Jack Goldsmith’s Code

On May 6, 2004, Jack Goldsmith signed an OLC memo that read, in part,

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

[snip]

Finally, as part of the balancing of interests to evaluate the Fourth Amendment reasonableness, we think it is significant that [redacted] is limited solely to those international communications for which “there are reasonable grounds to believe … [that] a party to such communication is a group engaged in international terrorism, or activities in preparation therefor, or any agent of such a group.” March 11, 2004 Authorization [redacted] The interception is thus targeted precisely at communications for which there is already a reasonable basis to think there is a terrorism connection. This is relevant because the Supreme Court has indicated that in evaluating reasonableness, one should consider the “efficacy of [the] means for addressing the problem.”

[snip]

Thus, a program of surveillance that operated by listening to the content of every telephone call in the United States in order to find those calls that might relate to terrorism would require us to consider a rather difference [sic] balance here. [redacted] however, is precisely targeted to intercept solely those international communications for which there are reasonable grounds already to believe there is a terrorism connection, a limitation which further strongly supports the reasonableness of the searches.

We now know that opinion not only authorized the wiretapping of calls involving US persons, but also at least assumed the collection and contact chaining of the call records of all Americans (there’s an almost entirely redacted section of the memo that describes the March 19 halt to the collection of Internet metadata and the April 2 modification we don’t yet know about).

It’s worth keeping in mind that Goldsmith laid out the case that such a program was “reasonable” under the Fourth Amendment as you read his current writing on the NSA. For example, when — several weeks ago — he scolded the White House for not more aggressively defending the program that has actually expanded since he authorized it 9 years ago…

The government cannot rely on outsiders to explain these documents.  It must do so itself, aggressively and comprehensively, even at the expense of revealing more classified information or having to acknowledge embarrassing information.  If it doesn’t do so, the information already leaked, and the information that will be leaked in the weeks and months ahead, will continue to be portrayed in a very unfavorable light.

He was in part calling for the White House to protect programs he — back in 2004 — deemed critical to protect against terrorism.

Even more interesting is Goldsmith’s prediction (funded by Northrop Grumman, which is a significant NSA contractor) that we’ll all learn to welcome NSA scanning all the metadata and content of US communications — searches far more intrusive, and not committed under the guise of war — in search of hackers in the future.

“I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Such access, he thinks, will give the government a fighting chance to find the needle of known malware in the haystack of communications so that it can block or degrade the attack or exploitation. It will also allow it to discern patterns of malicious activity in the swarm of communications, even when it doesn’t possess the malware’s signature. And it will better enable the government to trace back an attack’s trajectory so that it can discover the identity and geographical origin of the threat.

Alexander’s domestic cybersecurity plans look like pumped-up versions of the NSA’s counterterrorism-related homeland surveillance that has sparked so much controversy in recent months. That is why so many people in Washington think that Alexander’s vision has “virtually no chance of moving forward,” as the Times recently reported. “Whatever trust was there is now gone,” a senior intelligence official told Times.

There are two reasons to think that these predictions are wrong and that the government, with extensive assistance from the NSA, will one day intimately monitor private networks.

The first is that the cybersecurity threat is more pervasive and severe than the terrorism threat and is somewhat easier to see. If the Times’ website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security. The point generalizes: As cyber-theft and cyber-attacks continue to spread (and they will), and especially when they result in a catastrophic disaster (like a banking compromise that destroys market confidence, or a successful attack on an electrical grid), the public will demand government action to remedy the problem and will adjust its tolerance for intrusive government measures. [my emphasis]

Even under the expansive interpretation of that May 2004 memo, it would take a remarkable argument to claim such searches could be “reasonable” under the Fourth Amendment, though Goldsmith did just that in a Brookings paper in 2010.

But there’s something else.

Goldsmith may be right that if an entire region loses power thanks to a hack they’ll embrace the dragnet (though some people attribute the 2003 Northeast outage to just such a hack or at least to a virus, and it hasn’t generated support for such surveillance yet).

But part of the process for developing such support, he argues, is continued “transparency” from the NSA.

Yet Goldsmith doesn’t mention — and with this one exception, no one at Lawfare appears to have — the allegations that the NSA has worked to weaken encryption standards. And even if you doubt that NYT report (though Bruce Schneier has seen related documents and he still seems to believe it), no one doubts that the NSA purchases exploits and uses them, rather than alerting the targets of the flaw.

