December 24, 2012 |
In mid-November , The Washington Post,
the first media outlet to report on the directive, noted that it
“enables the military to act more aggressively to thwart cyberattacks on
the nation’s web of government and private computer networks.”
The Post’s revelation came at the same time that other stories
broke pointing to deepening problems with electronic privacy rights in
America. The most sensational story involved the FBI’s snooping the
private e-mails of two of the nation’s leading security officers, CIA
Director David Petraeus and Gen. John Allen, head of the U.S.
Afghanistan war effort.
More disturbing but expected, the Supreme Court rejected the ACLU’s
challenge to the National Security Agency’s (NSA) use of warrantless
wiretaps. And Sen. Patrick Leahy (D-VT), chairman of the Senate
Judiciary Committee, proposed the further loosening of e-mail privacy
protection regulations.
These are just four examples of an increasing number of efforts
among various federal entities, including the Congress and Supreme
Court, to expand the power of the U.S. government to spy on American
citizens. Recent initiatives by three of the lead agencies engaged in
citizen surveillance -- National Security Agency (NSA), Department of
Homeland Security (DHS) and Defense Department’s research arm, Defense
Advanced Research Projects Agency (DARPA) – outline the tightening grip
of the spy state.
The ostensible rationale for the tightening of the digital security
grip is to track potential foreign cyber-threats. It is, however,
evident that federal agencies are increasingly surveilling the
electronic lives of ordinary Americans.
These developments signal the growing erosion of personal
electronic privacy. Equally troubling, little information is available
as to how these agencies share among themselves the personal information
they gather about ordinary citizens. Nor do Americans know how these
agencies are incorporating data from 3rd party commercial entities, like
websites Google or Facebook and data aggregators like Acxiom or
LexisNexis, into their database profiles.
* * *
In mid-October and with little fanfare, President Obama signed PPD 20. He uses PPDs to promulgate national security decisions and, since taking office, he has issued 20 directives.
According to the Congressional Research Service,
“From the earliest days of the federal government, Presidents,
exercising magisterial or executive power not unlike that of a monarch,
from time to time have issued directives establishing new policy,
decreeing the commencement or cessation of some action, or ordaining
that notice be given to some declaration.”
PPDs are state secrets. PPD 20 is believed to legalize two
un-Constitutional programs. It may expand the power of the military and
intelligence agencies to engage in cyber warfare against those deemed
“cyber enemies” anywhere in the world. And it may permit federal
agencies to monitor the networks of private companies, such as Google
and Facebook.
For many, “NSA” means "Never Say Anything." In keeping with its
customary policy, the NSA refused to provide details about the
directive. “Disclosure could reasonably be expected to cause
exceptionally grave damage to the national security,” the NSA responded.
“Because the document is currently and properly classified, it is
exempt from disclosure.”
Efforts by civil liberties groups like the ACLU and the Electronic
Privacy Information Center (EPIC) to have the Obama administration
reveal the contents of PPD 20 have come to naught. EPIC filed a Freedom
of Information Act (FOIA) request to find out what the directive
covers.
According to EPIC attorney Amie Stepanovich, “we believe that the
public hasn’t been able to involve themselves in the cybersecurity
debate, and the reason they can’t involve themselves is because they
don’t have the right amount of information.” In response, the NSA
claims, “disclosure could reasonably be expected to cause exceptionally
grave damage to the national security.”
Some media attention has focused on the NSA’s new Data Center being
built on a 240-acre site near Camp Williams, UT, and is expected to be
completed in September 2013. It is a 1 million square foot facility, of
which 10 percent is dedicated to computer systems; its projected
construction cost is estimated between $1 and $2 billion, the true
number is top secret. In keeping with its hush-hush policy, the agency
says only that the facility will "strengthen and protect the nation's
cyber-security."
The latest NSA whistleblower, William Binney, a 32-year agency
veteran who quit over the agency’s failures that resulted in the 9/11
attacks, warns: "It didn't take but probably
a week or so after 9/11 that they [NSA] decided to start spying on the
U.S. domestically, on all U.S. citizens they could get." Going further,
he insists that the new facility will be able to monitor everything: it
"pretty much means all the communications in the world, for roughly a
hundred years."
Since 2005, the NSA has been engaged in the active warrantless
surveillance of Americans. In 2008, faced with court challenges from
civil liberties groups, the Congress extended the Foreign Intelligence
Surveillance Act (FISA) with the FISA Amendments Act (FISAAA). Doing
so, the Congress (i) retroactively extended the NSA’s ability to spy on a
“suspected terrorist” without a warrant and (ii) expanded its scope of
surveillance to Americans engaged in domestic conversations with foreign
suspects. Whoever else is being tracked is a national security secret.
Sadly, the Supreme Court just reaffirmed the NSA’s authority to spy on Americans.
