Category Archives: Uncategorized

Reading Schneier

Reading Bruce Schneier’s first post-election post, Election Security it was interesting how we had come to essentially the opposite conclusions about the US election being hacked. This is because he took a very narrow definition of the word ‘hacked’ to focus exclusively on known, reported events or suspicions about the integrity of electronic voting machines. I took a broader view, where I took into account the hack involved considerable social engineering, attempts to limit voter access and public misinformation.

In the wake of what has happened and will happen here(leaving aside some of the darker prognostications), it simply does not make sense to look at the election in such narrow terms. I felt a certain quaintness reading this essay. From the misplaced confidence in systems that are obviously broken, to the final conclusion:

We need to have these conversations before something happens, when everyone can be calm and rational about the issues.

The problem is something DID just happen, and people are clearly not calm and rational. I know calmness and rationality are matters of degree, and things can clearly get worse, but it seems to me we are already having the public reaction that Schneier so fears if we were to have a publicly exposed technical hack of election machines. Why? Because the public, or most of it anyway, understands that this was a hack. They know what happened was wrong, and our system was gamed and played on a level that can only be adequately described as a hack.

Which systems are broken? Political opinion polling is broken. It did not work in this presidential election. Political opinion polling is largely how you are able to determine if electronic voting systems are hacked. If you do not have good polling data, you have lost one of your main tools for determining if voting machines are producing inaccurate results. So, I see it as kind of quaint to even think you would be able to determine this. In fact, the historically most accurate polls, exit polls, indicate precisely that there was indeed fraud, and the election was indeed stolen in the swing states where it mattered. This is described by Greg Palast here.

So, do I agree with the general thrust of Schneier’s post that we need more and better security policies around electronic voting? Well, no, I don’t. I don’t think electronic voting is viable in our democracy at this time. There is just too little trust. Bits are too easy to change, too easy to copy or surreptitiously alter. To have confidence in your bits, you must have confidence in your institutions. When your institutions fail you, your bits may fail you too. Throughout our history, we’ve always had the physical goods, the paper ballots, as cumbersome, antiquated and unwieldy as they were. It turns out these properties are exactly what make them good. Paper ballots are easy to verify, easy to recount. When you have paper ballots, you can have confidence in your results and they are provable.

To so many people, what our software does in contrast is magic. People in general don’t understand how it works, and our legislators who are permitting the proliferation of software-controlled-elections don’t understand it either. So Bruce, the horse has turned into a car and left the barn, and I see you back there talking about how we can improve the saddle.

 

Hacked

I have not written here in over two years. I am not so focused on strictly defined intelligence issues so much these days, but I’m tired of posting on facebook and felt it would be good to collect my thoughts on the US Election and its implications for privacy and security.

The appropriate metaphor for what just happened in the US election is it was hacked. Allow me to explain. First, the context. For years, republican-linked right-wing media have been vilifying, attacking and misrepresenting President Obama and Hillary Clinton. This has been a targeted and dishonest years long attack whose sole purpose has been to discredit the President and the Democrats. It has in large part brought us to this moment.

On a longer arc of history, the Democratic Party itself has been transformed. From losing the Southern white working class in the 60’s after embracing civil rights to Hillary Clinton’s attempt to unify diverse groups under the corporate Democratic banner, the party lost its way, and lost its purpose. Where the party could once credibly claim to be the party of working people, now most people recognize it is something else. As the Republican Party descended into obstructionism, climate denial, anti-abortion fanaticism and voter suppression, Corporate America largely hitched its wagon to the Democratic Party. When Bernie Sanders, a populist on the left came along, his campaign was rebuffed and sabotaged by party insiders who had predetermined that Clinton would be their candidate.

But 2016 has been a different year in politics. It is the culmination of these trends outlined above, and the mood among much of the electorate was decidedly anti-establishment. This anger was channeled by candidates Sanders and Trump. Sanders came with concrete plans to as he put it, remove the undue influence of the ‘billionaire’ class from our politics. Trump, while he also channeled this anger, pointed the finger in different directions and offered different, largely bogus, solutions. Trump hitched his wagon to the ‘white’ working class, blaming its problems on immigrants and international trade. On international trade, Trump’s statements and positions have been in alignment with progressive economists such as Joseph Stiglitz, both agreeing NAFTA and TPP are not in the interests of American workers. On the other hand, blaming immigrants for the problems of the white working class ignores that it is employers who are bringing in the immigrants because they feel they are needed.

