title:

Just doing its job

By Scott Bradner

In mid March the George Washington University based National Security Archive (http://www.gwu.edu/~nsarchiv/) added to its already impressive collection of NSA-related documents. The most recently added document is the December 2000 "Transition 2001" provided to the then incoming Bush administration. This document makes for quite interesting reading particularly since it is reasonable to assume that equivalent documents were created by intelligence agencies in other parts of the world.

The documents in the National Security Archive cover many issues including the full history of the NSA and extend from 1950 to 2002. (http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB24/index.htm)

As one might expect, the Transition 2001document (http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB24/nsa25.pdf) has been redacted, but far less than I would have expected. (By the way, the NSA, at least, has learned from the work of Claire Whelan (http://cryptome.org/cia-decrypt.htm) -- the redacting is now done with white boxes that overlap the text) It is fun to speculate if the NSA took the opportunity of having to produce this document to redact selectively to make some points, for example, making it clear that it has lost employees at a time when it wants more responsibility.

A few of the major points the document makes include:

o The NSA is ready to deal with the explosion in global communications but to do "demands a policy recognition that NSA will be a legal but also a powerful and permanent presence on a global telecommunications infrastructure where protected American communications and targeted adversary communications will coexist."

o The NSA must "live on the network" to deal with the new world of wireless and fiber-based data communications networks but they assert that "the NSA can perform its missions consistent with the Fourth Amendment [of the U.S. Constitution] and all applicable laws."

o The NSA mission "means seeking out information on the Global Net, using all available access techniques, breaking often strong encryption ..."

o The new telecommunications world leaves US networks, both public and private sector, vulnerable - but the document does not spend all that much time discussing this aspect

The document also admits that the NSA suffered a 3 ½ day network outage in January 2000, hardly a thing that I would expect them to do (unless it had already been reported -- if so I missed it)

It may not be entirely coincidental that the NSA in mid February leaked the fact that the Bush administration is thinking of making the NSA just the kind of "traffic cop" that it asked for in the Transition 2001document. (http://www.securityfocus.com/news/10494?ref=rss)

It sure would be good to get someone in the government to pay attention to the security of government agencies since they were judged to deserve no better than a D+ last year. (http://www.govtech.net/magazine/channel_story.php?channel=17&id=93148) Maybe the NSA can help there. (see http://www.nwfusion.com/columnists/2004/110804bradner.html)

For now I'll take it at face value that the NSA will take pains to adhere to the law and that the laws that the NSA pays attention to are the ones we know about. (But I will note that the face of the NSA is not all that clear.) But I assume that most other major countries have similar plans (but may lack a Freedom of Information Act to make that fact known). So maybe it's time to start protecting communications that you or your company would rather not become general knowledge in world government circles and maybe also in industry circles with good government contacts. Take a look at gnupg (http://www.gnupg.org/), I've been told that it is what organizations like the NSA use in house to foil competitors in the same line of business that they are in. (fyi - my key is on pgp.mit.edu and its fingerprint is 1C7B 94FB B99D 1C5B E7D7 09B7 22EB 6210 E36C 431E)

disclaimer: Foiling competitors in the higher ed business means being better not stealthier in any case Harvard has not expressed a view on the NSA's self opinion and the above is mine.