“Inside the NSA” Long Now Talk by Anne Neuberger

This notice was just emailed by Stewart Brand to Long Now Foundation members. If you are not a member you can purchase tickets for $15 each.

The NSA’s failures are public headlines. Its successes are secret.

These days America’s National Security Agency lives at the intersection of two paranoias—governmental fears of attack and citizen fears about loss of privacy. Both paranoias were exacerbated by a pair of devastating attacks—9/11 and Edward Snowden. The agency now has to evolve rapidly while managing its normal heavy traffic of threats and staying ahead of the ever-accelerating frontier of cyber capabilities.

In the emerging era of transparency, and in the thick of transition, what does the NSA look like from inside?

Threats are daily, but governance is long term. At the heart of handling that balance is Anne Neuberger, Special Assistant to NSA Director Michael Rogers and Director of the Commercial Solutions Center. (Before this assignment she was Special Advisor to the Secretary of Navy; before that, in 02007, a White House Fellow.) She is exceptionally smart, articulate, and outspoken.

“Inside the NSA,” Anne Neuberger, SFJAZZ Center, Hayes Valley, San Francisco, 7pm, Wednesday August 6. The show starts promptly at 7:30pm.

To be sure of a seat:
• Long Now Members can use the discount code on the Neuberger Seminar page to reserve 2 free seats.
• You can purchase tickets for $15 each.
• Seminar at SFJAZZ Center 201 Franklin Street, San Francisco, CA 94102
• Tune into the live audio stream for Long Now Members at 7:30 PT – become a member for just $8 a month.
Share this talk: Anne Neuberger, “Inside the NSA” Long Now talk on 8/6 

How the U.S. Uses Technology to Mine More Data More Quickly

(…snip…) While once the flow of data across the Internet appeared too overwhelming for N.S.A. to keep up with, the recent revelations suggest that the agency’s capabilities are now far greater than most outsiders believed. “Five years ago, I would have said they don’t have the capability to monitor a significant amount of Internet traffic,” said Herbert S. Lin, an expert in computer science and telecommunications at the National Research Council. Now, he said, it appears “that they are getting close to that goal.”

Thanks to Tyler Cowen for the link to this NYT piece by James Risen and Eric Lichtblau. I've been casually following Palantir Technologies for some time. They are arguably one of the “new disruptors” and by chance happen to be headquartered next to the Phillz Coffee that we favor in Palo Alto (Phillz is of course full of Palantir and other denizens of the brain-powered companies based around Palo Alto). From listening to a couple of podcast interviews with CEO Dr. Alex Karp, I understood Palantir's specialty was to help clients such as drug developers or intelligence agencies discern patterns in mountains of data. Palantir is not an automated data-mining algorithms company. Their secret sauce is enabling human brainpower to analyze enormous and often separate data sets. So visualization of relationships is an important part of their solutions.

Palantir has a large number of YouTube videos – conference lectures, demos, and “Palantir 101” type overviews.

I'll close with an apt Alex Karp quote from the Palantir website:

“There is no point in having a war on terrorism if civil liberties are being undermined to the extent that we aren’t willing to fight that war.”

Further to the cognitive computing topic, I'll also note that IBM Research Director John Kelly is speaking tonight at the Computer History Museum in nearby Mountain View. We immediately tried to reserve seats, but Kelly's talk is already sold out. His book Smart Machines: IBM’s Watson and the Era of Cognitive Computing , will be published in the fall by Columbia University Press. You can read a free chapter here.


Google pushes back with a public letter to AG

Larry Page shared this via Google+

We’re calling for greater transparency–asking the government to let us publish in our Transparency Report aggregate numbers of national security requests, including their scope. Here’s our letter to the US government.

This morning we sent the following letter to the offices of the Attorney General and the Federal Bureau of Investigation. Read the full text below. -Ed.

Dear Attorney General Holder and Director Mueller

Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.

We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.

Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.

We will be making this letter public and await your response.

David Drummond
Chief Legal Officer

David Simon on the NSA intercepts

David Simon, creator of The Wire, wrote a commentary on this topic that may help readers understand the purpose of the NSA database. I don’t know that Simon has any special knowledge – beyond his experience as a Baltimore police reporter. But I thought he did a good job explaining the basics of the why and the how.  First David outlines the equivalent procedures used by the Baltimore police and drug enforcement apparatus. Then he draws the parallels with this excerpt:

(…snip…) The question is not should the resulting data exist. It does. And it forever will, to a greater and greater extent. And therefore, the present-day question can’t seriously be this: Should law enforcement in the legitimate pursuit of criminal activity pretend that such data does not exist. The question is more fundamental: Is government accessing the data for the legitimate public safety needs of the society, or are they accessing it in ways that abuse individual liberties and violate personal privacy — and in a manner that is unsupervised.