But this ignores the larger point that immigration and international trade are not the core mechanism of destroying jobs that Trump describes. A much larger role goes to technology. Along with climate change, the core process that is transforming our world is the evolution of technology and the worldwide codebase that runs it. AI and robotic systems are surpassing human capabilities at an increasing rate. As noted by Martin Ford in Rise of The Robots, this is taking all of our jobs. Bye-bye, all gone. Not because of immigrants, not because of international trade, but because of individual decisions made every day by every business to improve the efficiency of their process. We need to start planning for a world where humans are no longer necessary for the functioning of capitalism. It is worthy of note that these two core processes that are transforming our world and the all but certain prognostication that they will massively disrupt our society were not even discussed in the Presidential debates, and were hardly an issue in the election. Because to discuss that means talking about the real problems that are within the fundamental nature and structure of our society. Instead, we have been deceived into pointing the finger at the outsider, the Other.

So, in this context, Donald Trump says he understands the pain people are feeling, but rather than explaining what is really transforming people’s lives, he takes the traditional nationalist approach of just blaming it all on foreigners. In a country that in many ways still leads the world and remains a magnet to people seeking to improve their lives all around the world, this is a dangerous and risky strategy where he is pitting the ‘white’ working class  against their fellow workers who are immigrants, or a different ethnic group. The KKK thinks this is good enough for them and has whole-heartedly supported the Trump campaign.

Another thing that was happening leading up to 2016 were intensive and successful Republican efforts to rig the election, a turn of phrase interestingly used by the candidate who was its prime beneficiary. This has been documented extensively by Ari Berman of The Nation.

A couple of other unique twists in the 2016 election were having a candidate with a large recognition factor from his appearance on a reality TV show, a new elite belief in the power of big data, and the difficulties of traditional political polling as people moved from landlines to exclusive cellphone use.

We all know what happened next. The polls, which stubbornly predicted a massive Clinton victory were dead wrong. They had been gamed. I’m assuming Trump supporters, like Brexit supporters, who saw pollsters and polling itself as one of the scientific, elitist methods of control that they wanted to crush and discredit, simply lied to pollsters to mess them up. At a time when political elites were increasingly relying on big data, there have been others equally engaged in polluting that data, seeing that correctly as a key to undermining elite control for a moment. So, why did these white working class voters see Trump as their man? While racists, bigots,  misogynists, Hillary haters and people who will vote Republican no matter what were all for Trump, there were a couple of other distinct constituencies. There were, as Michael Moore has described, people who just wanted to “blow up the system”, and there was our good friend polling showing Trump supporters saying issues of immigration and terrorism were on their minds and figured prominently in their support of the candidate.

We’ve already discussed how the immigration issue was a red herring to paper over and disguise the real issue of technological change. On the issue of terrorism, we don’t have much to go on, as Trump has been somewhat short on actual policy positions. But statements by the candidate along the lines of carpet-bombing, killing the families of terrorists, and seizing Iraqi oil suggest Trump has a deeply flawed and inaccurate view of the problem and is absolutely certain to exacerbate it, creating more blow-back and terrorism his wake. One theme of the Trump campaign was that he had a big plan to get rid of Isis. We just found out he didn’t have any plan, and I suspect that’s true of much of what Trump has said.

He just made stuff up to please the crowd. I think in his mind it’s called closing the deal. But like his deals that have resulted in previous bankruptcies, Trump does not appear to have thought out the consequences of this deal. This time he won’t have the bankruptcy court to bail him out and shield him from the aggrieved parties.

Trump has unleashed some dark forces in this country. When questioned about how they could vote for a man “who would do that” Trump supporters reply, “oh he wouldn’t do that”. But he will have to try to do some of the things he has promised.

It’s all good for Trump if he keeps all these balls in the air by keeping everyone guessing. But once he has the opportunity to deliver, there are going to be many aggrieved and disappointed parties. He will face huge public opposition to most of his signature proposals and they are so ill-conceived and dysfunctional it’s hard to imagine the mere attempt. But over time, as he is shown to not be a superhero and is unable to achieve the things he has promised, his supporters will start peeling off. There will be an historical reckoning where people will realize they have been conned. I call it hacked. Trump and his supporters have hacked our system. This essay is just one small attempt to start understanding how this happened and what it means.

