This story appeared on Network World Fusion at
http://www.nwfusion.com/columnists/2005/032105bradner.html
'Net Insider
NSA: Just doing its job
By Scott Bradner
Network World, 03/21/05
Scott Bradner
In mid-March, the George Washington University-based National
Security Archive added to its already impressive collection of National
Security Agency-related documents. The most recent addition is the December
2000 "Transition 2001" document provided to the then-incoming Bush
administration. This document recommends that the agency get even deeper into
the network monitoring business and makes for quite interesting reading,
particularly since it is reasonable to assume that equivalent documents were
created by intelligence agencies in other parts of the world.
The documents in the archive cover many issues, which include the
full history of the National Security Agency and extend from 1950 to 2002. As
you might expect, Transition 2001 has been redacted, but far less than I would
have expected. (By the way, the National Security Agency, at least, has learned
from the work of Claire Whelan - redacting is now done with white boxes that
overlap the text (explanation). It's fun to speculate that if the National
Security Agency took the opportunity of having to produce this document to
redact selectively to make some points, for example, clarifying that it has
lost employees at a time when it wants more responsibility.
A few major points in the document:
¥ The agency is ready to deal with the explosion in global communications
but to do so "demands a policy recognition that NSA will be a legal but
also a powerful and permanent presence on a global telecommunications
infrastructure where protected American communications and targeted adversary
communications will coexist."
¥ The National Security Agency must "live on the
network" to deal with the new world of wireless- and fiber-based data
communications networks but "the NSA can perform its missions consistent
with the Fourth Amendment [of the U.S. Constitution] and all applicable
laws."
¥ The agency's mission "means seeking out information on the
Global Net, using all available access techniques, breaking often-strong
encryption . . ."
¥ The new telecom world leaves U.S. networks, both public and
private sector, vulnerable. But the document doesn't spend all that much time
discussing this. The document also mentions that the National Security Agency
suffered a three-and-a-half-day network outage in January 2000, hardly
something I expected to read here (unless it already had been reported - if so,
I missed it).
It might not be entirely coincidental that the National Security
Agency in mid-February leaked the fact that the Bush administration is thinking
of making the agency just the kind-of "traffic cop" that it asked to
be in Transition 2001. It sure would be good to get someone in government to
pay attention to the security of government agencies, considering they were
judged to deserve no better than a D+ last year.
Maybe the National Security Agency can help. For now, I'll take it
at face value that the National Security Agency will take pains to adhere to
the law and that the laws that the agency pays attention are the laws we know
about. (But I will note that the face of the agency is not all that clear.)
I assume that most other major countries have similar plans, but
might lack a Freedom of Information Act to make that fact known. So maybe it's
time to start protecting communications that you or your company would rather
not have become general knowledge in world government circles, and maybe also
in industry circles with good government contacts. Take a look at the
technology at www.gnupg.org, which I've been told is what organizations like
the National Security Agency use in house to foil competitors in its line of
business.
Disclaimer: Foiling competitors in the higher-ed business means
being better, not stealthier. Harvard hasn't expressed a view on the National
Security Agency's self-opinion, and the above is mine.