And to that, the Guardian and those who are wailing jeremiads about this pretend-discovery of U.S. big data collection are noticeably silent. We don’t know of any actual abuse. No known illegal wiretaps, no indications of FISA-court approved intercepts of innocent Americans that occurred because weak probable cause was acceptable. Mark you, that stuff may be happening. As is the case with all law enforcement capability, it will certainly happen at some point, if it hasn’t already. Any data asset that can be properly and legally invoked, can also be misused — particularly without careful oversight. But that of course has always been the case with electronic surveillance of any kind.

Keep in mind that the FISA court was created as a means of having some definitive oversight into a world that previously had been entirely unregulated, and wiretapping abuses by the U.S. executive branch and by law enforcement agencies were in fact the raison d’etre for the creation of FISA and a federal panel of judges to review national security requests for electronic surveillance. Is it perfect? Of course not. Is it problematic that the court’s rulings are not public? Surely.

But the fact remains that for at least the last two presidential administrations, this kind of data collection has been a baseline logic of an American anti-terrorism effort that is effectively asked to find the needles before they are planted into haystacks, to prevent even such modest, grass-rooted conspiracies as the Boston Marathon Bombing before they occur.

So think for a minute about a scenario in which, say, a phone number is identified overseas as being linked to terror activity. It is so identified by, say, NSA overseas intercepts or through intelligence gathering by the CIA or the military. And say that there exists a database of billions and billions of telephonic contacts in the United States over a period of months or years. And say a computer could then run the suspect number through that data base and determine a pattern of communication between that overseas phone and several individuals in New York, or Boston, or Detroit. Would you want that connection to be made and made quickly? Or do you want to leave law enforcement to begin trying to acquire the call history on that initial phone from overseas carriers who may or may not maintain detailed retroactive call data or be unwilling to even provide that data fully to American law enforcement or do so while revealing the investigative effort to the targets themselves?

Keep in mind that law enforcement must still establish probable cause to then begin to actually monitor conversations on the domestic numbers, and that this request for electronic surveillance is then, of course, subject to judicial review by the FISA court.

Yes, I can hear the panicked libertarians and liberals and Obama-haters wailing in rare unison: But what about all the innocent Americans caught up in this voracious, overreaching dragnet? To which the answer is obvious if you think about the scale of this: What dragnet?

This is a longish essay – so you’ll profit from reading the whole thing. There are a few 4-letter words. If you are especially interested in this topic then you will probably find it very worthwhile to scan through the 430 comments to David’s essay. There you will find there is a good bit more nuance to his position than you might think.

Internet Companies Deny They’re Helping the NSA Collect User Data. Should We Believe Them?

Just the right ingredients for a new media frenzy: USA, internet traffic spying, Too-Powerful-Corporations. Megan McArdle has offered an analysis that is close to our view:

(…snip…) What to make of this? It would be stupid for them to deny this, and then get sued by their customers when it turns out it’s not true.

Last night on Twitter, my husband outlined five possibilities:

1. The companies are lying

2. Only a few people in the company know about this, and they aren’t issuing the statements

3. The Post and the Guardian are wrong and have been duped

4. PRISM was operating without the knowledge of the companies

5. The companies know, and those statements are very carefully worded.

All of these are in some way unbelievable. #1 is asking for a class action suit that destroys your company. #3 involves some very suspicious national security reporters at two different outlets simultaneously getting duped. And #2 strikes me as extremely unlikely. I can imagine one rogue employee doing this without telling his employers. I cannot imagine the exact same thing happening at nine of the biggest internet companies.

The most likely possibilities seem to be #4 or #5: the NSA is filtering this stuff at some point outside the companies, or the companies have issued some very, very carefully worded statements.

I recommend reading Megan’s entire essay, typically well-done. Something isn’t right about the headlined story, but I don’t have any knowledge of what (if anything) has actually been going on. It’s pretty much a non-issue for us as we assume governments have access to any electronic communication we use (including any phone or internet link). Presumably anyone wishing to prevent governments from “reading their mail” uses at least a VPN and, as insurance, robust encryption inside the VPN tunnel. 

Surveillance Sanity

Companies that help protect the U.S. against attack deserve immunity from frivolous lawsuits.

I think this legislation is vital. An excellent case is made here by Benjamin Civiletti, Dick Thornburgh And William Webster. Civiletti was U.S. attorney general under President Jimmy Carter, Thornburgh was U.S. attorney general under President George H.W. Bush and Judge Webster is former director of the CIA and former director of the FBI.