As the con is slowly revealed to all, many will just continue to point the finger at the other – the democrats, immigrants, foreigners, terrorists, but many will also see it nakedly for what it was. They will be mad. Well, they were already mad, so let’s just say they’ll be super mad. This will put Trump down to a fairly small core of support as his cabinet of traditional right-wing Republicans will predictably act as they always have. A large percentage of Trump supporters will understand they got snookered. They thought they were voting against the traditional Republican establishment, but they were actually voting for it. The forces that will be arrayed against Trump at this point will be substantial, likely the vast majority of the population.

This is where things get really dangerous. As things spiral out of control with a group in charge that is in fundamental denial of reality, and a leader at the top with no appreciation for, or understanding of the traditional restraints that have governed our politics, it is hard to say what might happen. But abuse of the pervasive system of surveillance we have set up in this country appears a likely outcome.

When I wrote previous blog posts here in the wake of the Snowden revelations, one expert after another reassured us that even though these were the very powers that would enable dictatorship in this country, we have always had presidents well steeped in our democratic traditions who would know not to cross that line. The question I ask all of you, is do you think Trump will know not to cross that line?

I know this blog has been monitored because of my alignment with Ed Snowden and criticisms of NSA. Now I reach out to you my friends at NSA, we are in a different world now. We are all brothers and sisters, we are all in this together. We are one country and one people. Right now. I urge you to review your history of Germany in the 1920’s and ask yourself what role you see for you in our country going forward? How will your children remember you? What do you really believe in? These will be times that will test us all.

I will close by saying my father, a veteran of US Navy, passed away a few years ago, and I am literally shaking and crying as I type these words and think of how the memory and legacy of my father, who fought against fascism in the 1940’s, is dishonored by the fact that we have apparently allowed fascism to take root and flourish here. I see this as a failure of my generation, and if I could stand in front of my dad right now, I would hang my head in shame and say we have failed, my generation has failed you and the sacrifices you made. So far.

President Obama’s NSA

Yesterday’s speech was destined to be disappointing to many. Progressives are used to this – Obama says the right things, acknowledges the problems, expresses complex ideas with singular clarity – then triangulates back to a position somewhere between that and the status quo, which straight talk might undermine. By reports I’ve read, the speech was much more favorably received at NSA than ACLU, for instance.

The New York Times concluded that Obama essentially backtracked on his position from last summer, when he strongly defended NSA programs against the disclosures of Snowden. Now, of course, he has a more balanced approach.

But it is not just progressives who are not satisfied with the “middle course” – the President obfuscated, misled, and did not address some of the most important issues from a technological and economic perspective.

No mention of NSA undermining cryptographic standards and devices. No acknowledgement that Snowden caused the debate, though this is amply evident. By the evidence we have, we know the government does collect content of ordinary citizens, both in the US and abroad. Against the evidence, Obama denied this. He made extremely misleading remarks about bulk data collection:

This brings me to program that has generated the most controversy these past few months – the bulk collection of telephone records under Section 215. Let me repeat what I said when this story first broke – this program does not involve the content of phone calls, or the names of people making calls. Instead, it provides a record of phone numbers and the times and lengths of calls – meta-data that can be queried if and when we have a reasonable suspicion that a particular number is linked to a terrorist organization.

This is an incredible statement. Actually, as smart as he is, Obama should know better than this. Here he is talking about a specific program, apparently referring to the program originally revealed last June where bulk metadata is demanded from companies like Verizon. The problem is that there are many programs that collect this data. There are back up systems of redundant back up systems and NSA usually has several ways to get at any specific piece of data. Maybe “this program” that he is specifically talking about at that moment doesn’t get content, but plenty of other programs do. This was a chance for an educational moment that Obama blew, as he triangulated back to safe support for the National Security State.

We have to remember not only “this program”, but all “these programs” have not provably stopped any terrorist incident, while they have wholesale gutted the Fourth amendment and seriously damaged the First.

