Thursday, July 31, 2014

No, the CIA didn't spy on other computers

The computer's the CIA spied on were owned and operated by the CIA.

I thought I'd mention this detail that is usually missing from today's news about the CIA spying on Senate staffers. The Senate staffers were investigating the CIA's torture program, reviewing classified documents. The CIA didn't trust the staffers, so they setup a special computer network just for the staffers to use -- a network secured and run by the CIA itself.

The CIA, though, spied on what the staffers did on the system. This allowed the CIA to manipulate investigation. When the staffers found some particularly juicy bit of information, the CIA was able to yank it from the system and re-classify it so that the staffers couldn't use it. Before the final report was ready, the CIA was already able to set the political machine in motion to defend itself from the report.

Thus, what the CIA did was clearly corrupt and wrong. It's just that it isn't what most people understand when they read today's headlines. It wasn't a case of the CIA hacking into other people's computers.

Many stories quote CIA director Brennan who said earlier this year:
I think a lot of people who are claiming that there has been this tremendous sort of spying and monitoring and hacking will be proved wrong
Many stories (like this one) claim that it's Brennan who was proven wrong, but instead, he was proven right. The investigation showed that at no time did the CIA hack anybody else's computer.


In pointing out the truth many people assume that I'm defending the CIA. I'm not. The torture program was morally wrong and beneath us as a country. Surreptitiously spying on the investigators into the program is clearly corrupt, and all involved need to be fired -- even if it turns out no law was broken (since it was the CIA's own computers).

I'm outraged, but believe we should be outraged by the right things, not the distorted story in the news. Seriously, I can't be more outraged at how the CIA revoked the declassification of things the staffers found useful to their investigation. It's not the spying (of their own computer) that angers me so much as their corrupt actions the spying enabled.



Update: @grayrisk points to this Lawfare blogpost with specifics. As you can see, CIA sysadmins had access to the system to administer it, but otherwise the system was supposed to be segregated from the rest of the CIA.
http://www.lawfareblog.com/2014/03/ssci-v-cia-three-key-questions/


1 comment:

Chris Sternal-Johnson said...

If I'm the DBA at a bank and I use that access to siphon off SSNs, I'm going to get charged with unauthorized access even though my privileges were legitimately obtained.

Same thing here. They weren't supposed to be accessing those computers in that manner, making it unauthorized access.