What’s the Relationship Database About?

/23 Comments/in , /by

Atrios asks what the whole dragnet is about.

It’s actually a serious question. Maybe it’s just a full employment program for spooks. Maybe they just do it because they can. But the only “real” point to such an extensive surveillance system is to abuse that surveillance (the surveillance itself is already an abuse of course).

At best it’s a colossal fucking waste of money. At worst?

I actually think there are understandable answers for much of this.

Since Michael Hayden took over the NSA, contractors have assumed an increasingly dominant role in the agency, meaning you’ve got a former DIRNSA at Booz Allen Hamilton pitching future Booz VPs on solutions to keep the country safe that just happen to make them fabulously profitable and don’t happen to foreground privacy. As Thomas Drake showed, we’re pursuing the biggest and most privacy invasive solutions because contractors are embedded with the agency.

I think there’s the One Percent approach we got from Dick Cheney, that endorses maximal solutions to hunt terrorists even while avoiding any real accountability (both for past failures and to review efficacy) because of secrecy. We’re slowly beginning to wean ourselves from this Cheney hangover, but it is taking time (and boosters for his approach are well-funded and publicized).

And, at the same time, criminals and other countries have attacked our weak network security underbelly, targeting the companies that have the most political sway, DOD contractors and, increasingly, financial companies, which is setting off panic that is somewhat divorced from the average American’s security. The accountability for cybersecurity is measured in entirely different ways than it is for terrorism (otherwise Keith Alexander, who claims the country is being plundered like a colony, would have been fired years ago). In particular, there is no punishment or even assessment of past rash decisions like StuxNet. But here, as with terrorism, the notion of cost-benefit assessment doesn’t exist. And this panicked effort to prevent attacks even while clinging to offensive cyberweapons increasingly drives the overaggressive collection, even though no one wants to admit that.

Meanwhile, I think we grab everything we can overseas out of hubris we got while we were the uncontested world power, and only accelerated now that we’re losing that uncontested position. If we’re going to sustain power through coercion — and we developed a nasty habit of doing so, especially under Bush — then we need to know enough to coerce successfully. So we collect. Everything. Even if doing so makes us stupider and more reliant on coercion.

So I can explain a lot of it without resorting to bad faith, even while much of that explanation underscores just how counterproductive it all is.

But then there’s the phone dragnet, the database recording all US phone-based relationships in the US for the last 5 years. Read more

Angry Mom and First Principles: What is the Nature of a Broken Lock?

/21 Comments/in , /by

This won’t be a cool, calm, collected post like Marcy writes, because it’s me, the angry mom. You might even have seen me Tuesday afternoon in the school parking lot waiting to pick up a kid after sports practice. I was the one gripping the steering wheel too tightly while shouting, “BULLSHIT!” at the top of my lungs at the radio.

The cause? This quote by President Obama and the subsequent interpretation by NPR’s Ari Shapiro.

President Obama to ABC’s new Latino channel, Fusion (1:34): It’s important for us to make sure that as technology develops and expands and the capacity for intelligence gathering becomes a lot greater that we make sure that we’re doing things in the right way that are reflective of our values.

Ari Shapiro (1:46): And, Audie, I think what you’re hearing in that quote is a sense that is widespread in this administration that technological improvements have let the government do all kinds of things they weren’t able to do before. They tapped the German Chancellor’s personal cellphone and nobody really stopped to ask whether these are things they should be doing. And so that question, just because we can do something, well, does it mean we should be doing it, that’s the question that seems to be the focus of this review.

Bullshit, bullshit, bullshit.

Here, let me spell this out in terms a school-aged kid can understand.

photo, left: shannonpatrick17-Flickr; left, Homedit

This is a doorknob with a lock; so is the second closure device on the right.

The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced. The second lock’s technology might be more complicated and difficult to understand. But it’s still a lock; its intrinsic purpose is to keep unauthorized persons out.

If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.

If it’s law enforcement breaching that lock, they’d better have a damned search warrant or a court order, in the absence of a clear emergency or obvious crime in progress.

The argument that information technology has advanced to the point where the NSA blindly stumbles along without asking whether they should do what they are doing, or asking whether they are acting legally is bullshit. They have actively ignored or bypassed the proverbial lock on the door. It matters not where the lock is located, inside or outside the U.S.

