In Cut and Paste Tumblr Post, James Clapper Describes Who We Can Spy on without Discriminants

/in , , /by

As part of his Presidential Policy Directive on Signals Intelligence, Obama said this about bulk collection:

In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section. In no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S . business sectors commercially; or achieving any purpose other than those identified in this section.

The Assistant to the President and National Security Advisor (APNSA), in consultation with the Director of National Intelligence (DNI), shall coordinate, on at least an annual basis, a review of the permissible uses of signals intelligence collected in bulk through the National Security Council Principals and Deputies Committee system identified in PPD-1 or any successor document. At the end of this review, I will be presented with recommended additions to or removals from the list of the permissible uses of signals intelligence collected in bulk.

The DNI shall maintain a list of the permissible uses of signals intelligence collected in bulk. This list shall be updated as necessary and made publicly available to the maximum extent feasible, consistent with the national security.

To fulfill that bolded “shall” language, James Clapper just released this on his IContheRecord Tumblr page:

Presidential Policy Directive/PPD-28 – Signals Intelligence Activities establishes a process for determining the permissible uses of nonpublicly available signals intelligence that the United States collects in bulk. It also directs the Director of National Intelligence to “maintain a list of permissible uses of signals intelligence collected in bulk” and make the list “publicly available to the maximum extent feasible, consistent with the national security.”

Consistent with that directive, I am hereby releasing the current list of permissible uses of nonpublicly available signals intelligence that the United States collects in bulk.

Signals intelligence collected in “bulk” is defined as “the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).” As of Jan. 17, 2014, nonpublicly available signals intelligence collected by the United States in bulk may be used by the United States “only for the purposes of detecting and countering:

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.”

Further, as prescribed in PPD-28, “in no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S. business sectors commercially;” or achieving any purpose other than those identified above.

Effectively, Clapper fulfilled an obligation mandated by the PPD by simply cutting and pasting the list of 6 permissible uses of bulk collection in the PPD.

Given that this list is expected to be assessed annually, does that mean the PPD itself should be considered valid for no more than a year?

Share this entry

GCHQ DDoS Hackers Hang Out with NSA’s Audit-Free Techies

/1 Comment/in , , /by

Yesterday, I noted NBC’s report that GCHQ conducted a DDoS attack against Anonymous IRC chat.

There’s a subtle point that deserves more attention: GCHQ presented the underlying Powerpoint to NSA’s SIGDEV conference.

The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder — and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms.

[snip]

In the presentation on hacktivism that was prepared for the 2012 SIGDEV conference, one official working for JTRIG described the techniques the unit used to disrupt the communications of Anonymous and identify individual hacktivists, including some involved in Operation Payback. Called “Pushing the Boundaries and Action Against Hacktivism,” the presentation lists Anonymous, Lulzsec and the Syrian Cyber Army among “Hacktivist Groups,” says the hacktivists’ targets include corporations and governments, and says their techniques include DDOS and data theft.

SIGDEV is NSA’s term for the agency’s efforts to develop new signals intelligence techniques and sources. Thus, GCHQ presented the attack as the cutting edge of what NSA does.

Goodie.

But remember: NSA’s SIGDEV analysts have access to raw data outside of normal channels. This shows up repeatedly in the primary orders for the dragnet. And, as Bart Gellman noted (and I elaborated on here), Obama specifically exempted these folks from his Presidential Policy Directive limiting our spying (though his PPD did say foreigners could be spied on for cybersecurity reasons).

In other words, the people GCHQ boasted of their attack on Anonymous to are the people who have some of the least oversight within NSA.

Share this entry

The “McCain Committee” Would Be Full of NSA Defenders

/17 Comments/in , /by

Imagine a McCain Committee as the inheritor of the tradition of Frank Church and Otis Pike.

(Yes, I did that to make bmaz’ head explode.)

That seems to be what John McCain intends with his resolution calling for a Committee to Investigate the Dragnet. (h/t Steven Aftergood)

Only, McCain proposes to investigate not just whether NSA has engaged in things it was not authorized to do. But also to investigate Snowden’s leaks themselves and the potential role of contractors in making leaks more likely.

All that said, I might be excited about McCain’s proposal to review the dragnet, as described:

(3) The nature and scope of National Security Agency intelligence-collection programs, operations, and activities, including intelligence-collection programs affecting Americans, that were the subject matter of the unauthorized disclosure, including–

(A) the extent of domestic surveillance authorized by law;

(B) the legal authority that served as the basis for the National Security Agency intelligence-collection programs, operations, and activities that are the subject matter of those disclosures;

(C) the extent to which such programs, operations, and activities that were the subject matter of such unauthorized disclosures may have gone beyond what was authorized by law or permitted under the Constitution of the United States;

(D) the extent and sufficiency of oversight of such programs, operations, and activities by Congress and the Executive Branch; and

(E) the need for greater transparency and more effective congressional oversight of intelligence community activities.

There’s just one problem with McCain’s proposal.

Here’s the list of the people who would be on the Committee (he provides titles, I’m providing names):

  • Diane Feinstein
  • Saxby Chambliss
  • Carl Levin
  • Jim Inhofe
  • Tom Carper
  • Tom Coburn
  • Robert Menendez
  • Bob Corker
  • Pat Leahy
  • Chuck Grassley
  • Jello Jay Rockefeller
  • John Thune
  • A Harry Reid pick
  • A Mitch McConnell pick

There are a number of very big NSA defenders on this list — in addition to DiFi and Saxby, both Jello Jay and Coburn are Intel Committee members who have never questioned the dragnet (indeed, Coburn has called for getting rid of the controls on the phone dragnet!). Chuck Grassley, too, has generally been supportive of the dragnet in SJC hearings on the subject. Most of the rest are simply not the caliber of people who might critically assess the dragnet much less show real interest in Americans’ privacy. Only Carl Levin and Pat Leahy, alone among the 12 named members, have been explicitly skeptical of the dragnet at all.

McCain proposes a Select Committee to investigate the dragnet. And he proposes to fill it with people who are really happy with the dragnet as it currently exists.

Update: Just to give a sense of how terrible this make-up for a Select Committee is, compare it with the bipartisan list of 26 Senators who asked James Clapper for more information on other uses of Section 215 last June. Just one Senator from that list — Pat Leahy — would be on McCain’s committee.

Update: Haha! Via Matt Sledge, DiFi shot McCain’s idea down pretty quickly.

Share this entry

Density within Legal Density

/1 Comment/in , /by

Ben Wittes has a long post trying to explain the NSA’s job in such a way as to “tell a young student what intelligence collection under the rule of law looks like” without inducing “a sense of betrayal.”

I have no problem with Wittes’ attempt to develop such an explanation, nor any great gripe with his effort. I’m not going to accuse Wittes of being naked this time.

But I want to raise three details that show the problem behind the effort.

First, Wittes’ entire statement reads,

NSA does not, except in emergencies, intentionally target for collection the communications of specific Americans without seeking a court order first, and it does not intentionally target for collection the communications of individuals known to be in the United States. It does, however, routinely acquire and store the communications of US persons and some domestic communications as a necessary incident to its broad collection directed at targets overseas—and it then has rules restricting the retention and use of this material to the extent it does not have foreign intelligence value. What’s more, NSA routinely acquires in bulk the records, but not the contents, of domestic telephone communications, which it uses for narrow counterterrorism purposes.

With the caveat that most people’s definition of “target” is not as specific as NSA’s is, I don’t have a big issue with this statement.

Except that it is false to say the phone dragnet is only used “for narrow counterterrroism purposes.” As Dianne Feinstein stated and Keith Alexander confirmed back in June, the dragnet is used with al Qaeda related groups and with Iran.

It can only look at that data after a showing that there is a reasonable, articulable that a specific individual is involved in terrorism, actually related to al Qaeda or Iran.

Now, perhaps in reality the dragnet is used against Hizballah, which the US, at least, treats as a terrorist organization. But to the extent that the dragnet is used against specific individuals from Iran “involved in terrorism,” then the entire notion of “narrow counterterrorism purposes” goes out the window, because accusing Iran of engaging in terrorism, even in the context of Iraq (where I suspect such usage derives from) is problematic. That’s true not just because Iran has been the target of what might count as terrorist acts, including assassinations of civilians, but also because those whom we’ve listed as terrorists (including members of the Republican Guard and its bank) are engaged in what ought to be considered legitimate defense of a sovereign nation.

So even if you agree with the approach the US has adopted with Iran, including it among the terrorists you can use the phone dragnet against moves beyond “narrow” counterterrorism into counterterrorism as a tactical tool wielded against a state adversary. And that such definitions can happen in secret (Iran’s listings on Treasury’s terrorism list are not secret, but the choice to include it among the two general targets of the dragnet was secret until June) means there’s no reason to trust that the phone dragnet will remain narrowly targeted.

Then there’s the notion our targets are all overseas. They’re not. Hacking targets are in the US, and there’s good reason to believe the upstream collection is used against them (we do know there’s a cybersecurity certification for Section 702). NSA presumably manages to conduct this domestic spying in the guise of foreign intelligence by noting how difficult it is to attribute hacks (that’s also presumably how it justifies holding all encrypted communications indefinitely). In other words, what we’re seeing is a redefinition of “foreign” to incorporate more and more that is domestic, which in part amounts to using intelligence rather than law enforcement tools against criminal activity because some but not all of that criminal activity is propagated by states. (Note, in yesterday’s hearing Peter Swire suggested NSA’s info assurance function is where it serves as a domestic security agency.)

Then there’s this statement from Wittes:

We want a robust foreign intelligence capability. We don’t want our domestic relations between citizens and government conditioned by an intelligence agency—which necessarily uses secrecy, deceit and trade-craft that has no part in domestic governance.

This is why I harp constantly about the use of the dragnet to identify potential informants. Because it is precisely through that application of the dragnet where NSA’s activities lead directly to the the interjection of secrecy, deceit, and trade-craft in domestic governance. Sure, FBI (that hybrid intelligence/law enforcement agency) carries out that secrecy, deceit, and trade-craft, not NSA. But the power of the dragnet makes all that deceit potentially far worse (because it provides a way to exploit the secrets of innocent citizens to coerce them to become informants). That NSA is one step removed from this troubling approach does not mean it is not party to it.

Again, these are details, details which don’t necessarily invalidate Wittes’ larger point, but show that even within the larger framework, NSA has secretly violated those principles Wittes would like to believe.

Share this entry

US Official Position Says Hacking Is Permissible?

/1 Comment/in , /by

According to LAT’s Ken Dilanian, it is the “official position” of the US government that some kinds of hacking are “permissible.”

The official U.S. position — that governments hacking governments for military and other official secrets is permissible, but governments hacking businesses for trade secrets is not — is a tougher sell these days.

He makes the claim in an article that originally claimed Edward Snowden’s leaks have set back cybersecurity efforts, but then had to issue a correction acknowledging CISPA probably wasn’t going to happen anyway.

An article in the Feb. 2 Section A on the effects of Edward Snowden’s leaks of National Security Agency secrets said the White House backed the Cyber Intelligence Sharing and Protection Act, a cybersecurity measure. The White House threatened to veto the proposed bill in April. —

I take from this correction that Dilanian was fairly uncritically repeating the claims of NSA boosters — as other reporters have credulously repeated claims about the way Snowden’s leaks will affect cybersecurity initiatives.

Which is why I find his description of this “official position” so interesting.

I’m not aware of the US endorsing any official (public) policy on the kinds of hacks NSA (and CyberCommand) are permitted. Congress has tried to put some limits on it — or at least get briefing on it. And Keith Alexander successfully fought for a lot more autonomy over the hacks he could do.

The Executive does, however, have an official policy on SIGINT: President Obama’s recent Presidential Policy Directive. But a SIGINT official position and a hacking policy are not necessarily the same thing. While hacking is one way we collect SIGINT (though I don’t think NSA has admitted to that), we also conduct hacking for offensive purposes.

Even assuming they were the same thing, Dilanian’s characterization would be a misstatement of the policy in any case.

The actual policy permits the collection of SIGINT for broadly defined foreign intelligence purposes.

Thus, ” foreign intelligence ” means ” information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists,

Of course, corporations are, under US law, both “organizations” and “persons,” so this definition permits spying on foreign corporations (other intelligence documents lay this out explicitly).

And the PPD does permit the collection of foreign private commercial information to protect US and allies’ national security.

The collection of foreign private commercial information or trade secrets is authorized only to protect the national security of the United States or its partners an d allies. It is not an authorized foreign intelligence or counterintelligence purpose to collect such information to afford a competitive advantage 4 to U.S. companies and U.S. business sectors commercially.