Thus, it’s no longer so simple as extending “special needs” yet further, as Goldsmith does, to keep the nation safe. Because, even if you applaud NSA’s intelligence collection programs (that rely on weakening encryption and, to conduct the kind of massive scanning envisioned, would require breaking Tor), the NSA is now a significant part of the problem.

Schneier lays this out in an essay defending the publication of details on NSA’s hacking.

The NSA not only develops and purchases vulnerabilities, but deliberately creates them through secret vendor agreements. These actions go against everything we know about improving security on the Internet.

It’s folly to believe that any NSA hacking technique will remain secret for very long.

[snip]

It’s equal folly to believe that the NSA’s secretly installed backdoors will remain secret. Given how inept the NSA was at protecting its own secrets, it’s extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government. But it wouldn’t take a rogue NSA employee; researchers or hackers could discover any of these backdoors on their own.

[snip]

The NSA has two conflicting missions. Its eavesdropping mission has been getting all the headlines, but it also has a mission to protect US military and critical infrastructure communications from foreign attack. Historically, these two missions have not come into conflict. During the cold war, for example, we would defend our systems and attack Soviet systems.

But with the rise of mass-market computing and the Internet, the two missions have become interwoven. It becomes increasingly difficult to attack their systems and defend our systems, because everything is using the same systems: Microsoft Windows, Cisco routers, HTML, TCP/IP, iPhones, Intel chips, and so on. Finding a vulnerability — or creating one — and keeping it secret to attack the bad guys necessarily leaves the good guys more vulnerable.

Far better would be for the NSA to take those vulnerabilities back to the vendors to patch. Yes, it would make it harder to eavesdrop on the bad guys, but it would make everyone on the Internet safer. If we believe in protecting our critical infrastructure from foreign attack, if we believe in protecting Internet users from repressive regimes worldwide, and if we believe in defending businesses and ourselves from cybercrime, then doing otherwise is lunacy.

It is important that we make the NSA’s actions public in sufficient detail for the vulnerabilities to be fixed. It’s the only way to force change and improve security.

This is far more transparency than the NSA has embraced — or than Goldsmith, even (and he has at least noted the NSA’s hypocrisy when it wails about China’s hacking of us).

Something more than a Congressionally authorized (or secret OLC rubber stamp) expansion of special needs is needed, and really should be backed by anyone claiming cyberattacks pose this dire a threat. Because right now the NSA is making us less safe, all in the name of national security.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. Snoopdido says:

    The US Machinery of War is built and structured to do a single thing. Namely to prepare for and fight wars. The NSA, with its vast electronic and human resources, is no different than the Army, the Navy, or the Air Force in preparing for and fighting wars.

    After the demise of the Soviet Union, the US Machinery of War found itself adrift with its major adversary evaporating before its very eyes. The NSA was adrift just like its brethren services.

    After 9/11, the US Machinery of War found a new adversary in the Global War on Terror in which it hoped to keep itself occupied.

    After more than a decade fighting the Global War on Terror, the major conflicts that the US Machinery of War choose to engage with have wound down or are winding down leaving the US Machinery of War again adrift looking for another adversary.

    Whether by coincidental happenstance during the Global War on Terror, or itself also adrift from the winding down of the Global War on Terror, the NSA with all its vast electronic and human resources still needed something to do. Some replacement war sandbox to play in. Some new theater of operations to use its war machinery. Some new adversary to wage war against.

    Hence the deskbound warriors of the NSA became the cyberwarriors whose battleground was now to be the Internet, whose adversaries were to be punk hackers, rogue cybercriminals, and foreign states with cyber ideas and plots of their own.

    The very inertia of the massive US Machinery of War is one of the factors that drives this, but so to does the very design of its structure. It must always have an adversary to focus its resources on. It must always be preparing to, and then actually fighting in order to satisfy both its design and appetite.

    In promoting the idea that the NSA must, just must have its eyes and hands on all of the Internet, Jack Goldsmith assumes his desired role as a US Machinery of War malware bot infecting all he comes into contact with.

  2. earlofhuntingdon says:

    Would it be churlish to suggest that anti-hacker programs designed to protect essential infrastructure – power grids, air traffic control, water supplies, oil pipelines – need not encompass copying real time the entire digital lives of all Americans, private, institutional, corporate?

