Could 'Tailored Access Operations' Be An Alternative To 'Collect It All'?

from the easy-choices dept

One of the most contentious aspects of the NSA's surveillance is the central belief by General Alexander and presumably many others at the agency that it must "collect it all" in order to protect the public. To stand a chance of overturning that policy, those against this dragnet approach need to come up with a realistic alternative. An interesting article by Matt Blaze in the Guardian offers a suggestion in this regard that takes as its starting point the recent leaks in Der Spiegel about the extensive spying capabilities of the NSA's Tailored Access Operations (TAO). As Blaze points out: if you are being individually targeted, you really don't stand a chance. The NSA's tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn't if you're a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more "wiretap friendly". The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering. The key word there is "targeted": instead of building in to the Internet general weaknesses that allow everyone to be spied upon (and that can also be exploited by criminals or hostile nations), the NSA could use its elite TAO squad to gain access to the systems of particular individuals. This has several huge advantages over dragnet collection. First, it avoids the whole problem of searching for possible needles in an enormous haystack -- the favorite metaphor of the NSA. Instead, it puts the emphasis on investigating just the needles. Secondly, it can't be applied indiscriminately: as well as TAO works (and it appears to work quite well indeed), they can't deploy it against all of us -- or even most of us. They must be installed on each individual target's own equipment, sometimes remotely but sometimes through "supply chain interdiction" or "black bag jobs". By their nature, targeted exploits must be used selectively. The final advantage is that because of the more limited scale of the surveillance, it is possible to require individual approval from a judge for every single operation before it is carried out. By scaling things back, meaningful oversight can be introduced in a way that is simply not possible when the crude "collect it all" approach is employed. As Blaze concludes: The intelligence community no doubt regards targeted collection methods like TAO as a method of last resort, to be used only when mass surveillance fails. We urgently need to reverse this. Yes, we can expect resistance from the NSA and its "five eyes" partners at any suggestion that they scale back mass collection in favor of targeted methods. It means doing things differently, not to mention that carefully focused targeting is likely more expensive than drinking from the fire hose to which they've become accustomed.



But if TAO is a bit more expensive, it also demonstrates that we have a real choice here. We can safely curtail mass collection, shore up needlessly "wiretap friendly" infrastructure and generally protect ourselves against mass surveillance, all without shutting down legitimate intelligence gathering. In a free society, this should be an easy choice to make.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bulk data collection, collect it all, nsa, surveillance, tailored access operations