22 February 1997
Source: http://www.msnbc.com/news/wwwashington.asp

MSNBC, 21 February 1997

Plan to unleash NSA on cyberspace
could be danger to privacy rights

By Brock Meeks

The Clinton administration is quietly considering legislation that would remove the legal choke chain that bans the National Security Agency from gathering intelligence on U.S. citizens during the investigation of computer-related crimes. Such a move is yet another step in the current administration's long march toward breaking down and weakening privacy protections for U.S. citizens, all in the name of "protection" and "law enforcement needs."

A little publicized "Information Warfare-Defense" report, issued last month by the Defense Science Board, states the need to "resolve legal issues" about the use of intelligence and military resources in helping thwart so-called "cyber-terrorist" attacks against the nation's critical information infrastructure.

The report suggests that the White House "propose legislation, regulation, or executive orders as may be needed to make clear the [military and intelligence roles in] defending [commercial] systems. This should specifically address the need for changes to the Computer Security Act, the capture of information on unidentified intruders (issue of intelligence collection on U.S. persons), the authority to conduct `hot pursuit' of intruders."

A special Infrastructure Protection Task Force, authorized by presidential directive last year, is now considering such legislation, according to several members of the intelligence community. Assistant U.S. Attorney General Jamie Gorelick has likened this task force to the Manhattan Project that developed the first U.S. atomic bomb. The task force is an interagency group with members from the Defense Department, the Central Intelligence Agency, the NSA and the Justice Department.

Since the thaw of the Cold War, U.S. intelligence agencies, in an effort to justify their multibillion dollar `black,' or covert, budgets, have been increasingly pressured to use their resources in, shall we say, more creative ways. All this runoff from the Cold War has blurred the ink on long-standing prohibitions in U.S. law against intelligence agencies getting involved in domestic matters.

However, the NSA has already been quietly involved in several domestic investigations, an involvement that stretches current legal boundary lines. The Justice Department has called on the NSA's "technical assistance" to help it break encrypted messages and files, according to Gorelick.

It was during a hearing before the Senate Subcommittee on Investigations last year that Gorelick first hinted at how far the lines were likely to blur in the future &emdash; allowing intelligence agencies to become involved in domestic investigation. Gorelick told the Senate panel the infrastructure task force would make sure that intelligence community efforts would be "lashed up" with the FBI's efforts, which have the responsibility for "fusing both foreign intelligence and the domestic intelligence created."

When a computer attack is launched against a U.S. network, but the origins of that attack can't be readily determined, then "the NSA probably should have a role in dealing with computer attacks," says Stewart Baker, a former general counsel for the NSA who also helped draft the Defense Science Board report. "There need to be some new rules written about how to [involve the NSA]," he said.

Baker, however, sees no problem in loosening the NSA's choke chain, allowing it to become involved in computer investigations. "We have to find a way to make sure that really serious attacks are met with our best capabilities," he said. The NSA involvement "is not espionage, not intelligence [gathering] &emdash; these are crimes. I'm having trouble seeing what is so bad about having the NSA being involved in such cases." Yet even the report that Baker helped draft uses the phrase "intelligence collection on U.S. persons" when referring to the involvement of the intelligence community in helping solve computer-related crimes.
A troubling aspect of allowing the nation's top spies to become involved in domestic intelligence gathering is that any actions they take aren't likely to be fully known. Baker acknowledged that any work the NSA did in tracking down a computer criminal would possibly be passed along to the FBI, which in turn would use that information to build a case based on more traditional evidence-gathering procedures.

You see, the NSA isn't about to allow itself to be hauled into court for questioning by a bulldog defense attorney demanding a "step-by-step explanation of how you tracked my client and what procedures did you use."

And what happens if a "cyber terrorist" gains control of someone's Internet account and starts using it as a digital cloak to hide behind? In the course of tracking the supposed perpetrator, the trail might very well lead to an innocent person. Investigators would then electronically rifle the person's files, intercept e-mail and perhaps even haul the person in for questioning, only to find he or she had been the unwitting dupe of a master electronic criminal. A sincere apology for the mistake would no doubt be offered &emdash; but as wrongly accused Atlanta bombing suspect Richard Jewel knows, no apology can make up for the rape of your personal privacy.

If all this doesn't make you twitchy, how about a little "back to-the-future" diversion? Twenty years ago Sen. Frank Church investigated illegal acts by the NSA in his capacity as chairman of the Senate Intelligence Committee. Church said the NSA's capacity for violating the privacy of U.S. citizens was "unmatched by any other intelligence agency." Church warned that if the NSA were ever allowed to use its powers domestically, "No American would have any privacy left. ... There would be no place to hide."

Unleashing a powerful weapon like the NSA into the domestic law enforcement mix can only lead to one conclusion: unbridled surveillance, under the political cover of protecting the nation's networks.