The Washington Post’s revelation Wednesday that the NSA cracked Yahoo’s and Google’s SSLsecure sockets layer — is equivalent to evidence of deliberately busted door locks. So is the wholesale undermining of encryption systems on computers, cellphones, and network equipment revealed in reports last month, whether by weakened standards or by willfully placed holes integrated in hardware or software.

The NSA has quite simply broken into every consumer electronic device used for communications, and their attached networks. When the NSA was forced to do offer explanations for their actions, they fudged interpretations of the Constitution and laws in order to continue what they were doing. Their arguments defending their behavior sound a lot like a child’s reasoning. Read more

Keith Alexander: Armageddon for Thee But Not for Me

/17 Comments/in /by

The other day, I noted how in an essay touting his cybersecurity approach, Keith Alexander claimed that approach had permitted the US to be plundered like a colony.

Hardly a selling point.

I want to return to Alexander’s essay, but first, consider Bruce Schneier’s conception of the Internet as an increasingly feudal society. 

I have previously characterized this model of computing as “feudal.” Users pledge their allegiance to more powerful companies who, in turn, promise to protect them from both sysadmin duties and security threats. It’s a metaphor that’s rich in history and in fiction, and a model that’s increasingly permeating computing today.

Medieval feudalism was a hierarchical political system, with obligations in both directions. Lords offered protection, and vassals offered service. The lord-peasant relationship was similar, with a much greater power differential. It was a response to a dangerous world.

Feudal security consolidates power in the hands of the few. Internet companies, like lords before them, act in their own self-interest. They use their relationship with us to increase their profits, sometimes at our expense. They act arbitrarily. They make mistakes. They’re deliberately—and incidentally—changing social norms. Medieval feudalism gave the lords vast powers over the landless peasants; we’re seeing the same thing on the Internet.

[snip]

Most people, though, are stuck in the middle. These are people who have don’t have the technical ability to evade either the large governments and corporations, avoid the criminal and hacker groups who prey on us, or join any resistance or dissident movements. These are the people who accept default configuration options, arbitrary terms of service, NSA-installed back doors, and the occasional complete loss of their data. These are the people who get increasingly isolated as government and corporate power align. In the feudal world, these are the hapless peasants. And it’s even worse when the feudal lords—or any powers—fight each other. As anyone watching Game of Thrones knows, peasants get trampled when powers fight: when Facebook, Google, Apple, and Amazon fight it out in the market; when the U.S., EU, China, and Russia fight it out in geopolitics; or when it’s the U.S. vs. “the terrorists” or China vs. its dissidents.

[snip]

Without the protection of his own feudal lord, the peasant was subject to abuse both by criminals and other feudal lords. But both corporations and the government—and often the two in cahoots—are using their power to their own advantage, trampling on our rights in the process. And without the technical savvy to become Robin Hoods ourselves, we have no recourse but to submit to whatever the ruling institutional power wants.

Where we’re headed, Schneier says, particularly in the face of cybercriminals whose power is vastly magnified through technology, is increased servitude to both private corporations and governments, but that offers little protection when our pledged lords fight each other.

Now back to Alexander’s pitch that his approach to cybersecurity is best.

We need to embrace it, General Alexander suggests, because of the threat of Armageddon, the possibility that malicious actors will carry out a systemic attack that will result in a kind of Armageddon.

The features that allow all these infrastructure sectors to link together in cyberspace, however, also make them accessible to intruders from almost anywhere at a comparative minimum of cost and risk. The cyberdimension, therefore, adds an unprecedented degree of complexity and vulnerability to the task of defending ourselves against a modern-day “Armageddon” strategy.

