Snowden's stream of leaked NSA secrets about classified surveillance programs shined the public spotlight on the clandestine government organization. Though the stream has now dissipated to a trickle, the impact to the intelligence community continues.
[...] Within NSA's Fort Meade, Maryland, headquarters, no one wants to face another Snowden. With NSA's widespread adoption of cloud computing, the spy agency may not have to.
NSA bet big on cloud computing as the solution to its data problem several years ago. [...] NSA's GovCloud - open-source software stacked on commodity hardware - creates a scalable environment for all NSA data. Soon, most everything NSA collects will end up in this ocean of information.
At first blush, that approach seems counterintuitive. In a post-Snowden world, is it really a good idea to put everything in one place -- to have analysts swimming around in an ocean of NSA secrets and data? It is, if that ocean actually controls what information analysts in the NSA GovCloud can access. That's analogous to how NSA handles security in its cloud.
NSA built the architecture of its cloud environment from scratch, allowing security to be baked in and automated rather than bolted on and carried out by manual processes. Any piece of data ingested by NSA systems over the last two years has been meta-tagged with bits of information, including where it came from and who is authorized to see it in preparation for the agency's cloud transition.
Related Stories
Reuters is reporting on a lawsuit filed against the US Drug Enforcement Administration (DEA) by Human Rights Watch. The lawsuit, filed on April 7, 2015, seeks to have the DEA's bulk collection program [autoplay video, exclusive report by USA TODAY] declared unlawful.
From the Reuters article:
Opening another front in the legal challenges to U.S. government surveillance, a human rights group has sued the Drug Enforcement Administration for collecting bulk records of Americans' telephone calls to some foreign countries.
Lawyers for Human Rights Watch filed the lawsuit on Tuesday in U.S. District Court in Los Angeles. The lawsuit asks a judge to declare unlawful the DEA program, which ended in September 2013 after about 15 years, and to bar the DEA from collecting call records in bulk again.
U.S. spying programs have come under court scrutiny since former National Security Agency contractor Edward Snowden leaked details of them in 2013.
Justice Department spokesman Patrick Rodenbush said on Wednesday the DEA program is not active.
"All of the information has been deleted," he said in an email to Reuters. "The agency is no longer collecting bulk telephony metadata from U.S. service providers."
The DEA's Special Operations Division collected data in bulk about international calls from the United States to certain countries determined by the government to have a nexus to drug trafficking.
The data included phone numbers and the date, time and duration of each call, but not the content, according to the DEA.
(Score: 0) by Anonymous Coward on Monday April 13 2015, @07:40PM
From TFA:
This means analysts don’t have to make their own judgments about what they are allowed to see—the data before them is data they are legally allowed to access.
Oh really? Has a court ruled that the NSA searching was 'reasonable', and not in violation of the constitution?
(Score: 5, Insightful) by JNCF on Monday April 13 2015, @08:02PM
Oh really? Has a court ruled that the NSA searching was 'reasonable', and not in violation of the constitution?
They probably will, eventually. They're just stalling so that the public has more time accept what's going on as "normal." I don't really care what a court says, the wording of the Fourth Amendment seems pretty-fucking-clear:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
They can make all the rulings they want, it won't change the fact that they violate the wording of the Constitution on a regular basis. The federal government is a criminal organization. If we act like a court ruling is the bar for legitimacy, we have to recognise their spying as legitimate as soon as they get a favorable ruling. They have the Eye of Sauron now, and I would be really surprised if the supreme court went against them.
I'm not really doubting that they could amend the constitution if necessary, but it is a much higher bar. This is the standard we should be asking for: if they want to act like we've had a national debate about whether or not the federal government can spy on us without a warrant, they need to amend the Constitution to make that explicitly clear. Blackmailing a majority of nine isn't good enough.
(Score: -1, Spam) by Anonymous Coward on Monday April 13 2015, @08:46PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 2, Disagree) by bob_super on Tuesday April 14 2015, @12:03AM
You haven't been paying enough attention.
1) Operative words in the Fourth: "searches and seizures"
2) Do you remember what was said earlier: the data in the NSA's database is not "collected" until an analyst searches through it. Raw data is just "ingested" (or something like that)
3) People keep arguing that copying media isn't theft in the usual sense, because the official "owner" is not deprived of it.