This is, frankly, where our hypocrisy on hacking (and SIGINT) begins to fall apart, given that China would maintain that stealing our military (and energy and tech) secrets are a matter of national security, and the fact that our government maintains more nominal separation from the companies that develop such things than China does should not shield those companies from spying.

And then, finally, the limits on data collection don’t apply when the NSA is working to develop SIGINT capabilities.

it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.

Given that some of our alleged hacking seems to support efforts to develop new hacking capabilities, this exception could prove infinitely recursive, especially given the rules on information collection in the name of cyberdefense and attacks. And of course, when we exploited Siemens’ SCADA industrial control systems to attack Iran, we used a corporate competitor’s trade secrets in the name of national security.

That is, even ignoring how America’s self-interested standard simply defines our national security in terms that legitimize our own hacking, when you get into the interaction of our intelligence to hack which serves to collect intelligence, the rules on SIGINT basically fall apart.

But hey. If the US says hacking of official government secrets is “permissible,” then maybe DOJ will withdraw the charges against Edward Snowden?

Share this entry

Mirror, Mirror, on the Wall, Who’s the Hackiest of Them All?

/25 Comments/in /by

ClapperHere are some excerpts from the Global Threats report pertaining to the cyber threat.

We assess that computer network exploitation and disruption activities such as denial-of-service attacks will continue.

[snip]

… many countries are creating cyber defense institutions within their national security establishments. We estimate that several of these will likely be responsible for offensive cyber operations as well.

[snip]

Critical infrastructure, particularly the Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems used in water management, oil and gas pipelines, electrical power distribution, and mass transit, provides an enticing target to malicious actors. Although newer architectures provide flexibility, functionality, and resilience, large segments of legacy architecture remain vulnerable to attack, which might cause significant economic or human impact.

It’s as if the intelligence community called up NSA and CyberCommand, asked what they had been working on, and then “assessed” that those targets presented threats going forward.

And while I expect that China commits what would be judged the largest number of hacks (in part because much of the information we steal right from the communication backbone they would have to hack to get), the inclusion of SCADA in the list of vulnerabilities is particularly rich, considering we are believed to have pioneered that kind of attack with StuxNet.

Again, I’m not denying these other entities hack (the unclassified version of the report left off Israel and France, as unclassified versions tend to do). Just that we continue to exhibit no awareness that some part of this threat amounts to our genie blowing back in our face.

Share this entry

Is CIA Spying Domestically by Hacking Americans’ Computers?

/9 Comments/in /by

In addition to further details about CIA’s quashed review showing torture didn’t work and a commitment from James Clapper he would tell the American people if any of them had been back door searched, Ron Wyden and Mark Udall (along with Martin Heinrich) got one more curious set of details into the record at today’s Threat Hearing.

First, Wyden asked (43;04) John Brennan whether the federal Computer Fraud and Abuse Act applied to the CIA.

Wyden: Does the federal Computer Fraud and Abuse Act apply to the CIA?

Brennan: I would have to look into what that act actually calls for and its applicability to CIA’s authorities. I’ll be happy to get back to you, Senator, on that.

Wyden: How long would that take?

Brennan: I’ll be happy to get back to you as soon as possible but certainly no longer than–

Wyden: A week?

Brennan: I think that I could get that back to you, yes.

Minutes later, Mark Udall raised EO 12333’s limits on CIA’s spying domestically (48:30).

Udall: I want to be able to reassure the American people that the CIA and the Director understand the limits of its authorities. We are all aware of Executive Order 12333. That order prohibits the CIA from engaging in domestic spying and searches of US citizens within our borders. Can you assure the Committee that the CIA does not conduct such domestic spying and searches?

Brennan: I can assure the Committee that the CIA follows the letter and spirit of the law in terms of what CIA’s authorities are, in terms of its responsibilities to collect intelligence that will keep this country safe. Yes Senator, I do.

Now, it’s not certain these two questions are linked. Though obviously, hacking computers is an easy way to spy on people (as the NSA knows well).

Of course, the logic of the memo authorizing the Anwar al-Awlaki killing says that, so long as CIA has a presidential finding, even laws protecting American citizens cannot limit the CIA. And we learned 6 years ago that the Executive had secretly altered the text of EO 12333 without actually changing it, a practice John Yoo rubber stamped.

So, particularly given Brennan’s snitty answer about protecting this country, I’d assume it’s a safe bet that the CIA is spying domestically, and I’d posit that they may be hacking computers to do so.

Oh good. NSA was getting bored being the only Agency exposed for hacking.

Share this entry

Verizon’s Storefront

/3 Comments/in , /by

As I noted yesterday, Verizon conveniently released its own transparency report 5 days before the government approved new transparency guidelines (according to one report, the deal was substantially completed earlier in the month, but had to wait on some tweaks to follow Obama’s speech).

Had Verizon released a transparency report yesterday, it would have added at least the following two details:

Non-Content FISA orders:

4 orders affecting 107,700,000 customers

Content FISA orders:

? orders affecting ? selectors (probably measuring the number of search terms — maybe something like “250” — Verizon searches for off its upstream collection affecting millions of people)

It would have painted a very different picture.

It turns out they did have time scheduled to write transparency claims yesterday. They released this statement attempting to reassure customers that Verizon doesn’t comply with any US government orders for data stored overseas. (h/t Chris Soghoian) Here’s an excerpt:

Over the past year there has been extensive discussion around the world about government demands for data.  Last week, Verizon released a Transparency Report outlining the number of law enforcement requests for customer information that we received in 2013.  In the report we noted that in 2013 we did not receive any demands from the United States government for data stored in other countries.

Although we would not expect to receive any such demands, there are persistent myths and questions about the U.S. government’s ability to access customer data stored in cloud servers outside the U.S.  Now is a good time to dispel these inaccuracies and address the questions, which have been exacerbated by the stream of news reports since last June about national intelligence activities in the U.S. and elsewhere.

Our view on the matter is simple: the U.S. government cannot compel us to produce our customers’ data stored in data centers outside the U.S., and if it attempts to do so, we would challenge that attempt in court.

Here’s why.

The section of the national security laws often cited as granting the U.S. government authority to access data stored abroad is Section 215 of the Patriot Act.

While Section 215 allows a court to issue an order requiring a company operating in the U.S. to produce certain business records, it does not give the U.S. government the power to act outside the U.S.  More importantly, Section 215 does not grant the U.S. government access to customer data stored in the cloud; it only applies to business records of the cloud provider itself.  So the U.S. government cannot use Section 215 to compel a company to produce customer data stored in data centers outside the U.S.

[snip]

Finally, Section 702 of the Patriot Act also is not an option for the U.S. government to compel a U.S. company to turn over customer data stored in a data center outside the U.S. because the U.S. company does not have possession, custody or control of that data.

[snip]

customer data stored in data centers outside the U.S.

[snip]

data stored outside the U.S.

[snip]

data stored in the cloud outside the U.S.

[snip]

there should be no concern about the U.S. government compelling Verizon to disclose data our customers store in Verizon data centers outside the U.S. [my emphasis]

So having dodged by 5 days the obligation to report on all the data stored in the US it hands over to the government, it now wants to make claims about Verizon customer data stored overseas.

Stored, stored, stored, stored, stored, stored, stored, stored, stored, stored, store.

It chose not to say anything about data in transit, either here or in the US. In the US it is now permitted to talk about the data it collects in transit off its cables for the government in response to FISA Section 702 orders (though the deal only permits reports every 6 months; I guess it’s hoping we’ll forget about this soon).

To say nothing of the data it provides the government it collects as it transits overseas, perhaps in response to a polite request?

I’m actually most interested in Verizon’s claim it could not be required to turn over data stored overseas under Section 702.

Wouldn’t it primarily be served such a request under Section 703, which requires a warrant for electronic surveillance or access to stored communications of Americans overseas? Actually, I don’t know the answer to that — no one seems to, and I’ve been asking a lot of lawyer types.

But if Verizon says it can’t be served with an order for data stored overseas (in truth, many 703 orders must relate to searches conducted here on people who are physically overseas, but still), then the government isn’t using 703 in all the cases it is required to.

Whatever: the message to all you Europeans seems clear. Verizon would never let the government touch data it had in its own servers. Nosirree!

As far as data transiting its cables? All bets are off.

Share this entry

If by “Big Data” You Mean “Big Campaign Donations”

/8 Comments/in , /by

President Obama has named the people who will help John Podesta accomplish this task.

