Read time: 2 minutes

FISA Orders Used For Help With Hacking

We know the NSA uses the content it collects to coerce informants, so why stop at hacking? Because it extends FISA orders beyond the spirit of their intended use.
FISA Orders Used For Help With Hacking

In its latest Snowden story, the WaPo reports that NSA has used Google’s cookies to help track people for hacking purposes.

The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using “cookies” and location data to pinpoint targets for government hacking and to bolster surveillance.

The agency’s internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.

[snip]

The NSA’s use of cookies isn’t a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion – akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs.

This will be sure to make software opposition to NSA’s unbridled spying louder, if not less hypocritical (after all, every way Google limits its own tracking amounts to another tool the NSA can’t exploit).

I’m particularly interested in how NSA collects cookies it uses. The article suggests they may do it via FISC order (though they don’t say whether it would involve an individualized FISA order or bulk FAA collection).

These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.

That is, is a PREF cookie just one of many identifying details they’re asked to turn over on customers in general? If so, in what volume?

Remember, too, that one thing the Internet companies are fighting for in their transparency suit is the right to explicate metadata requests from content ones. This is the kind of information request that would be very informative for potential targets (because, if they don’t already, they can just keep their cookies clean).

I’m particularly interested in the disclosure that the NSA may be using information collected on a FISA order for offensive hacking purposes, not for information collection. That’s not surprising — it doesn’t necessarily clearly distinguish between information collection and hacking. And we know the NSA uses the content it collects to coerce informants, so why not aid in hacks?

But that does seem to extend the use of FISA orders beyond the spirit of their use.

Can you help us out?

For 16 years we have been exposing Washington lies and untangling media deceit. We work 7 days a week, 16 hours a day for our labor of love, but with rising hosting and associated costs, we need your help! Could you donate $21 for 2021? Please consider a one-time or recurring donation of whatever amount you can spare, or consider subscribing for an ad-free experience. It will be greatly appreciated and help us continue our mission of exposing the real FAKE NEWS!

More C&L Coverage

Discussion

New Commenting System

Our comments are now powered by Insticator. In order to comment you will need to create an Insticator account. The process is quick and simple. Please note that the ability to comment with a C&L site account is no longer available.

We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service (revised 3/17/2016) for information on our posting policy.

Please Do Not Use the Login Link at the Top of the Site.

In order to comment you must use an Insticator account. To register an account, enter your comment and click the post button. A dialog will then appear allowing you create your account.

We will be retiring our Crooks and Liars user account system in January, 2021.

Thank you.
C&L Team