This lecture was presented as part of The Long Now Foundation’s monthly Seminars About Long-term Thinking.
Inside the NSA
Wednesday August 6, 02014 – San Francisco
Video is up on the Neuberger Seminar page.
*********************
Audio is up on the Neuberger Seminar page, or you can subscribe to our podcast.
*********************
The NSA reaches out – a summary by Stewart Brand
Of her eight great-grandparents, seven were murdered at Auschwitz. “So my family’s history burned into me a fear of what occurs when the power of a state is turned against its people or other people.”
Seeking freedom from threats like that brought her parents from Hungary to America. By 1976 they had saved up to take their first flight abroad. Their return flight from Tel Aviv was high-jacked by terrorists and landed at Entebbe Airport in Uganda. Non-Jewish passengers were released and the rest held hostage. The night before the terrorists were to begin shooting the hostages, a raid by Israeli commandos saved most of the passengers.
Anne Neuberger was just a baby in 1976. “My life would have looked very different had a military operation not brought my parents home. It gives me a perspective on the threats of organized terror and the role of intelligence and counterterrorism.” When she later entered government service, she sought out intelligence, where she is now the principal advisor to the Director for managing NSA’s work with the private sector.
The NSA, Neuberger said, has suffered a particularly “long and challenging year” dealing with the public loss of trust following the Snowden revelations. The agency is reviewing all of its activities to determine how to regain that trust. One change is more open engagement with the public. “This presentation is a starting point.”
“My family history,” she said, “instilled in me almost parallel value systems – fear of potential for overreach by government, and belief that sometimes only government, with its military and intelligence, can keep civilians safe. Those tensions shape the way I approach my work each day. I fully believe that the two seemingly contradictory factors can be held in balance. And with your help I think we can define a future where they are.”
The National Security Agency, she pointed out, actively fosters the growth of valuable new communication and computing technology and at the same time “needs the ability to detect, hopefully deter, and if necessary disable lethal threats.” To maintain those abilities over decades and foster a new social contract with the public, Neuberger suggested contemplating 5 tensions, 3 scenarios, and 3 challenges.
The tensions are… 1) Cyber Interdependencies (our growing digital infrastructure is both essential and vulnerable); 2) Intelligence Legitimacy Paradox (to regain trust, the NSA needs publicly understood powers to protect and checks on that power); 3) Talent Leverage (“the current surveillance debates have cast NSA in a horrible light, which will further hamper our recruiting efforts”); 4) Personal Data Norms (the growing Internet-of-things—Target was attacked through its air-conditioning network—opens vast new opportunities for tracking individual behavior by the private as well as public sector); 5) Evolving Internet Governance (the so-far relatively free and unpoliticized Internet could devolve into competing national nets).
Some thirty-year scenarios… 1) Intelligence Debilitated (with no new social contract of trust and thus the loss of new talent, the government cannot keep up with advancing technology and loses the ability to manage its hazards); 2) Withering Nation (privacy obsession hampers commercial activity and government oversight, and nations develop their own conflicting Internets); 3) Intelligent America (new social contract with agreed privacy norms and ongoing security assurance).
Initiatives under way from NSA… 1) Rebuild US Trust (move on from “quiet professionals” stance and actively engage the public); 2) Rebuild Foreign Trust (“extend privacy protections previously limited to US citizens to individuals overseas”); 3) Embrace Collective Oversight (reform bulk collection programs in response to the President’s Privacy and Civil Liberties Oversight Board).
As technology keeps advancing rapidly, the US needs to stay at the forefront in terms of inventing the leading technical tools to provide public services and maintain public security, plus the policy tools to balance civil liberties with protection against ever-evolving threats. “My call to action for everyone in this audience is get our innovative minds focussed on the full set of problems.”
A flood of QUESTION CARDS came to the stage, only a few of which we could deal with live. Anne Neuberger wanted to take all the questions with her to share with NSA colleagues, so Laura Welcher at Long Now typed them up. I figure that since the questioners wanted their questions aired on the stage to the live and video audience, they would like to have them aired here as well. And it would be in keeping with the NSA’s new openness to public discourse. Ms. Neuberger agreed…
I have a general (unfocused) question about transparency – which
hasn’t been mentioned thus far. What is the NSA’s rationale around
hiding its activities from the American people? What can you tell us
about the issue of transparency going forward?
What are the key questions NSA is discussing following the Snowden
releases? And what is the NSA doing to address these issues?
Germany is very, very upset. What could we have done, and what should
we do in the future, to fulfill our many responsibilities while also
respecting our most valuable international relationships?
How can we work toward a new social contract when the intelligence
agency directors repeatedly lie to the Congress and to the public?
Is it true you can still find one-star generals playing Magic the
Gathering in the NSA canteen during lunch hour?
