On Tuesday afternoon, the New York Times reported that the National Security Agency has placed malware on nearly 100,000 computers around the world for offensive and defensive purposes.

Based on information found in NSA documents and gathered from “computer experts and American officials,” the Times confirmed information that came to light toward the end of December regarding several of the technologies that were available to the NSA as of 2008. The NSA's arsenal, the Times wrote, includes technology that “relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.”

The German Publication Der Spiegel published an interactive graphic two weeks ago detailing many of the ways that the NSA uses hardware to spy on its targets, including a “range of USB plug bugging devices,” which can be concealed in a common keyboard USB plug, for example. As with any hardware, though, many of these spying tools “must be physically inserted by a spy, a manufacturer, or an unwitting user.” Der Spiegel writes that the NSA refers to this physical implant as “interdiction,” and it “involves installing hardware units on a targeted computer by, for example, intercepting the device when it’s first being delivered to its intended recipient.”

According to today's Times report, installing malware via such devices is part of a program which is code-named Quantum, and it has only been used against foreign targets; most often the Chinese military but also Russian military networks and Mexican drug cartels, as well as “trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India, and Pakistan.”

The NSA, for its part, sees nothing wrong with the practice, which it considers "active defense" rather than offense. As the Times wrote:

In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States. “How do you ensure that Cyber Command people” are able to look at “those that are attacking us?” a senior official, who compared it to submarine warfare, asked in an interview several months ago. “That is what the submarines do all the time,” said the official, speaking on the condition of anonymity to describe policy. “They track the adversary submarines.” In cyberspace, he said, the United States tries “to silently track the adversaries while they’re trying to silently track you.”

Objections of a District Court judge

Also on Tuesday, the office of the chairwoman of the Senate Intelligence Committee, Dianne Feinstein (D-CA), released a letter dated January 13 from Federal District Court judge John D. Bates, who voiced oppositions to some proposed changes to the Foreign Intelligence Surveillance Court (FISC).

Earlier in the year, the Obama Administration assembled an NSA review panel, which was to examine the Agency's surveillance practices and make recommendations based on its findings. That panel released those recommendations in mid-December, and it was surprisingly generous with concessions to civil liberties advocates. The reforms included things like refraining from exploiting known holes in commercial software for surveillance and changing how judges are selected and serve on the secretive Foreign Intelligence Surveillance Court. The president is expected to give a speech this Friday in which he will issue his stance on the panel's reforms.

In his letter this week, Judge Bates, who is the director of the Administrative Office of the United States Court and a former presiding FISC judge, wrote that he spoke for himself and “the current Presiding Judges of the FISC and the Court of Review,” who shared his concerns.

Among those concerns, Bates wrote that National Security Letters (NSLs) which federal authorities use to subpoena companies for information on targets without judicial oversight, would be prohibitively difficult to incorporate into the FISC workload. Bates also wrote that, “participation of a privacy advocate is unnecessary—and could prove counterproductive—in the vast majority of FISA matters.”

Bates also asked that the process for selecting FISC judges remain unchanged, with the Supreme Court's Chief Justice having the sole power to appoint a judge to the surveillance court. Such a process, Bates wrote, is both “expeditious and fully confidential.”