Obama did set the stage for a real educational moment – to set all of this in a larger context. I’ll do that for him now, and elaborate in future articles. This is a theme I will return to again, because I feel it is a central issue of our times.

We see now that our intelligence agencies have compromised our internet, our privacy, the trust of our allies and many other negative factors – including massive budgets that prevent us from pursuing other priorities. For all of this, what do we have? Do we have a definitively foiled terrorist plot? No. Not one. Because that is not the point.

The point is that in the area of intelligence, like so many other industries and endeavors, the government is the enabler, not the regulator, not the overseer. We see again and again, members of congress treating crooks and liars like rock stars. Whether it’s Jaime Diamond or Keith Alexander, our elected officials are not conducting oversight. They are just cheering on the industries that have bought and captured our government.

Intelligence and National Security are two sides of the same coin, and many companies and individuals overlap between the two.

How it works is very clear if you’re willing to look the truth squarely in the eye. Our military and it’s private partners are developing ever more advanced weapons systems that it uses against people around the world. When a drone kills a whole family in Pakistan, more “terrorists” are created. There really are people who want to harm America. The blowback from our own military actions abroad is real an creates the justification for the system of surveillance. The more people we kill, the more they hate us, and the greater will be the need for systems of mass surveillance. It is an ever-accelerating cycle.

It’s a win/win. Companies are making lots of money, there is incredible economic opportunity here. All it needs is to be stoked with a little fear now and then, and there are jihadis out there who are willing to provide that. Scare the taxpayers into bigger military budgets, more international adventurism, more blowback, more surveillance. This is how or system works.

I think in his heart Obama understands this. His remarks as a young senator indicated such. But now he sits at the center of the power structure. He more than any president has probably been scared out of his wits at the many plots against him personally, and this may play into his view of intelligence in general. But this was the real teachable moment – to give people a real understanding of the military industrial complex, but Obama would not rise to the occasion. That’s not who he is.

Having said that, Obama is a great president. He didn’t do so well in this speech, but he’s generally pretty honest and straightforward. Some statements in this speech notwithstanding, he is generally seen as a person of high integrity. That’s actually a problem.

I ask the reader to imagine an NSA controlled by Chris Christie. The administration of the once presumptive republican nominee has shown that it will do almost anything to abuse power and settle petty scores with perceived political opponents. We may not be so worried about Obama, but he’s not the one we have to worry about. This system will still be there when he is gone.

 

Why Edward Snowden Should Be Our (Next) Director Of NSA

Obama should not only pardon Edward Snowden, he should make it conditional on Snowden accepting a position as director of the NSA.

Where did I get this crazy idea? From Snowden himself, though not explicitly. I was reading some excerpts from Barton Gellman’s recent interview with Snowden in Moscow. This passage really made me stop and think:

  In his interview with The Post, Snowden noted matter-of-factly that Standard Form 312, the ­classified-information nondisclosure agreement, is a civil contract. He signed it, but he pledged his fealty elsewhere.    “The oath of allegiance is not an oath of secrecy,” he said. “That is an oath to the Constitution. That is the oath that I kept that Keith Alexander and James Clapper did not.”    People who accuse him of disloyalty, he said, mistake his purpose.    “I am not trying to bring down the NSA, I am working to improve the NSA,” he said. “I am still working for the NSA right now. They are the only ones who don’t realize it.”

I had to ask myself, what could this guy be thinking? Since June we’ve seen it sometimes takes a while for Snowden’s words to sink in. His style is not self-aggrandizing, but rather the opposite. We’ve seen the meaning or truth of his words only becomes apparent over time, as more information comes out. Seven months after Snowden started this debate, we are still trying to get our brains wrapped around the immensity of the problems we now acknowledge our intelligence operations have created in the realm of security, cryptography, internet stewardship, international relations, public/private partnerships, democratic governance and ecommerce, to name just a few.

The debate Snowden started is as vast and all-encompassing as the surveillance systems he exposed. But at the core of it is trust. Trust which has been broken and needs to be restored. How can we trust that the US government and its corporate partners can limit surveillance to what is reasonable in pursuit of international terrorists? How can we trust that the US government can be a benevolent steward of the internet and not undermine cryptographic systems, cloud services and networking hardware? How can we ever trust the words of our top intelligence officials when they have repeatedly lied to Congress and the public? How can an international consumer give their credit card number to a US company and be confident it’s not ending up in an NSA or private partner database?

