We have heard a great deal lately about Edward Snowden's leaks about the NSA spying on millions of ordinary Americans under "novel" interpretations of the law. Opinions on Snowden range from calling him a traitor to calling him a patriot. If we presume the dominant narrative is true, I fall firmly in the "patriot" camp. To call Snowden a traitor for aiding and comforting the American people is to call the American people the enemy - and that has no place in a nation that purports to have a government that gains its legitimacy by the consent of the governed - just as secret laws, secret interpretations of the law, and secrets about the broad actions of government itself have no place in a system that derives its power and its guidance from the people.
I am surprised, however, that the public debate has been so limited. There are certainly dangers that come from secretive and powerful agencies having access to almost unlimited information, especially where oversight is ineffective and rogue agents can use that information for personal gain or otherwise to the detriment of the safety and well-being of the public - but there is another danger to the community at large of which those secretive agencies are a part. That danger is that the NSA and other American agencies are not the only players in this game.
In this respect the current situation is much like the question of encryption some twenty years ago, when the U.S. government outlawed the export of encryption software to certain countries - and some politicians attempted to limit what encryption Americans could use in order to maintain the government's ability to crack the codes and spy on its people. The first flaw in this approach was that the countries in question could get strong encryption from other sources, or even develop it themselves, rendering the export controls pointless - and the greater flaw was that any code that could be cracked by the U.S. government could also be cracked by unfriendly parties - whether they be common criminals or the intelligence services of foreign nations. Eventually the U.S. government realized that in order to have a secure banking system and to prevent the collapse of the American economy (and the U.S. government with it) they should not only allow the public to use encryption, but should demand it.
Despite the jokes, intelligence agents are not all stupid. Most of them are pretty smart - at least within their specialty - and some of them are downright geniuses. They have been warning us about cyber threats from abroad for years now, and they understand that hostile parties can do the exact same things illegally that American intelligence services can do "legally". They also know that the huge amounts of data that they intercept are not especially useful in preventing terrorist attacks and are often a distraction from more reliable methods - especially as every competent foe has known about these programs for years and has already taken effective countermeasures. On the other hand, this sort of spying might be far more useful to a hostile party - by allowing them to find the means to blackmail key individuals, for example. With our current thicket of mutually incompatible laws, every American is guilty of multiple felonies - and the knowledge of which felonies could give a hostile party a great amount of power and influence to the detriment of the American people, the American government, and ultimately to the American intelligence services themselves. (Agents can't earn their big salaries if the economy can't support them.) Perhaps some of those analysts have recognized that the best means of securing the nation from foreign powers is to harden the entire information infrastructure - and the most difficult part of hardening information infrastructure has always resided in encouraging participants to adopt best practices.
For those wishing to secure America's information infrastructure, Snowden's revelations are a godsend (or, if the spooks were smart enough, were even commissioned for this purpose). This is a wake up call to the American people, and also to the citizens of friendly nations - we all can be and are being spied on - for a certainty by the U.S. and allied governments, and for that matter by foreign powers and common criminals as well. Smart intelligence agents don't want that. They don't want rogue agents within their own organizations causing discord and dissension that could lead to blowback at home, and they certainly don't want to give that sort of carte blanche to their adversaries. They have other methods they can use when they need to - they don't want the millions of underlings with broad access to classified material to be able to make those sorts of moves on their own. Not if they're smart, they don't.
As it happens, the means to harden the information infrastructure is already available, if not yet widely used. Tor, Freenet and similar networks makes it difficult to track online activity, and the more people use them the more useful they are - not only to the American public but also to the American intelligence services and to dissidents in hostile nations who also use them. Tor was even partially funded by the Naval Research Laboratory. If these revelations move more Americans to embrace such networks, everybody - except tyrants and criminals - will win.
It's real easy too, even if your tech skills are minimal - just visit the Tor Project to download and install the software on your computer, or visit TAILS to download an ISO image that you can burn to a DVD which you can use to boot your computer and run Tor without leaving any traces that you ever used it.
As a couple asides: The use of such networks and new types of money like bitcoin will hopefully make the income tax untenable, which is why I expect to see movement towards a national sales tax which is both more difficult to evade and less intrusive and prone to abuse than the current system - and indeed we have already seen some moves in that direction. The combination of anonymous money and an anonymous network have famously spawned the creation of markets in outlawed products and services - but before you hire that anonymous hitman just keep in mind that they are probably either a scammer or a law enforcement honeypot.
So go ahead and sign up - no need to fear that the use of such programs might identify you as a political dissident or a person of interest. The NSA has just given every patriotic American an excellent reason to protect themselves and their fellow Americans from threats both foreign and domestic, both public and private. Be sure to give your local spook a hug!
Smart Alan, very smart. Thanks for the enlightenment.ReplyDelete
Alan I would like to thank you for taking the time to write such a detailed article about a subject I do not really understand. I enjoyed reading it and learned one or two things in the process!ReplyDelete
However I have difficulty following your logic at some parts. Specifically you mention "...intelligence agents are not all stupid. Most of them are pretty smart”. Sure I can accept that.
Now here is where I think you contradict yourself. If these agent are smart, why not spend the money in their budget to develop, educated and disseminate programs to the public that "…harden the information infrastructure". But this is not what we are seeing. You argue they are afraid of leaks/malpractice within their ranks ("They don't want rogue agents...Not if they're smart, they don't"). Their fears have been to an extent realized by Snowden.
The way I see it either they are not smart, or not acting smart since they are not really developing these encryption/anonymity programs. I think it would also stand true that if these programs were developed and widely used within the US, they would also be used all around the world. How would you then gather intelligence from your friends and enemies?
Or it could also be that the purpose of the system is just too important not to develop it.
Having a play-by-play picture of large chunk of the world’s communication is an extremely useful intelligence gathering/reviewing tool. The arguments for it are almost impossible to counter. Our enemies have it. Our enemies are developing it. Our enemies might (or might not) develop it so we must develop it. Why not develop it, we can afford it. Or to boil it down to a few words FEAR and UNCERTAINTY.
If uncle Sam wanted me to encrypt/anonymize my data/communication, he would have ordered Microsoft/Mozilla/Google to do so on my behalf. I see no evidence that he has done so.
What do you think?
Thank you for the comment.Delete
I would reply that the chief issue is politics, with something reserved for human nature.
First, the security agencies are often in conflict with politicians, many of whom have few skills other than getting elected. These politicians are often under the delusion that they can stop something simply by exerting more force, and even if they know better they pretend it is so in order to keep getting elected - because much of the electorate believes in this method. Therefore, neither politicians nor the security apparatus can afford to tell the public the truth because a majority of the public will not believe them and will punish them for it.
Second, there are politics going on even within the security agencies - and although most of these agents are intelligent as pertains to their specialties, many have tunnel vision and have a hard time seeing the bigger picture.
The other factor is human nature - and the history of computing has shown that most people do not take serious measures to protect themselves online until they have seen the dangers of not doing so. This does not just apply to protecting information from infiltrators, but even to making regular backups of important information.
It is true that the use of anonymizing networks and encryption will be adopted worldwide, but it will not make much difference to spying on our enemies because our enemies have ALREADY adapted. Our intelligence agencies have so much data coming in that they have difficulty dealing with it all, but the fact that the data is there opens them up to criticism when they cannot pick that needle out of the haystack. If anonymizing networks become commonplace the security agencies can then concentrate on other methods that are known to be more effective (such as human intelligence and targeted surveillance using other means) without being distracted by demands to look for a needle in a haystack.
I hope that answers your question, but feel free to ask more questions.