
Today I Briefed Congress on the NSA - edwintorok
https://www.schneier.com/blog/archives/2014/01/today_i_briefed.html
======
bargl
On his blog Schneier comments that this meeting was kept small on purpose. I
wanted to see who was present at this meeting so I looked up some of their
information. Not hard to find, but here you go. I plan on emailing each of
them and thanking them for consulting someone the tech industry considers a
Security SME.

Rep. Logfren (Democratic)
[http://lofgren.house.gov/biography/](http://lofgren.house.gov/biography/)
Wikipedia -
[http://en.wikipedia.org/wiki/Zoe_Lofgren](http://en.wikipedia.org/wiki/Zoe_Lofgren)

Rep. Sensenbrenner (Republican)
[http://sensenbrenner.house.gov/biography/](http://sensenbrenner.house.gov/biography/)
Wikipedia -
[http://en.wikipedia.org/wiki/Jim_Sensenbrenner](http://en.wikipedia.org/wiki/Jim_Sensenbrenner)

Rep. Scott (Democratic)
[http://www.bobbyscott.house.gov/biography/](http://www.bobbyscott.house.gov/biography/)
Wikipedia -
[http://en.wikipedia.org/wiki/Bobby_Scott_%28U.S._politician%...](http://en.wikipedia.org/wiki/Bobby_Scott_%28U.S._politician%29)

Rep. Goodlate (Republican) [http://goodlatte.house.gov/pages/about-
bob](http://goodlatte.house.gov/pages/about-bob) Wikipedia -
[http://en.wikipedia.org/wiki/Bob_Goodlatte](http://en.wikipedia.org/wiki/Bob_Goodlatte)

Rep Thompson (Democratic)
[http://mikethompson.house.gov/biography/](http://mikethompson.house.gov/biography/)
Wikipedia -
[http://en.wikipedia.org/wiki/Mike_Thompson_(California_polit...](http://en.wikipedia.org/wiki/Mike_Thompson_\(California_politician\))

Rep. Amash (Republican) [http://amash.house.gov/about-me/full-
biography](http://amash.house.gov/about-me/full-biography) Wikipedia -
[http://en.wikipedia.org/wiki/Justin_Amash](http://en.wikipedia.org/wiki/Justin_Amash)

Edit: Cleaned up one of the links and got rid of a repetitive sentence.

~~~
logn
(If you use Facebook) I recommend following Rep. Amash as he explains every
one of his votes in a status update. It's a great way to stay informed, and he
actually approaches his decisions with sensible reasoning you'll enjoy
(regardless of your political leanings).

~~~
asperous
Wow that's really amazing. I really like this approach because it's
transparent and really feels like he's representing his Michiganites.

So often when I email my reps about their decisions I get canned response that
don't answer the question, but Justin really does explain it.

~~~
bitops
Nit: Michiganders.

------
Zelphyr
"...Congress has such a difficult time getting information out of the NSA that
they have to ask me."

THIS PEOPLE! THIS is why the Snowden revelations are such a big deal! We have
a rogue branch government with arguably little to no oversight!

~~~
phaus
They might not know what the NSA is up to, but they sure as hell created the
mechanisms that led to that predicament.

~~~
sp332
Congress required the NSA to clear some things with a court. The NSA lied to
the court; that's not Congress's fault.

~~~
phaus
I didn't say that it was their fault that the NSA lied. Its their fault that
secret courts, the Patriot Act, and a number of other things exist. Its also
their fault that the constitution has been systematically undermined for the
last four decades.

It was hilarious watching a bunch of congressmen feign disbelief when they
know that its their fucking fault. Its depressing watching the public believe
them. If they really didn't know this was going on, they would be trying
harder now to stop it instead of passing legislation to solidify the NSA's
position.

The only thing that we can be certain of, is that our elected representatives'
response to these revelations is going to be disappointing, misguided, and
inadequate.

~~~
rhizome
This all sounds very nihilistic and myopic. It's like saying I'm responsible
for drones because I voted in an election for one of two candidates who were
going to use them anyway. Credit where due, and I'm certainly not letting
Congress off the hook, but your argument boils down to "well, Congress allowed
them to _exist_ ," and I'm even less inclined to let the NSA off the hook. I
have higher standards than, "well, that's just the way they are."

~~~
phaus
I didn't let the NSA off the hook, I was just commenting on the absurdity of
congress acting like this wasn't the obvious outcome of decades of bad
leadership and bad legislation.

------
tokenadult
Schneier links to a Wikipedia article about Sensitive Compartmented
Information Facilities (SCIFs) and explains that he wanted to speak to the
members of Congress in such a facility, but could not do so because he is
denied access to such facilities as someone without the appropriate security
clearances. And that puzzled me, and prompted me to read the Wikipedia article
after reading Schneier's blog post submitted here, because I had been told
years ago, when I definitely did not have the appropriate level of clearance
for a SCIF (as I have never had and probably never will have) that I did have
access to a special hearing room for one of the congressional intelligence
oversight committees. I was inside the room at the time, with foreign
visitors. (I was there as the interpreter for the foreign visitors.) I saw the
hearing room back in the 1980s, as I recall, as part of a people-to-people
program funded by the United States government that brought over people from
other countries to look at how society works in the United States. The look
inside the secure room was part of learning about how intelligence agencies in
the United States are overseen by Congress. It was represented to us that when
the room in the Capitol was closed up, it was impervious to any then-known
form of surveillance. So now what Schneier says has me puzzled about whether
or not there is any level of secure room between what he calls a "regular
room" and a room that a United States citizen can only enter with a very high
level of security clearance. It seems to me that there ought to be some kind
of in-between room like that, precisely for meetings like the one Schneier
just had. That would be better for effective congressional oversight, I think.

~~~
phaus
There are standard processes in pretty much every government organization for
escorting uncleared personnel into a SCIF. The fact that they chose not to in
this case might indicate that they aren't taking this seriously.

~~~
RyJones
Or that one wasn't open. Schedule tetris for Congresspeople and a SCIF might
be a hard problem.

------
rdl
It makes sense that you need TS/SSBI and the correct SAP read-in to be inside
a given SCIF belonging to a SAP; otherwise one might leave a recording device
or otherwise damage the integrity of the SCIF. Plus, the SCIF would need to be
cleared of all sensitive materials before you entered.

Clearing a SCIF, letting someone inside, then recertifying it would probably
be the correct choice; It could be done, of course, but it's not cheap. (You
can also potentially keep the person under observation the whole time, but
given the purported Chuck Norris powers of Bruce Schneier, that seems
insufficient.)

~~~
strathmeyer
I'm not sure if you understand. Bruce knows the top secret information because
he read it in the leaks. The government officials can lose their security
clearance for admitting to discussing top secret things with him.

~~~
rdl
They are clearly in the direct performance of their lawful duties. It is like
a counterintelligence professional talking to a suspect and learning what he
knows. Plus, Congress is called out in the Constitution as special, due to
situations like this.

------
shmerl
This could be almost hilarious if it wasn't so sad. The Congress has to be
briefed by someone with access to leaked documents to get an idea what a
government agency is doing, because the later "is not forthcoming".....

------
AnimalMuppet
Imagine that the NSA was only doing legitimate, useful, necessary, highly
secret things (humor me here).

Can they brief Congress on what they're doing? All 535 publicity-seeking
chatterboxes? No way. That's the same as issuing a press release.

So not telling Congress everything is (in principle) necessary. But who are
these representatives Schneier briefed? Are they on the Intelligence
Committee? If so, and they still can't get straight answers out of the NSA,
that's a big deal. (And maybe the rest of Congress is saying that they don't
think that the Intelligence Committee has done an adequate job of oversight.)

~~~
KingMob
> Can they brief Congress on what they're doing? All 535 publicity-seeking
> chatterboxes? No way. That's the same as issuing a press release.

Absolutely not. Keeping your (nominal) overseers appraised of your activities
is not the same thing at all as informing the whole world in front of cameras.
Your implicit argument is that Congress couldn't be trusted with the secrets
the NSA would reveal. But this is countered by opinting out that the NSA can't
be trusted with the secrets it _has_.

