NSA Director General Paul Nakasone testified before the Senate Armed Services Committee about the recent SolarWinds and Microsoft Exchange hacks. He said that foreign hackers are taking advantage of the Intelligence community’s blind spot – adversaries working INSIDE the United States.
Our adversaries can come into the United States, set up shop on the web, do their damage and be gone before a warrant can be issued – before we can have actual surveillance by a civilian authority.
To be clear, a warrant does not need to take a lot of time to get approved, but the NSA don’t need no stinking warrant. What is different is the FBI and others, most of the time, do need to get a warrant and getting a warrant requires probable cause and probable cause takes time to find. That is a constitutional problem, however. After 9/11, we did a whole bunch of new surveillance and some of that was ruled unconstitutional by the Supreme Court, but not until years later.
The problem is that no one – neither foreign not domestic, seems to have had any visibility into what the hackers were doing. In fact, neither law enforcement nor the intelligence community actually detected these attacks.
Nakasone said that we can’t connect the dots because we can’t see all the dots. Unlike dictatorships, in the US, we have separation of responsibilities and that does make things more difficult for those people who are tasked with protecting us.
While the NSA can legally intercept almost any signals that they are able to see internationally, inside the U.S., the FBI and others generally require a warrant to access information.
Of course the FBI and the NSA do not need any warrant to intercept traffic inside the government because the government can give them permission to do whatever they like. Given that the government was a major target, that seems like an important piece of information. The executive branch could have collected as much data as they wanted to using existing laws. Did they miss something? Could they have done something differently? Would that have changed the outcome? I don’t know the answer to any of these questions, but they are useful questions to ask.
Some folks – notably NOT General Nakasone – have suggested that the NSA needs to be allowed to spy inside the United States. That presents some minor legal problems, most notably the fourth amendment to the US Constitution.
Other people have suggested that even if we had allowed the NSA to spy on Americans in America, there is no indication that they would have detected these attacks. They might have. Or might not have.
Of course, if the private sector had a way to share their intelligence with the government in a way that protects Americans’ rights and protects the companies that share their data with the government.
I don’t think there is an easy answer. Sometimes the hackers are good – especially when they using an unlimited bank account as is often the case with state sponsored hacking.
The feds have been talking about a bill that would require companies to tell the gov about an attack, but that would be after the fact and that probably would not have helped in this case.
Still, we have to put our collective thinking caps on and try to figure out a solution. After 9-11 we came up with some reactionary responses and we are still arguing about the impact of that twenty years later. This time we should probably think about the long term implications. But we do need to think. Credit: The Cybersecurity 202/Washington Post