Density within Legal Density

/1 Comment/in , /by

Ben Wittes has a long post trying to explain the NSA’s job in such a way as to “tell a young student what intelligence collection under the rule of law looks like” without inducing “a sense of betrayal.”

I have no problem with Wittes’ attempt to develop such an explanation, nor any great gripe with his effort. I’m not going to accuse Wittes of being naked this time.

But I want to raise three details that show the problem behind the effort.

First, Wittes’ entire statement reads,

NSA does not, except in emergencies, intentionally target for collection the communications of specific Americans without seeking a court order first, and it does not intentionally target for collection the communications of individuals known to be in the United States. It does, however, routinely acquire and store the communications of US persons and some domestic communications as a necessary incident to its broad collection directed at targets overseas—and it then has rules restricting the retention and use of this material to the extent it does not have foreign intelligence value. What’s more, NSA routinely acquires in bulk the records, but not the contents, of domestic telephone communications, which it uses for narrow counterterrorism purposes.

With the caveat that most people’s definition of “target” is not as specific as NSA’s is, I don’t have a big issue with this statement.

Except that it is false to say the phone dragnet is only used “for narrow counterterrroism purposes.” As Dianne Feinstein stated and Keith Alexander confirmed back in June, the dragnet is used with al Qaeda related groups and with Iran.

It can only look at that data after a showing that there is a reasonable, articulable that a specific individual is involved in terrorism, actually related to al Qaeda or Iran.

Now, perhaps in reality the dragnet is used against Hizballah, which the US, at least, treats as a terrorist organization. But to the extent that the dragnet is used against specific individuals from Iran “involved in terrorism,” then the entire notion of “narrow counterterrorism purposes” goes out the window, because accusing Iran of engaging in terrorism, even in the context of Iraq (where I suspect such usage derives from) is problematic. That’s true not just because Iran has been the target of what might count as terrorist acts, including assassinations of civilians, but also because those whom we’ve listed as terrorists (including members of the Republican Guard and its bank) are engaged in what ought to be considered legitimate defense of a sovereign nation.

So even if you agree with the approach the US has adopted with Iran, including it among the terrorists you can use the phone dragnet against moves beyond “narrow” counterterrorism into counterterrorism as a tactical tool wielded against a state adversary. And that such definitions can happen in secret (Iran’s listings on Treasury’s terrorism list are not secret, but the choice to include it among the two general targets of the dragnet was secret until June) means there’s no reason to trust that the phone dragnet will remain narrowly targeted.

Then there’s the notion our targets are all overseas. They’re not. Hacking targets are in the US, and there’s good reason to believe the upstream collection is used against them (we do know there’s a cybersecurity certification for Section 702). NSA presumably manages to conduct this domestic spying in the guise of foreign intelligence by noting how difficult it is to attribute hacks (that’s also presumably how it justifies holding all encrypted communications indefinitely). In other words, what we’re seeing is a redefinition of “foreign” to incorporate more and more that is domestic, which in part amounts to using intelligence rather than law enforcement tools against criminal activity because some but not all of that criminal activity is propagated by states. (Note, in yesterday’s hearing Peter Swire suggested NSA’s info assurance function is where it serves as a domestic security agency.)

Then there’s this statement from Wittes:

We want a robust foreign intelligence capability. We don’t want our domestic relations between citizens and government conditioned by an intelligence agency—which necessarily uses secrecy, deceit and trade-craft that has no part in domestic governance.

This is why I harp constantly about the use of the dragnet to identify potential informants. Because it is precisely through that application of the dragnet where NSA’s activities lead directly to the the interjection of secrecy, deceit, and trade-craft in domestic governance. Sure, FBI (that hybrid intelligence/law enforcement agency) carries out that secrecy, deceit, and trade-craft, not NSA. But the power of the dragnet makes all that deceit potentially far worse (because it provides a way to exploit the secrets of innocent citizens to coerce them to become informants). That NSA is one step removed from this troubling approach does not mean it is not party to it.

Again, these are details, details which don’t necessarily invalidate Wittes’ larger point, but show that even within the larger framework, NSA has secretly violated those principles Wittes would like to believe.

US Official Position Says Hacking Is Permissible?

/1 Comment/in , /by

According to LAT’s Ken Dilanian, it is the “official position” of the US government that some kinds of hacking are “permissible.”

