A newly released document from the trove leaked by Edward Snowden sketches in broad strokes how the NSA plans to “dominate” the “SIGINT battle space” — known to the rest of us as the world’s Internet and telecom networks — through the year 2016. The NSA’s vision, outlined in a February 2012 document called ‘SIGINT Strategy 2012-2016’, is to “Ensure Signals Intelligence provides THE decisive edge in advancing the full spectrum of U.S. national security interests.” (What constitutes the 'full spectrum of US national security interests' is a subject for another post.)
Here are some major takeaways from the NSA's blueprint for unlimited power:
- Strong commercial encryption works — and the NSA is trying to destroy it. A major goal outlined in the blueprint is to “Counter the challenge of ubiquitous, strong, commercial network encryption.” One of the ways it plans to do so is by using human spies to influence and weaken encryption standards at tech companies. Or in NSA speak, it plans to “[c]ounter indigenous cryptographic programs by targeting their industrial bases with all available SIGINT and HUMINT capabilities.” (HUMINT means ‘human intelligence’, or spies.) NSA also intends to “[i]nfluence the global commercial encryption market through commercial relationships, HUMINT, and second and third party partners.” For an agency that claims to care about cybersecurity, these efforts to harm internet security appear front and center among the agency’s goals. NSA says it must “[d]efeat adversary cybersecurity practices in order to acquire the SIGINT data we need from anyone, anytime, anywhere.” By defeating strong commercial encryption and ensuring no one, anywhere, can have secure internet communications, NSA endangers the security of everyone’s information — including yours, Goldman Sachs.
- The agency has much of the world’s data — but does it have the technological prowess to make sense of it all? The strategy document suggests it does not, but that obtaining it is its top priority through 2016. The first goal listed in the document reads: “Revolutionize analysis – fundamentally shift our analytic approach from a production to a discovery bias, enriched by innovative customer/partner engagement, radically increasing operational impact across all mission domains.”
- NSA says it knows that its ability to obtain digital communications information worldwide “will only endure if we keep sight of the dynamic and increasingly market driven forces that continue to shape the SIGINT battle space.” In other words, the agency knows it has to have spies on the inside of technology companies in order to have the information — and influence — it needs to both tap into and shape communications platforms and encryption standards. Aware that its collection of vast quantities of the world’s communications data relies significantly on the cooperation of private corporations that manage and process the information, the NSA plans to “[i]dentify new access, collection, and exploitation methods by leveraging global business trends in data and communications services.” Part of this expanded collection will, the agency hopes, involve integration of “the SIGINT system into a national network of sensors which interactively sense, respond, and alert one another at machine speed.”
- Believe it or not, the NSA thinks it needs more legal power: “The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission.” The agency continues: “For SIGINT to be optimally effective, legal, policy, and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit. Nevertheless, the culture of compliance, which has allowed the American people to entrust NSA with extraordinary authorities, will not be compromised in the face of so many demands, even as we aggressively pursue legal authorities and a policy framework mapped more fully to the information age.” Congress is currently considering a range of bills that would rein in the NSA and FBI’s spy powers. The NSA, meanwhile, is plotting to expand its ‘legal’ authorities, as well as loosen the 'interpretation' of statutes to enable more collection, wider latitude for analysts, and likely also broader sharing of our communications information in and outside of government.
- NSA is well aware that knowledge about our ‘digital traces’ equals power over us: “the traces individuals leave when they interact with the global network will define the capacity to locate, characterize and understand entities” — by entities they mean us. Knowledge is power.
- Even amidst a crackdown against leaks, a war on whistleblowers, and internal witch hunts in government to identify people who may harbor ‘subversive’ ideas (such as a respect for individual privacy), the NSA plans to expand — rather than contract — government agency access to its vast data collections. “To remain a value for the warfighter our information must be immediately available at the lowest classification level,” the document says. “Products and services from NSA will evolve into forms and across boundaries that mirror the networked and agile manner in which people interact in the information age, and we will share information, responsibly and securely, with external partners and customers.” The agency identifies “shar[ing] bulk data” as one of its primary goals for the 2012-2016 period. Can we look forward to state and local police fusion centers getting access to our bulk records? Just imagine if your local sheriff or police chief could rummage through your emails and phone records, no warrant or probable cause required.
If that isn’t enough, New York Times journalists James Risen and Laura Poitras describe the NSA’s plans to map the global internet, down to the device I wrote this on and the one upon which you’re reading it.
Other N.S.A. documents offer hints of how the agency is trying to do just that. One program, code-named Treasure Map, provides what a secret N.S.A. PowerPoint presentation describes as “a near real-time, interactive map of the global Internet.” According to the undated PowerPoint presentation, disclosed by Mr. Snowden, Treasure Map gives the N.S.A. “a 300,000 foot view of the Internet.”
Relying on Internet routing data, commercial and Sigint information, Treasure Map is a sophisticated tool, one that the PowerPoint presentation describes as a “massive Internet mapping, analysis and exploration engine.” It collects Wi-Fi network and geolocation data, and between 30 million and 50 million unique Internet provider addresses — code that can reveal the location and owner of a computer, mobile device or router — are represented each day on Treasure Map, according to the document. It boasts that the program can map “any device, anywhere, all the time.”
The NSA says that this “Treasure Map” isn’t used for surveillance, but only to understand the global internet. That obviously makes no sense. What’s the difference between surreptitiously gathering non-public information to understand systems on the one hand, and surveillance on the other? And isn’t the NSA’s number one job to spy on the world, anyway? As the NSA itself said: "the traces individuals leave when they interact with the global network will define the capacity to locate, characterize and understand entities."
The NSA’s blueprint for unlimited power shows that the agency, if left to its own devices, will continue barreling full speed ahead towards the absolute destruction of meaningful anonymity, privacy, and digital security for all people in the 21st century. A year and change before the Snowden revelations shook the world, it argued that its legal authorities must be expanded, citing the American public's 'trust' in its capable hands. In the wake of Snowden's truth telling, after having learned about what the agency actually does with our money, congress and the public are moving in the opposite direction.
An important first step is to pass the USA Freedom Act, which would outlaw the bulk collection of our phone records. Given the expansive and chilling plans laid out in the NSA strategy document, that might seem like a half-measure that will have no real effect on the government’s out of control surveillance state. But if you don’t think outlawing bulk collection is important, consider what your life would look like if — as the NSA appears to want to do — the three letter agencies started opening up those data troves to our state and local police.
Don't want your local keystone cops using advanced data-mining tools to map your associations, using bulk data handed down to them by the shadowy NSA? Take action now.