Ever since Edward Snowden began to leak details on the mass surveillance programs of the NSA and other government agencies, there’s been an ongoing debate over the nature and limits that should be placed on such surveillance.
One of the most troubling trends exposed in repeated leaks is the degree to which the government has exceeded the enormous authority granted it by the Patriot Act and other legislation. New information, available today, is going to reignite that argument. Days after the Senate voted to reauthorize the Patriot Act with some modest modifications, details have leaked on how the Obama Administration authorized the NSA to search the Internet for evidence of malicious hacking, even when there were no obvious ties between the alleged hackers and any international groups.
According to a joint investigation between the New York Times and Pro Publica, the Justice Department authorized the NSA to hunt for hackers without a warrant, even when those hackers were present on American soil. Initially, the DOJ authorized the NSA to gather only addresses and “cybersignatures” that corresponded to computer intrusions, so that it could tie the efforts to specific foreign governments. The NSA, however, sought permission to push this envelope. These new slides also note, incidentally, that Dropbox was targeted for addition to the PRISM program.
These practices date back to at least 2011, when the Foreign Intelligence Surveillance Court (FISC, sometimes called the FISA Court) authorized the FBI to begin using NSA resources in pursuing foreign-based hackers. Data the NSA gathered on behalf of the FBI was to be routed to the FBI’s own repositories. As with previous controversial orders, it’s not clear what the criteria are for a target being “suspicious,” or what ties or evidence are gathered to link a specific individual to hacking attempts before warrantless surveillance is called in. Monitoring hackers also means monitoring what hackers are hacking — which means that the data stolen off US servers is being dumped back to the NSA. What happens to that data? It’s not clear — and the NSA’s ability to accurately identify the difference between friends and enemies has been repeatedly called into question, including by the FISA court itself.