The century-old dream and nightmare of crippling a modern society by wrecking its infrastructure—or just by disturbing its synchronization of functions—is now a reality others are dreaming of employing against the United States. We do not know how effective such a strategy would be against the United States in practice, but glimpses of global financial panics in recent years should raise concern about even partial “success” for an adversary attempting such an attack. [my emphasis]

Frankly, Alexander’s mention of the financial crash is a tell. He’s right that the damage Wall Street did reveals how damage accelerates in this globalized world, the possibility of an Armageddon. But no one (well, except for me!) has ever suggested NSA use its considerable power to guard against similar bankster-caused systemic disruptions in the future. Read more

Under Keith Alexander’s Guard, America Can Be Plundered Like a Colony

/22 Comments/in /by

Admittedly, Keith Alexander made things very easy on himself in this article on “Defending America in Cyberspace” by not mentioning the way DOD (or our ally, Israel) let StuxNet go free, not only exposing the attack on Iran, but also providing a map and code that others can use on us.

That reckless mistake and its potential consequences remains unmentioned, however, in the piece in which Alexander claims that his team has found and is implementing the magic formula for defending the country in cyberspace.

We have learned through two decades of trial and error that operationalizing our cyberdefenses by linking them to intelligence and information-assurance capabilities is not only the best but also the only viable response to growing threats.

We know how to defend the country, Alexander says. It involves creating security holes, then using them to find out who will attack us, all while living on the network and watching what private citizens are also doing.

But then Alexander utterly contradicts the claim that his team has found the successful formula by describing the sheer scale of successful attacks against the US, suggesting it rivals the plunder of the Mongols and the colonies (though curiously, not slavery).

Three times over the previous millennium, military revolutions allowed forces to conquer huge territories and forcibly transfer riches from losers to winners (namely, in the Mongol conquests of China, Russia and Baghdad; the Spanish conquests of the Americas; and the European empires in the nineteenth century). Remote cyberexploitation now facilitates the systematic pillaging of a rival state without military conquest and the ruin of the losing power. We have seen a staggering list of intrusions into major corporations in our communications, financial, information-technology, defense and natural-resource sectors. The intellectual property exfiltrated to date can be counted in the tens to hundreds of thousands of terabytes. We are witnessing another great shift of wealth by means of cybertheft, and this blunts our technological and innovative edge. Yet we can neither prevent major attacks nor stop wholesale theft of intellectual capital because we rely on architecture built for availability, functionality and ease of use—with security bolted on as an afterthought.

This repeats a claim he and others have made repeatedly, though after having been proven wrong about past claims about the scale of financial wealth transfer, he seems to have shifted to measuring the plunder that has occurred on his watch in terabytes, not dollars. Our country — which he has served in a key defense role for 8 years — has been plundered like a colony (I don’t buy this, mind you — I find the analogy downright offensive. But it is the argument he’s making).

In much of the rest of his paper, Alexander explains his future plans, which we should follow, he tells us, because he has been so successful that our country has been plundered like a colony.

I wonder. Might the most sane response to this paper be to, at a minimum, question what success looks like? At a minimum, might we discuss publicly some alternatives? And if being plundered like a colony is not our goal, perhaps we should consider whether what Alexander presents as the “only viable response” really is?

The Common Commercial Services OLC Memo and Zombie CISPA

/12 Comments/in , /by

Some time last summer, Ron Wyden wrote Attorney General Holder, asking him (for the second time) to declassify and revoke an OLC opinion pertaining to common commercial service agreements. He said at the time the opinion “ha[d] direct relevance to ongoing congressional debates regarding cybersecurity legislation.”

That request would presumably have been made after President Obama’s April 25, 2012 veto threat of CISPA, but at a time when several proposed Cybersecurity bills, with different information sharing structures, were floating around Congress.

Wyden asked for the declassification and withdrawal of the memo again this January as part of his laundry list of requests in advance of John Brennan’s confirmation. Then, after having been silent about this request for 8 months (at least in public), Wyden asked again on September 26.

It appears that Wyden had intended to ask the question of one of the witnesses at an open Senate Intelligence Committee hearing (perhaps Deputy Attorney General James Cole), but — having had warning of his questions (because he sent them to the witnesses in advance) — Dianne Feinstein and Susan Collins ensured there would not be a second round of questions.

As it happens, Wyden made the request for the memo two days after DiFi told The Hill she was preparing to advance her version of CISPA, and the day after Keith Alexander started calling for cybersecurity legislation again.

In a brief interview with The Hill in the U.S. Capitol on Tuesday, Feinstein said she has prepared a draft bill and plans to move it forward.