~~~
AnimalMuppet
Congress (all of it) should be briefed on the overview. The details (some of
which are, rightly, classified)? No way. That's pretty much the established
way of dealing with classified information - all of Congress does not get to
know the details.

> ...the NSA can't be trusted with the secrets it has.

Very true.

~~~
canvia
Made even more apparent by a contractor having access to so many of their
"secrets".

------
higherpurpose
The Intelligence committees and the FISA Court need to be overhauled, to start
with. Clearly there's not enough/proper oversight of the agency.

I don't know how they do it now, but the Intelligence committees should also
brief the rest of Congress at least twice a year, and I think they should be
allowed by explicit laws to declassify anything they want in that briefing. No
approval from the White House or anyone else needed. They are, after all, the
ones that are supposedly in charge with oversight of the intelligence
community.

So next time someone like Ron Wyden _knows_ the agency is lying to the public,
he should be able to tell the rest of the Congress in the briefing, all by
himself (he shouldn't need approval from the rest of the committee), and it
should be defined in laws that he's allowed to do that, just so there's no
confusion, and no fear of repercussion.

~~~
rprospero
The thing is that they already have the framework to do this. A senator is
immune from prosecution for anything state on the floor of the senate. If
Wyden is on the senate floor, he could read off the nuclear launch codes and
there's not a damn thing that the executive can do about it. Furthermore, the
senate has closed sessions. They had one just a couple of years ago for the
START treaty. A senator could take the floor, tell the rest of the senate
about any classified material they like, and the information isn't released to
the public unless the Senate votes to remove the injunction of secrecy, so the
information remains secure. Even if the injunction is removed, the senator is
still protected by some fairly strict constitutional privilege.

This seems to be a solved problem.

~~~
valarauca1
Actually I'd bet good money if a senator basically starting reading the
details of NSA drag net plan on the senate floor they'd be prosecuted by some
court for aiding terrorism, or not being American enough.

~~~
gizmo686
Ignoring the political implications for prosecuting a congressperson for
leaking on the NSA, you have a lot of legal precedent to overcome.

Article 1, Section 6 (the speech and debate clause) of the US constitution
states:

"...and for any Speech or Debate in either House, they [Senator or
Representatives] shall not be questioned in any other Place."

In the case of Gravel v. United States, Senator Mike Gravel read the Pentagon
Papers into the congressional record. This was held as protected.

~~~
hirammcdaniels
They can, however, be questioned in that Place. The House is certainly welcome
to impeach a house member who reads launch codes on the floor.

~~~
thyrsus
I wonder if 00000000 was ever read into the congressional record?
[http://arstechnica.com/tech-policy/2013/12/launch-code-
for-u...](http://arstechnica.com/tech-policy/2013/12/launch-code-for-us-nukes-
was-00000000-for-20-years/)

------
vaadu
There is no oversight except on paper.

You can't have oversight unless you have expertise in the area you oversee.

You can't have oversight unless the overseers can impose immediate
consequences upon the overseen.

Without these you are nothing but a spectator.

~~~
syntern
Might be related to the topic:

One aspect of the Dilbert-universe the pointy-haired boss who has no
expertise, yet he imposes immediate consequences upon the overseen. In
contrast, if we are calling for management that does (understand) code, we are
calling for management that have expertise.

This begs the question: who would be able to oversee the agencies _with
expertise_ , ever?

~~~
antsar
Sn^H^Ha former employee/contractor?

~~~
tedivm
You mean like the revolving door between financial regulators and the banks
they oversee?

------
ChrisAntaki
Currently, the Intelligence Committees have special access to top secret
information. Every member of Congress should have this.

~~~
belluchan
With 535 of them not including staff, they really shouldn't. And clearance
isn't enough, you also have to have a need to know. We just need a system of
oversight that works well.

~~~
mahyarm
With the amount of NSA staffers and people who have clearance being well above
that number, really?

~~~
bri3d
"Clearance" isn't supposed to be some magic card that lets someone go find
every document marked with their level of "clearance." It's just a permission
to receive knowledge marked with that level of "clearance" as necessary to do
one's job.

