Congress NSA Security

Lawmakers Push Back Against Sensational NSA Coverage

It’s my opinion that to be truly outraged at the NSA you must have virtually no perspective or inkling of what the private sector does with your data. Data that is far more detailed than what the NSA would ever dream of collecting. And the private sector markets your data.

Apparently some congressmen and women agree and they’re beginning to push back.

“It’s just the irony of this whole debate,” said Rep. Mike Rogers (R-Mich.), the chairman of the House Intelligence Committee and a prominent defender of the NSA.

“I mean it’s unbelievable what private companies collect from individuals and how they track them and track what their shopping habits are and where they may or may not be and how they shop,” he said. “All of that is collected. The NSA doesn’t do anything like that at all.” [...]

“Databases are enormous and they’re connected,” Feinstein, the chairwoman of the Senate Intelligence panel, said of private company data bases. “And there are all sorts of new techniques to bring about more, like facial recognition. You’re shopping in the hardware department and somebody takes a picture and you’re identified and they can use it for promotions of hardware products.”

The information the private sector collects is not only far more detailed, it’s also far less secure.

It was revealed yesterday that the person responsible for the theft of detailed personal information, including credit card numbers, from over 70 million Target customers was a 17-year-old Russian hacker.

For some reason the massive amounts of unsecure data retailers and social networks collect on us is considered noncontroversial while the collection of phone numbers as a matter of national security is seen as some nefarious conspiracy.

Not-coincidentally, the harshest critics of the NSA are libertarian wolves masquerading as liberal sheep. They don’t have your best interests at heart. They stand in opposition of government itself.

  • Charlie B

    You seriously think that Mike Rogers is sincere about protecting your privacy from the corporations? During a nearing on NSA surveillance, Rogers said that “You can’t have your privacy violated if you don’t know your privacy is violated.” Corporate surveillance is a real problem, but I think that it’s being used by Rogers, Feinstein, and other NSA status quo supporters as a red herring.

  • Treading_Water

    Forgive me if I’m wrong, but wasn’t it President Obama’s decision to reinstate the FISA Court’s oversight of the NSA data collection? I remember when Bush claimed that we didn’t need no stinkin oversight, and if you were worried about it you were probably a terrorist symp. So, that’s at least twice that this president has rolled back the power of the NSA, and presidents do not give up accumulated power easily.

    • Churchlady320

      That was a court mandate in 2007 that Obama totally embraced. Warrants to get REAL access to your data have to be secured because Bush did not bother. President Obama has abided by the directive yes. Metadata is very different from focused surveillance, and Bush used keyword sorting to pick out just anyone his people wanted to hack, listen, and read your communications. NSA does not. The steps PBO is now taking strengthen our personal Constitutional rights. So yes – he is giving up imperial power. Not that the libertarians and screeching fanatics everywhere will care because he’s, you know, Black.

  • Nick2000

    Feinstein and Rogers are only trying to deflect attention so they are not worth paying attention to. You are indeed correct that it is about time that private enterprise free reign with people data gets scrutinized. The Target example is actually not the best one because, in this case, the data that was captured was actually necessary at that time in order to approve the transaction. Any real wrong doing from them would be what they store after that.

    In any case, IT security professional have to defend companies and individuals from all illegitimate accesses, whether from NSA or others. Indeed, a backdoor opened by one entity can then be used by somebody else.

    • Norbrook

      And then you go and demonstrate that you don’t have a clue about technology and try to deflect attention from the reality. “The data captured” by Target was more than was necessary to complete the transaction.

      Now, what the author is pointing out is that it’s been known for years that major companies collect huge amount of information about you. Google, Facebook, and others have far and away more information on you than anything the NSA is gathering, or even wanting to gather. The big difference? There are no real controls about what private firms can do with it, while there are with a government agency.

      One of my favorite “whines” from the Greenwald groupies is “companies can’t put your name on a no fly list.” No, but they can ruin your life in so many other ways, making having difficulty getting on a plane seem like a cakewalk.

      • Sabyen91

        Not only can companies directly do things to harm you the biggest dangers are indirect. The chances of your identity being stolen are exponentially higher because of these intrusions from corporations. You can shred all your mail, you can subscribe to the credit services, you can refuse to give information to callers…but if you do business with these guys and who doesn’t…it doesn’t matter. Your information is out of your control. They can lose data, it can be hacked or an employee of that corporation could ruin your life in a heartbeat. And they would have very limited liability unlike the government.