I have also asked my Counselor, John Podesta, to lead a comprehensive review of big data and privacy. This group will consist of government officials who—along with the President’s Council of Advisors on Science and Technology—will reach out to privacy experts, technologists and business leaders, and look at how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.

As I said in my annotations to Obama’s speech, effectively Obama responded “to a review by calling for another review,” but at least it would be a welcome first time he reached out to technologists.

Here’s the list:

That’s why in his speech, the President asked me to lead a comprehensive review of the way that “big data” will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy. I will be joined in this effort by Secretary of Commerce Penny Pritzker, Secretary of Energy Ernie Moniz, the President’s Science Advisor John Holdren, the President’s Economic Advisor Gene Sperling and other senior government officials.

I’ll outsource judging whether this amounts to reaching out to technologists to Chris Soghoian:

None of the big names named in the president’s “big data” review announcement are technologists. DC at its finest.

But I’m particularly interested in Penny Pritzker’s presence on the list.

After Cass Sunstein and Geoffrey Stone ended up being too independent to deliver the whitewash Obama wanted, he has picked one of his biggest campaign donors to review Big Data.

So I guess by “Big Data” we know what Obama meant.

Worse still, Pritzker heads up an Agency that — it is increasingly clear — serves a key role in offering carrots and sticks to coerce compliance from private companies with government data demands. And compliance not just for the purposes of defense of spying, but also for cyberoffense. Not exactly the kind of person who might expect candor from the Big Data companies likely to be coerced by the government.

Share this entry

Obama’s Dragnet: Policeman of the Whole World

/7 Comments/in , , /by

And don’t let anybody make you think that God chose America as his divine, messianic force to be a sort of policeman of the whole world. God has a way of standing before the nations with judgment, and it seems that I can hear God saying to America, “You’re too arrogant! And if you don’t change your ways, I will rise up and break the backbone of your power, and I’ll place it in the hands of a nation that doesn’t even know my name. Be still and know that I’m God.”

–Martin Luther King, “It’s A Dark Day In Our Nation

As I noted the other day, in his speech on the dragnet, President Obama acknowledged that our unique technical surveillance capabilities demands more humility, not less.

But America’s capabilities are unique. And the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.

Yet that concern about our unique technical capabilities quickly transformed into exceptionalism — a concern about how distrust stemming from our dragnet hubris would corrode our “leadership” position in the world.

Instead, we have to make some important decisions about how to protect ourselves and sustain our leadership in the world, while upholding the civil liberties and privacy protections that our ideals – and our Constitution – require. We need to do so not only because it is right, but because the challenges posed by threats like terrorism, proliferation, and cyber-attacks are not going away any time soon, and for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.

And that, in turn, became our role in protecting “our friends and allies as well.”

Our capabilities help protect not only our own nation, but our friends and allies as well. Our efforts will only be effective if ordinary citizens in other countries have confidence that the United States respects their privacy too. And the leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them, rather than turning to surveillance. In other words, just as we balance security and privacy at home, our global leadership demands that we balance our security requirements against our need to maintain trust and cooperation among people and leaders around the world.

This includes protecting them not just from terrorism and hackers, but from crime — including the crime of violating US sanctions.

In terms of our bulk collection of signals intelligence, U.S. intelligence agencies will only use such data to meet specific security requirements: counter-intelligence; counter-terrorism; counter-proliferation; cyber-security; force protection for our troops and allies; and combating transnational crime, including sanctions evasion.

Of course, a number of countries (much of Latin America) object to the way we fight crime (drug cartels) in their countries. But our pursuit of our own national security has literally turned us into the world’s policeman. Which Obama repeats again — our leadership role requires us to use our dragnet to fight terrorists and crime.

We will appoint a senior official at the White House to implement the new privacy safeguards that I have announced today. I will devote the resources to centralize and improve the process we use to handle foreign requests for legal assistance, keeping our high standards for privacy while helping foreign partners fight crime and terrorism.

How ironic, how prescient, that King spoke our arrogance breaking the backbone of our power. Not only does it threaten to break the ideological backbone of our hegemony — replacing our liberties with our policing — but it quite literally threatens to balkanize the communication backbone we’ve exploited to become that policeman.

President Obama seems to understand what a crisis this poses to our leadership. He does not, yet, understand that that leadership was not supposed to be policing the world.

Share this entry