So the question is, has the NSA been doing this and more to ensure it could snoop on anything that the commercial world has tried to secure over the years?
This question is being asked by nearly 50 technical experts that have an abiding interest in the social implications of technology. They hail from universities and research groups (including Harvard, Johns Hopkins, and Carnegie Mellon), and public-advocacy groups, including the Electronic Frontier Foundation and Center for Democracy & Technology. A few of these security experts have industry or open-source connections with AVG Technologies, BT, Mozilla, and Silent Circle. Together, they filed their comments about the NSA on Oct. 4 based on their own opinions, not necessarily their employers. Their comments were submitted to a so-called "review group" set up by the President last August to review how the intelligence community uses technologies.
Faced with the uproar over how NSA operates, President Obama in August set up what's called the "Director of National Intelligence Review Group on Intelligence and Communications Technology." This Review Group is intended to "review our intelligence and communications technologies" with the goal of soon delivering its "findings" to the President.
The main question the Review Group is supposed to answer is how "the United States can employ its technical collection capabilities in a way that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure."
This Review Group consists of Richard Clarke, Michael Morell, Geoffrey Stone, Cass Sunstein and Peter Swire. Clarke, now a consultant, had a long career in U.S. intelligence and was former White House cybersecurity adviser.
The technical experts addressing the Obama-appointed Review Group expressed deep concerns about what's become known about NSA surveillance.
"What we have learned about this surveillance apparatus shows that it is complex, systematic and state-of-the-art," the group said in the filing. "It encompasses vast collection, targeting and processing systems as well as powerful technologies such as high-speed Internet filtering appliances, and intrusion techniques such as man-in-the-middle attacks using fraudulent X.509 certificates, and the planting of backdoor mechanisms in software and hardware."
The technical experts say they hope the Review Group will find out exactly how the NSA and the UK's GCHQ amass content on targets, even if full disclosure of details is not possible given the secretive nature of intelligence gathering. Among the many technical experts is Bruce Schneier, affiliated with BT as chief technology officer at BT Managed Security Solutions and an author of many articles, including some about the NSA based on his own reading of some of the Snowden documents.
Sign up for Computerworld eNewsletters.