One useful way to think about the USA Freedom Act that President Barack Obama signed into law on Tuesday night is as a lightning-rod for the National Security Agency. By changing the way the NSA examines domestic phone records, the agency is now able to make the argument that it has undergone significant reforms in the aftermath of the Edward Snowden revelations. By giving up the authority to collect all American phone records, the agency has paid a small price — and gotten rid of a program that it had come to consider a burden, anyway — to keep its most important authorities intact.
The full measure of those powers were on prominent display in the New York Times on Thursday, when the paper reported that the agency has expanded its “warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking.” The NSA, the paper reported, has also partnered with the FBI to provide federal investigators with intelligence about computer intrusions carried out by foreign powers, according to documents provided by Snowden. There is no evidence of outright wrongdoing in Thursday’s reports, but they signal another expansion of the NSA’s authorities to collect data on the Internet.
Sen. Patrick Leahy, the Vermont Democrat and ranking member of the Judiciary Committee, said Thursday’s report “underscores the critical importance of placing reasonable and commonsense limits on government surveillance in order to protect the privacy of Americans” and that “Congress should have an open, transparent and honest debate about how to protect both our national security and our privacy.”
Jonathan Mayer, a cybersecurity researcher, told the Times that FBI use of NSA data to combat cybercrime threatens to conflate the latter’s intelligence gathering role with the former’s law enforcement mandate. “That’s a major policy decision about how to structure cybersecurity in the U.S. and not a conversation that has been had in public,” he said.
In short, the Times report, which was published in conjunction with ProPublica, reveals that the NSA has directed some of its most powerful tools toward cracking down on state-sponsored hackers online. The agency now has the power to search the data streams it has access to for snippets of code and other identifying information to spot hackers and track their activities. It is doing so by relying on one of its most important tools: Its position atop the global Internet infrastructure.
The NSA has risen to become the world’s most powerful intelligence agency in no small part because a huge amount of the world’s Internet traffic flows through the United States. Fiber optic cables carry large amounts of Internet data from one part of the world to another, and when that traffic arrives in the United States, the NSA is there to have a look at it.
Section 702 of the FISA Amendments Act governs parts of the NSA’s relationship with U.S. telecommunications companies, and it is through such companies that the NSA is able to access enormous troves of data for terrorism and foreign intelligence purposes.
Privacy activists are concerned that such collection activities potentially hoover up the communications of ordinary Americans, and Thursday’s revelation that the FBI is now allowed to partake of some data collected from telecom activities is likely to add to those concerns. According to the Times and ProPublica, the FBI’s access to such data — which is routed to a data center in Quantico, Virginia — is focused on foreign hackers trying to penetrate U.S. data systems.
That’s a mission that’s central to the U.S. government’s obligations to combat cybercrime, but the contention of rights activists is that that effort has become far too reliant on the tools of mass data collection. Thursday’s reports signal just how far these activists have to go if they hope to rein in the NSA’s powers.
Photo credit: NSA via Getty Images