Put these together, and you get mass surveillance without infringing the Fourth: The NSA is just ingesting all data as potentially vital to protecting the country and the constitution... Nobody is being deprived of their data nor "searched".
(Score: 0) by Anonymous Coward on Tuesday April 14 2015, @04:51AM
According to gun nuts, the wording of the second doesn't matter and anything which violates its spirit is unconstitutional, so this must mean that anything which violates the spirit of the fourth, regardless of whether it violates the letter, is also unconstitutional.
(Score: 2) by Leebert on Tuesday April 14 2015, @12:53PM
Huh? The wording of the second very much does matter, and "shall not be infringed" is pretty unambiguous. Certainly moreso than "unreasonable searches and seizures".
(Score: 2) by JNCF on Wednesday April 15 2015, @03:17PM
2) Do you remember what was said earlier: the data in the NSA's database is not "collected" until an analyst searches through it. Raw data is just "ingested" (or something like that)
I don't care whether the intelligence collecting my data is a brain or a microchip, and I don't see any distinction along these lines being made in the Constitution. If the data is being stored, it's obviously being seized (even if not directly by a human).
3) People keep arguing that copying media isn't theft in the usual sense, because the official "owner" is not deprived of it.
Now we're not talking about written laws, but rather what we would like the written law to be. I'm okay with that, just noting it. I see an important distinction between data that is intended to remain private and data that is intended to be distributed to the general public. I'm not saying that copying and distributing either type of data should be illegal, but I could see how somebody might argue for a law against intercepting data which is intended to be private.
(Score: 2) by bob_super on Wednesday April 15 2015, @03:29PM
> If the data is being stored, it's obviously being seized
Says you, and you're not a lawyer for the NSA. My whole point is that they have publicly demonstrated that they play on words to go around restrictions.
If you still have it, was it really seized under the common understanding of the Founding Fathers? Lots of people are paid to argue that the answer is no (whatever they actually personally believe).
(Score: -1, Spam) by Anonymous Coward on Monday April 13 2015, @08:46PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 5, Insightful) by Gravis on Monday April 13 2015, @07:45PM
no one wants to face another Snowden
what they really mean is they dont want to face oversight or accountability.
(Score: -1, Redundant) by Anonymous Coward on Monday April 13 2015, @08:46PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 5, Insightful) by AndyTheAbsurd on Monday April 13 2015, @08:04PM
NSA's GovCloud - open-source software stacked on commodity hardware
NSA built the architecture of its cloud environment from scratch, allowing security to be baked in and automated
Either they built something using open-source software, or they built the architecture "from scratch", but it CANNOT be both. These statements are literally incompatible.
Typical politicians, talking out of both sides of their mouth.
Please note my username before responding. You may have been trolled.
(Score: 2) by maxwell demon on Monday April 13 2015, @08:17PM
They can write their software from scratch, and open source that. Nothing incompatible about that.
Whether that possibility is compatible with reality is another question, of course.
The Tao of math: The numbers you can count are not the real numbers.
(Score: -1, Redundant) by Anonymous Coward on Monday April 13 2015, @08:47PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: -1, Spam) by Anonymous Coward on Monday April 13 2015, @08:46PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 3, Interesting) by VLM on Monday April 13 2015, @08:52PM
Well, your architecture could depend on kerberos for auth and gpg encrypting file and storing the gpg keys using ssss to split the keys amongst people or somesuch.
Or they could be using NIS/YP for auth, that pig latin thing from bsdgames for file encryption, and store the files on NFSv1 unauthenticated servers on the internet. Or maybe using gopher to really confuse those leet hackers who've never heard of gopher protocol.
Using open source components doesn't mean they're doing it "right" or the whole system is open. It just means the components are free.
(Score: 3, Informative) by frojack on Monday April 13 2015, @09:04PM
Typical politicians, talking out of both sides of their mouth.
Careful. Remember there is a journalist standing between you and the truth. Its as likely to be a casual word choice by the journalist as anything meaningful from a politician.
Further the story sourced NSA Chief Information Officer Lonny Anderson, and SA cloud strategist Dave Hurry. Neither are politicians. Believe me, if we could vote for these guys they would have been long gone.
Its entirely possible to take opensource software, say something like Hadoop, and feed into that a historical collection of disparate and diverse datasets collected by a dozen different branches and build a new distributed database, adding metadata along the way.