The official U.S. position — that governments hacking governments for military and other official secrets is permissible, but governments hacking businesses for trade secrets is not — is a tougher sell these days.

He makes the claim in an article that originally claimed Edward Snowden’s leaks have set back cybersecurity efforts, but then had to issue a correction acknowledging CISPA probably wasn’t going to happen anyway.

An article in the Feb. 2 Section A on the effects of Edward Snowden’s leaks of National Security Agency secrets said the White House backed the Cyber Intelligence Sharing and Protection Act, a cybersecurity measure. The White House threatened to veto the proposed bill in April. —

I take from this correction that Dilanian was fairly uncritically repeating the claims of NSA boosters — as other reporters have credulously repeated claims about the way Snowden’s leaks will affect cybersecurity initiatives.

Which is why I find his description of this “official position” so interesting.

I’m not aware of the US endorsing any official (public) policy on the kinds of hacks NSA (and CyberCommand) are permitted. Congress has tried to put some limits on it — or at least get briefing on it. And Keith Alexander successfully fought for a lot more autonomy over the hacks he could do.

The Executive does, however, have an official policy on SIGINT: President Obama’s recent Presidential Policy Directive. But a SIGINT official position and a hacking policy are not necessarily the same thing. While hacking is one way we collect SIGINT (though I don’t think NSA has admitted to that), we also conduct hacking for offensive purposes.

Even assuming they were the same thing, Dilanian’s characterization would be a misstatement of the policy in any case.

The actual policy permits the collection of SIGINT for broadly defined foreign intelligence purposes.

Thus, ” foreign intelligence ” means ” information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists,

Of course, corporations are, under US law, both “organizations” and “persons,” so this definition permits spying on foreign corporations (other intelligence documents lay this out explicitly).

And the PPD does permit the collection of foreign private commercial information to protect US and allies’ national security.

The collection of foreign private commercial information or trade secrets is authorized only to protect the national security of the United States or its partners an d allies. It is not an authorized foreign intelligence or counterintelligence purpose to collect such information to afford a competitive advantage 4 to U.S. companies and U.S. business sectors commercially.

This is, frankly, where our hypocrisy on hacking (and SIGINT) begins to fall apart, given that China would maintain that stealing our military (and energy and tech) secrets are a matter of national security, and the fact that our government maintains more nominal separation from the companies that develop such things than China does should not shield those companies from spying.

And then, finally, the limits on data collection don’t apply when the NSA is working to develop SIGINT capabilities.

it shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.

Given that some of our alleged hacking seems to support efforts to develop new hacking capabilities, this exception could prove infinitely recursive, especially given the rules on information collection in the name of cyberdefense and attacks. And of course, when we exploited Siemens’ SCADA industrial control systems to attack Iran, we used a corporate competitor’s trade secrets in the name of national security.

That is, even ignoring how America’s self-interested standard simply defines our national security in terms that legitimize our own hacking, when you get into the interaction of our intelligence to hack which serves to collect intelligence, the rules on SIGINT basically fall apart.

But hey. If the US says hacking of official government secrets is “permissible,” then maybe DOJ will withdraw the charges against Edward Snowden?

Mirror, Mirror, on the Wall, Who’s the Hackiest of Them All?

/25 Comments/in /by

ClapperHere are some excerpts from the Global Threats report pertaining to the cyber threat.

We assess that computer network exploitation and disruption activities such as denial-of-service attacks will continue.

[snip]

… many countries are creating cyber defense institutions within their national security establishments. We estimate that several of these will likely be responsible for offensive cyber operations as well.

[snip]

Critical infrastructure, particularly the Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems used in water management, oil and gas pipelines, electrical power distribution, and mass transit, provides an enticing target to malicious actors. Although newer architectures provide flexibility, functionality, and resilience, large segments of legacy architecture remain vulnerable to attack, which might cause significant economic or human impact.

It’s as if the intelligence community called up NSA and CyberCommand, asked what they had been working on, and then “assessed” that those targets presented threats going forward.

And while I expect that China commits what would be judged the largest number of hacks (in part because much of the information we steal right from the communication backbone they would have to hack to get), the inclusion of SCADA in the list of vulnerabilities is particularly rich, considering we are believed to have pioneered that kind of attack with StuxNet.