The legislation would be the Senate’s counterpart to the Cyber Intelligence Sharing and Protection Act, known as CISPA, which cleared the House in April.

CISPA would remove legal barriers that prevent companies from sharing information with each other and the government about cyber attacks. It would also allow the government to share more information with the private sector.

Since then, Alexander has pitched new cybersecurity legislation in an “interview” with the NYT, admitting he needs to be more open about his places for cybersecurity.

Now, the Executive Branch’s unwillingness to actually share the law as it interprets it with us mere citizens prevents us from understanding precisely what relationship this OLC memo has with proposed cybersecurity legislation — but Wyden made it clear in January that it does have one. But here are some things we might surmise about the memo:

  • The Administration is currently relying on this memo. If it weren’t using it, after all, it wouldn’t need to be revoked. That means that since at least January 14, 2011 (before which date Wyden and Russ Feingold first asked it be revoked), the Administration has had a secret interpretation of law relating in some way to cybersecurity.
  • The interpretation would surprise us. As Wyden notes, “this opinion is inconsistent with the public’s understanding of the law” (he doesn’t say what that law is, but I’ll hazard a guess and say it pertains to information sharing). It’s likely, then, that some form of online provider has been sharing cyber-intelligence with the federal government under some strained interpretation of our privacy protections (and, probably, some kind of Attorney General assurances everything’s cool).

Let’s use the lesson we learned during the FISA Amendments Act where the telecoms were clambering for the legislation and the retroactive immunity, but the Internet companies were grateful for “clarity,” but explicitly opposed to retroactive immunity. When we learned the telecoms had been turning over the Internet companies metadata and content, this all made more sense. The Internet Companies wanted the telecoms to be punished for stealing their data.

In this case, in the first round of CISPA (which had broad immunity protections), Facebook and Microsoft were supporters. But in this go-around (which has still generous but somewhat more limited immunity), the big supporters consist of:

  • Telecoms (AT&T, Verizon; interestingly, Sprint did not sign a letter of support)
  • Broadband and other backbone providers (Boeing, Cisco, Comcast, TimeWarner, USTelecom)
  • Banks and financial transfer
  • Power grid operators and other utilities

Now, who knows with which of these entities the government is already relying on this common commercial services memo, which of our providers we believe have made some assurances to us but in fact they’ve made entirely different ones.

But I will say the presence of the telecoms, again, angling for immunity for information sharing, along with their analogues the broadband providers does raise questions. Especially considering Verizon Exec’s trash talking about consumer-centric Internet companies that don’t prioritize national security.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

After all, the telecoms have a history of willingly cooperating with the government, even if it bypassed the protections offered by Internet companies, even if it violated the law. Have they been joined by big broadband?

Well, DOJ could clear all this up by revoking and releasing the memo. Until they do, though, my wildarsed guess is that those operating the Toobz in the country — the telecom and broadband companies — have already started sharing consumers’ data that a plain reading of the law seemingly wouldn’t permit them to do.

NSA’s Section 702 Success: 150 Gigs of Defense Contractor Data Protected

/3 Comments/in , , /by

Screen shot 2013-10-21 at 9.59.11 AMOver four months ago, I noted that the most impressive success touted in James Clapper’s fact sheet on Section 702 pertained to cybersecurity, not terrorism.

Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States, including specific potential network computer attacks. This insight has led to successful efforts to mitigate these threats.

Le Monde, as part of its package on US spying on France, published yet another version of the PRISM slide presentation, including this slide (and 2 others that haven’t been published before; h/t Koen Rouwhorst).

While I’m not sure we’re yet looking at the complete PRISM slideset, at least as it stands, this slide tells the sole success story in the presentation. It describes how, on December 14, 2012, the NSA/CSS Threat Operations Center alerted the FBI to an implant on a Defense contractor’s network. The FBI and the contractor managed to take action that same day to prevent the exfiltration of 150G of data.

And thus using upstream collection (the slide cites Stormbrew), the NSA managed to do something equivalent to stopping China from getting yet another module of data on the F-35 development to go along with all the other data it has stolen.

While I’m glad the NSA prevented yet more tax dollars to be wasted on secrets China (or someone like them) was going to steal anyway, I am rather interested that this gets touted internally as Section 702’s big success story.