The NSA urgently needs to be reformed, and we need someone in charge of it who has shown they not only understand the technical systems, but that they can be trusted. This is not an easy task now that the trust has been broken. Edward Snowden did not break that trust. He exposed how it had been broken in secret by our government and its private co-conspirators. He exposed, as a federal judge recently ruled, a program completely at odds with the Constitution and a democratic society. This system of mass surveillance, while hugely profitable for the companies involved, has not been essential in stopping a single terrorist attack, according to a recent government review. Are we to give up everything else for this system that does not even work as advertised? The whole world recognizes this is out of control and urgently needs to be reformed.

By all evidence, Snowden works on this problem every day. He is, in exile, an outsider who is really the ultimate insider. Though his words have been attacked and misrepresented, Snowden has actually been honest, prescient, patriotic and trustworthy since he first ignited the surveillance debate. Although he betrayed the confidence of his peers, and broke his oath of secrecy, he appears to only have done so after all other practical avenues were exhausted and in response to a higher calling.

In fact, knowing what I know now, if I were managing Snowden, a guy who kept a copy of the Constitution on his desk, wore an EFF NSA hoodie, and was constantly yammering about NSA’s overreach, I would have kept a closer eye on that guy unless I was secretly cheering him on. He did take the obvious next step, and it’s frankly amazing that this wasn’t anticipated by his managers or coworkers. They could have easily put in place systems that would have caught him. Snowden had even suggested security procedures that probably would have prevented his own disclosures, but they were rejected by people who should have known better. So, now we see that not only was Snowden the one guy who was willing to uphold the Constitution at great personal risk, we also see that he completely outsmarted the supposed best and brightest.

No, outsmarted is not a strong enough word. Edward Snowden intellectually ran circles around these guys, and continues to do so. Not only does Snowden have the upper hand morally and Constitutionally, he also has the upper hand operationally. I would argue this guy is the best we have. The real crime is that he is languishing as a “house cat” in Russia instead of working to repair this system he exposed exactly because he did understand it better than anyone else. There may be people who have greater knowledge of the technical systems than Snowden, but they would be insiders who could not be trusted, because they have proven themselves to be part of the problem rather than the solution. Snowden understood the larger context as well as the details of the technical systems. That’s clearly why he did what he did. Leaving Snowden in Russia when he could be helping to solve these problems is the height of self-defeating arrogant stupidity.

The people in charge lied, and Edward Snowden told the truth. I take him at his word that he is still working for the NSA, and I think we need to just make it official. This is the only practical solution to the problems we have created with the excesses of our surveillance systems.

It’s one thing to make the moral argument that Snowden should be pardoned or he’s a hero. Many others have made that argument already. Clearly that is not my argument. I’m arguing that on grounds of our national security we urgently need the best guy for the job to oversee this transition to an NSA that protects and enhances the security of our electronic communications rather than undermining and breaking them. The man who has proven he has the smarts and the commitment to make it happen is Snowden.

This is the one move that could restore the credibility of the organization and in many ways the US government, with the public and internationally. There is on the face of it, no one else who could be trusted to roll back the surveillance state to a level that is appropriate, legal, and necessary. Only Snowden has the credibility, he is the only one the public could trust to do this. We know we can trust him because he has already put his life on the line to do this. He is uniquely suited to be the one to oversee this transition, both because of the incredible personal commitment he has shown to the cause, and his deep technical knowledge of the systems involved.

The consequences of not pursuing this logical course of action will be devastating for the the US tech industry and and our economy. All of Silicon Valley knows this. We live in a different world now where the old paradigms of secrecy and top-down control are widely seen as the problem not the solution. We need people in charge who get this. Otherwise the problem will only get worse, and there will be no such transition to a government that has regained trust, and deserves to be trusted.

Snowden certainly betrayed his organization as it was (mal)functioning at the time. He betrayed his coworkers and oath of secrecy. Maybe he would have a hard time asserting control over the agency that currently sees him as public enemy number one. Maybe there are people there so mad at him they’d want to kill him. So what? This is about reasserting democratic control over a system that has long exceeded it, and doing what’s right for our national security from a practical point of view. Snowden has shown he is up for the challenge.

If Obama were to take the completely implausible, but absolutely practical solution being suggested here, we could restore trust. We could restore our credibility as a nation, and as a good steward of an increasingly connected global communications network which we hope stays that way. To do otherwise will likely imperil our future, allow the unconstitutional excesses to continue and accelerate our national decline. We deserve better. We need people in charge who get it. That’s why we need Snowden in charge of reforming NSA. No one else has the dual requirements of the technical knowledge and public credibility necessary to fix this. And as they say, let the punishment fit the crime.

Surveillance Gone Bad

Yesterday the Guardian reported on how Russia is preparing for the winter Olympics:

newly installed telephone and internet spying capabilities will give the FSB free rein to intercept any telephony or data traffic and even track the use of sensitive words or phrases mentioned in emails, webchats and on social media

The article goes on to speculate on how these capabilities might be used to target gay rights activists, supporters of opposition politicians, or the commercial secrets of business travallers.

We haven’t had much of that kind of discussion here, because despite how corrupt our government is, we have a sense that it’s not that bad, not like Russia. Our government wouldn’t use the powers of surveillance to target innocent people…

Don’t be so sure. We may have fairly reasonable people in charge of things right now, but that can always change. In our own history, we’ve have these powers abused by Richard Nixon and J Edgar Hoover. Maybe general Alexander has the best intentions and noblest goals as he eliminates privacy. Maybe president Obama is fundamentally a decent person, who would never think to abuse these powers for political ends. But what if we had some less reasonable people in charge? What if a modern-day J Edgar Hoover and Richard Nixon were running things right now? Who might they target?

I have suggested that the powers of surveillance could easily be used to monitor network behavior indicating positive interest in terrorist groups, research into explosives and online weapons purchases. Assume this is being done.

Who else? A democratic-leaning president might target tea party people. A republican or tea party president might target environmental activists, and Occupy Wall Street types. Either one might decide to target antiwar, climate, environmental, medical marijuana or free speech activists. Journalists are currently in the crosshairs, since they are where the leaks go, and that will only increase. Government employees will be increasingly targeted. Laura Poitras is doing what she is doing right now as a direct result of the government harassing her.

There are considerable risks to a free people from the mere existence of pervasive systems of government surveillance. We will see this as our surveillance technologies spread around the world to governments that will surely abuse them in new and interesting ways. That’s one consequence of our privatized intelligence system. The other is that we now have a huge industry that sees big money in ever-increasing surveillance of Americans. Their products will poison our networks and communications at home and around the world. The justification will be security, the reality will be a lot of companies making a lot of money from a system that still has not received the public debate it deserves.

Compromised Trust

I remember back in the 90’s and early 2000’s when people all over the world were asking themselves if it was “safe” to put their credit card number on this internet thing. A few years later, this fear was forgotten. Now it has returned, as people are understanding how the fundamental technologies and most trusted names of the internet have been compromised for the sake of unlimited surveillance.

Last week’s Guardian disclosure that the NSA has broken internet encryption should not come as a surprise. We have a few academic experts like Bruce Schneier who speak publicly about these issues. In contrast, the NSA has budgets and personnel that outstrip anything in the public cryptography space. According to Schneier:

It’s very probable that the NSA has newer techniques that remain undiscovered in academia.

In spite of this, Schneier and others are advocating that people rely on encryption to stay ahead of this pervasive spying. I would say that is next to worthless, except in the short run, The NSA documents on the “Bullrun” program suggest they had a major breakthrough around 2010:

Cryptanalytic capabilities are now coming on line. Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.

There have been a few cryptographic standards in use on the internet – DES, md5, AES. But basically, people use AES, for internet security, and it was widely adopted after the US government (the NSA, of course) recommended it for securing top secret government information. Just looking at the timeline, it is very likely that AES has been compromised by either brute force, or new mathematical algorithms that render most people’s assumptions about how hard it is to crack meaningless. Even the wikipedia article on AES refers to several attacks that have been public for years. It is highly likely that the NSA is far ahead of the public on this.

That still doesn’t mean that breaking into encrypted data is going to be computationally easy. It still might be an easier, more scalable route to compromise Certificate Authorities, put backdoors into hardware and basic operating systems- anything to grab the data before it is encrypted. Regardless of whether or not the NSA has broken AES, these other techniques may be easier.