That's a valid definition of "from scratch" in the data processing world, because you come out of it with the ability to scrap your old systems, or continue to use them as input mechanisms, while relying on the new cloud system for extraction and data crunching.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by Nerdfest on Monday April 13 2015, @09:38PM
There's a journalist standing between us and a politician. The truth is unlikely to enter into the process.
(Score: 2, Insightful) by Anonymous Coward on Monday April 13 2015, @08:09PM
Instead of limiting the potential breach to those with "physical" access, put it in the cloud where any hacker in the world can take a shot at it.
(Score: 3, Insightful) by Snow on Monday April 13 2015, @08:26PM
I'm pretty sure it's all housed in their own private cloud computing service, not something like EC2 or Azure.
(Score: 3, Interesting) by kaszz on Monday April 13 2015, @08:37PM
There are also two lessons to be learned from this:
1) The only secure cloud if there ever is one is the one you have physical control over. And built the software for.
2) Security must be a design criteria. Not a bolt or gatekeeper with all or nothing.
But when the data is electronically accessible. It can be thwarted. It's just question of how, not if.
And don't forget that your data goes into this processing box. Thus if the software processing it makes any mistakes in that process there might be consequ^H^HDROP TABLEes.
(Score: -1, Spam) by Anonymous Coward on Monday April 13 2015, @08:47PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 4, Interesting) by frojack on Monday April 13 2015, @09:20PM
2) Security must be a design criteria. Not a bolt or gatekeeper with all or nothing.
True. But what they have developed seems worse than both of those things.
What I mean is the security now relies solely on the credentials used to log in. Physical security of segregated data sets in different departments are gone, and now the cloud tags each piece data with some credential necessary to actually see the data.
Little better than ACLs.
You can steal the credentials, or hack the access control manager. Either gets you in.
I imagine not much (if any) of the stored content is encrypted.
I imagine there are no physical firewalls/air-gaps between data elements.
No, I'm betting they put all their trust in the data engine to protect everything.
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Monday April 13 2015, @11:15PM
My thought to. All bets are on the data engine control of credentials. One failure and the flood gates open. Or there's some essential detail that is kept hidden.
(Score: -1, Redundant) by Anonymous Coward on Monday April 13 2015, @08:47PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: -1, Redundant) by Anonymous Coward on Monday April 13 2015, @08:47PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 3, Insightful) by c0lo on Monday April 13 2015, @08:27PM
DHS was created to create a framework for pooling together intelligence, so that analysts would discover threats easier.
In the process, a Manning and a Snowden happened to them, so now they decided to compartmentalize the info; even more, compartmentalize inside a single acronym-agency.
So, back to square one, with the single gain being the eroded civil liberties. Sorta "We have met the enemy and they are ours"
(this letting aside the detail of how much irrelevant information they keep collecting; inevitable due to the S/N ratio, that's the nature of the problem)
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: -1, Spam) by Anonymous Coward on Monday April 13 2015, @08:48PM
YOU JUST GOT HIT BY
¶▅c●▄███████||▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅|█
▄██ OBAMACARE ███▅▄▃▂
█████████████████████►
(Score: 3, Funny) by Freeman on Monday April 13 2015, @08:52PM
Worry not, next time they won't catch it until Everything has been seeded and the torrent has been downloaded 50 million times . . .
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Interesting) by Anonymous Coward on Monday April 13 2015, @08:54PM
"is it really a good idea to put everything in one place"
"The cloud" isn't one place. "The cloud" is a bullshit marketing term for a variety of distributed computing, content management and storage architectures. This is similar to "broadband modem" or "cable modem" (both contradictions in terms). Conversationally, "the cloud", is the same as saying "it's magic". It is what you tell children and and stupid people when you don't feel like explaining things.
(Score: 4, Insightful) by mendax on Monday April 13 2015, @09:21PM
Hogwash! Oh sure, you can build your own cloud infrastructure, bake all the security in it, but no doubt someone is going to find a way in. Security is only as strong as its weakest link. Someone will find a way in. Stolen credentials, "repurposed" NSA worm, something....
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 0) by Anonymous Coward on Monday April 13 2015, @09:26PM
hahaha hahahahahahahahahaha hahahahahahahahahaha
*pee myself*
ahahahahaha aaaaahahahahahahahahahahaha
*start to choke*
ahahaha
That is all.