There’s been an awful lot of hand-wringing about the National Security Agency’s massive new Utah data center, which is slated to open this fall. But while the NSA is deserving of the spotlight that’s been shining on it ever since contractor Edward Snowden decided to out the agency’s digital surveillance activities, the uproar over the new data center --which admittedly is becoming operational at an inopportune moment for the NSA --may be missing the point, say privacy and security experts.
The Bluffdale, Utah facility, which is known formally as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, reportedly covers 1 million square feet and cost as much as $2 billion. Because of its scale and the timing of its opening, it's become the subject of increasing scrutiny from both the public and the media. Protesters decrying what they say is intrusive government have taken up the cause, and a recent report quoted former NSA intelligence analyst Russ Tice as saying that the facility is already operational despite agency claims to the contrary.
But there are those who find all the hubbub about the new data center to be a distraction from what they believe to be more important elements of the story.
“I don’t attach too much importance to whether the facility’s up and running or not,” said Rebecca Jeschke, digital rights analyst for the Electronic Frontier Foundation. “We just don’t know enough about it to be able to weigh in on it at all, which is part of the problem with the NSA program overall. The government simply hasn’t been truthful about what’s going on.”
Jeschke said it’s logical to assume the Utah facility is needed to store the massive amounts of data the NSA is collecting. She says she’s less concerned about the facility’s specific capabilities than she is about the implications of its existence.
“This facility shows a real commitment to gathering mass amounts of data, and we think this program is unconstitutional,” Jeschke said. “It shouldn’t be allowed, and it should be stopped.”
[Read how revelations of NSA's surveillance activities have generated renewed interest in mesh networks in "Mesh Networking Revival Sparked By NSA PRISM Program."]
Pete Lindstrom, vice president and principal at IT security research firm Spire Security, said the size and scope of the Utah facility shouldn’t be a surprise to anyone.
“If I were the NSA, I’d be building facilities like these, too,” said Lindstrom. “Google builds facilities like this.”
Given the nature of the NSA, Lindstrom said he has no concerns about whether data stored at the Utah data center will be secure. Rather, Lindstrom said the larger concern is whether the federal government can keep all of the information the NSA is collecting on Americans from getting into the wrong hands. Specifically, he suggests that court-ordered surveillance poses a much larger threat to Americans’ data than the Utah data center.
Lindstrom points to reports earlier this year indicating that the infamous Aurora attacks in which Chinese hackers reportedly accessed the Gmail accounts of Chinese human rights attacks may actually have been an effort to determine whether the U.S. had placed wiretaps on undercover operatives.
“The level of security around (wiretaps) in my mind will be much weaker than in the Utah facility," he said.
What’s more, there are already indications that the new NSA data center may not be as all-powerful as feared. So before we all get too worked up about the ominously named Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, we’d be well advised to focus on the larger issues that led to the need for it.