Again, I’m not denying these other entities hack (the unclassified version of the report left off Israel and France, as unclassified versions tend to do). Just that we continue to exhibit no awareness that some part of this threat amounts to our genie blowing back in our face.

Is CIA Spying Domestically by Hacking Americans’ Computers?

/9 Comments/in /by

In addition to further details about CIA’s quashed review showing torture didn’t work and a commitment from James Clapper he would tell the American people if any of them had been back door searched, Ron Wyden and Mark Udall (along with Martin Heinrich) got one more curious set of details into the record at today’s Threat Hearing.

First, Wyden asked (43;04) John Brennan whether the federal Computer Fraud and Abuse Act applied to the CIA.

Wyden: Does the federal Computer Fraud and Abuse Act apply to the CIA?

Brennan: I would have to look into what that act actually calls for and its applicability to CIA’s authorities. I’ll be happy to get back to you, Senator, on that.

Wyden: How long would that take?

Brennan: I’ll be happy to get back to you as soon as possible but certainly no longer than–

Wyden: A week?

Brennan: I think that I could get that back to you, yes.

Minutes later, Mark Udall raised EO 12333’s limits on CIA’s spying domestically (48:30).

Udall: I want to be able to reassure the American people that the CIA and the Director understand the limits of its authorities. We are all aware of Executive Order 12333. That order prohibits the CIA from engaging in domestic spying and searches of US citizens within our borders. Can you assure the Committee that the CIA does not conduct such domestic spying and searches?

Brennan: I can assure the Committee that the CIA follows the letter and spirit of the law in terms of what CIA’s authorities are, in terms of its responsibilities to collect intelligence that will keep this country safe. Yes Senator, I do.

Now, it’s not certain these two questions are linked. Though obviously, hacking computers is an easy way to spy on people (as the NSA knows well).

Of course, the logic of the memo authorizing the Anwar al-Awlaki killing says that, so long as CIA has a presidential finding, even laws protecting American citizens cannot limit the CIA. And we learned 6 years ago that the Executive had secretly altered the text of EO 12333 without actually changing it, a practice John Yoo rubber stamped.

So, particularly given Brennan’s snitty answer about protecting this country, I’d assume it’s a safe bet that the CIA is spying domestically, and I’d posit that they may be hacking computers to do so.

Oh good. NSA was getting bored being the only Agency exposed for hacking.

Verizon’s Storefront

/3 Comments/in , /by

As I noted yesterday, Verizon conveniently released its own transparency report 5 days before the government approved new transparency guidelines (according to one report, the deal was substantially completed earlier in the month, but had to wait on some tweaks to follow Obama’s speech).

Had Verizon released a transparency report yesterday, it would have added at least the following two details:

Non-Content FISA orders:

4 orders affecting 107,700,000 customers

Content FISA orders:

? orders affecting ? selectors (probably measuring the number of search terms — maybe something like “250” — Verizon searches for off its upstream collection affecting millions of people)

It would have painted a very different picture.

It turns out they did have time scheduled to write transparency claims yesterday. They released this statement attempting to reassure customers that Verizon doesn’t comply with any US government orders for data stored overseas. (h/t Chris Soghoian) Here’s an excerpt:

Over the past year there has been extensive discussion around the world about government demands for data.  Last week, Verizon released a Transparency Report outlining the number of law enforcement requests for customer information that we received in 2013.  In the report we noted that in 2013 we did not receive any demands from the United States government for data stored in other countries.

Although we would not expect to receive any such demands, there are persistent myths and questions about the U.S. government’s ability to access customer data stored in cloud servers outside the U.S.  Now is a good time to dispel these inaccuracies and address the questions, which have been exacerbated by the stream of news reports since last June about national intelligence activities in the U.S. and elsewhere.

Our view on the matter is simple: the U.S. government cannot compel us to produce our customers’ data stored in data centers outside the U.S., and if it attempts to do so, we would challenge that attempt in court.

Here’s why.

The section of the national security laws often cited as granting the U.S. government authority to access data stored abroad is Section 215 of the Patriot Act.

While Section 215 allows a court to issue an order requiring a company operating in the U.S. to produce certain business records, it does not give the U.S. government the power to act outside the U.S.  More importantly, Section 215 does not grant the U.S. government access to customer data stored in the cloud; it only applies to business records of the cloud provider itself.  So the U.S. government cannot use Section 215 to compel a company to produce customer data stored in data centers outside the U.S.

