DOJ approved NSA targeting of foreign hacker ‘signatures’ under 2008 law

The Justice Department in 2012 granted approval to the National Security Agency to target foreign hackers overseas under a law that authorizes the agency with court permission to receive e-mails and other Internet traffic from U.S. tech companies, according to new documents.

But the NSA Office of General Counsel raised concerns internally that collection at the Internet backbone in the United States could “potentially include so much” information of Americans that the data should be segregated. It is unclear if that happened.

The legal office suggested that the information be used only by analysts who monitor foreign hacker activity, according to the documents, which were leaked by former NSA contractor Edward Snowden.

The documents were published Thursday by the New York Times and ProPublica. They show an agency whose job is to gather electronic intelligence on foreign adversaries grappling with the exponential growth in hacker activity targeting U.S. computer networks.

The law in question is Section 702 of the FISA Amendments Act, passed in 2008. That law put under court oversight a program of warrantless surveillance begun shortly after the Sept. 11, 2001, terrorist attacks.

The law also expanded the government’s surveillance authority in this area, allowing the NSA to collect not only communications of foreign terrorist groups but also those that pertain to foreign intelligence generally. That meant Section 702 became useful for a wide variety of espionage, from spying on proliferators of nuclear weapons to learning the intentions of Russian and Chinese officials.

The NSA began to notice a “huge collection gap against cyber­threats to the nation,” according to the documents, because under the law it could target foreign hackers who could be linked to a foreign government or terrorist group, but not those who could not.

Thus in May and July 2012, the Justice Department approved the targeting of “certain [hacker] signatures” and certain Internet addresses, although a definitive link to a foreign power may be difficult to establish. Signatures are patterns of computer activity or strings of computer code that indicate the presence of a hacker.

Source: The Washington Post

Print Friendly

Leave a Reply