My thoughts on the NSA leaks

Like many of you, I have been reading and watching a lot about the latest leaks about the NSA Prism program. It has been a fascinating weekend. I want to share with you some of my own sources if you want to learn more about what is going on, apart from the sensational news headlines.

Coincidentally, last week I finished reading Andy Greenberg’s excellent book, This Machine Kills Secrets. Greenberg is a reporter for Forbes and the book covers the rise and fall of Wikileaks over the past several years. Some of this information is also presented in another excellent work, the documentary film “We Steal Secrets” by Alex Gibney (you can watch it on Amazon here). Both the book and the movie bring up all sorts of ironies about the conduct of Manning, Assange, and Lamo. The movie draws heavily on AIM chat logs.

Fortunately, we have this exceptional 12 minute video interview of Edward Snowden, the NSA leaker. It is well worth your time to watch. He raises some interesting points about his motivations and worldview.

More coincidence: Manning’s trial started last week, and the daily transcripts are available here.

I have a small personal connection: I first began corresponding with Lamo many years ago, and then actually met him when he crashed on my sofa in 2004. He is a curious character (you can read my thoughts about him in one of my Web Informant columns here), and obviously conflicted about his decision to turn in Manning. This topic and other things are captured in a recorded audio interview I did with him two years ago for ReadWrite (the article is here and I have uploaded the mp3 recording here).

So what is really possible about this NSA program? Your first stop should be a blog post by Alex Stamos, the CTO of Artemis Internet. He has an interesting taxonomy of the various possibilities of what Prism can’t or can do, based on the various conflicting statements from government and computer industry principals. It is well worth reading.

Robert Graham’s excellent Errata Security blog has some interesting comments also about the various claims and counter-claims. Many years ago he wrote a piece of software that demonstrates how the government can listen to Internet traffic. He says, “The PRISM program isn’t all that we fear, but more than we find tolerable.”

He also suggests that we ask questions of the major computer software vendors, such as “Have you changed what user information you log at the request of law enforcement?” I would welcome that dialog and clarification.

In another post where he talks about the responsibilities of the NSA, Graham states, “The IRS hires people with high-school diplomas, the NSA hires Ph.D.s with military service.” He claims that the lowly NSA staffer is very scrupulous about their mission.

To get an idea of what is possible, you should check out a story Wired magazine ran last year about the NSA’s new and as yet incomplete data center south of Salt Lake City.

Finally, you should also follow what Bruce Schneier is posting. He is always a thoughtful and insightful security analyst, and in this post he writes about the need for whistleblowers to force our governments to be open and to keep abuses under control. He also has a long list of questions that he’d like to have answers to, and how much we really don’t know.

Is Prism one of those abuses of power? Maybe, and maybe we will never find out really what it does.

2 thoughts on “My thoughts on the NSA leaks

  1. Thanks for the links.

    What you are describing is nothing new. Everyone likes to snoop on their neighbor!

    We have a long history of spying on large numbers of people, even if they haven’t done anything wrong. It is easy to look back to Hoover and McCarthy (one big effort was COINTELPRO http://en.wikipedia.org/wiki/COINTELPRO). Although the FBI wanted to have its own hooks into the communication networks all the time (http://en.wikipedia.org/wiki/Carnivore_%28software%29), it is now thought that they can do the same thing for less money by using CALEA and other methods (http://en.wikipedia.org/wiki/Communications_Assistance_For_Law_Enforcement_Act). Any government worth its salt is always monitoring, surveilling, and auditing its people. By its nature, that is what it does. That is what a lot of law and regulation is about. The question is, what is appropriate? We’ve been spying on international communications for many years via ECHELON (http://en.wikipedia.org/wiki/ECHELON). ADVISE did not fare as well, probably because the government didn’t really know how to manage such a large data mining operation, but the efforts probably will continue. http://en.wikipedia.org/wiki/ADVISE The military’s TALON http://en.wikipedia.org/wiki/TALON_%28database%29 is being replaced by the FBI Guardian system, though much of the data and much of the consumption of that data would be by the military anyway. The FBI has a fairly poor record on large IT and surveillance projects, perhaps in part due to the fact that it is so heavily micromanaged by Congress.

    The current controversy is actually a continuing one. http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy and http://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 Though many of the efforts are seen as responses to 9/11, ECHELON and other efforts show that the government has always had an interest in monitoring communications.

    If you want to track how the government is surveilling you and what is being done about it, the Electronic Frontier Foundation http://www.eff.org is a good place to start, though they may look too liberal for many of the people on this string.

    Governments are also using video and audio surveillance across wide areas of the country to aid in their crime detection efforts including facial recognition and license plate scanning. The TV show Person of Interest is not far off the mark.

    While this may be scary, you might want to look at what foreign governments and even private corporations are doing. It is fairly well accepted that governments and corporations have been using communications intercepts and other spying techniques to steal corporate secrets for years, most notably in the technology industries. Cyber Warfare has been real for quite some time and the US has used it against its enemies in war (and in peace if Stuxnet is one of ours and not just Israeli http://en.wikipedia.org/wiki/Stuxnet).

    The common man in the US, however, has less privacy rights by a long shot than they do in the EU. In fact, he routinely gives up a lot of his privacy when using many Internet services like FaceBook or GMail. Internet marketing companies collect an enormous amount of data about you and this data is now being used by corporations and governments for all kinds of things. Recently, Google helped the CDC track the flu http://www.nature.com/news/when-google-got-flu-wrong-1.12413 (Nature is *not* a main stream media publication, but a science one). Americans routinely give up any privacy rights they might have for free services or coupons.

  2. Pingback: Comments on NSA Snooping | askblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s