Following the terrorist attacks of Sept. 11, 2001, President Bush authorized the National Security Agency to target al Qaeda communications into and out of the country. Mr. Bush concluded that this was essential for protecting the country, that using the Foreign Intelligence Surveillance Act would not permit the necessary speed and agility, and that he had the constitutional power to authorize such surveillance without court orders to defend the country.

Since the program became public in 2006, Congress has been asserting appropriate oversight. Few of those who learned the details of the program have criticized its necessity. Instead, critics argued that if the president found FISA inadequate, he should have gone to Congress and gotten the changes necessary to allow the program to proceed under court orders. That process is now underway. The administration has brought the program under FISA, and the Senate Intelligence Committee recently reported out a bill with a strong bipartisan majority of 13-2, that would make the changes to FISA needed for the program to continue. This bill is now being considered by the Senate Judiciary Committee.

Public disclosure of the NSA program also brought a flood of class-action lawsuits seeking to impose massive liability on phone companies for allegedly answering the government’s call for help. The Intelligence Committee has reviewed the program and has concluded that the companies deserve targeted protection from these suits. The protection would extend only to activities undertaken after 9/11 until the beginning of 2007, authorized by the president to defend the country from further terrorist attack, and pursuant to written assurances from the government that the activities were both authorized by the president and legal.

We agree with the committee. Dragging phone companies through protracted litigation would not only be unfair, but it would deter other companies and private citizens from responding in terrorist emergencies whenever there may be uncertainty or legal risk.

The government alone cannot protect us from the threats we face today. We must have the help of all our citizens. There will be times when the lives of thousands of Americans will depend on whether corporations such as airlines or banks are willing to lend assistance. If we do not treat companies fairly when they respond to assurances from the highest levels of the government that their help is legal and essential for saving lives, then we will be radically reducing our society’s capacity to defend itself.

This concern is particularly acute for our nation’s telecommunications companies. America’s front line of defense against terrorist attack is communications intelligence. When Americans put their loved ones on planes, send their children to school, or ride through tunnels and over bridges, they are counting on the “early warning” system of communications intelligence for their safety. Communications technology has become so complex that our country needs the voluntary cooperation of the companies. Without it, our intelligence efforts will be gravely damaged.

Whether the government has acted properly is a different question from whether a private person has acted properly in responding to the government’s call for help. From its earliest days, the common law recognized that when a public official calls on a citizen to help protect the community in an emergency, the person has a duty to help and should be immune from being hauled into court unless it was clear beyond doubt that the public official was acting illegally. Because a private person cannot have all the information necessary to assess the propriety of the government’s actions, he must be able to rely on official assurances about need and legality. Immunity is designed to avoid the burden of protracted litigation, because the prospect of such litigation itself is enough to deter citizens from providing critically needed assistance.

As the Intelligence Committee found, the companies clearly acted in “good faith.” The situation is one in which immunity has traditionally been applied, and thus protection from this litigation is justified.

First, the circumstances clearly showed that there was a bona fide threat to “national security.” We had suffered the most devastating attacks in our history, and Congress had declared the attacks “continue to pose an unusual and extraordinary threat” to the country. It would have been entirely reasonable for the companies to credit government representations that the nation faced grave and immediate threat and that their help was needed to protect American lives.

Second, the bill’s protections only apply if assistance was given in response to the president’s personal authorization, communicated in writing along with assurances of legality. That is more than is required by FISA, which contains a safe-harbor authorizing assistance based solely on a certification by the attorney general, his designee, or a host of more junior law enforcement officials that no warrant is required.

Third, the ultimate legal issue–whether the president was acting within his constitutional powers–is not the kind of question a private party can definitively determine. The companies were not in a position to say that the government was definitely wrong.

Prior to FISA’s 1978 enactment, numerous federal courts took it for granted that the president has constitutional power to conduct warrantless surveillance to protect the nation’s security. In 2002, the FISA Court of Review, while not dealing directly with the NSA program, stated that FISA could not limit the president’s constitutional powers. Given this, it cannot be said that the companies acted in bad faith in relying on the government’s assurances of legality.

For hundreds of years our legal system has operated under the premise that, in a public emergency, we want private citizens to respond to the government’s call for help unless the citizen knows for sure that the government is acting illegally. If Congress does not act now, it would be basically saying that private citizens should only help when they are absolutely certain that all the government’s actions are legal. Given the threats we face in today’s world, this would be a perilous policy.