    Of course, we could save tens of billions or more annually in money not spent to copy and save such data, or the uncounted and unaccountable billions given annually to mysterious private sector and public/private “partnerships” to “analyze” such data.

    A lot less surveillance and a little more common sense, if untheatrical, protection would do more to enhance safety. More importantly, it would not create the demonstrably false expectation that we CAN be protected against all risks if we would just give up ALL our privacy to a faceless, oversight-free, accountability-free government and its private sector partners in freedom ™.

  3. orionATL says:

    one can place jack l. goldsmith, former university of chicago and univ of virginia law prof, now at harvd law school, courtesy of former dean elena kagan,

    in the intellectual pasture in which he grazes, by noting he is a member of the federalist society, one of the most misguided and destructive organizations currently operating in american politics.

    http://www.fed-soc.org/publications/author/jack-l-goldsmith-iii

    the article in miss wiki about “the federalist society for law…”

    has this most interesting assertion by that cabal:

    “…The Federalist Society began at Yale Law School, Harvard Law School, and the University of Chicago Law School in 1982 as a student organization that challenged what its members perceived as the orthodox American liberal ideology found in most law schools. The Society asserts

    that it “is founded on the principles that the state exists to preserve freedom,

    that the separation of governmental powers is central to our Constitution,

    and that it is emphatically the province and duty of the judiciary to say what the law is, not what it should be.”[1]…”

    the federalist was founded by certain non-partisan republican nobles says miss wiki:

    “..The society was started by a group of people including Edwin Meese, Robert Bork, Theodore Olson, David M. McIntosh, and Steven Calabresi. Its membership have since included Supreme Court justices Antonin Scalia, John G. Roberts, Clarence Thomas and Samuel Alito.[4]…”

  4. C says:

    I may be missing something, but is he arguing that surveillance of U.S. persons counts as foreign targets?

    His tortured first paragraph logic seems to say that if they think it is foreign intelligence (even if it involves U.S. Persons) that the FISA court, literally the Foreign Intelligence Surveillance Act court, cannot say anything about it?

    If that is so what would stop any indescriminate spying on anyone? As I read it that would mean anyone or any-thing with foreign contacts (say a foreign-made computer or a company that sells overseas) can be a legitimate target which would leave only the Amish out. Or am I missing something in the code?

  5. orionATL says:

    @Snoopdido:

    from the fp article,

    file under “inane commentary”:

    “..”The President is uncomfortable defending this. Maybe he spends too much time reading blogs on the left,” Baker said. “That’s fatal in cases like this. You have to make the case because nobody else will.”…”

    why could it be that “nobody else will”?

    our univ of chicago prez “spends too much time reading blogs on the left”?

    who IS the peevish, stupid child who wrote this?

    as for blogs on the left who write about the nsa? who might those traitors be?

  6. C says:

    Two interesting quotes from the article:

    If left unchecked, it could start to erode the trusted relationships that have been at the heart of how the U.S. government handles global threats since 9/11.

    Many of those “trusted relationships” are, or were with congress. People like Rep. Sensenbrenner, for example, carried a lot of water for the NSA and were pissed on. How will some soothing words from Obama make all the lying ok?

    And, how can they not notice the behavior of the PCLOB or the “outside panel” run by the NSA. At what point don’t they see all the efforts that the white house has taken to make it go away without substantive changes?

    The best part though is this:

    Stewart Baker, the NSA’s former general counsel, said he had not discussed the administration’s response to the NSA scandal with officials in government, but that it was the “general perception” that it had been weak.

    “The President is uncomfortable defending this. Maybe he spends too much time reading blogs on the left,” Baker said. “That’s fatal in cases like this. You have to make the case because nobody else will.”

    Yes that’s it! Obama is spending too much time reading Emptywheel. Marcy you have clearly caused a rift between him and the NSA.

  7. C says:

    @C: oops sorry that was from the foreign policy article in @Snoopdido.

    Also I noticed this point in the article:

    Alexander has never been especially close to Obama or White House officials. Some thought he had tried to amass too much surveillance authority without appreciating the legal constraints on his agency, according to a former administration official. “I don’t understand why the White House didn’t throw Alexander under the bus,” the official added.

Comments are closed.