Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
NSA Implicated in Spying on U.S. Law Firms: Part I
February 18, 2014
For more than a year, John and I have told audiences that it was our assumption that the NSA (and perhaps others) were spying on U.S. law firms. Think about it. The U.S. government, mostly the FBI, has been coming to law firms and advising them that they had been breached by foreign governments, hackers, etc. Audiences keep asking, "How did they know?"
John and I thought the only logical answer most of the time was that the NSA had already infiltrated the law firm, and watched the other intruders come through the door. That might not have been the case all the time, but it seemed logical to us that it happened often.
Then the New York Times broke an amazing story on Saturday, February 15th. Though I think everyone finally saw the story, hat tip to Dave Ries and Karen Gould for sending me the story – and of course to Edward Snowden who leaked the underlying document.
The top-secret document demonstrated that an American law firm was monitored while representing a foreign government in trade disputes with the United States. The government of Indonesia had retained the law firm for help in trade talks, according to the February 2013 document. It reports that the NSA’s Australian counterpart, the Australian Signals Directorate, notified the NSA that it was conducting surveillance of the talks, including communications between Indonesian officials and the American law firm, and offered to share the information. Generous of them.
The Australians told officials at an NSA liaison office in Canberra, Australia, that “information covered by attorney-client privilege may be included” in the intelligence gathering, according to the document, a monthly bulletin from the Canberra office. The law firm was not identified, but Mayer Brown, a Chicago-based global firm, was then advising the Indonesian government on several trade issues.
On behalf of the Australians, the liaison officials asked the NSA general counsel’s office for guidance about the spying. The bulletin notes only that the counsel’s office “provided clear guidance” and that the Australian agency “has been able to continue to cover the talks, providing highly useful intelligence for interested US customers.”
The NSA declined to answer questions about the reported surveillance, including whether information involving the American law firm was shared with United States trade officials or negotiators.
Note that this is not a story of tracking down terrorists. This is business espionage, pure and simple.
Last year, the Supreme Court, in a 5-to-4 decision, rebuffed a legal challenge to a 2008 law allowing warrantless wiretapping that was brought in part by lawyers with foreign clients they believed were likely targets of NSA monitoring. The lawyers contended that the law raised risks that required them to take costly measures, like traveling overseas to meet clients, to protect sensitive communications. But the Supreme Court dismissed their fears as “speculative.” It doesn't look so speculative any longer.
The NSA is prohibited from targeting Americans, including businesses, law firms and other organizations based in the United States, for surveillance without warrants, and intelligence officials have repeatedly said the NSA does not use the spy services of its partners in the so-called Five Eyes alliance — Australia, Britain, Canada and New Zealand — to end run the law.
The NSA is allowed to intercept the communications of Americans if they are in contact with a foreign intelligence target abroad, such as Indonesian officials. It is then required to follow so-called minimization rules to protect their privacy, such as deleting the identity of Americans or information that is not deemed necessary to understand or assess the foreign intelligence, before sharing it with other agencies.
I still question whether this is anything more than business espionage dressed up in a fancy costume.
The Australian government declined to comment about the surveillance. Shocker. In a statement, the Australian Defense Force public affairs office said that in gathering information to support Australia’s national interests, its intelligence agencies adhered strictly to their legal obligations, including when they engaged with foreign counterparts. Several newly disclosed documents provide details of the cooperation between the U.S. and Australia, which share facilities and highly sensitive intelligence, including efforts to break encryption and collect phone call data in Indonesia. Both nations have trade and security interests in Indonesia, where Islamic terrorist groups that threaten the West have bases. But was there any terrorism concern here? None is noted.
It is unknown whether the communications that were monitored were phone communications or e-mails – both were used in the case. Perhaps both were monitored.
The NSA’s protections for attorney-client conversations are narrowly crafted, said Stephen Gillers, an expert on legal ethics at New York University’s School of Law. The agency is barred from sharing with prosecutors intercepted attorney-client communications involving someone under indictment in the United States, according to previously disclosed NSA rules. But the agency may still use or share the information for intelligence purposes.
As the article pointed out, disclosures in recent months note that the NSA routinely spies on trade negotiations, communications of economic officials abroad and foreign corporations.
Shamefully, American intelligence officials do not deny that they collect economic information from overseas, but argue that they do not engage in industrial espionage by sharing that information with American businesses. China, for example, is often accused of stealing business secrets from Western corporations and passing them to Chinese corporations. I get it. If someone else does bad stuff, we are justified in doing it too. How often did we all hear as kids, "Just because another kid gets away with something that's wrong, you are not justified in doing the same bad thing." We have lost any sense of global conscience – and the excuse appears to be solely, "We have to do it because everyone else is."
We are also apparently helping the Australians with breaking encryption. The Australians have obtained nearly 1.8 million encrypted master keys, which are used to protect private communications, from the Telkomsel mobile telephone network in Indonesia, and developed a way to decrypt almost all of them, according to a 2013 NSA document.
Whew. A long blog post. So much as happened since Saturday, look for Part II tomorrow. Good idea to watch what you say on the phone – and every keystroke
you type . . . .
Listen to the Podcast
