Getting Data From NSA Takes 'Days' So Federal Counterintelligence Agency Turned To Private Company, Documents Show (404media.co) 33
Slash_Account_Dot writes: A federal counterintelligence agency tracking hackers has bought data harvested from the backbone of the internet by a private company because it was easier and took less time than getting similar data from the NSA, according to internal U.S. government documents. According to the documents, going through an agency like the NSA could take "days," whereas a private contractor could provide the same data instantly. The news is yet another example of a government agency turning to the private sector for novel datasets that the public is likely unaware are being collected and then sold.
If the government cannot do it because of red tape (Score:2, Interesting)
Then shouldn't the same red tape apply when performing the same task through the civilian sector?
Or is it okay for companies to go around censoring speech because government is willing to spend money instead of being burdened with the bureaucracy of pesky laws like the constitution.
This post brought to you by Pfizer
Re: (Score:2)
Re: (Score:2)
Then shouldn't the same red tape apply when performing the same task through the civilian sector?
Or is it okay for companies to go around censoring speech because government is willing to spend money instead of being burdened with the bureaucracy of pesky laws like the constitution.
This post brought to you by Pfizer
If only the government would thing about some General Protection for Data, possibly even making it a Regulation.
Nah, that would just be stupid.
Private company (Score:4, Interesting)
So there are private companies having data monitoring / data harvesting systems on the backbone of the internet?
I think all governments should be very afraid that such capability exists for potential sale to the highest bidder.
And can someone from EU please use the GDPR to sue these companies out of existance?
It's got nothing to do with red tape (Score:3)
This is about bypassing warrants and/or congressional oversight. By buying it from private companies it's now just a purchase from a vendor, so it doesn't trigger any of the (albeit limited, it's the NSA) oversight mechanisms in place to stop them from abusing information gathering.
Police depts have been caught doing this a *lot* lately, so it's no surprise the NSA was doing it. Hell, the police probably learned it from the NSA. We'
Re: (Score:1)
Police depts have been caught doing this a *lot* lately, so it's no surprise the NSA was doing it.
If you read the article, you'd see that it's not the NSA doing it-- it is about a different agency buying data commercially because the NSA wouldn't provide it (or, possibly, wouldn't provide it fast enough.)
The article [404media.co] itself names that other agency as the Defense Counterintelligence and Security Agency, DCSA (formerly known as Defense Security Service); an agency that somehow manages to avoid much public scrutiny.
Not entirely clear to me from the article whether this data being collected is protected priv
Re: (Score:1)
Yes, they exist.
Also you not gonna do jack shit about it.
Re: (Score:3)
If the GDPR had any teeth, a lot of this stuff wouldn't exist. I mean, Echelon and the like have existed for as long as i'm alive, and that violates the spirit and the letter of the GDPR. The authors were kidding themselves. It might be useful against China or internal eavesdropping in the EU, but the US can violate with impunity.
Probably if Europe didn't feel dependent on the US for defense, there would be more chance of effective regulation. As it stands, this soft power stuff is for the birds, ultimat
Re: (Score:2)
If the US didn't exist there would be just as much spying on their own people going on in Europe.
For example, the U.K. (yes I know they left the EU) is the poster child for public camera surveillance. The US didn't make them do that.
Re: (Score:3)
The degree to which modern societies that purport to be free and democratic rely on surveillance that would be decried in the past as a mark of authoritarian rule is astounding.
It's hard to construct a quality argument that we are the good guys anymore.
Re: (Score:2)
Re:Private company (Score:5, Informative)
The article says it in the opening paragraph, it's Netflow [wikipedia.org] data. If you don't know what that is, it's essentially connection tracking at the router level, execute 'sudo conntrack -L' on a Linux system for an idea of what they're seeing, except, it's on major backbone links instead of one endpoint. A good Netflow implementation also gives you traffic totals in bytes and packets, which you can do on Linux if connection accounting is enabled, 'sudo sysctl -w net.netfilter.nf_conntrack_acct=1'
The rationale for the Government actor wanting the data is very legitimate: DSS writes in one part of the documents it is seeking the “ability to track malicious activity stemming from known foreign intelligence entities despite their attempts to obfuscate their activity,” providing more clarity on the use cases that some will see as legitimate exploitation of netflow data.
What I find creepy AF isn't that the Federal Government wants access to this data but rather that a private actor is collecting netflow data on the Internet backbone. The backbone operator might have a legitimate use for that data but they should not be allowed to sell it to a third party. There are laws in place to protect telephone metadata from this kind of commercial exploitation, in spirit those laws should apply to IP metadata, which is what Netflow is, but in reality it seems some for-profit assholes have found a way to make money from some other for-profit asshole. :(
Its about priorities. (Score:1)
If the states make it a priority to handle such information then the states will get it immediately. If they'd rather trust some, any grinning snake of a CEO for state security then red tape is just common sense.
inconvenient (Score:3)
Doing things legally is so inconvenient.
Re: (Score:2)
You would have to know it to follow it.
Just Another Example of Government Inefficiency (Score:2)
Why are our tax dollars even going to an agency that spies on its own people? Yet, here we are.
Re: (Score:2)
Must have run out of foreign enemies.
Gotta do something to earn that pension!
550 collection points worldwide! (Score:4, Informative)
“The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day,”
https://sam.gov/opp/96b4874e76... [sam.gov]
This is GOOD and BAD (Score:1)
GOOD, that the NSA puts up roadblocks even to other government agencies.
BAD, that private industry isn't at least as protective of sensitive information.
Re: (Score:3)
Overstating the obvious, but private industry is 100% about profit. Ethics, rules, society's wishes are brushed aside, if they're acknowledged at all.
The problem is We the People have not spoken loudly enough to get personal privacy laws in place. More specifically, our "representatives" listen to paid lobbyists far more than what we want. That plus there's always a mantra of keeping commerce and the economy flowing. Then you'll have companies whining about how it'll cost money and hurt business if they
Re: (Score:2)
Re: (Score:2)
Thank you, I'm humbly honored.
Encrypted data (Score:2)
Re: (Score:2)
It's unclear if they can already unencrypt or are just saving the data streams for later when they can.
Also, even if you can't read the data, you can see the meta data. If I knew you were making a tcp/up connection to a server in Tehran's embassy and sending gigabytes of data then maybe we should be taking a closer look at you, eh?
Re: (Score:2)
They're using it to try to track encrypted traffic back to the source computer. (e.g., where is the malware sending its data?) That lets them know where the hackers actually are, not just which computer was used as the last node for connection.
Re:Encrypted data (Score:4, Interesting)
They're not getting the traffic, they're getting the metadata, i.e., you communicated with this IP address, on ports U and V, sending W packets totaling X bytes, while receiving Y packets totaling Z bytes.
Metadata is hugely valuable in signals intelligence.
Ever since Snowden left... (Score:2)
The upgrades just aren't getting done, and things have *really* slowed down a bit.
NSA Is A Hassle (Score:2)
I am still waiting for them to send me a copy of the hard drive data that they mysteriously copied off my computer and into one of their massive data farms.
.