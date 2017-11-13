It cannot reliably protect even its most closely guarded secrets from adversaries. There is no reason to trust it to store years of details about private citizens’ communications, too.

Fifteen months ago, a group called the Shadow Brokers began to taunt the National Security Agency with proof of an extraordinary breach: By unknown means, operatives had infiltrated its operations and stolen its most potent cyber weapons. Developed by the U.S. government to penetrate or attack adversaries, those weapons were then used to attack millions of innocents worldwide. Future attacks are “all but certain,” The New York Times reported while revisiting the matter over the weekend, yet the NSA still doesn’t know exactly what was taken, or whether its defenses were breached by an outside hacker or an insider. Related Story The Last Defenders of the NSA Some fear a mole remains inside the intelligence agency even today. “The leaks have renewed a debate over whether the NSA should be permitted to stockpile vulnerabilities it discovers in commercial software to use for spying rather than immediately alert software makers so the holes can be plugged,” the Times wrote. “The agency claims it has shared with the industry more than 90 [percent] of flaws it has found, reserving only the most valuable for its own hackers. But if it can’t keep those from leaking, as the last year has demonstrated, the damage to businesses and ordinary computer users can be colossal.”

* * * Software vulnerabilities aren’t the only thing that the NSA stockpiles. Four years ago, the American public learned that the agency hoovers up metadata pertaining to the private communications of most every adult in this country. After the Edward Snowden leaks, the Obama administration insisted that the costs of collecting and storing metadata on phone calls, texts, and emails was outweighed by the benefits. Sure, the trove that the government was amassing indicated countless sensitive calls, like those to abortion clinics, suicide hotlines, and oncologists; and it could expose a person’s entire web of acquaintances. But procedural safeguards would prevent violations of privacy, NSA defenders insisted. NSA analysts wouldn’t enjoy unfettered access to the entire haul. Rather, they would be permitted to submit discrete queries, like a phone number found in a terrorist safe house. And if their database in fact contained information on that target, they’d still be limited by a constraint that they could only look at other phone numbers within two or three “hops” of the target. NSA critics challenged the accuracy and adequacy of the safeguards, as well as the government’s underlying presumption: that an American’s privacy wasn’t in fact impinged upon if the government merely gathered and stored information about their communications, so long as no one subsequently looked at it. A different concern was scarcely broached: What if the U.S. government never itself abused the system it built, but failed to safeguard its contents?