Classified Cyber-Security Directive Puts NSA In Charge

dpreformer sends word that President Bush signed a classified directive Jan. 8 (it only came to light this week) putting all cyber-defense and counter-offensive activity for government networks under the aegis of the National Security Agency. Previously, federal agencies had disparate intrusion and attack monitoring programs. The directive does not address private-sector networks and systems. While some lawmakers and civil-rights advocates are unhappy with expanding the NSA's role domestically, one alternative that was considered and rejected — putting Homeland Security in charge — might have been worse. "A proposal last year by the White House Homeland Security Council to put the Department of Homeland Security in charge of the initiative was resisted by national security agencies on the grounds that the department, established in 2003, lacked the necessary expertise and authority. The tug-of-war lasted weeks and was resolved only recently, several sources said."

Time to Start Encrypting!

[KookyMan]

The only thing I can say, is I've started some major "learning" about encryption and various other personal privacy applications.

So far, what I've found and like are:
TrueCrypt - "On-The-Fly" Disk/Storage Encryption. Actually, I've been using this for 24 hours and love it. I've also seen great reviews of this, and some of its very interesting features, such as plausible deniability. Oh, and its Free Open Source Software. Available for Windows 2K/2K3/XP/Vista, Linux, and soon MacOS (v5.0, due in Jan 08)
KeePass - Encrypted Password Storage Database. I've been using this for years, and love it. Also good reviews. If you wish to try it, there are two versions, v1.x and v2.x. v1.x (1.10 being current) is the original independent version. Can be run standalone, no system requirements (.Net or the like). Can be run from a USB Key. v2.x (2.04 being current) is a total rewrite of the application based on the .Net libraries and are required. This version is ALPHA quality and does not yet meet the current functionality of the 1.x branch. This was started due to the fact of people requesting features that would require significant rewrites to implement. Also FOSS. Available for Windows 98/98SE/ME/NT/2K/XP/2K3/Vista 32 and 64 bit. Third party ports also available for PocketPC, Linux, MacOSX, J2ME, Blackberry, PalmOS.
Gnu Privacy Guard - An open source PGP implementation. I use a port of this, GPG for Windows. It seems a bit clunky, and am actively looking for something to replace it so suggest away if you do know something better. I will say though that it does work as advertised, and its FOSS. GPG is distributed mainly as source code I believe, where as G4W is as binaries.

People have looked at some of us who use PGP/GPG, and other encryption/digital signatures for a few years with the look of "why do I need that, I have nothing to hide." I keep waiting for people to finally wake up and realize that the concept of "inherent privacy" (meaning anything not actively publicly published is not publicly known) is gone. We have entered the age of "explicit privacy." If you want something to be private, you must make explicitly so, especially on your computer, with these recent news articles of laptops being fair searching territories at Customs, or the reports that the NSA has feeds from AT&Ts offices to intercept everything.

This needed to happen...

[JRHelgeson]

There is a long history here that needs to be taken into consideration... We are seeing a paradigm shift in our government that is long overdue. It used to be that the government had to protect paper documents, "eyes only", and the biggest threat were photocopiers and miniature cameras... not any more.

I wrote about this transformation last year. Is it any wonder why the NSA is being brought up and groomed to help protect the critical information assets that the United States has?

From my post:

HumInt/SigInt:
Human Intelligence, CIA
Signal Intelligence, NSA

The English have been masters at the spy trade for centuries. In WWII, the United States felt that it should get into the act and turned to the English for guidance.

With their tutelage, the CIA became a formidable tool against the Soviet threat throughout the cold war. We had clearly defined enemies with clearly defined borders. Gathering intelligence became a methodical science... then, once the Soviet Union collapsed, the clearly defined enemies with clearly defined borders went with it.

The growth of the internet created an atmosphere wherein information and 'intelligence' became a commodity. Then the emergence of an enemy that is not only difficult, if not impossible, to clearly define but who also operates entirely without borders. The polar opposite from what the CIA were trained to do.

Not only has this rule-set reset turned the CIA upside-down, it has rendered it all but useless. The UK isn't doing much better either. The problem is that western society itself is at odds with the rules required to make an effective spy agency. Our open government(s), free access to information, laws against spying on citizens and so forth are what both protect our civil liberties as well as create the environment in which our enemies can plot against us.

The CIA knew about al Qaeda operators operating in the USA prior to 9/11, yet did nothing to notify the FBI. This is because of the opposing nature of each agency. The CIA finds a criminal and wants to string them along to see what intelligence they can uncover by monitoring them. When the FBI finds a criminal, they want to string them up. From the CIA perspective, the FBI sure knows how to screw up an investigation and destroy your intelligence network.

The CIA is now dysfunctional to the point of uselessness. In fact, there isn't a single effective spy agency in the western world. The current battle we're fighting and the enemy we face is one that cannot be defeated by military might, it is a war that MUST be fought using intelligence.

So, the administration turned to the only other agency with experience in gathering and monitoring enemies. It also happens that this agency is experts at SigInt, as opposed to the HumInt. The problem is that the NSA is forbidden by law from spying on American Citizens, UNLESS they are monitoring overseas communications. This exception has always been allowed, no warrant necessary. There is no law that states that I have the constitutional right to conspire with enemies overseas.

No other nation even comes close to the SigInt capabilities of the NSA...

Re:Close, with one subtle difference

[TubeSteak]

Terrorism throws a big kink in this, as some of the terrorist/terror supporters are U.S. citizens who, however, are acting under the power or inspiration of an ideology that knows no legal boundaries. Have these people given up U.S. citizenship, in a manner of speaking, by pledging their allegiance to a "foreign military"? (look at your passport for how to give up your citizenship) No they haven't.
AFAIK, the only way to currently renounce your citizenship is
(a) from a foreign country
(b) in front of a US diplomatic officer or consular
(c) in writing

You can read more about it at the state dept website
http://travel.state.gov/law/citizenship/citizenship_779.html
http://travel.state.gov/law/citizenship/citizenship_780.html

According to their website, you can join a foreign army as long as you do not do so as an Officer or NCO.

It's a big area of debate at the moment and, unlike many on the web who would come down hard for one side or another, it's not entirely clear what the proper legal or policy answers are to these questions. It's one thing to discuss "the proper legal or policy answers" may not be clear, the problem is many people don't seem to understand/care wtf the laws say right now.