FISA Orders for Hacking Help

In its latest Snowden story, the WaPo reports that NSA has used Google’s cookies to help track people for hacking purposes.

The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using “cookies” and location data to pinpoint targets for government hacking and to bolster surveillance.

The agency’s internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.


The NSA’s use of cookies isn’t a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion – akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs.

This will be sure to make software opposition to NSA’s unbridled spying louder, if not less hypocritical (after all, every way Google limits its own tracking amounts to another tool the NSA can’t exploit).

I’m particularly interested in how NSA collects cookies it uses. The article suggests they may do it via FISC order (though they don’t say whether it would involve an individualized FISA order or bulk FAA collection).

These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.

That is, is a PREF cookie just one of many identifying details they’re asked to turn over on customers in general? If so, in what volume?

Remember, too, that one thing the Internet companies are fighting for in their transparency suit is the right to explicate metadata requests from content ones. This is the kind of information request that would be very informative for potential targets (because, if they don’t already, they can just keep their cookies clean).

I’m particularly interested in the disclosure that the NSA may be using information collected on a FISA order for offensive hacking purposes, not for information collection. That’s not surprising — it doesn’t necessarily clearly distinguish between information collection and hacking. And we know the NSA uses the content it collects to coerce informants, so why not aide in hacks?

But that does seem to extend the use of FISC orders beyond the spirit of their use.


6 Responses to FISA Orders for Hacking Help

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

Emptywheel Twitterverse
emptywheel @richardSFO True. Tho not sure if you saw him w/Execs fr Comcast and TW. Pretty great at hammering them on lies abt merger.
emptywheel Of a book that starts lying at word 64, @benjaminwittes says, "Rizzo is just being honest."
bmaz @LegallyErin Hang in there!
bmaz @arcsine Yes, that is how I read it too; which, considering how they communicate, makes sense. @MichaelKelleyBI
bmaz @MichaelKelleyBI Think DB article very disingenuously constructed+ that you have no way of supporting your claim short of rank supposition
bmaz @adamsteinbaugh Good grief, good way to exacerbate the initial pain.
bmaz @MichaelKelleyBI Good of you to assign who they are with no evidence.
bmaz @Ali_Gharib Them "helping him craft the question" is not in there. @MichaelKelleyBI just pulled that out of vapor @NoahShachtman @benwizner
bmaz @Ali_Gharib Other than that it is disingenuous+unsupported for @MichaelKelleyBI tonasser they contributed. @NoahShachtman @benwizner
bmaz @ammartin33 Agree has been some degree of a shift. But think the Danger Room guys always went out of their way to stay close to govt sources
bmaz @kgosztola @thedailybeast Exactly. That said, looks to me like DB+Schachtman puffed the hell out of what was said.
December 2013
« Nov   Jan »