So who can you trust? Open source is the best bet. If it’s open source, then everybody gets to look at it. Programmers all over the world can independently evaluate the source code, and presumably discover any backdoors or built-in compromises to security. But unfortunately, the problem goes deeper – you can’t really trust your hardware either. This post by Steve Blank discusses how the NSA has likely compromised intel hardware.

If the basic hardware that we all use is compromised, it would be easy to insert a keylogger at a level that is not detectable to the operating system, and send it out under the guise of the computer communicating with a server in the process of updating the cpu microcode. I’m sure there are diligent engineers clocking hours on wireshark right now trying to determine if and when suspicious information is leaving the computer.

We’ll get to the bottom of this. But it needs to happen now. It’s very important to understand that whatever the motives of the NSA and the current administration, these can change. Also, other intelligence agencies around the world can’t be far behind. What happens when governments with less noble intentions have this same kind of capability? We will need both legal and technological solutions on a global scale.

Our basic trust has been compromised, and it would be a sad thing, and an economic catastrophe, if we were to go back to the days where people feel they can’t trust this internet thing with their credit card information.

 

Collaboration

A few days ago, the Guardian interviewed former NSA chief Bobby Inman. I’ve always thought Inman was a sharp guy. I remember listening to tapes of Inman that I got from the Commonwealth Club back in the 1980s. I still recall his prediction that the “pace of change” would become a more and more significant factor in intelligence and technology. At the time I thought it was profound, and I think it still rings true today.

In his interview with the Guardian, Inman urged that people interested in revisiting laws on government surveillance should also look at private industry. According to Inman we need to:

look at privacy issues in the private sector, not just the government. I personally find it offensive that it’s fine for X corporation to have everything on you but not the government to know. That’s a basic don’t-trust-your-government argument, which I think erodes democracy

This is an interesting statement.

First, it ignores the important fact that it is the government that has a monopoly on the legal use of force. The reason why people should put government surveillance in a different category than private corporate surveillance, is that the government has different goals than private corporations. Private corporations exist to make a profit, governments have a variety of agendas, including launching wars, suppressing internal dissent, putting people in prison, etc. This was the reason the Fourth Amendment applies to government, not private corporations. I think Inman is intelligent enough to know he is being very misleading here and turning the traditional notion of “democracy” on its head.

Second, today’s disclosure by the New York Times that in a project called Hemisphere, the DEA pays ATT to retain all call records forever and share them with the government. This shows that the limits established on government snooping by the Fourth Amendment are clearly violated and undermined by this government-corporate partnership. Do prohibitions on government searches and snooping have any meaning if they are enabled and executed in secret partnership with private companies? If private companies keep vast databases of private data on American citizens, and the government accesses that in secret, where does the government end and the “private” corporation begin? Obviously, this collaboration is set up in a way to avoid both public scrutiny and constitutional restrictions. I suspect we’ll see more and more of this come out – where the government faces legal restrictions against certain actions, they just get a private company to do it for them, and then collaborate in secret.

I think Inman is right. To only look at the activities of the government, we miss what its important partners might also be up to. There is a collusion of interests here – government and private companies collaborating to keep tabs on all citizens at all times.

We used to call this fascism, now, we just sigh and hope it produces some well-paying jobs.

James Risen

The case of James Risen is illustrative of the problems we have with the overreach of the National Security State. If you look at the topics Risen has reported on, it’s easy to see why the government might want to intimidate and suppress his reporting. I would remind readers that the First Amendment says

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press

The “no law” part is kind of absolute. And we can thank the founding fathers for that bit of prescience, because governments will always overreach if not kept in check. We have millions of people with security clearances in the United States. These are the people running the technology that violates our Fourth Amendment rights. The government, contrary to the Constitution, makes these individuals sign an agreement to give up their free speech rights. Ostensibly, this is to prevent them from communicating state secrets to the enemy. But more and more we see that it is used to prevent potential whistleblowers from speaking out about abuses of power. And that’s what the Risen case is all about.

There will need to be more whistleblowers, and sooner rather than later. The surveillance state is working to take more humans out of the equation, so that secret government actions are not subject to independent moral scrutiny such as a human being might offer. As we move forward, there will be more automated systems, fewer “System Analysts” like Snowden with access to compartmentalized data, and an increasing government crackdown on “leakers.” For those of you with a security clearance, knowledge of government wrongdoing, and a conscience – the time to act is now. Don’t trust the laws to change to protect you, trust the technology to change to thwart you.

If you are an intelligence analyst reading this blog because I’m on some list identifying me as a threat, ask yourself why. Why are you going along with targeting a nonviolent citizen with no links to terrorists who is simply expressing his opinion? In what way is this serving the public interest? You have a First Amendment, use it – or know that I know you are nothing but a coward.

The New Miranda Rights

Here in the US, we’ve long had the concept of “Miranda rights” which stem from the 1966 case Miranda v. Arizona, which found that the rights of Ernesto Miranda had been violated during his arrest. This Miranda case has stood as one of the primary safeguards against police abuse of power as can occur in an arrest situation. Police officers as individuals have a tough job to do, but they are acting as representatives of state power, and Miranda has always been a check on that power, guaranteeing persons taken into custody have basic rights – the right to remain silent, the right to consult with an attorney, and a guarantee that even poor persons can have some representation.

Now we have the case of David Miranda, the partner of Glenn Greenwald, detained and questioned by UK police for 9 hours, denied an attorney, threatened with jail, his possessions stolen. These are the new Miranda rights, which the UK has accorded itself. The new Miranda rights are the rights of the state to abuse laws designed to protect the public from terrorism in order to harass and intimidate critics. Add to that destroying computers belonging to the Guardian containing documents from Snowden. They knew these documents were sequestered elsewhere. What was their goal other than straight intimidation of the press?

Fortunately the old Miranda is still here with us in the US, but for how long?

There is a battle going on right now between freedom and control, transparency and secrecy, accountability and classification. This is not a battle with weapons, but a battle of ideas, and as an American, I’m ashamed to see the abuses of power we’ve tolerated in this country, and I’m glad to see that there are some people who are willing to do something about it, regardless of the risk to themselves.

Certainly our government and intelligence agencies have devoted too much time to people like Glenn Greenwald, David Miranda, Laura Poitras, Juilian Assange and Jacob Appelbaum. The problem is these people are transparency/privacy activists, and their argument is a political one. They are the voices of freedom that we should be trying to protect. It is beyond inappropriate that our intelligence and security apparatus that is explicitly designed and charted to counter violent terrorism, should be used for political reasons against these individuals. Ask yourself which side is fighting for your freedom here…

What Are We Doing??

I’ve written before on the dangers to the US tech industry from NSA surveillance. Those dangers are now in full view. This week, Lavabit, the secure email service supposedly used by Edward Snowden, abruptly shut down. The owner left no doubt as to what was happening:

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit

This was followed hours later by Silent Circle shutting down its email service to preemptively avoid being subject to the same treatment. Silent Circle continues with other services for secure telephone, texting and videoconferencing, but believes the current email standards are too insecure for them to be able to guarantee the privacy of their customers.

All of this after Google engineer Dr. Joseph Bonneau was announced the winner of the National Security Agency’s first annual “Science of Security Competition” and then chastised them in a blog post:

“I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path,”

All of this, as Europeans and people around the world continue to question if they can trust their data with any US company. US cloud services are already expected to lose billions of dollars because of this. How far does this go? Do we sacrifice our tech industry to this insatiable appetite for surveillance? Have we just given up on a free and open internet?

I know what needs to happen. Ladar Levison, the owner of Lavabit took a courageous stance, sacrificing his business in order to not be forced to comply with what he felt was wrong. People under this sort of attack from the government will have to go further, and start ignoring the gag orders. A gag order is not legal and violates the First Amendment, and it will take brave people to stand up, defy these gag orders – National Security Letters, or whatever form they come in – and fight it in court. Let the courts then enforce these bad laws, and throw good people in jail for speaking the truth. Let the outrage grow. At some point, Congress will understand they must do something, or lose what remaining legitimacy they have. If there’s anything worth fighting for, it’s that here in America, we have an absolute right to free speech. Congress shall make no law abridging the freedom of speech. Wasn’t that the freedom we were supposed to be defending?