NSA LOVEINT follies prove systems are only as secure as the humans manning them

TAGs: loveint, national security agency, nsa

nsa-surveillanceIn 2009, US President Barack Obama was criticized by American conservatives over comments that suggested he didn’t believe in the concept of ‘American exceptionalism.’ Turns out he was right, at least, in terms of Americans no longer enjoying the right not to be spied on by their country’s vast intelligence apparatus.

Among the latest US intelligence secrets exposed by whistleblower Edward Snowden was the fact that the National Security Agency (NSA) has been compiling and analyzing Americans’ phone calls, emails, web surfing and social media activity without the requirement that such activity involve communication with a foreign national.

This collected data can be combined with banking information, passenger manifests, GPS location records, tax filings, etc. to paint an ‘enriched’ picture of an individual’s activities that is arguably more valuable to law enforcement personnel than eavesdropping on the contents of phone or email conversations.

A 2013 budget request leaked by Snowden revealed that the NSA was planning a system that could record 20b ‘record events’ on a daily basis, with analysts having access to the events within an hour of their occurrence. A George Washington University law professor told the New York Times that the process was the “digital equivalent of tailing a suspect.”

As of November 2010, the NSA was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of each link in the chain. To conduct these analyses, the NSA was required to cite a foreign intelligence justification, but this definition encompassed everyone from terrorists to activists to politicians to businessmen. The change was made privately, without seeking approval from the Foreign Intelligence Surveillance Court (FISA).

keith-alexander-nsaLOVEINT FINDS A WAY
Last week, the US Senate intelligence committee made a show of calling NSA director General Keith Alexander (pictured) on the carpet over the revelations, but Alexander was unrepentant. Responding to a question regarding the collection of Americans’ phone records, Alexander said it was in “the nation’s best interest” for the NSA to collect and store all the data it can in “a lockbox.”

Problem is, that lock has a lot of keys. In August, Alexander insisted that “no one has willfully or knowingly disobeyed the law or tried to invade your civil liberties or privacy” via the use of this data. But in a Sept. 11 letter to Sen. Chuck Grassley (R-IA), NSA Inspector General Dr. George Ellard detailed a dozen substantiated cases of “intentional misuse” of the data the by NSA employees, suggesting Alexander was either woefully misinformed or being deliberately deceptive about the goings-on at his agency.

Some of these cases qualify as ‘LOVEINT’ – a designation coined by US spooks to describe NSA analysts using the tools at their disposal to peruse intelligence data relating to spouses and/or significant others (past and present). Among these lovesick George and Georgina Orwells was the analyst who queried six email addresses belonging to his ex-girlfriend, a US resident, on his very first day on the job. The NSA punished the transgressor with “half pay for two months.”

Another employee was suspended without pay after he was found to be listening in on the phone calls of nine different female foreign nationals and at least one US resident, but further discipline wasn’t carried out due to the analyst tendering his resignation. The fact that some of the dozen cases cited were only revealed via the analysts’ voluntary confessions suggests they represent only the tip of the iceberg. Even the NSA admits that it’s currently conducting at least two other investigations.

The human frailty on display in these LOVEINT cases is further evidence of the truism that all systems are only ever as secure as the people at the controls. A car can be used to drive your aging grandmother to the market, or it can be used to indiscriminately mow down pedestrians for sport, as demonstrated this August on the Venice Beach boardwalk. Situations like this recall the shenanigans that plagued Absolute Poker and Ultimate Bet, in which insiders cheated other players via software features ostensibly created for exposing cheaters.

In making their push to become the primary regulatory hub for all US online gambling activity, Nevada’s gaming watchdogs like to cite such incidents of online poker cheating as the kind of nefarious activity that only their vast body of experience can prevent. But no one can guarantee how a man or woman in a position of power will respond when presented with temptation to abuse that power. Besides, Nevada’s allegedly eagle eyes didn’t prevent the state’s brick-and-mortar casinos from engaging in what the Department of Justice calls money laundering on a truly vast scale, so perhaps a little humility is in order.

Frankly, it’s a bit ironic for Americans to get their panties in a wad over having to join the rest of the world inside the NSA’s social networking panopticon. As for cramming this genie back into the bottle, you don’t have to be a cynic to believe the NSA is already up to far more invasive antics than what they’re only willing to acknowledge once it’s been made public against their will. In the meantime, just assume that everything you do or say online is being recorded for posterity. And remember, internationally regulated online poker companies don’t cheat players; cheaters cheat players.


views and opinions expressed are those of the author and do not necessarily reflect those of