U.S. Navy photo by Gary Nichols/Released

NSA Just Needs Better Public Relations, Says Incoming NSA Chief Rogers

Reforming the NSA? Obama’s nominee for the job, Vice Adm. Mike Rogers, isn’t interested. By Patrick Tucker

President Obama’s pick to take over the National Security Agency, Vice Admiral Michael Rogers, told Congress that he has no serious reform agenda for the agency except for in one area: public relations. The NSA’s main problem, Rogers said in his Senate confirmation hearing on Tuesday, is not the controversial stockpiling of personal data, nor the tactic of subverting encryption standards, but that the agency didn’t effectively communicate its reasons for doing so.

Rogers’ confirmation hearing for his parallel role as the military’s U.S. Cyber Command commander – the NSA post does not require Senate approval – provided a rare opportunity for lawmakers and the public to hear his opinion on privacy, which has been relatively unknown.

“I believe one of the takeaways form the situation over the last few months is that as an intelligence professional…I have to be capable of communicating in a way that highlights what we are doing and why to the greatest extent possible,” Rogers said to the Senate Armed Services Committee.

Rogers spoke only briefly on the NSA’s controversial practice of collecting bulk metadata on individuals. The Privacy and Civil Liberties Oversight Board, an independent review panel, recently found that the way the NSA was collecting metadata did not comply with Patriot Act requirements and was illegal. That suggests changes are coming in the way that the agency either stores or uses metadata; but the form those changes will take has yet to be determined.

Metadata refers to data about data. In addition to Internet data, it includes phone company records about who called who or whom, at what time, and the duration of the call but doesn’t include the literal content of the conversation. In June, after former NSA contractor Edward Snowden’s disclosures, Obama defended the metadata collection practice, saying, “No one is listening to your phone calls.”

Yet consumer metadata can reveal plenty. The conversation patterns between two individuals on Facebook can predict the likelihood they will end up in a relationship.  Email and communication patterns in an office setting can predict possible quitting. In business, knowing who is calling whom and when can also yield an unfair market advantage, according to experts.

“Suppose the head of Oracle calls the head of a company that Oracle is looking to acquire on a Friday. And after the phone call, both CEOs call their general counsel. That information says that a buyout is going to happen,” computer scientist Susan Landau said at a SXSW privacy panel in Austin, Texas, this week, where Snowden spoke to conferees and the NSA controversy was a hot topic.

Rogers, who currently commands the Navy’s 10th Fleet and U.S. Fleet Cyber Command, said that he supported the president’s January policy directive that proposes a review of the bulk metadata collection process in order to find ways the U.S. can more easily collect more specific data, but doesn’t call for the end of the practice. “Within one year… the [Director of National Intelligence], in coordination with the heads of relevant elements of the [intelligence community] and [Office of Science and Technology Policy], shall provide me with a report assessing the feasibility of creating software that would allow the [intelligence community] more easily to conduct targeted information acquisition rather than bulk collection.”

When asked by Sen. Ted Cruz, R-Tex., if the U.S. should continue the practice of using consumer metadata, Rogers said, “I believe we can still do this in a way that ensures the protection of our citizens while also providing us insights that generate value.”

The research firm IDC says we are likely to generate as much as 50 times as much data in the year 2020 as we do today, already on the order of 1.8 million megabytes a year. This data won’t just be limited to how we talk or stream entertainment, our primary data generating activities today, but also how we interact with the increasingly computerized world around us. Future metadata could include information on how often we use smart appliances like Internet-connected refrigerators, when we activate smart thermostats, even the functioning of Wi-Fi enabled pacemakers. All of the digital exchanges that interconnected machines create when trying to provide us with services falls under the broad category of metadata.

Obama’s January directive opens up the possibility of third parties such as telephone companies and Internet service providers maintaining metadata stockpiles, rather than the government holding all that data at not-so-secret facilities. These third parties would then give the government access to portions of that data on the basis of specific requests.

Carriers like AT&T already hold and use customer data for marketing. But relying on phone companies to maintain customer data for possible future government investigations isn’t a popular idea among technologists. Landau called the scheme “a security nightmare.” She says that although AT&T “has kept that data for decades...these days, that data is much less secure.”

Privacy advocates continue to dismiss the president’s reform efforts as lackluster. rejecting the notion of a single presidential policy directive as an effective accountability measure. “The problem with presidential directives is that the president can issue a second directive,” Cato scholar Julian Sanchez said at SXSW on Saturday.

Bulk data collection is only one of the many controversial NSA activities that the Snowden leaks have revealed. Another is the federal government’s bypassing of the encrypted security features of services like Google and Yahoo to intercept data, part of the agency’s so-called MUSCLAR Program. Ironically, NSA infiltration of services like Yahoo, and Snowden’s disclosure of those vulnerabilities, have prompted Silicon Valley players to improve their encrypted firewalls.

 “The advancements in crypto over the last six months have been massive,” said Matthew Prince, CEO of the company CloudFlare at a SXSW panel.

For many in the privacy and the technology community, The MUSCLAR program represents a particularly stinging insult. One aspect of the program involved the systematic weakening of encryption standards so that the NSA could break into more networks and systems via backdoors.  

“This points to a serious internal mission/goals conflict. After all, the [United States Government] is supposed to be for cybersecurity. U.S. policy regularly calls on everyone to do a better job of securing devices and networks. And yet the NSA actually weakens crypto and exploits vulnerabilities when it could be trying to get everyone to fix them,” Electronic Frontier Foundation senior staff attorney Lee Tien told Defense One..

In his confirmation hearing, Rogers mentioned Snowden by name only twice to demure further comment about him. The admiral did argue that the Snowden’s disclosures had harmed the agency, its mission and national security.

Snowden meanwhile, has been more actively participating in public events. He remotely attended SXSW on Monday to great fanfare. Of perhaps greater concern for U.S. lawmakers, Snowden also recently appeared before the European Parliament to offer public testimony on NSA surveillance of European targets and other sensitive activities. Snowden discussed the MUSCULAR program, though did not mention it by name, stating that “the intentional weakening of the common security standards upon which we all rely is an action taken against the public good.” He also discussed his reasons for making his disclosures and argued for more oversight of the agency.

“Better oversight could have prevented the mistakes that brought us to this point, as could an understanding that defense is always more important than offense when it comes to matters of national intelligence.”

Rogers gave no indication in his testimony that he’s interested in additional congressional oversight.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.