PPD 20 seems to be pushing the surveillance envelope a couple of
steps further. It might provide legal cover for the NSA, CIA and the
military to actively engage in cyber attacks against those deemed to be a
cyber threat. Potential targets include individuals, organizations and
countries. The apparently joint U.S.-Israel 2010 stuxnet virus attack
on an Iranian nuclear processing facility is an example of the type of
an action likely covered by the directive.
According to the Post article, “The new directive is the most
extensive White House effort to date to wrestle with what constitutes an
‘offensive’ and a ‘defensive’ action in the rapidly evolving world of
cyberwar and cyberterrorism.”
Notions like “offensive” and “defensive,” like “enemy” and “ally,”
“terrorist” and “citizen,” are oh so 20th century. The 21st century spy
state is engaged in (to use a popular concept) a “360-degree” conflict.
No one is above suspicion, of being a potential threat. Whether an
Army general sending personal e-mails or an ordinary citizen making a
phone call, everyone is being watched.
Americans are being asked to surrender personal electronic privacy
so that the spy state can prevent potential foreign cyber-threats. It’s
hard to evaluate this trade-off. No one really knows the seriousness of
the “threat.” Is it al-Qaeda or Chinese hackers or Anonymous?
Sadly, most of the operations of the various federal agencies
involved in surveillance are done in secret, with little accountability
and no transparency. In the weird world of Washington, DC, false
consciousness, generals who lose wars get promoted and fools who failed
to see 9/11 coming are given Medals of Freedom.
Nevertheless, occasional revelations of the true functionality of
the spy state break through the fog of government-media orchestrated
censorship. From a “security” perspective, the U.S. seems in bad shape;
it’s a nation run by self-serving paranoid incompetents.
Domestically, the centerpieces of the nation’s counterterrorism
effort are DHS “fusion centers.” In the wake of 9/11, these centers were
set up as joint-agency regional intelligence sharing facilities. The U.
S. Senate Permanent Subcommittee on Investigations recently released a
100-page study that found that the DHS spent an estimated $1.4 billion
to run 72 fusion centers. It found these centers to be a mess, producing “useless” information while collecting vast amounts of information about innocent Americans.
Senator Tom Coburn (R-OK), the Subcommittee’s ranking member and the person who initiated the investigation, warned: “It’s troubling
that the very ‘fusion’ centers that were designed to share information
in a post-9/11 world have become part of the problem. Instead of
strengthening our counterterrorism efforts, they have too often wasted
money and stepped on Americans’ civil liberties.”
The DHS’ Transportation Security Administration (TSA), the agency
that gives an airport traveler the security safety shakedown, seems
equally troubled. It recently signed a purchase order for “ insider threat software,” spyware that monitors its employees’ computer activities.
The TSA’s original RFP, which was subsequently modified, read:
“Focused operations is in need of a tool to help detect an insider
threat. The focus is to monitor at the host level. … In order to detect
an insider threat, technology is required to monitor and obtain
visibility into users' actions.”
The TSA doesn’t trust is own employees, federal agents! The
original RFP sought a system that captured every keystroke and chat
session, that monitored e-mails and attachments, that logged website
visits and file transfers, that tracked the movement of documents and
recorded all photos, video clips and screenshots one accesses. The RFP insisted, “The end user must not have the ability to detect this technology” or be able “to kill the process.”
Where the NSA and DHS are focused on what they identify as
immediate threats, the DoD’s DARPA sees long term. It’s funding brought
the world the Internet, very large-scale integrated circuits (VLSI) and
stealth airplanes, among other discoveries.
DARPA is promoting a system dubbed “Insight” that provides for
globally integrated “intelligence, surveillance, and reconnaissance”
(ISR). Ostensibly for the military, it has great, long-term potential
monitoring the civilian population. DARPA recently released an RFP for
the project’s second phase; it seeks “to enhance analysts’ ability to
more effectively and efficiently process information, the Insight
program is developing an adaptable, integrated human-machine
Exploitation and Resource Management (E&RM) System.” It committed
$80 million to finance the project.
The E&RM System points to the future spying. It seeks to integrate “information
across multiple sources, including imaging sensors and non-imaging
sensors.” More telling, it seeks the detection and identification of
threats through the use of behavioral discovery and prediction
algorithms. Big Brother really is watching!
The U.S. and the world has changed since 9/11 and its time to
rethink the threat rationale. Americans are paying an ever-increasing
price, both in dollars and the loss of personal privacy, to maintain the
spy state. It is the 21st century version of President Eisenhower’s
“military-industrial complex,” but globalized, financialized and
digitized. The spy state is an all-digital operation that integrates
domestic and international military, intelligence and corporate
systems.
A growing number of federal agencies, working independently,
together and in parallel, are tightening the web of the 21st century spy
state. These agencies are also working with private corporations and
state/local law enforcement entities. Say hello to the new Big Brother.
No comments:
Post a Comment