Hacker News new | comments | show | ask | jobs | submit login
ST-09-0002 NSA/CSS OIG Draft about Stellar Wind (2009) [pdf] (documentcloud.org)
53 points by rdl 1486 days ago | hide | past | web | 16 comments | favorite

Second, in March 2003, the IG advised General Hayden that he should report violations of the Authorization to the President. In February of 2003, the OIG learned of PSP incidents or violations that had not been reported to overseers as required, because none had the clearance to see the report.

And you thought your organizational problems were tough.

"(TS//SI//NF) General Hayden stated that he never asked for or read the OLC legal opinion supporting the PSP. The Deputy GC stated that it was his understanding that the [legal] opinion [supporting authorization] was not shared with the NSA because it was considered confidential legal advice to the President."

So he didn't want to know it because "President says it's cool, and if it's not, well that's his problem, not mine." Except when you have this level of secrecy, it takes an extraordinary act like Snowden to shed any light on the matter and bring about legitimate criticism. So many levels of negligence here...

So, the NSA was known to tap, track and view Obama's comms in the past - but at the same time they claim to not read some info because they are "respecting the legal advice as confidential"?

Where does the crazy hypocrisy stop with these people. I think they are all absolutely insane.

Technically this probably should be tagged as (2009). It's also technically a (TOP SECRET/STLW/ORCON/NOFORN) document, so if you have a clearance, you shouldn't be viewing it. (if you don't have a clearance, you also shouldn't be viewing it, but that's someone else's problem...)

Those with a clearance can just glance at the top of the document and see that they shouldn't read it, right?

The only reason to worry is if you believe that your accessing of this document is being tracked by the authorities ...

Pretty remarkable that this means that folks with a clearance will end up with less information than those without one.

Is this a commonly-discussed problem in the security world? Is there an exception granted for publicly-disseminated information (such as leaks published in newspapers)?

There is no exception. When Wikileaks posted its cables, the government mandated that anyone with a clearance shall not visit the websites and view the information. If it happened, it would be classified as a "data spill" which means classified info on a network with a lower classification.

"Data spills" sometimes result in punishment. If the mods read this comment, please return the classification to the title as it would ensure people with clearances were warned about the classification of the information contained.

"please return the classification to the title as it would ensure people with clearances were warned'

A fairly pointless precaution, as the prohibited material appears all over once it's publicly disseminated, including in places like the NY Times. I worked in a government lab when the first round of Wikileaks happened, and I got the memo: don't search out the material, don't read it even if you find it in the newspaper, etc. But the security people weren't completely crazy, so if you visited the front page of the Washington Post and there happened to be some stuff on there that was still classified, it wasn't treated as a security incident.

A publicly clickable link can only be clicked. Imagine if you consciously don't want to click but your toddler nearby messes with your keyboard and clicks the link. Do you then become suspicious due to no fault of your own?

I put the classification legend in the submission title, but the editor elves deleted it.

You could right-click on the link and view where it goes. Do you become suspicious from your toddler's click? Yes, yes you do. Not actionable in itself, but it will be on your secret file you can't see, forever.

This is a very extreme leak, technical details of capabilities, names of persons (and locations)... No bueno amigos, glad I don't deal with classified documents, I'm sure their lives are becoming hell now.

This post is basically a duplicate of https://news.ycombinator.com/item?id=5952699 ,

since this document was released by the Guardian, and is discussed and linked to by the article at: http://www.guardian.co.uk/world/2013/jun/27/nsa-data-mining-...

The section titled "Evolution of NSA Partnerships with Private Sector" (p28) is interesting.

I'm really interested in the names of the companies. Sad they used "COMPANY A" instead of naming them -- given how classified the report was, I wonder why.

Thank you Scribd for caching this; the original seems to have gotten pulled.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact