Talk:National Security Agency: Difference between revisions
imported>Howard C. Berkowitz (→General need for work: new section) |
imported>Howard C. Berkowitz (→Warrantless surveillance: new section) |
||
Line 16: | Line 16: | ||
Their role in INFOSEC is relatively little known, with the public attention going to SIGINT. Things like the move to more open crypto development, for example, are noteworthy in the study of bureaucracies. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 14:09, 25 October 2008 (UTC) | Their role in INFOSEC is relatively little known, with the public attention going to SIGINT. Things like the move to more open crypto development, for example, are noteworthy in the study of bureaucracies. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 14:09, 25 October 2008 (UTC) | ||
== Warrantless surveillance == | |||
As with many secret things charged with scandal, the truth is probably somewhere in the middle of the extremes. Speaking as an individual and not in any sense a Citizendium article, I believe that surveillance was conducted in violation of FISA, in some cases with the orders coming from the White House directly, and a lack of backbone by Congress in carrying out a reasonable amount of totally classified oversight. | |||
I've never worked on a Narus box, but I have done a lot of work on ISP security including deep packet inspection, doing things like [[botnet]] tracing. From the stories of the AT&T tap and general knowledge of the technology, what strikes me as plausible is that they were intercepting the SS7 call control channels, rather than the calls themselves, and then doing very advanced traffic analysis. Knowing what it takes to try to check beyond the IP header at 40 Gbps, I just don't see the technology there to do massive call content interception. SS7 and detailed call records, yes. | |||
U.S. law in the area of collecting call detail records is murky. Two key points are that the Communications Act of 1934 required either a court order, or the attorney general's certification, to install what was the call record technology of the day, a "pen register". In the Supreme Court case of Smith vs. Maryland (1979), the SCOTUS held that a subscriber had no expectation of privacy on his call detail records, but certainly did on his call content. I don't think Congress has ever given serious considerations to the truly complex implications of data mining a large call detail record database, looking for investigative leads, and perhaps targets for warranted wiretaps. It is not a simple matter. Congress cannot, IMHO, do reasonable oversight without more professional staff, and I understand the staff are often excluded when the eight members that hear the most sensitive programs are briefed. | |||
I'm not sure how much of this belongs in the NSA article proper, as they are the tools, but not the power behind them. Within the U.S. system, the fundamental issues include Presidential unilateral authority, the relevant legislation and court decisions, policies released such as United States Signal Directive 18, and the Congressional oversight process. I find fault, personally, in both the White House and Congress. | |||
Believe me, I'm not trying to make this a political football of an article. I don't think, however, that a lot of the issues are well understood, and focusing too much on NSA and too little on who gives them orders, and who should approve those orders, may confuse the situation. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 14:53, 25 October 2008 (UTC) |
Revision as of 08:53, 25 October 2008
General commentary
This is a challenging article to write, in a different way than the CIA article. In some respects, NSA is easier than CIA, because it has been far less involved in policy and political issues. In other respects, it needs more coverage on its technical contributions. Like CIA, a certain amount of timeline is appropriate, although I'm not yet sure that its operational histories need subarticles.
While a good deal of the material here is a braindump from personal experience, there's also some cut, paste, and, I hope, merciless editing of material from some SIGINT history articles I have on other pages. There needs to be just the right amount of linking to technical areas such as communications intelligence and cryptography, with a brief note of explanation.
Definitely a work in progress. Howard C. Berkowitz 15:15, 27 May 2008 (CDT)
General need for work
Other things having gotten higher priority, I never finished cleaning out material here that is also in the series "Signals intelligence in (date period)". Even with some of those articles, they got far too large and I was able to split others, but some are still too big for easy maintenance. Those articles, incidentally, are by no means limited to NSA.
The intent here was to talk about the U.S. agency, its mission, its oversight and lack of oversight (or taking direct orders without checks and balances), and its technical approach. Its history and development, role vis-a-vis the rest of the United States intelligence community, and policy control are relevant, as well as more the technical base that make some of its capabilities. There are valuable lessons from some of their spy scandals, as they have had a very different internal security culture than CIA, with different results.
Their role in INFOSEC is relatively little known, with the public attention going to SIGINT. Things like the move to more open crypto development, for example, are noteworthy in the study of bureaucracies. Howard C. Berkowitz 14:09, 25 October 2008 (UTC)
Warrantless surveillance
As with many secret things charged with scandal, the truth is probably somewhere in the middle of the extremes. Speaking as an individual and not in any sense a Citizendium article, I believe that surveillance was conducted in violation of FISA, in some cases with the orders coming from the White House directly, and a lack of backbone by Congress in carrying out a reasonable amount of totally classified oversight.
I've never worked on a Narus box, but I have done a lot of work on ISP security including deep packet inspection, doing things like botnet tracing. From the stories of the AT&T tap and general knowledge of the technology, what strikes me as plausible is that they were intercepting the SS7 call control channels, rather than the calls themselves, and then doing very advanced traffic analysis. Knowing what it takes to try to check beyond the IP header at 40 Gbps, I just don't see the technology there to do massive call content interception. SS7 and detailed call records, yes.
U.S. law in the area of collecting call detail records is murky. Two key points are that the Communications Act of 1934 required either a court order, or the attorney general's certification, to install what was the call record technology of the day, a "pen register". In the Supreme Court case of Smith vs. Maryland (1979), the SCOTUS held that a subscriber had no expectation of privacy on his call detail records, but certainly did on his call content. I don't think Congress has ever given serious considerations to the truly complex implications of data mining a large call detail record database, looking for investigative leads, and perhaps targets for warranted wiretaps. It is not a simple matter. Congress cannot, IMHO, do reasonable oversight without more professional staff, and I understand the staff are often excluded when the eight members that hear the most sensitive programs are briefed.
I'm not sure how much of this belongs in the NSA article proper, as they are the tools, but not the power behind them. Within the U.S. system, the fundamental issues include Presidential unilateral authority, the relevant legislation and court decisions, policies released such as United States Signal Directive 18, and the Congressional oversight process. I find fault, personally, in both the White House and Congress.
Believe me, I'm not trying to make this a political football of an article. I don't think, however, that a lot of the issues are well understood, and focusing too much on NSA and too little on who gives them orders, and who should approve those orders, may confuse the situation. Howard C. Berkowitz 14:53, 25 October 2008 (UTC)
- Article with Definition
- Military Category Check
- Engineering Category Check
- Physics Category Check
- Developing Articles
- Nonstub Articles
- Internal Articles
- Military Developing Articles
- Military Nonstub Articles
- Military Internal Articles
- Engineering Developing Articles
- Engineering Nonstub Articles
- Engineering Internal Articles
- Physics Developing Articles
- Physics Nonstub Articles
- Physics Internal Articles
- Military tag
- Security tag
- Intelligence tag