The cost of over-lawyering intelligence

I sure hope that the relevant Congressional committees members are all required to read Harvard Law Professor Jack Goldsmith’s book on how the decisionmaking process relating to terror is being “strangled by law.” Here’s a costly example from today’s NY Post:

October 15, 2007 — WASHINGTON – U.S. intelligence officials got mired for nearly 10 hours seeking approval to use wiretaps against al Qaeda terrorists suspected of kidnapping Queens soldier Alex Jimenez in Iraq earlier this year, The Post has learned.

…Sometime before dawn, heavily armed al Qaeda gunmen quietly cut through the tangles of concertina wire surrounding the outpost of two Humvees and made a massive and coordinated surprise attack.

Four of the soldiers were killed on the spot and three others were taken hostage.

A search to rescue the men was quickly launched. But it soon ground to a halt as lawyers – obeying strict U.S. laws about surveillance – cobbled together the legal grounds for wiretapping the suspected kidnappers.

Starting at 10 a.m. on May 15, according to a timeline provided to Congress by the director of national intelligence, lawyers for the National Security Agency met and determined that special approval from the attorney general would be required first.

For an excruciating nine hours and 38 minutes, searchers in Iraq waited as U.S. lawyers discussed legal issues and hammered out the “probable cause” necessary for the attorney general to grant such “emergency” permission.

Finally, approval was granted and, at 7:38 that night, surveillance began.

“The intelligence community was forced to abandon our soldiers because of the law,” a senior congressional staffer with access to the classified case told The Post.

“How many lawyers does it take to rescue our soldiers?” he asked. “It should be zero.”


Global telephone traffic routed through US switches

…While nobody outside the intelligence community knows the exact volume of international telephone and internet traffic that crosses U.S. borders, experts agree that it bounces off a handful of key telephone switches and perhaps a dozen IXPs in coastal cities near undersea fiber-optic cable landings, particularly Miami, Los Angeles, New York and the San Francisco Bay Area.

Miami sees most of the internet traffic between South America and the rest of the world, including traffic passing from one South American country to another, says Bill Manning, the managing partner of ep.net. “Basically they backhaul to the United States, do the switch and haul it back down since (it’s) cheaper than crossing their international borders.”

…”There are about three or four buildings you need to tap,” Beckert says. “In L.A. there is 1 Wilshire; in New York, 60 Hudson, and in Miami, the NAP of the Americas.”

<more> in WIRED.

The RESTORE Act has been introduced in the House, which hopefully will bring the legislative foundations for surveillance closer to the 21st century.

The Terror Presidency: Law and Judgment Inside the Bush Administration

Last Week the Glenn and Helen show podcast interviewed Harvard Law Professor Jack Goldsmith, author of The Terror Presidency: Law and Judgment Inside the Bush Administration.

tells the story of his experience working at the Defense Department and as head of the Office of Legal Counsel at the Department of Justice, and also looks at how the decisionmaking process relating to terror is being “strangled by law.” Goldsmith talks about his experiences, his book, and what the next President and Congress should do.

Most interesting — I added the book to my Amazon wishlist. Today I see that Michael Barone reviews the book:

“Never in the history of the United States had lawyers had such extraordinary influence over war policy as they did after 9/11.” Those are the words of Jack Goldsmith, the Harvard law professor who was one of those lawyers, as head of the Justice Department’s Office of Legal Counsel in 2003 and 2004. They appear in his book “The Terror Presidency,” hailed as a criticism of the Bush administration’s legal policies, which in part it is.

Believing that some of his predecessor’s opinions, particularly two on interrogation techniques, were “deeply flawed,” he reversed them. He argues that the administration would have ended up with more latitude in fighting terrorism if it had worked with Congress to get legislation, even if those laws would not have been as expansive as the administration wanted. It’s a serious argument, and he also presents fairly, I think, the opposing view that such restrictions would make it harder to protect the American people.

But anyone who goes beyond the first newspaper stories and reads the book will find another message. For one thing, Goldsmith also supports many much-criticized policies — the detention of unlawful combatants in Afghanistan and their confinement in Guantanamo, trials by military commissions, the terrorist surveillance program. And he rejects the charge that the administration has disregarded the rule of law. Quite the contrary. “The opposite is true: the administration has been strangled by law, and since September 11, 2001, this war has been lawyered to death.” There has been a “daily clash inside the Bush administration between fear of another attack, which drives officials into doing whatever they can to prevent it, and the countervailing fear of violating the law, which checks their urge toward prevention.”

…The CIA today employs more than 100 lawyers, the Pentagon 10,000. “Every weapon used by the U.S. military, and most of the targets they are used against, are vetted and cleared by lawyers in advance,” Goldsmith notes. In this respect, the national security community resembles the larger society. As Philip Howard of Common Good points out, we are stripping jungle gyms from playgrounds and paying for unneeded medical tests for fear of lawsuits.

