.  Far from it.  If you’re trying to secure information from competitors, random attackers, or other enemies, it’s one of the best tools available.  Even if you’re doing something that a national agency doesn’t want you doing, it’s better to encrypt than to not, if possible and practical.  And there are ways to give even the most powerful adversary a headache.  But if you come under the scrutiny of the NSA, it becomes exceptionally difficult to effectively hide the contents of the message unless you take very specific precautions and you do it without failure every single time.

From this rises the second question from the last article: how do you avoid the NSA if they’re looking for you?  This turns out to be extraordinarily difficult not only because of the NSA’s reach into the world’s communications but also the legal framework in which the NSA operates.  We’ll start by looking at how far and with what difficulty the NSA can actually look.

Continue reading “The NSA’s Attention Span: Widely Focused on the Narrow”

Trust and the NSA: They’re Not Mutually Exclusive

The National Security Administration has, for good reason, been front and center in the news for the last couple of months.  What the NSA is mostly known for is signals intelligence (intercepting someone else’s communications) and cryptography.  It was founded in 1952 out of the ineffectual Armed Forces Security Agency for that specific purpose, in fact.  That mission has led it to tapping communications lines, setting up vast antenna arrays, and putting analysts in frigid shacks on the sterns of destroyers pitching in the stormy North Sea, all dedicated at trying to get The Other Guy’s communications.  And when it does get them, it tries to crack the encryption used (if any) and succeeds a lot.

In addition to that, the NSA has been tasked to ensure that communications for the United States government are secure.  It does this in a number of ways that include preventing leakage of the signals in the first place, but it’s most famous for its work in cryptography.  And if there’s one thing that they know, it’s that crypto is hard.

It knows that for one main reason, and that is its code-breaking section.  One of that section’s first duties, of course, is to break other nations’ codes.  But it also tries to break algorithms in and from the United States.  Any time the agency tasks someone to create or improve an encryption algorithm, another group that specializes in finding weaknesses in crypto algorithms is tasked to break it.  If that happens, it gets sent back to be fixed if possible or scrapped if not.  This is a good thing: if your friend can break your algorithm, there’s a good chance that your enemy can, too.

So take a worldwide coverage and world-renowned crypto capabilities and combine them with the NSA’s mission, which has been eloquently stated, “The ability to understand the secret communications of our foreign adversaries while protecting our own communications–a capability in which the United States leads the world–gives our nation a unique advantage.”  In short, break theirs while protecting ours.  Part of protecting ours is ensuring that the encryption used, particularly by the federal government, is not breakable while taking every available opportunity to break the encryption used by others.

Take this combination, and two questions naturally rise to the top.

  • How much do you trust the NSA?
  • How hard is it to avoid them if they’re looking for you?

It turns out that these are not easy questions to answer.  While there have been a lot of suspicions about whether the NSA has looked at only foreign traffic over the years, at least without a warrant, it was hard to find proof save for the rare leak.  Even the information that has come along in the documents so far released by Edward Snowden hasn’t made the extent of surveillance completely clear, and that makes it even harder to answer the questions.  We’ll look at the first of those questions today, and the second question in the next article.

Continue reading “Trust and the NSA: They’re Not Mutually Exclusive”