US Official Position Says Hacking Is Permissible?

According to LAT’s Ken Dilanian, it is the “official position” of the US government that some kinds of hacking are “permissible.”

The official U.S. position — that governments hacking governments for military and other official secrets is permissible, but governments hacking businesses for trade secrets is not — is a tougher sell these days.

He makes the claim in an article that originally claimed Edward Snowden’s leaks have set back cybersecurity efforts, but then had to issue a correction acknowledging CISPA probably wasn’t going to happen anyway.

An article in the Feb. 2 Section A on the effects of Edward Snowden’s leaks of National Security Agency secrets said the White House backed the Cyber Intelligence Sharing and Protection Act, a cybersecurity measure. The White House threatened to veto the proposed bill in April. —

I take from this correction that Dilanian was fairly uncritically repeating the claims of NSA boosters — as other reporters have credulously repeated claims about the way Snowden’s leaks will affect cybersecurity initiatives.

Which is why I find his description of this “official position” so interesting.

I’m not aware of the US endorsing any official (public) policy on the kinds of hacks NSA (and CyberCommand) are permitted. Congress has tried to put some limits on it — or at least get briefing on it. And Keith Alexander successfully fought for a lot more autonomy over the hacks he could do.

The Executive does, however, have an official policy on SIGINT: President Obama’s recent Presidential Policy Directive. But a SIGINT official position and a hacking policy are not necessarily the same thing. While hacking is one way we collect SIGINT (though I don’t think NSA has admitted to that), we also conduct hacking for offensive purposes.

Even assuming they were the same thing, Dilanian’s characterization would be a misstatement of the policy in any case.

The actual policy permits the collection of SIGINT for broadly defined foreign intelligence purposes.

Thus, ” foreign intelligence ” means ” information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists,

Of course, corporations are, under US law, both “organizations” and “persons,” so this definition permits spying on foreign corporations (other intelligence documents lay this out explicitly).

And the PPD does permit the collection of foreign private commercial information to protect US and allies’ national security.

The collection of foreign private commercial information or trade secrets is authorized only to protect the national security of the United States or its partners an d allies. It is not an authorized foreign intelligence or counterintelligence purpose to collect such information to afford a competitive advantage 4 to U.S. companies and U.S. business sectors commercially.

This is, frankly, where our hypocrisy on hacking (and SIGINT) begins to fall apart, given that China would maintain that stealing our military (and energy and tech) secrets are a matter of national security, and the fact that our government maintains more nominal separation from the companies that develop such things than China does should not shield those companies from spying.

And then, finally, the limits on data collection don’t apply when the NSA is working to develop SIGINT capabilities.

it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.

Given that some of our alleged hacking seems to support efforts to develop new hacking capabilities, this exception could prove infinitely recursive, especially given the rules on information collection in the name of cyberdefense and attacks. And of course, when we exploited Siemens’ SCADA industrial control systems to attack Iran, we used a corporate competitor’s trade secrets in the name of national security.

That is, even ignoring how America’s self-interested standard simply defines our national security in terms that legitimize our own hacking, when you get into the interaction of our intelligence to hack which serves to collect intelligence, the rules on SIGINT basically fall apart.

But hey. If the US says hacking of official government secrets is “permissible,” then maybe DOJ will withdraw the charges against Edward Snowden?

Tweet about this on Twitter0Share on Reddit0Share on Facebook0Google+1Email to someone

One Response to US Official Position Says Hacking Is Permissible?

  • 1
Emptywheel Twitterverse
bmaz @walterwkatz @gideonstrumpet @ScottGreenfield @LilianaSegura @roomfordebate Yes, that was a nice little touch, no? Jeebus.
7mreplyretweetfavorite
bmaz RT @LegallyErin: There's something very sexy about Anthony Hopkins as Hannibal. I always date the worst guys.
2hreplyretweetfavorite
bmaz @imraansiddiqi You seemed like such a respectable chap, and now here you are talking about Kardashians. #Shame
3hreplyretweetfavorite
bmaz @cody_k I went as a Pando journalist blowing shit out of my ass about Greenwald.
3hreplyretweetfavorite
bmaz @dcbigjohn @erinscafe In or out of the furry costume?
3hreplyretweetfavorite
bmaz RT @AntheaButler: Hands up, don't shoot. RT @deray: Superhero protest. #Ferguson http://t.co/ejnhDLq7jv
3hreplyretweetfavorite
bmaz @JoshuaADouglas @rickhasen @chrislhayes And I ask because that was why I blew off the injunction+contemplated whether were provable damages.
3hreplyretweetfavorite
bmaz @JoshuaADouglas @rickhasen @chrislhayes Question since you are in state there, is hearing even possible before the injunction would be moot?
3hreplyretweetfavorite
bmaz @JoshuaADouglas @rickhasen @chrislhayes Exactly. But with the defenses, hard to see an injunction burden being met.
3hreplyretweetfavorite
bmaz @JoshuaADouglas @rickhasen @chrislhayes Not to mention the actual public figure blah blah blah that will lead the defense. Meh.
3hreplyretweetfavorite
bmaz @JoshuaADouglas @rickhasen @chrislhayes I think that's debatable, but assuming so, what are provable damages in an election context?
3hreplyretweetfavorite
bmaz The Guantánamo Tapes http://t.co/r6JfRJl7r4 Yes, of course force feeding tapes depict torture, why you think govt fights to keep classified?
3hreplyretweetfavorite
February 2014
S M T W T F S
« Jan   Mar »
 1
2345678
9101112131415
16171819202122
232425262728