An ex-NSA cyber security expert has said the extent of its monitoring techniques is "very concerning".
Ron Gula worked for the organisation in the early 1990s after the Gulf War but attributes the agency’s monitoring techniques to a post-9/11 mindset, while crediting ex-NSA analyst Edward Snowden for bringing the agency’s methods into the public eye.
The NSA’s security programmes include Prism, which has been used to tap into user data of major firms including Microsoft, Yahoo, Google, Facebook and Apple, as well as XKeyscore.
The latter gives NSA hackers access to millions of people’s emails, online chats and browsing histories without any prior legal authorisation.
Gula, now CEO and co-founder of Tenable, a network security firm, told CBR the revelations worry him and called the previous lack of public debate around the US government’s powers to monitor its citizens a "one-sided conversation."
He said: "It’s very concerning that we’re giving up these privacies to catch what? A few more terrorists? I have a hard time with that.
"As a society we don’t know what the bargain is. What are we getting for this monitoring? It’s a one-sided conversation. The NSA in this case is saying we’re here to stop terrorism. Well okay, but that’s half of it.
"They didn’t stop the Boston bombings, though maybe there were a hundred Boston bombings except they won’t get credit for that. The public doesn’t have any sense of what they’ve given up."
His comments come shortly after a former head of the NSA, General Michael Hayden, told a London audience that in ‘liberal democracies’ security services must be transparent enough to be operating with public approval of their activities.
Snowden, currently believed to reside in Russia, has been accused of making it easier for terrorists to avoid detection and of making his files available for foreign intelligence services.
Additionally, the new head of Britain’s MI5, Sir Andrew Parker, has accused Snowden of revealing the extent and limit of spy agencies’ abilities.
But Gula disagrees. "[Snowden has] moved the conversation foward but it’s brought it into the laymans’ sphere. I’m all for it," he said.
"As a society we haven’t had a discussion so it was very important for him to come out and lay out the case."
The NSA’s powers have since been threatened by a proposed Senate bill, the Intelligence Oversight and Surveillance Reform Act.
Among other things, the bill proposes to ban the mass collection of phone record data and internet communication data, as well as helping tech firms required to secretly hand over customer data to such organisations.
Tech firms including Google, business networking site LinkedIn and Yahoo are challenging the US government through the courts to allow them to reveal the number of security-related data requests they receive.
And Gula, now in the private sector, believes this information ought to be made public.
"It’s very interesting that a government can come to you and tell you to do something that might hurt your users and you have no recourse at all," he said. "That’s very scary.
"I don’t like everything being done in shadows. There’s got to be something better than the current status quo."
He is additionally surprised at the allegations that the NSA used its Prism programme to spy on Brazilian oil company Petrobas, believing it amounts to economic espionage – something the NSA has denied.
"I was very surprised to hear all the things the NSA is purported to be involved in. I’m very, very concerned about all of the different monitoring that is indeed going on and as a trend, I really would like to see it going the other way."
