Dave Aitel is CEO of Immunity Inc., a leading offensive security firm that serves major financial institutions, industrials, Fortune/Global 500s and US government/military agencies. He is a former NSA computer scientist and DARPA contractor.
As a former ‘research scientist’ at the National Security Agency, I feel compelled to respond to James Bamford’s exclusive interview with Edward Snowden that appeared in the September issue of Wired magazine. (Unlike Mr. Snowden, I had to get this piece reviewed by the NSA prior to publishing, in order to make sure it doesn’t jeopardize any classified information. )
Many of the factual assertions about the NSA and intelligence community that were included in Bamford’s article, and previous Snowden “disclosures,” are highly questionable from the perspective of someone who’s actually been there.
Here are the top four, although to be fair there were so many it was hard to choose:
1. The Intelligence Community Is Undisciplined And Irresponsible
Probably the biggest takeaway from Bamford’s article, and other comments attributed to Snowden, is that the NSA, CIA and other intelligence agencies operate in a Wild Westtype environment, where there is little supervision, oversight, and anything goes.
This is an unrealistic portrait. I spent some time on
the front lines at “The Fort,” and there’s a world of bureaucratic hurt, filled out in triplicate, for even minor mistakes that could step over the bounds of the law when handling US information.
It is the very first thing they talk to you about when you join the NSA, and the legality of your collection efforts what you can and can’t do comes up at nearly every meeting thereafter. The law and ethics of signals collection is an intense focus at the NSA, and those who violate it are (at a minimum) quickly stripped of their job responsibilities and security clearance. I always felt that we at the NSA fought with one hand tied behind our back, and, frankly, I was proud of that.
2. Our Spying On China Is Just As Bad As Theirs
Snowden has also claimed that the US is “crossing the line” with its cyberespionage against China, targeting not just military and government facilities, but “wholly civilian infrastructure” as well.
First, it’s worth pointing out that Snowden has never once criticized China for its unfettered cyberespionage tactics against the US private sector (to the tune of $300 billion a year in stolen intellectual property), the US government, Chinese citizens or Chinese political dissidents, including Tibetan, Hong Kong and Uyghur groups.
Chinese cyberespionage campaigns are notorious for their lack of restraint. Just consider these: Operation Aurora, Night Dragon, Titan Rain, GhostNet, etc. Unlike China, the US and her Five Eyes allies don’t engage in cyber espionage to boost their economies they do it to gather geopolitical intelligence.
3. The NSA is Watching Your Porn
Ok, let’s tackle the porn question.
In the Wired article, and in previous reports, it was mentioned that the NSA has used a target’s porn viewing habits to undermine or manipulate them. Does this mean the NSA is watching your porn too? No, of course not. The NSA does not monitor US Internet activity, except under special circumstances with specific targets (conducted under strict guidelines and regulations).
However, if you were traveling to China and happened to use a [REDACTED] that the NSA had access to, it’s possible, although highly improbable, that your data would get collected along with everything else.
But once the data was imported into the NSA, your data (along with every other American, Britain, Canadian, Australian and New Zealander) would be removed as soon as it was noticed that it was traffic from an American, as the NSA does not monitor its citizens, or those of the Five Eyes countries, unless specifically sanctioned.
At the NSA, data is first brought in by “frontline collectors.” These are the computer experts, the technologists, the ‘hackers’ if you will.
Their job is to get access to the overseas network and import all the raw data they can. Before this data is sent to the analysts, it goes through a “minimization” process.
This process, which is done both automatically by NSA computers and manually by frontline collectors, removes any information the NSA is not legally allowed to analyze, like your porn viewing habits, or any other data from a Five Eyes citizen.
By the time the data gets to the analyst’s desk, they’re not seeing anything they’re not supposed to.
4. America Poses The Biggest Threat To The Internet
Snowden also paints a vivid picture of a US intelligence community that is too powerful, too ruthless, too dominant over the rest of the world when it comes to cyber espionage.
First of all, it’s a good thing that America has the most sophisticated cyber arsenal of any other country on the planet. We aren’t worried about having the best aircraft carriers, nuclear submarines and fighter jets in the world. They keep us safe. The same is true for cyber weapons.
But the notion that America is unrivaled in cyberspace, and bullies the rest of the world, is absurd.
Aside from the $300 billion Chinese cyberespionage costs our economy each year, we also face constant threats from Russia, Iran, India, and even our Western allies. Our electric grid is constantly being probed by overseas adversaries. Our military agencies, defense contractors, space program, energy program, university system and financial trading platforms are all constantly under attack.
Had Snowden worked at the FSB, PLA, MISRI or NSC instead of the NSA, we would have discovered cyber espionage activities far worse than what are conducted by the NSA. Every country in the world is engaged in cyber espionage to the full extent of its capabilities. The US just happens to be the one that got caught. This time.
