NSA Denies Their Existing Domestic Cyberdefensive Efforts, Again

James Risen and Laura Poitras have teamed up to analyze a 4-year plan the NSA wrote in 2012, in the wake of being told its collection of some US person content in the US was illegal. I’ll discuss the document itself in more depth later. But for the moment I want to look at the denials anonymous senior intelligence officials (SIOs) gave Risen and Poitras about their domestic cyberdefensive efforts.

As a reminder, since before 2008, the government has been collecting bulk Internet data from switches located in the US by searching on selectors in the content. Some of that collection searches on identifiers of people (for example, searching for people sharing Anwar al-Awlaki’s email in the body of a message). But the collection also searches on other identifiers not tied to people. This collection almost certainly includes code, in an effort to find malware and other signs of cyberattacks.

We know that’s true, in part, because the Leahy-Sensenbrenner bill not only restricts that bulk domestic collection to actually targeted people, but also because it limits such collection only to terrorism and counterproliferation, thereby silently prohibiting its use for cybersecurity. The bill gives NSA 6 months to stop doing these two things — collecting non-person selectors and doing so for cybersecurity — so it’s clear such collection is currently going on.

So in 2012, just months after John Bates told NSA that when it collected domestic communications using such searches, it was violating the Constitution (the NSA contemplated appealing that decision), the NSA said (among other things),

The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission.

The document then laid out a plan to expand its involvement in cybersecurity, citing such goals as,

Integrate the SIGINT system into a national network of sensors which interactively sense, respond, and alert one another at machine speed

Cyberdefense and offense are not the only goals mapped out in this document. Much of it is geared towards cryptanalysis, which is crucial for many targets. But it only mentions “non-state actors” once (and does not mention terrorists specifically at all) amid a much heavier focus on cyberattacks and after a description of power moving from West to East (that is, to China).

Which is why the SIO denials to Risen and Poitras ring so hollow.

When asked what authorities haven’t kept up with their programs, the SIOs cite the roamer problem (and flat out lie about the current state of the law).

Senior intelligence officials, responding to questions about the document, said that the N.S.A. believed that legal impediments limited its ability to conduct surveillance of terrorism suspects inside the United States. Despite an overhaul of national security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the United States, the agency has to stop monitoring him until it obtains a warrant from the Foreign Intelligence Surveillance Court.

Remember, first of all, that NSA’s own internal documents (from 2012, in fact) claim this problem stems from the number of Chinese targets traveling to the US, not terrorists. Moreover, NSA can already continue surveilling targets when they come in the US, but has to get emergency authorization to do so. This new bid for authority must stem from NSA not tracking these targets closely enough to realize they’re in the US for 72 hours, and not wanting to involve the FISC for a time. But the NSA does not currently have to stop monitoring them until they get a warrant — that claim is simply false.

But clearly, the roamer problem is not the most pressing issue at hand (which Keith Alexander admits, on the record, with more captive NYT journalists). It’s cybersecurity. And yet, the SIOs issuing obviously false denials to Risen and Poitras deny even that, as in this response to a question about the “sensors” comment above.

Senior intelligence officials said that the system of sensors is designed to protect the computer networks of the Defense Department, and that the N.S.A. does not use data collected from Americans for the system.

The government currently has sensors at DOD and is negotiating to deploy them on critical infrastructure, but it wants sensors more broadly. And, as noted, it already partners with the telecoms to filter data searching for malicious code. Their programs already exceed their claims here, but they’re still going to claim to the contrary nevertheless.

Most of the rest of the claims these SIOs made — most denying that it collects or intends to collect data from within the US — ring equally hollow; many can be disproven with public documents. But that all makes sense. Because, whatever the targets, the document itself reveals a determination to increase the bulk collection and sorting approach. especially in the US.

Chalk this up to another example of NSA lying most unconvincingly when it tries to deny its illegal domestic wiretapping.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. bloodypitchfork says:

    And yet nary a word on the FBI supplying surveillance data to NSA via the FBI’s OWN surveillance arm, the Data Intercept Technology Unit, or DITU:

    quote”When the media and members of Congress say the NSA spies on Americans, what they really mean is that the FBI helps the NSA do it, providing a technical and legal infrastructure that permits the NSA, which by law collects foreign intelligence, to operate on U.S. soil. It’s the FBI, a domestic U.S. law enforcement agency, that collects digital information from at least nine American technology companies as part of the NSA’s Prism system. It was the FBI that petitioned the Foreign Intelligence Surveillance Court to order Verizon Business Network Services, one of the United States’ biggest telecom carriers for corporations, to hand over the call records of millions of its customers to the NSA.”unquote


    Looks to me the only way to stop these bastards is to completely abolish the entire surveillance apparatus..which ain’t gonna happen ever. That’s why this NSA thing is so ..well..scary. At least, one Judge is entertaining the idea of impeding them to a degree…


    I can hear heads exploding in the IC as I type.