        • Churchlady320

          I’m horrified how often I look at something online then see ads for it everywhere else I go.
          I’m being stalked OK – but not by NSA. It’s by Bed, Bath, & Beyond.

      • mdblanche

        Here’s the story of a man who had a company make him have so many difficulties getting on a plane that he might as well have been on a no fly list. And what’s his conclusion?

        “The easiest part of our trip? The absolute most hassle free, painless, efficient, and pleasant part of our trip …

        … was the TSA security screening.

        Make of that what you will.”

        • Churchlady320

          During the Bush Golden Years of warrantless harassment of liberals as well as Muslims, my organization first got hacked (2003) which I know from a phone call I got the afternoon after a morning internal email discussion about such abuses. Long story short, the person knew what we’d been discussing, and NO ONE in the email circle had talked to anyone outside. Said caller also ID self as a ‘reporter’ but was verified as NOT. Then in 2004 a number of progressive faith people on their way to DC for a meeting were ALL subjected to pat downs. I must say the TSA folks were great about it and very kind, but the question is why? No matter what part of the country we were from, every single person flying to DC for that meeting got a pat down. That is not coincidence.

          So I am fine with government hired TSA folks, delighted that the government no longer uses ‘trigger words’ to listen in or hack conversations, and that if anyone has questions about me or my organization, they have to get a warrant before they read or listen. I’ve been there. I freaking well can see the difference between then and now.

      • Nick2000

        Target may be capturing more data but the big issue about the breach was about credit card information using a RAM scraper. We may be reading different sources for our information but I think you could start learning about technology.

        • Norbrook

          Um, hate to break it to you, but I’ve been a computer programmer, systems admin, and technician off and on for the past 30 years. I know what a RAM scraper is. Besides the rather inept security measures Target apparently has when it comes to rolling out it point of sales terminals, your statement was, and I quote, “the data that was captured was actually necessary at that time.” No, all that data was *not* necessary to process the transaction, but was everything encoded on the card, plus other information the card holder was asked for as part of their transaction. Now, I also have a nice e-mail from Target, explaining things from their end as well as offering me free identity theft protection for a while. What makes that interesting? Well, the last time I shopped at any Target was 3 years ago.

          • Nick2000

            Then, considering we have actually the same background we must be misunderstanding each other. If the payment terminal (not really a target policy) uses more than needed to process a transaction then it means that this terminal’s design is faulty (I would not be surprised if they do things like Diebold) but capture of this is a different problem than Target storing information that they should not need anymore which is clearly a problem. Whether credit card data is stored for 3 years (unencrypted) or not would determine if they violate PCI-DSS. In short, all this is a problem, but stealing (hopefully transient) data at the payment terminal itself is not a good example of “big data” which was clearly the point of the article.

          • Norbrook

            Here’s what the Target breach consisted of, from Target’s own e-mail to me:

            ” Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. ”

            In other words, this wasn’t just getting the information needed to process the transaction – which would have been bad enough, it was also taking advantage of Target’s “big data” and getting the associated personal information that goes with that card. All of which creates the potential for serious identity theft.

          • Churchlady320

            Norbrook – THAT is kind of scary. So, ummm, how far back does this go then?

          • Norbrook

            I don’t know, but what I do know is that the last time I shopped at Target was 3 years ago, and the last time they had my e-mail address at all was back when I bought my nephew some of their requested wedding gifts – six years ago.

  • Frito

    LOL @ Mike Rogers.

    Coming up next:

    Dianne Feinstein
    James Clapper

    • Sabyen91

      You are the guy that didn’t think David Sirota’s yellow journalism was at all irresponsible. Excuse me if I don’t take your objections seriously.

  • KABoink_after_wingnut_hacker

    Careful there Ashby, you might get some Glenn Greendrone disciples or Ed Snowden worshippers worked up by making sense and putting things in perspective.

  • drspittle

    Particularly if said government is headed by an African American Democrat. If more corporations were headed by African American Demcrats, they might be able to muster some outrage.

  • muselet

    As happy as I am that Mike Rogers and Dianne Feinstein are recognizing the problems associated with the private collection of personal information, I have to point out that neither of them is exactly tech-savvy. Any solutions they propose might well cause more problems than they solve.