Snowden said that the agency is developing a cyber defence system that would instantly and autonomously neutralise foreign cyberattacks against the US, and could be used to launch retaliatory strikes.
Dubbed MonsterMind, the project makes it clear that US spooks do not read enough science fiction and have no real idea about what could possibly go wrong.
Snowden told Wired that the system involves algorithms which would scour massive repositories of metadata and analyse it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.
Apparently, it is not exactly rocket science. If the NSA knows how a malicious algorithm generates certain attacks, this activity may produce patterns of metadata that can be spotted.
However it is a little like a digital version of the Star Wars initiative President Reagan proposed in the 1980s in that it would probably cost a bomb and never actually do what it says it will.
To make matters worse, Snowden suggests MonsterMind could one day be designed to return fire—automatically, without human intervention—against the attacker. However, whatever way it does this, it could break the internet and there will almost certainly be collateral damage.
For example if the hacker operated through a proxy in a third party country, MonsterMind would cheerfully destroy computers in that country. Microsoft has experience of the effects of following such a policy, when it attempted to take out two botnets it disabled thousands of domains that had nothing to do with the malicious activity Microsoft was trying to stop.
Spotting malicious attacks in the manner Snowden describes would, he says, require the NSA to collect and analyze all network traffic flows in order to design an algorithm that distinguishes normal traffic flow from anomalous, malicious traffic.
This would mean that the NSA would have to be intercepting all traffic flows and violating the Fourth Amendment.
It would also require sensors placed on the internet backbone to detect anomalous activity.