  2. earlofhuntingdon says:

    The law hasn’t kept pace with current events. Phooey, as you say, but repeated often enough it becomes a persuasive myth. The government would be more accurate if it admitted it accepts no limits in its pursuit of so-called national security measures. But as Orwell notes, bureaucracies exist to deflect accountability, not enforce it.

    As Gibbon said of Augustus as imperial protector of law and custom: so long as he assured the senate and the people that their ancient rights were honored, he could ignore those rights at his pleasure.

  3. der says:

    …Treasure Map, according to the document. It boasts that the program can map “any device, anywhere, all the time.”

    The program is not used for surveillance, they said, but to understand computer networks.

    – We only tried it once and didn’t inhale.

    …Through Packaged Goods, the N.S.A. has gained access to “13 covered servers in unwitting data centers around the globe,” according to the PowerPoint. The document identifies a list of countries where the data centers are located, including Germany, Poland, Denmark, South Africa and Taiwan as well as Russia, China and Singapore.

    – Adversaries. Can’t trust the Germans, Poles, Danes or South Africa and Taiwan. All of ’em, just like those other commies.

    God damn.

  4. A.Lizard says:

    Cyber is an area where the best offense is a good defense.

    A USEFUL NSA (yes, a revolutionary idea) would be closing backdoors, not subsidizing their development by expanding the zero-day vuln market and creating custom apps. Let the rest of the world target each other with anti-SCADA apps like Stuxnet (which has already infected at least one RU nuclear reactor) and communications (e.g. financial transactions) made deliberately insecure.

    US companies already losing profits over foreign belief that USA=insecure .

  5. ess emm says:

    I thought we were living in the Golden Age of Television, but I was wrong…it’s the Golden Age of SIGINT! That’s because they havent yet built “compliance into systems and tools to ensure the workforce operates within the law and without worry.”

    By the way, part of the SIGINT doc that accompanies the NYT story is bewildering to me. So much jargon. I need some help. What does it mean to…

    1. “shift our analytic approach …to a discovery bias”

    2. “Drive an agile technology base mapped to the cognitive processes that underpin large scale analysis, discovery, compliance and collaboration”

  6. bloodypitchfork says:

    @ess emm:

    1. “shift our analytic approach …to a discovery bias”

    2. “Drive an agile technology base mapped to the cognitive processes that underpin large scale analysis, discovery, compliance and collaboration”

    Propaganda posters on the walls of the Ministry of Truth.

  7. what constitution? says:

    @ess emm: Both are postulated in furtherance of “when you’ve got them by the balls, their hearts and minds will follow.” And that the signature description of the Watergate kabuki, courtesy of that old school spook, G. Gordon Libby.

  8. pdaly says:

    and is a “CSS U.S. customer” ? (from bullet point 5.6)
    I assume it is “Central Security Service” but those all seem to be government agencies. Where are the contractors in this document?

    BTW, there is a company called CSS, which seems to use Oracle products to gather data and create targeting marketing. Sounds like the same thing NSA is doing. They use similar unintelligible jargon to describe their capabilities.

  9. Stephen says:

    This caught my attention in that NY Times article:

    “Despite the document’s reference to ‘unwitting data centers,’ government officials said that the agency does not hack into those centers. Instead, the officials said, the intelligence community secretly uses front companies to lease space on the servers.”

    Back in July there was a frontpage article in the Sydney Morning Herald which alleged that one of Australia’s two main telco companies, Telstra, had “agreed more than a decade ago to store huge volumes of electronic communications it carried between Asia and America for potential surveillance by United States intelligence agencies.”

    It went on: “Under the previously secret agreement, the telco was required to route all communications involving a US point of contact through a secure storage facility on US soil that was staffed exclusively by US citizens carrying a top-level security clearance.”

    The data “stored for the US government includes the actual content of emails, online messages and phone calls.”

    The reason the article gave for Teltra entering into such agreement was no less intriguing.

    “Scott Whiffin, a Telstra spokesman, said the agreement was required to ‘comply with US domestic law;”

    Elsewhere the article noted:.

    “The 2001 contract was prompted by Telstra’s decision to expand into Asia by taking control of hundreds of kilometres of undersea telecommunications cables.

    “Telstra had negotiated with a Hong Kong company to launch Reach, which would become the largest carrier of intercontinental telecommunications in Asia. The venture’s assets included not just the fibre-optic cables, but also ‘landing points’ and licences around the world.

    “But when Reach sought a cable licence from the US Federal Communications Commission, the DOJ and the FBI insisted that the binding agreement [ie the one with the NSA ] be signed by Reach, Telstra, and its Hong Kong joint venture partner, Pacific Century CyberWorks Ltd (PCCW).”

    In other words, the point of the article was that Australia’s Telstra corporation had been induced/strong-armed into acting as an offshore data centre for the NSA.

    As the article also notes, today Telstra is a private corporation, but once upon a time it was owned by the Australian federal government; and back in 2001 that government still had a controlling interest in
    back in 2001.

    The online version of the article can be found at:


    Where the newspaper got its information from for that article is unclear. It made it no claim that it came from Snowden.

Comments are closed.