NSA's secret hunt for hackers: How widespread?

Reports that the US Justice Department secretly expanded NSA Internet surveillance come just days after Congress voted to rein in government authority to collect data on US citizens.

Yes, the just-passed USA Freedom law places some important limits on National Security Agency surveillance activities. For instance, it will stop the spy agency from collecting Americans’ phone records in bulk as it searches for foreign intelligence. NSA analysts will move instead to a system of case-by-case searches of records held by phone companies, not NSA computers.

But the NSA is still doing lots of things that worry privacy advocates. Case in point: Thursday’s revelation that the agency expanded its warrantless surveillance of Internet traffic in mid-2012 to try and catch computer hackers linked to foreign governments.

On one level this is in line with the NSA’s purpose. It is an intelligence arm of the US government, aimed at threats and adversaries outside the nation’s borders. That includes Chinese, or Russian, or North Korean government groups organized for cyber infiltration.

But cyberwar is a shadowy game. Distinguishing a foreign threat from a lone domestic vandal isn’t quite as easy as one might suppose.

For years experts have debated what role the NSA might play in protecting the nation’s cyber infrastructure. For the most part that debate has assumed that the NSA’s domestic authority is narrowly circumscribed, and that domestic law enforcement organizations such as the FBI play a much larger role, according to Jonathan Mayer, a law lecturer at Stanford University and computer science expert.

That would make the nation’s cyberdefense analogous to the situation with flesh-and-blood spies. The CIA tracks foreign agents overseas, while the FBI does counterintelligence defense inside the US.

“Today, we learn that assumption is incorrect,” writes Mr. Mayer on his personal blog. “The NSA already asserts broad domestic cybersecurity powers.”

Unsurprisingly, former NSA contractor Edward Snowden is the source of this latest NSA news. Working from documents provided by Mr. Snowden, The New York Times and ProPublica established that the US electronic spy agency began in 2012 “hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad – including traffic that flows to suspicious Internet addresses or contains malware.”

The secret Justice Department memos that authorized this expansion allowed the agency to monitor only Internet provider addresses and “cybersignatures” – patterns associated with computer intrusions – that it could trace to foreign governments, according to the NYT/ProPublica account.

But the NSA also has tried to snoop on suspected hackers even when they could not directly tie them to foreign government groups. Why? Because it’s so hard to tell these threats apart, that’s why. Sometimes one mimics the other. Sometimes they share malware or particular bits of coding patterns. Sometimes they work together.

“Targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose,” Brian Hale, a spokesman for the Office of the Director of National Intelligence, told The New York Times and ProPublica.

But the difficulty of distinguishing between individual and government attacks isn’t the only privacy complication here. In the course of investigating hackers the NSA vacuums up lots of data on innocent Americans that hackers themselves steal. Can this information be used in criminal cases unrelated to the hacking itself?

That’s unclear, notes the Times/ProPublica investigation.

Proponents of further curbs on NSA activities say this shows why the USA Freedom Act, signed into law by President Obama this week, should be just a first step. These “back door” searches of personal data by law enforcement officials should be explicitly banned, they say.

“To add insult to injury, under this program victims of cybercrime are doubly harmed when their government collects and searches their private stolen communications and data,” Rep. Zoe Lofgren (D) of California told The Guardian on Thursday.