The failures of 9-11 were not technical failures, but failures of
individuals and organizations to work together toward a common goal.
What concrete steps can you describe in the intelligence community
that have been taken to remedy this?
What is the NSA doing to make the scope of its data collection efforts
as transparent as possible, while still achieving its goals w.r.t.
national security?
Is it an acceptable outcome that NSA fails at securing us in the
service of privacy considerations?
If the Snowden incident hadn’t happened, would the NSA have hired the
civil liberties expert? What structural changes will make this role
actually effective?
Has the real tension been between the NSA needing to protect its own
systems while ensuring that everybody else’s are vulnerable? Is this
inevitable?
Do you believe the mission of the NSA can be accomplished without
building a record of all worldwide communications and activities? Why?
Is the NSA embedding backdoor or surveillance capability in any
commercial integrated circuits?
If you want to address the damage to public trust, and improve the
social contract, why not applaud the work Edward Snowden has done to
demonstrate how your agency has gone astray?
Do you consider the NSA’s role in weakening the RSA random number
generator to be a violation of the NSA’s existing social contract?
How do you think about its exploitability by criminal elements?
What do you tell American corporate tech leaders who are concerned
about lowered trust and security of their services and products? Lack
of trust based on national security letters, for example, or
weaknesses introduced into RSA crypto by the NSA?
What is the best mechanism for an intelligence agency to prevent
themselves from using “national security secrecy” to cover up an
embarrassment? Is there something better than whistleblowers?
Secure information and privacy need to be balanced – please give an
example of when you feel the NSA worked at its best in this balancing
act. Please be specific :-)
How much is your presentation a reflection of NSA or your personal views?
Should the NSA play a role in devising the new rules for cyberwar?
(Since the old rules for war don’t work in the digital universe.) How
do we citizens participate?
Do you personally feel that the leaks of the last year have revealed
serious overreach by your agency? Or, do you feel as though the NSA
has simply been unfairly painted and that the leaks have been
damaging?
Privacy is, logically, implied (4th, and 5th and 10th Amendments).
Should it be an explicit right? If so, how should it be architected?
Amnesty for Snowden?
When Russia invaded Ukraine, it seemed to take us by surprise. Have
Snowden’s revelations damaged our ability to anticipate sudden moves
by rivals and adversaries?
How can the NSA build an effective social contract when it destroys
evidence in an active case and when its decisions are made in a secret
court without public scrutiny?
How can the public make informed decisions if NSA keeps secret what it
is doing from its public rulers viz the abuses exposed by Snowden?
Can you give an example of a credible “cyber threat” thwarted by the NSA?
Why did NSA dissolve its Chief Scientist Office? So too FBI. This
Office funded the disk drive and speech recognition.
How do you reconcile your stated goal of improving the security of
private sector products with NSA’s documented practice of
intentionally weakening encryption standards and adding backdoors to
exported network devices that facilitate billions of dollars of
e-commerce?
How does surveillance directed towards the United States’s closest
allies help deter terrorist threats, and how does the damage of our
relationship with Germany and other allies offset the benefits of
conducting such surveillance?
I am an American, legally, politically, culturally, economically. I
was born in Pakistan and am a young male. My demographics are the
prime target of the NSA. I have no recourse if the NSA sees that I
have visited the “wrong” links. I am afraid that the NSA deems me a
suspect. Your response?
Balancing the needs of ‘security, society and business’ leaves most of
us with 1 vote in 3. Given the shared interest in big data by
security agencies and business, how do the rest of us keep from
getting outvoted 2-to-1 every time?
Your fears seem to be based on a highly competitive scarcity-based
economy. What is your role in a post-scarcity society?
In what ways do public, crowdsourced prediction markets help to
resolve the tension between public trust and the need for
sophisticated intel?
Does the government have either a duty or a need to be open and honest
in its communication with the public?
How does the NSA approach biological data? Synthetic biology applications?
You never use the word law.
How many more leaks would it take to make your mission impossible?
Personally I look forward to this particular point in time.
Please share your thoughts on: Re: ‘talent leverage’ impact on world
stage. We are all one family on spaceship earth, and we have grave
system failures in the ship. If the U.S. gov’t can shift from empire
to universal economic empowerment, based on natural carrying capacity
of each ecosystem. Then, trust can be restored that this is not a
gov’t of and for the military-industrial complex, and the most
powerful corporations.
What are three basic reasons that make the NSA assume that it doesn’t
need to obey the law?
Surveillance and security are mutually contradictory goals. Shouldn’t
these functions of the NSA be split into different agencies?
Was Snowden a hero or a damaging rogue? Did he catalyze changes to
keep NSA from being the “KGB”?
