The NSA is not lying
I’ll admit, this one has me a bit flummoxed. I understand why the NSA was able to fool people back when the first allegations came out. In March 2013, Gen. James Clapper, head of the NSA, was asked point-blank by Congress whether “the NSA collect[s] any type of data at all on millions or hundreds of millions of Americans?” His response:
"No, sir. … Not wittingly."
This, of course, turned to be completely false … from a certain perspective. Why, Edward Snowden released documents that indicated that millions of Americans were being spied upon by the NSA! That proves that Clapper lied!
Actually, he didn’t. He certainly wasn’t what I would consider forthcoming, but he didn’t technically lie. From his viewpoint, the NSA collected “metadata” on millions of Americans, and only incidentally — they did not “wittingly” collect “data.”
You can argue with the veracity of his statement (I don’t think it amounts to lying to Congress, but I certainly think it counts as obstruction), but a very specific tone was set: The NSA would tell exactly the truth, and it was up to those asking the questions to make sure a) they were asking the right questions, and b) to parse the response properly.
Somehow, the news media has utterly failed to do either of those things. You can ascribe it to laziness, to the harried news cycle, to any number of things, but somehow even reporters focusing on national security don’t seem to be doing this properly.
The latest example is with the Heartbleed bug. A vulnerability in a security protocol used by much of the internet was discovered, and two anonymous randos were quoted as saying the NSA has known about it for “at least two years.” The NSA denied this.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,“ NSA spokesperson Vanee Vines told The Post. ”Reports that say otherwise are wrong.”
Here’s the thing: I completely believe the NSA had no knowledge of the Heartbleed bug beforehand. They have no reason to lie. The reason I believe this is because they said it in the report:
“NSA was not aware of the recently identified vulnerability in OpenSSL” (emphasis mine).
If you read that statement in the light of everything else they’ve ever acknowledged publicly, you’ll realize that they very likely have a completely different OpenSSL vulnerability they’re actively exploiting. They deny only knowledge of this specific vulnerability, not any others.
Every reporter on this beat should have then asked, “Do you know of any other security vulnerabilities in OpenSSL?” followed by, “Do you know of any other security vulnerabilities that affects software in common usage today?”
Regardless of whether the NSA answered (and I almost guarantee you they would've responded with a "no comment"), both the question and the (non-)response should have been the next sentence of the article. I'm not saying I agree with or condone what the NSA does in terms of public response. I believe they should be required by law to be much more forthcoming than they are.
But until that happens, journalists need to be willing and able to parse their statements with the care and diligence required (e.g., treat them like Bill "It depends on what the meaning of the word 'is' is." Clinton) to ascertain the truth. In summation, believe everything the NSA says. Then make sure to investigate, follow-up and publish what they’re not saying.
The general inability to accurately parse sentences thoroughly always strikes me anew every time I encounter it. Though I also generally believe that people in government out-and-out lie a lot more than they used to, as well.