[snip]

Finally, Section 702 of the Patriot Act also is not an option for the U.S. government to compel a U.S. company to turn over customer data stored in a data center outside the U.S. because the U.S. company does not have possession, custody or control of that data.

[snip]

customer data stored in data centers outside the U.S.

[snip]

data stored outside the U.S.

[snip]

data stored in the cloud outside the U.S.

[snip]

there should be no concern about the U.S. government compelling Verizon to disclose data our customers store in Verizon data centers outside the U.S. [my emphasis]

So having dodged by 5 days the obligation to report on all the data stored in the US it hands over to the government, it now wants to make claims about Verizon customer data stored overseas.

Stored, stored, stored, stored, stored, stored, stored, stored, stored, stored, store.

It chose not to say anything about data in transit, either here or in the US. In the US it is now permitted to talk about the data it collects in transit off its cables for the government in response to FISA Section 702 orders (though the deal only permits reports every 6 months; I guess it’s hoping we’ll forget about this soon).

To say nothing of the data it provides the government it collects as it transits overseas, perhaps in response to a polite request?

I’m actually most interested in Verizon’s claim it could not be required to turn over data stored overseas under Section 702.

Wouldn’t it primarily be served such a request under Section 703, which requires a warrant for electronic surveillance or access to stored communications of Americans overseas? Actually, I don’t know the answer to that — no one seems to, and I’ve been asking a lot of lawyer types.

But if Verizon says it can’t be served with an order for data stored overseas (in truth, many 703 orders must relate to searches conducted here on people who are physically overseas, but still), then the government isn’t using 703 in all the cases it is required to.

Whatever: the message to all you Europeans seems clear. Verizon would never let the government touch data it had in its own servers. Nosirree!

As far as data transiting its cables? All bets are off.

If by “Big Data” You Mean “Big Campaign Donations”

/8 Comments/in , /by

President Obama has named the people who will help John Podesta accomplish this task.

I have also asked my Counselor, John Podesta, to lead a comprehensive review of big data and privacy. This group will consist of government officials who—along with the President’s Council of Advisors on Science and Technology—will reach out to privacy experts, technologists and business leaders, and look at how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.

As I said in my annotations to Obama’s speech, effectively Obama responded “to a review by calling for another review,” but at least it would be a welcome first time he reached out to technologists.

Here’s the list:

That’s why in his speech, the President asked me to lead a comprehensive review of the way that “big data” will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy. I will be joined in this effort by Secretary of Commerce Penny Pritzker, Secretary of Energy Ernie Moniz, the President’s Science Advisor John Holdren, the President’s Economic Advisor Gene Sperling and other senior government officials.

I’ll outsource judging whether this amounts to reaching out to technologists to Chris Soghoian:

None of the big names named in the president’s “big data” review announcement are technologists. DC at its finest.

But I’m particularly interested in Penny Pritzker’s presence on the list.

After Cass Sunstein and Geoffrey Stone ended up being too independent to deliver the whitewash Obama wanted, he has picked one of his biggest campaign donors to review Big Data.

So I guess by “Big Data” we know what Obama meant.

Worse still, Pritzker heads up an Agency that — it is increasingly clear — serves a key role in offering carrots and sticks to coerce compliance from private companies with government data demands. And compliance not just for the purposes of defense of spying, but also for cyberoffense. Not exactly the kind of person who might expect candor from the Big Data companies likely to be coerced by the government.

Obama’s Dragnet: Policeman of the Whole World

/7 Comments/in , , /by

And don’t let anybody make you think that God chose America as his divine, messianic force to be a sort of policeman of the whole world. God has a way of standing before the nations with judgment, and it seems that I can hear God saying to America, “You’re too arrogant! And if you don’t change your ways, I will rise up and break the backbone of your power, and I’ll place it in the hands of a nation that doesn’t even know my name. Be still and know that I’m God.”

–Martin Luther King, “It’s A Dark Day In Our Nation

As I noted the other day, in his speech on the dragnet, President Obama acknowledged that our unique technical surveillance capabilities demands more humility, not less.

But America’s capabilities are unique. And the power of new technologies means that there are fewer and fewer technical constraints on what we can do. That places a special obligation on us to ask tough questions about what we should do.