After all, Keith Alexander has been chanting terror terror terror terror for the last four months. It turns out — as I’ve been saying all along — it’s not about the 54 mostly overseas plots Section 702 has helped to thwart, it’s about cybersecurity.

Moreover, it doesn’t involve someone’s personal communications access via PRISM. It involves upstream collection (this also suggests when NSA describes searching for “selectors” in upstream collection, it searches on more than just emails and phone numbers, as it has previously suggested).

Again, this success is in no way a bad thing–kudos to the NSA for catching this.

It just highlights how we’re being sold a dragnet to protect against hackers based on fear of terrorists.

Update: In a Guardian post today, I argue Obama should use the replacement of Keith Alexander as an opportunity to break up NSA.

Metaphorically, the NSA has pursued its search for intelligence by partly disabling the locks to all our front doors. Having thus left us exposed, it demands the authority to be able to enter our homes to look around and see if those disabled locks have allowed any nasty types to get in.

Given the way the NSA’s data retention procedures have gone beyond the letter of the law to allow them to keep Americans’ data if it presents a threat to property (rather than just a threat of bodily harm), while the NSA is looking for nasty types, they might also make sure you don’t have any music or movies for which you don’t have a receipt. Thus it has happened that, in the name of preventing invaders, the NSA has itself invaded

Does This Provide Insight into Obama’s Relative Silence?

/13 Comments/in , /by

The US Ambassador to Britain, Matthew Barzun, went on the Beeb and declined to criticize Edward Snowden.

Asked if he shared the UK security services’ concerns about the threat to national security from the leaks, he said he wanted to focus on the “importance of having this debate about what the trade-offs are between security and privacy, between transparency and secrecy, and to do so in a way that protects whistleblowers – which is different, by the way, from wholesale releasing of information, hundreds of thousands of documents”.

This is a remarkable statement from someone at the heart of what must be touchy relations between the NSA and GCHQ and the US and Brits more generally (if complaints about prior US leaks serve as predictor).

Moreover, it might vocalize some of the reluctance on President Obama’s part to aggressively defend the NSA’s violation of laws authorizing surveillance.

Don’t get me wrong. I don’t believe Obama welcomes any real debate. The conduct James Clapper’s Committee to Make Us Love the Dragnet makes that all too clear. Rather, I suspect Obama believes he can win the debate, and convince us all that we need an even bigger dragnet. (Which might explain the inclusion of Cass Sunstein on the Committee to Make Us Love the Dragnet.)

I suspect Obama, having been convinced by partial briefings the dragnet is great for America, also believes he can persuade the rest of us (who aren’t stuck in his partial briefing bubble) to love it too.

Certainly, his Ambassador to Britain seems to have been permitted to adopt the same stance.

Not Breaking: Keith Alexander to Be Allowed to Retire Unscathed; Breaking: NSA

/14 Comments/in , /by

We’ve actually known for some time that Keith Alexander was retiring shortly. So Reuters’ headline reporting it (and the departure of Alexander’s Deputy John Inglis) is not news.

Screen shot 2013-10-16 at 5.38.14 PM

But mega kudos to the person who dubbed Alexander the “eavesdropping agency chief.”

One important implication of this headline though is,

Alexander will not be fired, much less criminally charged, for serial lies to Congress

Not to mention the fact that James Clapper will, as far as we know, remain employed and free.

All that said, the overall point of Reuters’ story is important. This presents Obama with an opportunity to set a new direction for NSA.

While both men are leaving voluntarily, the dual vacancies give Obama an opportunity both to install new leadership following Snowden’s revelations and to decide whether the NSA and Cyber Command should have separate leaders.

Cyber Command, which has grown significantly in recent years, has the authority to engage in both defensive and offensive operations in cyberspace. Many NSA veterans argue that having the same person lead the spy agency and Cyber Command diminishes the emphasis on the NSA’s work and its unique capabilities.

I say go even bigger than this: break up this Frankenstein contraption and split NSA’s defensive function from its offensive ones entirely. And while we’re at it, let’s move it out of DOD.

Noah Shachtman wrote a piece describing how to do this so long ago he actually referred to “the agency that tapped AT&T switching stations (OK, OK, allegedly)” instead of “the agency FISC deemed in violation of the Fourth Amendment for collecting US person data at AT&T’s switches.”

NSA headquarters — the “Puzzle Palace” — in Fort Meade, Maryland, is actually home to two different agencies under one roof. There’s the signals-intelligence directorate, the Big Brothers who, it is said, can tap into any electronic communication. And there’s the information-assurance directorate, the cybersecurity nerds who make sure our government’s computers and telecommunications systems are hacker- and eavesdropper-free. In other words, there’s a locked-down spy division and a relatively open geek division. The problem is, their goals are often in opposition. One team wants to exploit software holes; the other wants to repair them.

[snip]

A broken-out bureau — call it the Cyber Security Agency, or CSA — that didn’t include the spooks would obviate this conflict. Read more

The NSA Hides Its Domestic Collection by Refusing to Count It

/9 Comments/in , /by

In his speech at Cato last week Ron Wyden made it clear that when he asked Keith Alexander and James Clapper in advance of the reauthorization of the FISA Amendments Act for the number of Americans’ communications that had been collected under Section 702, he meant to elicit the estimates John Bates made in his October 3, 2011 opinion.

I spent much of 2012 asking the NSA and the DNI [Director of National Intelligence] whether anyone had done an estimate of how many American communications had been collected under section 702. The ODNI and the NSA insisted that such an estimate was impossible, but what they failed to tell the public was that the Fisa court had already done one.

Bates had the NSA conduct a manual review of a statistical subsection of 50,440 transactions collected via upstream collection between January and June 2011. (Note, it appears Bates may have had to raise dire warnings with “top DOJ officials” on July 8, 2011 before he got such a review.) He then annualized the results and estimated that the NSA was collecting up to 56,000 communications of Americans each year, made up of 46,000 communications consisting entirely of an American’s communication (Single Communication Transactions), and 10,000 in which their communication got included in a Multiple Communication Transaction swept up in the search.

Given what we’ve learned about the 2011 confrontation, Wyden’s serial requests for this information take on added importance for two reasons.

Administration never disclosed its domestic collection to the most Members of Congress

First, because the Administration very pointedly did not inform the bulk of Congress that NSA had been — and had been allowed to continue — collecting purely domestic communications from telecom switches. Neither the February 9, 2012 statement to the Senate Intelligence Committee nor the May 4, 2012 notice to Congress provided any indication that this violation involved collecting domestic communications (the December 8, 2011 statement to the House Intelligence Committee did, and both Committees, presumably as well as the Judiciary Committees, received the opinion itself, which makes that clear). It’s also not clear whether any of these notices included any mention of the SCTs, those single communication transactions involving just a US person communication.

Read more

I Con the Record Admits All This Spying Also Serves Counterintelligence

/10 Comments/in , , /by

Screen shot 2013-10-04 at 6.02.34 PMJames Clapper has a statement up at I Con the Record trying to dismiss any concerns that the US is using the same kind of technologies as China uses against its people to crack Tor.

As per usual, Clapper complains that the stories don’t paint the Intelligence Community in the light they’d like to be described.

In particular, he complains that — notwithstanding the Guardian’s publication of NSA’s graphic suggesting every Tor communication hides a bearded terrorist — the stories haven’t emphasized the “very naughty” targets of this spying.

However, the articles fail to make clear that the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.

But that complaint comes with a new admission, one that has been all but unmentioned since when, on June 10, Clapper’s most impressive PRISM success story pertained to cybersecurity. For the first time in quite a while, Clapper today acknowledged NSA uses this not only for counterterrorism and other foreign targets, but also counterintelligence.

The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of US citizens.

Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans. [my emphasis]

The admission is important not just because Clapper and Keith Alexander have consistently been trying to hide the cybersecurity application of this. But because it makes clear that NSA requires no foreign nexus to target Tor communications.

Which they couldn’t well require in any case, since the design of Tor ensures the government can’t know whether an encrypted message is a domestic or foreign communication.

Of course, once you include counterintelligence (and threats to property) as a valid excuse to keep encrypted communications indefinitely and even to compromise people’s computers (see slide 16), particularly in an environment where leaks of even unclassified information are treated as spying, then the distinction between “citizens” and “targets” crumbles.