RE: [gnu@toad.com: Hayden's statement from Oct 2002 on liberty and security]

I dunno. This strikes me as naive. Is the NSA really in a position to say, "We know how the obtain data X,Y, and Z but we have chosen not to due to privacy concerns." I'm not convinced NSA is in a position like that. If DC is saying, "Get whatever you are able to get and we'll worry about whether it's legal or illegal after we see what it is." NSA individuals may give something of a crap about some of these issues (or not), but in the end NSA is merely another engine, as it were, a big Janitor that gets information that's normally hard to get. In other words, NSA's priorities reflect those of the State, and the State is, invariably, looking to keep itself in business. -TD

From: Eugen Leitl To: transhumantech@yahoogroups.com, cypherpunks@jfet.org Subject: [gnu@toad.com: Hayden's statement from Oct 2002 on liberty and security] Date: Sun, 28 May 2006 16:23:39 +0200

----- Forwarded message from John Gilmore -----

From: John Gilmore Date: Fri, 26 May 2006 18:53:08 -0700 To: cryptography@metzdowd.com, gnu@toad.com Subject: Hayden's statement from Oct 2002 on liberty and security

http://www.nsa.gov/releases/relea00072.html

While testifying to a joint hearing of the House and Senate intelligence committees a year after 9/11, Michael Hayden, as NSA Director, testified about NSA's response to 9/11. In closing, he said:

38. When I spoke with our workforce shortly after the September 11th attacks, I told them that free people always had to decide where to draw the line between their liberty and their security, and I noted that the attacks would almost certainly push us as a nation more toward security. I then gave the NSA workforce a challenge: We were going to keep America free by making Americans feel safe again.

39. Let me close by telling you what I hope to get out of the national dialogue that these committees are fostering. I am not really helped by being reminded that I need more Arabic linguists or by someone second-guessing an obscure intercept sitting in our files that may make more sense today than it did two years ago. What I really need you to do is to talk to your constituents and find out where the American people want that line between security and liberty to be.

40. In the context of NSA's mission, where do we draw the line between the government's need for CT information about people in the United States and the privacy interests of people located in the United States?

Practically speaking, this line-drawing affects the focus of NSA's activities (foreign versus domestic), the standard under which surveillances are conducted (probable cause versus reasonable suspicion, for example), the type of data NSA is permitted to collect and how, and the rules under which NSA retains and disseminates information about U.S. persons.

41. These are serious issues that the country addressed, and resolved to its satisfaction, once before in the mid-1970's. In light of the events of September 11th, it is appropriate that we, as a country, readdress them. We need to get it right. We have to find the right balance between protecting our security and protecting our liberty. If we fail in this effort by drawing the line in the wrong place, that is, overly favoring liberty or security, then the terrorists win and liberty loses in either case.

42. Thank you. I look forward to the committees' questions.

Now we know a small part of what he was really talking about. At least he had the balls to mention it. But who among us could suspect that when Congress responded by Patriot Act tune-ups making many kinds of wiretapping easier, NSA's reaction was to ignore the laws, treating the illegality of its operations as a "classified technique" for surprising the "secret enemy under our beds". Anyone who had said NSA was a rogue that ignored the laws, before or after 9/11, was either called paranoid, unrealistically cynical, or "against us and for the terrorists".

Read this again:

Practically speaking, this line-drawing affects the focus of NSA's activities (foreign versus domestic), the standard under which surveillances are conducted (probable cause versus reasonable suspicion, for example), the type of data NSA is permitted to collect and how, and the rules under which NSA retains and disseminates information about U.S. persons.

Now we find out that NSA has crossed each of these lines. It is now focusing domestically. It now uses a "reasonable suspicion" standard adjudicated by its own staff. It is collecting all types of data "and how!", apparently retaining that data indefinitely, and disseminating it as it sees fit (to the FBI, at least).

In the open crypto community, we noticed this curious part of his speech, but generally didn't engage with him. Personally I felt that whatever I said would be ignored, just as my concerns were ignored during the entirety of the 1990's, in the Clipper Chip debacle and the Export Control madness. We were ignored until we forced change upon NSA with the courts and, in partnership with business, in Congress. We are having to take the same routes today (though business is now against us, since business is up to its eyeballs in spying).

Did anyone else respond to Mr. Hayden at that time, and if so, what reaction did you get?

John

PS: NSA's web site SIGINT FAQ still says they don't "unconstitutionally spy on Americans". It raises some guff about the Fourth Amendment and strictly following the laws. (http://www.nsa.gov/about/about00020.cfm) But I hear that if you're discussing something classified, it's not only acceptable to lie, but it's actually required.

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]