Yet that concern about our unique technical capabilities quickly transformed into exceptionalism — a concern about how distrust stemming from our dragnet hubris would corrode our “leadership” position in the world.

Instead, we have to make some important decisions about how to protect ourselves and sustain our leadership in the world, while upholding the civil liberties and privacy protections that our ideals – and our Constitution – require. We need to do so not only because it is right, but because the challenges posed by threats like terrorism, proliferation, and cyber-attacks are not going away any time soon, and for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.

And that, in turn, became our role in protecting “our friends and allies as well.”

Our capabilities help protect not only our own nation, but our friends and allies as well. Our efforts will only be effective if ordinary citizens in other countries have confidence that the United States respects their privacy too. And the leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them, rather than turning to surveillance. In other words, just as we balance security and privacy at home, our global leadership demands that we balance our security requirements against our need to maintain trust and cooperation among people and leaders around the world.

This includes protecting them not just from terrorism and hackers, but from crime — including the crime of violating US sanctions.

In terms of our bulk collection of signals intelligence, U.S. intelligence agencies will only use such data to meet specific security requirements: counter-intelligence; counter-terrorism; counter-proliferation; cyber-security; force protection for our troops and allies; and combating transnational crime, including sanctions evasion.

Of course, a number of countries (much of Latin America) object to the way we fight crime (drug cartels) in their countries. But our pursuit of our own national security has literally turned us into the world’s policeman. Which Obama repeats again — our leadership role requires us to use our dragnet to fight terrorists and crime.

We will appoint a senior official at the White House to implement the new privacy safeguards that I have announced today. I will devote the resources to centralize and improve the process we use to handle foreign requests for legal assistance, keeping our high standards for privacy while helping foreign partners fight crime and terrorism.

How ironic, how prescient, that King spoke our arrogance breaking the backbone of our power. Not only does it threaten to break the ideological backbone of our hegemony — replacing our liberties with our policing — but it quite literally threatens to balkanize the communication backbone we’ve exploited to become that policeman.

President Obama seems to understand what a crisis this poses to our leadership. He does not, yet, understand that that leadership was not supposed to be policing the world.

The Schneier Briefing: Some Observations

/23 Comments/in /by

6 Congresspersons and a security researcher walk into an unsecure room. … And that’s the best briefing they can get on some of the things NSA might be doing.

This morning I spent an hour in a closed room with six Members of Congress: Rep. Logfren, Rep. Sensenbrenner, Rep. [Bobby] Scott, Rep. Goodlate, Rep [Mike] Thompson, and Rep. Amash. No staffers, no public: just them. Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn’t forthcoming about their activities, and they wanted me — as someone with access to the Snowden documents — to explain to them what the NSA was doing. Of course I’m not going to give details on the meeting, except to say that it was candid and interesting. And that it’s extremely freaky that Congress has such a difficult time getting information out of the NSA that they have to ask me. I really want oversight to work better in this country.

I’m as intrigued by the make-up of the group as I am by the fact they needed to do this.

Schneier makes it clear that Lofgren — who is not only a strong supporter of civil liberties, but also happens to represent Silicon Valley — set up the briefing. In addition to her House Judiciary Committee colleagues Sensenbrenner, Scott, and Goodlatte, she invited Amash (who’s not on the Committee but a loud defender of civil liberties — thanks, my Rep!), and N and E Bay Area Republican Democratic colleague Mike Thompson, who’s not a member of the Committee either, but is a member of the Intelligence Committee.

As I’ve noted, Goodlatte is not a named sponsor of USA Freedom; neither is Thompson (though Schneier describes them as all people who want to “rein in the NSA”).

And yet these are the individuals whom Lofgren chose to bring to this briefing.

Schneier, of course, is not focused on the actual spying that NSA is doing, but on the corruption of encryption, a threat to the business model of Lofgren’s district. [See Saul’s well-take correction here.]

Also note, while I’ve got real worries about some opponents to reining in the NSA in the Senate, I do think people are not considering the significance of the House Judiciary Chair, who voted against Amash-Conyers, increasingly complaining about the NSA.

I’m not sure what the best way to stop the NSA from making us all less safe (especially since NSA has apparently not even told HPSCI members what they’re doing). But I gather than Lofgren is trying to figure out a way to do so.

