Facts and fiction, secrets and sci-fi: Breaking down the NSA

Keep your tin hat handy -- here's what we know and don't know about the National Security Agency's massive spying program

1 2 Page 2
Page 2 of 2

Maybe Snowden has it wrong. Maybe he's dramatically overstating the capabilities of the NSA. But he released these documents and unmasked himself so that Americans could finally have a free and open debate about what the NSA is doing in our name and where that road could lead. He certainly got everyone's attention.

Who's watching the watchers

Blanket surveillance is not by itself evil. It does, however, open the door to evil, invite it to sit on the couch, and make itself comfortable. It all depends on what limits are placed on the spooks and who's watching the watchers.

The answer to that last question comes in three parts: the Foreign Intelligence Surveillance Court, Congress, and the NSA itself. Let's look at how they've fared.

In 2011 the FISA court -- otherwise known as the largest rubber stamp ever invented by man -- decided the NSA's spy practices were violating the Constitution. However, we may never know in what manner the NSA was violating our rights because the court issued its ruling in secret. The Electronic Frontier Foundation sued to get a copy of the 86-page ruling, which "determined that the government had violated the spirit of federal surveillance laws and engaged in unconstitutional spying" per Mother Jones' David Corn. We're still waiting for a decision on that one. In 2007, the EFF tried to make another FISA court ruling public but lost.

Since that year, two members of the U.S. Senate Intelligence Committee, Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) have issued cryptic warnings that Americans would be "extremely surprised" to find out how much the NSA was spying on us. But that's all they were allowed to say, due to secrecy rules regulating Committee members. After last week's leaks, Wyden acknowledged that these programs were what he and Udall were referring to.

The senators also asked the NSA for the approximate number of Americans that were unintentionally caught up in the agency's net, only to be turned down because releasing such a number would violate the privacy of U.S. citizens, according to the NSA.

Then of course there is the NSA itself, whose director James Clapper tells us there's nothing to worry about, nothing to see here, please move along.

The Week's Marc Ambinder, author of a recent book all about our national security state, has a really good (if also extremely wonky) description of how PRISM probably works. He notes:

Everything the NSA analyst leaves an audit trail. And the NSA has a staff of auditors who do nothing but sample the target folders for over-collects.

There are many unknowns, of course, and many places where the system could break down. We do not know the minimization rules. They are highly classified. We do not know how long minimized data sits in storage. We don't know how many NSA analysts are trained to handle U.S. persons' data, or HOW they are trained. We don't know the thresholds to determine what the NSA finds to be relevant enough. We don't know how long the NSA can collect on a target without getting a FISA order, though we do know that they can start collecting without one if the circumstances demand it.

Is the NSA violating our Constitutional rights? The short answer: We don't know. And perhaps never will. But thanks to Ed Snowden we're at least asking the question.

The old joke is that NSA really stands for No Such Agency, but increasingly it stands for No Serious Accountability. That's the problem -- because an intelligence service run amok quickly translates into No Safety for Anyone.

Does NSA data mining make you feel more secure or less? Weigh in below or email me: cringe@infoworld.com.

This article, "Facts and fiction, secrets and sci-fi: Breaking down the NSA," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform