The next head of the National Security Agency (NSA) told Congress that the scandal-ridden agency needs no serious reform or restructuring; nor does it need to reconsider or limit its collection of personal data on Americans, much less rein in its efforts to weaken encryption standards and insert backdoors in U.S.-made technology products to make it easier to spy on foreign governments.
In fact, all the NSA needs is better PR to keep citizens from overreacting to the agency’s surveillance practices, along with a way to target its data collection more narrowly, Vice Admiral Michael Rogers said during an informational interview with the Senate armed services committee, which does not have the power to approve or deny his appointment.
During the March 11 Senate hearing, Rogers denied the NSA could effectively track down terrorist suspects or thwart plots against the U.S. without access to the telephone metadata, whose unveiling by whistleblower Edward Snowden in 2013 launched a series of scandals and controversies that has yet to subside.
The NSA should become “more transparent” about its intentions, according to Rogers, who said he would “assure a sense of accountability” about the super-secret spy agency that has been repeatedly exposed in once-secret documents as being involved in surveillance or hacking projects whose existence had previously been denied by NSA directors and senior officials.
Rogers was nominated in January to replace current NSA chief Gen. Keith B. Alexander, who is retiring this month. He currently commands the U.S. Tenth Fleet, which includes the U.S. Fleet Cybercommand, the Navy’s digital warfare and signals-intelligence wing. During more than 30 years in the Navy, Rogers, a specialist in encryption and signals intelligence, has held both line positions and high-visibility jobs in the Pentagon, where he was called on to negotiate the tetchy relationships among services represented on the Joint Chiefs, and communicating on their behalf with Congress and other civilian authorities.
“I believe one of the takeaways form the situation over the last few months is that as an intelligence professional… I have to be capable of communicating in a way that highlights what we are doing and why to the greatest extent possible,” Rogers said, according to a March 11 story in the New York Times. Rogers rebuffed suggestions that the agency should reduce the scope of its metadata collections – which gather information on nearly every phone call placed within the United States – and hinted that President Obama’s decision to put the stored data into the hands of a third party would be both insecure and poor policy.
The problem is not the collection of the data or the NSA’s efforts to keep the program going and keep its data intact, despite rulings from the Foreign Intelligence Surveillance Court (FISC) that the data must do so. Instead, the answer to charges that the entire program is a violation of the 4th Amendment to the Constitution and violation even of terms of the USA Patriot Act under which it was originally authorized is to keep the program going and simply “query the data in a way that both protects the rights of the individual but also enables us to get answers in a quick, reasonable time period,” Rogers said in testimony quoted in DefenseOne.
Even collecting the data without any indication that any of the people whose activity is being tracked are involved in criminal activity is a massive violation of the search-and-seizure limitations in the 4th Amendment, according to activist groups that have protested or sued the agency to end the practice, including the American Civil Liberties Union and Electronic Privacy Information Center. Other programs, including the MUSCULAR program under which the NSA tapped datacenter-network connections belonging to Yahoo, Google and other Internet service companies, are indefensible from legal, national security or ethical grounds, according to Electronic Frontier Foundation senior staff attorney Lee Tien.
Rather than alter programs that sparked outrage from both parties in Congress, foreign governments, and a host of political- an civil-rights activist groups, Rogers told the Senate armed services committee that the NSA’s next challenge is to develop the ability to immediately detect and counter digital attacks on the United States. The NSA and U.S. military have a dismal record of blocking digital espionage, especially from China, during the past two decades. There is little evidence that record is improving, despite new efforts including the Pentagon’s Cyber Command – which is under command of the director of the NSA.
In September the Wall Street Journal reported that a series of attacks from Iran had penetrated non-classified Navy computer networks in an effort at espionage. Though no classified information was taken, the penetration was not discovered or stopped immediately. Instead the attackers had time to build a foothold that allowed them to penetrate even further into U.S. Navy networks before eventually being discovered and cut off.
Iran has been ramping up its cyberespionage capabilities since the June 2010 discovery of the Stuxnet virus, which was designed to sabotage Iranian nuclear-material processing facilities. Iranian officials have charged that the U.S. and Israel were behind the attacks; both have denied involvement.
A September report from D.C.-area defense analyst firm the Atlantic Council said Iran’s attack capabilities had grown considerably, but that it is still a “tier-three cybermilitary” that is far less formidable than both China and Russia, both of which generate far more attack traffic aimed at U.S. and U.S. military facilities than any other country according to a January report from Akamai Technologies.
There has been a series of serious malware-based cyberespionage incidents between the U.S. and Russia during the past two years, most notably the “Red October” attacks on Moscow and the “Uruburos,” “Snake” or “Turla” virus alleged to be part of a five-year-long series of attacks by Russia against U.S military institutions.
Image: U.S. Navy