A US intelligence chief has requested Congress to renew a controversial set of capabilities that allow snoops to spy on electronic communications without a warrant in the name of combating terrorism and other things. The loss of Section 702 of the Foreign Intelligence Surveillance Act (FISA) would cause American spies to “lose critical insights into the most significant threats to our nation,” according to NSA director general Paul Nakasone, who made this statement to the Privacy and Civil Liberties Oversight Board yesterday.
In his speech, Nakasone referred to Section 702 as “irreplaceable,” To support his claim, he cited multiple instances in which the FBI and NSA worked together to prevent terrorist plots and cyberattacks.
Since it was added to the Foreign Intelligence Surveillance Act in 2008, Section 702 has been a source of disagreement between civil liberties groups and those who believe that, as long as you are not a terrorist, a little harmless observation by Uncle Sam is acceptable.
NSA has long held that Section 702 saved American lives
Although disclosed papers revealed that Section 702 was regularly used against US citizens, despite the law’s explicit intent to apply to foreign targets exclusively, the NSA has long held that it saved American lives and defended the nation and its allies.
During hearings on its last renewal in 2017, the NSA was questioned about using Section 702-gathered data to monitor US citizens, but it declined to reveal numbers. “Seems like baloney to me … It’s the greatest intelligence service on the planet. You’d think they’d be able to know that,” House Representative Jim Jordan (R-OH) said during the hearings.
Records, which this time are public knowledge before renewal hearings, beg to disagree. Whether that will alter the result is an entirely different matter. Protecting America’s natural resources is the US Department of the Interior’s duty. Still, if its systems continue to be as insecure as those found in a recent Office of the Inspector General study, it may be challenging to fulfil this duty.
The OIG stated that “We found that the Department’s management practises and password complexity requirements were not sufficient to prevent potential unauthorized access to its systems and data.” There is no better method to communicate the results than in the report itself.
Unethical behaviours discovered in DOI systems
According to the OIG, numerous unethical behaviours discovered in DOI systems were also responsible for the 2021 Colonial Pipeline ransomware attack. Inspectors were able to figure out 16% of the agency’s passwords during the first 90 minutes of their investigation. 362 of the accounts it was able to access belonged to senior US Government workers, and 288 had high rights.
The OIG also claimed that password complexity restrictions were”outdated and ineffective … allow[ing] unrelated staff to use the same inherently weak passwords—meaning there was no rule to prevent this practice.” This multifactor authentication wasn’t regularly used at the DOI.
Inspectors discovered that the DOI also failed to deactivate inactive accounts or enforce password age restrictions, leaving over 6,000 additional accounts open to attack.