NSA staffers have defined roles and are given information on a need-to-know
basis. Obviously the Snowden leaks proved that at least for a sysad, the
technical component of the need-to-know restriction was broken, but that's how
it's _supposed_ to work.

For Congressional oversight to be useful, Congress (or a subset) need a
_higher_ level of access than that given to the NSA themselves - the ability
to ask for _any_ information and have it given to them.

That's a pretty powerful tool, so I don't think the "well NSA has lot of
people" counter is valid.

~~~
cdash
So instead the people who make our laws should be blind to the results of
those laws or anything that is happening outside of the laws they have
written.

------
chippy
What's a "SCIF"?

Edits: my guess: (Secure Communications Internal Facility)

~~~
jaryd
Sensitive Comparmented Information Facility: In United States security and
intelligence parlance, a Sensitive Compartmented Information Facility (SCIF;
pronounced "skiff") is an enclosed area within a building that is used to
process Sensitive Compartmented Information (SCI) types of classified
information.

[https://duckduckgo.com/Sensitive_Compartmented_Information_F...](https://duckduckgo.com/Sensitive_Compartmented_Information_Facility)

~~~
SEJeff
Depending on the level, they often have TEMPEST shielding aka faraday cages to
prevent leakage of electromagnetic signals from computers and whatnot. (google
Van Eck Phreaking for some ideas on why heh)

~~~
davidw
Or you could read Cryptonimicon, which is a lot slower, but more fun:

[http://www.amazon.com/Cryptonomicon-Neal-
Stephenson/dp/00605...](http://www.amazon.com/Cryptonomicon-Neal-
Stephenson/dp/0060512806?tag=dedasys-20)

Startups and science fiction... that book is a favorite of mine.

~~~
cwp
It's more historical fiction than science-fiction.

~~~
davidw
Yeah, but it still feels like science fiction for some reason.

~~~
mullingitover
I think it's Enoch Root that really pushes it into sci-fi territory. He's also
a major character in The Baroque Cycle, implying that he's several hundred (or
more) years old.

------
peterkelly
"Chief, shouldn't we use the Cone of Silence?"

~~~
redknight666
LOL. I remember watching it when I was a child.

------
donohoe
Webcache version:

[http://webcache.googleusercontent.com/search?q=cache:https:/...](http://webcache.googleusercontent.com/search?q=cache:https://www.schneier.com/blog/archives/2014/01/today_i_briefed.html)

------
aantix
>Of course I'm not going to give details on the meeting, except to say that it
was candid and interesting.

Why wouldn't he?

~~~
gizmo686
A group of congresspeople agree to have a candid conversation with you behind
closed doors, and you publicize the details of what was said. Good luck
getting another conversation with anyone.

~~~
RyJones
it also weakens the congresspeople's position the next time they talk to the
NSA if the NSA knows the limits of what they know.

------
clubhi
The obvious answer to me seems to have multiple disjoint intelligence
committees.

------
Helianthus
It's good to know that we do have some legislators on (essentially) our side,
even if their hands are, presently, tied.

~~~
chippy
This is incredibly important. It means that there is hope, that the government
is not some evil conspiracy, that there are people in power, people like
ourselves.

The film Enemy of the State, and conspiracy theories mean that normal people
think it is the status quo that our lives are under 100% surveillance and that
they are powerless. In a way its been argued that this is quite comforting.
Imagine a world where no-one knows what they are doing versus imagining a
world where there is a conspiracy, an evil plan. What this type of public
culture makes and what the worst conspiracy theories do is make politics seem
hopeless, encourages apathy and reduces trust in politicians. At the same time
it makes it easier for the real abusers of power to get away with it.

The recent phone tapping cases in the US being a point in case. Everyone
thought it was going on all the time anyhow, so when it was revealed no one
was suprised, and so the consequences were slight.

To know that those in power do actually think, and do listen, and do believe
in the political process is very very vital.

------
blahbl4hblahtoo
I was just listening to Slate's political gabfest podcast...they talked about
the NSA. It occurred to me that the media is still only talking about phone
call metadata while the rest of us have been in the weeds of the rest of their
activities, which are far more intrusive than metadata...

How do you get that message to people?

