This story appeared on Network World Fusion at
NSA: Just doing its job
By Scott Bradner
Network World, 03/21/05
In mid-March, the George Washington University-based National Security Archive added to its already impressive collection of National Security Agency-related documents. The most recent addition is the December 2000 "Transition 2001" document provided to the then-incoming Bush administration. This document recommends that the agency get even deeper into the network monitoring business and makes for quite interesting reading, particularly since it is reasonable to assume that equivalent documents were created by intelligence agencies in other parts of the world.
The documents in the archive cover many issues, which include the full history of the National Security Agency and extend from 1950 to 2002. As you might expect, Transition 2001 has been redacted, but far less than I would have expected. (By the way, the National Security Agency, at least, has learned from the work of Claire Whelan - redacting is now done with white boxes that overlap the text (explanation). It's fun to speculate that if the National Security Agency took the opportunity of having to produce this document to redact selectively to make some points, for example, clarifying that it has lost employees at a time when it wants more responsibility.
A few major points in the document:
¥ The agency is ready to deal with the explosion in global communications but to do so "demands a policy recognition that NSA will be a legal but also a powerful and permanent presence on a global telecommunications infrastructure where protected American communications and targeted adversary communications will coexist."
¥ The National Security Agency must "live on the network" to deal with the new world of wireless- and fiber-based data communications networks but "the NSA can perform its missions consistent with the Fourth Amendment [of the U.S. Constitution] and all applicable laws."
¥ The agency's mission "means seeking out information on the Global Net, using all available access techniques, breaking often-strong encryption . . ."
¥ The new telecom world leaves U.S. networks, both public and private sector, vulnerable. But the document doesn't spend all that much time discussing this. The document also mentions that the National Security Agency suffered a three-and-a-half-day network outage in January 2000, hardly something I expected to read here (unless it already had been reported - if so, I missed it).
It might not be entirely coincidental that the National Security Agency in mid-February leaked the fact that the Bush administration is thinking of making the agency just the kind-of "traffic cop" that it asked to be in Transition 2001. It sure would be good to get someone in government to pay attention to the security of government agencies, considering they were judged to deserve no better than a D+ last year.
Maybe the National Security Agency can help. For now, I'll take it at face value that the National Security Agency will take pains to adhere to the law and that the laws that the agency pays attention are the laws we know about. (But I will note that the face of the agency is not all that clear.)
I assume that most other major countries have similar plans, but might lack a Freedom of Information Act to make that fact known. So maybe it's time to start protecting communications that you or your company would rather not have become general knowledge in world government circles, and maybe also in industry circles with good government contacts. Take a look at the technology at www.gnupg.org, which I've been told is what organizations like the National Security Agency use in house to foil competitors in its line of business.
Disclaimer: Foiling competitors in the higher-ed business means being better, not stealthier. Harvard hasn't expressed a view on the National Security Agency's self-opinion, and the above is mine.