Do we live in a democracy when there are no checks and balances in the
intelligence community? –> CIA/Senate, –> Snowden/NSA?
You described the importance of a social contract in determining the
appropriate balance between privacy and intelligence gathering. But
contracts require all parties to be well-informed and to trust each
other. How can the American public trust the intelligence community
when all of the reforms you mentioned only occurred because a
concerned patriot chose to blow the whistle (and now faces
prosecution)?
How are we to maintain the creative outliers and risk takers (things
that have been known to create growth and brilliance) if we are
keeping / tracking ‘norms’ as acceptable – or the things we accept. –
How will we know if we are wrong?
Can or does the NSA influence or seek to influence immigration policy
so that the US could retain foreign workers here on expiring H1Bs?
What does the NSA see as some of the greatest emerging technologies
(quantum decryption for example) that can create the future
“Intelligent America”?
What are the factors that determines whether the NSA ‘quietly assists’
improving a company’s product security, or it weakens or promotes
weaker crypto standards / algorithms / tech?
Please talk about the recent large scale hacking from Russia.
Why frame this as “how can laws keep up with technology” instead of
“how do we keep the NSA from exceeding the law?”
1) Was NSA interdiction of a sovereign leader’s aircraft a violation
of international law? 2) Does NSA believe they can mill and drill a
database to find potential terrorists?
The NSA paid a private security form, RSA, to introduce a weakness
into its security software. Spying is one matter. But making our
defenses weaker is another. How do you defend this?
What is your biggest fear about NSA overreaching in its power [?]
How many real, proven terrorist threats to the U.S. have been
uncovered by NSA surveillance of email / cell phone activity of
private citizens in the last few years (4-8)?
Your list of tensions omitted any mention of corporate or otherwise
economic fallout that may result or have resulted from the Snowden
revelations. What relief mechanism do you foresee maintaining
corporate trust in the American government?
You mentioned doing during slide 14 that the Director of the NSA is
declassifying more information to promote “tranparency”. Can you
please elaborate on how we might find these recently declassified
documents?
Long ago we created a “privilege” for priests, doctors and lawyers,
fearing we could not use them without it. Today, our computers know
us better than our priests, but they have no privilege and can betray
us to surveillance. How do we fix that?
What systems are in place to prevent further leaks?
1) Is it ok for a foreign entity to collect and intercept President
Obama’s communications without our knowledge? 2) Do you think William
Binney and Thomas Drake are heroes?
How do we build a world of transparency, while also enabling security
for our broader society?
As we grow more connected, the sense of distance embodied in national
patriotism and the otherness of the world shrinks. How is a larger
NSA a reasonable response in terms of a social contract?
Describe the culture that says it’s ok to monitor and read US
citizens’ email (pre-revelation) [?]
How can the NSA enable more due process during the review of approvals
of modern “wire taps” (i.e. translating big data searches to
individuals)?
In the next 10 years there will be breakthroughs in math creating
radical changes in data mining. What are the social risks of that
being dominated by NGO’s vs. government?
Has the NSA performed criminally illegal wiretapping? If so, when
will those responsible be prosecuted?
Can you define what unlocking Big Data responsibly really means and
give examples? Can NSA regulate Facebook in terms of privacy and
ownership of users’ data?
How do other governments deal with similar problems?
What prevents NSA from trusting “Intelligent America” revealing that
linking information but not the content was broadly collected could
have been understood and well presented. Funded [?] “Intelligent
Ingestion of Information” …[?] DARPA 1991-1995.
Please address the spying upon and the filing of criminal charges
against US Senators and their staff by the USA, particularly in the
case of Senator Diane Feinstein of California.
Does the NSA’s legitmacy depend more on the safety of citizens or
ensuring the continuity of the Constitutional system?
Can you shed any light on why Pres. Obama has indicted more
whistleblowers than all previous presidents combined?
When will Snowden be recognized as a hero? When will Clapper go to
jail for perjury? Actions speak louder than buzz words.
Does NSA make available the algorithms for natural language processing
used by the data analysis systems?
In the long term view, it would seem freedom is a higher priority
value than safety so why is safety the highest value here? Why isn’t
the USA working primariy to ensure our continued freedom?
How do you protect sources and methods while forging the new social contract?
How can any company trust cybercommand when the same chief runs NSA
where the focus is attack? How can we trust the Utah Data Center
after such blatant lies of “targeted surveillance?”
Now that the mass surveillance programs have to some extent been
revealed, can we see some verifiable examples of their worth? If not,
will NSA turn back towards strengthening security instead of
undermining it?
The terrorist attacks of 9/11 encouraged our govt. leaders to adopt
aggressive surveillance laws and regulations and demands from the
intelligence communities. How do we reverse these policies adopted
under duress?
Subscribe to our Seminar email list for updates and summaries.