The Virgin Rebirth of CIA’s Drone Wars and NSA’s Cyberwars

/5 Comments/in , /by

The DC press is buzzing about how little President Obama will do tomorrow to rein in the dragnet. The most telling description of Obama’s thought process is this one, which makes it clear Obama worries about a backlash from the Deep State if their authorities are reigned in.

The emerging approach, described by current and former government officials who insisted on anonymity in advance of Mr. Obama’s widely anticipated speech, suggested a president trying to straddle a difficult line in hopes of placating foreign leaders and advocates of civil liberties without a backlash from national security agencies.

But two other developments probably reflect a better sense of where we’re headed: WaPo’s report that the Omnibus Spending bill defunds any effort to shift our drone war to DOD control.

Congress has moved to block President Obama’s plan to shift control of the U.S. drone campaign from the CIA to the Defense Department, inserting a secret provision in the massive government spending bill introduced this week that would preserve the spy agency’s role in lethal counterterrorism operations, U.S. officials said.

The measure, included in a classified annex to the $1.1 trillion federal budget plan, would restrict the use of any funding to transfer unmanned aircraft or the authority to carry out drone strikes from the CIA to the Pentagon, officials said.

The article names Barb Mikulski and Dianne Feinstein as possible culprits for this move.

Still, senior lawmakers have been vocal in expressing concern about the prospect of the CIA ceding responsibility for drone strikes to the military. Sen. Dianne Feinstein (D-Calif.), the chairman of the Senate Intelligence Committee and a member of the Appropriations Committee, said last year that she had seen the CIA “exercise patience and discretion specifically to prevent collateral damage” and that she “would really have to be convinced that the military would carry it out that well.”

[snip]

Among Feinstein’s colleagues on the Intelligence Committee is Sen. Barbara A. Mikulski (D-Md.), who is chairman of the appropriations panel responsible for the budget bill.

But I am skeptical such a thing would have happened without buy-in — if not direct orders — from John “Always Already Gone Native” Brennan (described as such by an anonymous Senior Administration Official who was shocked that Brennan was moving to keep the drone war contrary to the propaganda the White House had released while he was there).

Then there are the multiple reports on the spending bill’s doubling of CyberCommand’s budget to $447 million, largely to hire 4,000 more staffers (that compares with a less than 5% increase in the cyber budget for DHS, which is supposed to have the lead on domestic defense).

Whether or not Obama supports CIA retaining control of the drone war, he surely supports this doubling of CyberCommand’s budget, as it is consistent with Obama’s pre-emption, in December, of his Review Group’s recommendation to split NSA and CyberCommand. With that decision, Obama made it clear he intends to prioritize cyberoffense over cyberdefense of the US.

Obama’s going to get up tomorrow to try to pretend to respond to the many criticisms of his NSA’s dragnet. But whether because he has lost control of his wars to the Deep State, or because he wants to continue to approach risks using tools of war, the entities driving this issue seem to be the Deep State (and the contractors it keeps fat).

NSA: The Hegemon’s Economic Spying Is Okay, Unlike the Challenger’s Economic Spying

/6 Comments/in , /by

As part of an NYT story on implants the NSA has placed in 100,000 computers around the world, some of them via radio, it lists “trade institutions inside the European Union” among the targets for Computer Network Exploitation.

It must be particularly sensitive to that declaration above others, because the NSA spokesperson offers a tired excuse for why our economic spying is not bad, while China’s is.

While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.

“N.S.A.’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”

I wonder whether the people who parrot this line really have so little understanding of the distinctions between the way China’s government presses its economic advantage and the way we do? I wonder if they’ve never seen cables showing our diplomats pressuring other countries in ways that benefit specific, named US companies (or trade organizations), surely relying on intelligence gained from both SIGINT and HUMINT?

We are neither better or worse capitalists than China because of the way we spy. Both countries are cheating on behalf of ostensibly “national” companies (though cheating and illicitly gained intelligence are an established feature of even the best regulated markets).

For some reason the NSA thinks that so long as it doesn’t spy on one of the few remaining areas where the US has the biggest competitive advantage — its Intellectual Property — its economic spying is morally better than China’s economic spying.

That’s nonsense. It’s all cheating in the name of national strength. If it’s acceptable for us to do it, we really can’t perform moral outrage that our rivals are doing it.