The audiotapes released last week of Khalid Shaikh Mohammed’s interrogation remind us that we are faced with evil enemies and that getting information from them can save lives. Goldsmith, who withdrew his predecessor’s interrogation opinions, nevertheless understands this and makes a strong case that our national security apparatus is overlawyered.

Most Americans seem to agree; an Investor’s Business Daily poll shows that more than 60 percent of Americans — and majorities of Democrats as well as Republicans — favor wiretapping terrorist suspects without warrants, increased surveillance, retaining the Patriot Act and holding enemy combatants at Guantanamo. Unfortunately, the 30 percent or so who disagree are disproportionately represented in the legal profession and in the media.

The 1970s laws that have helped produce the overlawyering of this war were prompted by the misdeeds of one or two presidents. But they will hamper the efforts of our current president as well as his successors in responding to a threat that is likely to continue for many years to come.

NSA Intercepts essential

An update by Bruce Berkowitz [$]

One of the quirks of modern telecommunications is that a message from, say, Peshawar, Pakistan, to Beirut, Lebanon, might easily travel over a fiber-optic cable that passes through the United States. That, in essence, is the reason for the recent flap between Congress and the White House over foreign surveillance “wiretaps.”

American law has always assumed that most domestic communications are protected by the Constitution, but foreigners communicating abroad are not, and are fair game for U.S intelligence. Such intelligence is critical today to monitor terrorists and proliferators of weapons of mass destruction.

The problem is that our laws were not designed for today’s technology. Until about 10 years ago most international communications traveled by satellite, and intelligence services could snatch them out of the air. Now this traffic is carried over a highly interconnected fiber-optic network.

This network extends over most of the globe, but much of it is concentrated in the U.S. Messages travel at the speed of light, so distance matters little. They use whichever path has available capacity, and so a lot of global traffic goes through links operated by American companies inside U.S. territory.

This fact raises a question that is at the core of the controversy over what constitutes a “domestic” communication. At least one judge interprets the Foreign Intelligence Surveillance Act (FISA, the law that regulates such intercepts) to mean that any message traveling over a cable on American soil is a domestic communication — even when it is from one foreigner to another foreigner, and both are on the other side of the world.

Under this reasoning, tapping the link requires a warrant. Taken to its logical conclusion, because all telecommunications on the global network can potentially pass through U.S. territory, all intercepts on the global network might require a court order. At a minimum, any message collected off the net in the U.S. would require one.

The paperwork would be enormous, and that’s why the program was temporarily shut down. The Bush administration and Congress agreed in August to allow it to proceed under the old understanding for another six months, and debate it again this fall.

The fact that Mike McConnell, director of National Intelligence, has described the program so candidly says something about what is at stake. He has been willing to discuss many of the details of what we have been doing so that everyone can understand why we need to keep doing it. (Mr. McConnell also served as head of the National Security Agency, which is responsible for collecting most foreign intercepts — “signals intelligence” or “SIGINT.”)

…In any case, the best thing now is for everyone to focus on the task at hand, which is to pass a law that does what we all want: Ensure U.S. intelligence can monitor foreign threats, while preventing the gross abuses that often happened before FISA was passed in 1978. The legislation would be a minor modification of current law and would look like this:

First, U.S. intelligence should be able to target any foreign national who is outside the U.S. It should not matter where the message actually travels, what the technology is, or where it is collected. That is the main change that is needed.

Second, all U.S. persons — citizens and legal foreign permanent residents — should be protected. If an intelligence agency wants to target a U.S. person, it should be required to get a court order. If an intelligence analyst happens to find information about a U.S. person who has not been targeted, that information should be documented and sequestered — “minimized,” to use the legal vernacular. That’s the current rule, and by most accounts it has worked.

Third, companies that cooperate with U.S. intelligence to intercept communications from foreign targets should be immune from lawsuits. If a company acts at the request of an authorized U.S. official, and can show that it made a good-faith effort to comply with prevailing law, it should not be penalized.

Finally, the law should aim at establishing basic principles for the new technological era, rather than try to identify every specific situation that might require an intercept or scenario that could lead to abuse. Intelligence officials know what they really require to do their mission, and legislators know how to write authorizing legislation.

A little accommodation from all quarters would help a lot and rebuild some much-needed trust. Let’s get on with it.

Mr. Berkowitz, a research fellow at the Hoover Institution, is a former CIA analyst who is frequently a consultant to U.S. intelligence agencies.