Naivité, Security and Surveillance

“NSA does not have the ability to do that”

Why wasn’t there an outrage about the NSA and their domestic spying just over a year ago, in early 2012? Hard to say. I mean, there was this:

All of this is credible journalism by Laura Poitras, published by the New York Times, with William Binney as a competent and credible source. To learn more about Poitras’ key role in the Snowden part of all this, check out theexcellent portrait of Julian Assange in Vanity Fair.

Back to 2012. From the Wired story on the NSA’s activities and the datacenter in Utah:

it chose to put the wiretapping rooms at key junction points throughout the country—large, windowless buildings known as switches—thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US

These domestic activities were readily denied by General Keith Alexander, head of the NSA:

Alexander said “No,” adding that the “NSA does not have the ability to do that in the United States.” Elaborating, Alexander added: “We don’t have the technical insights in the United States. In other words, you have to have […] some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We’re not authorized to do that, nor do we have the equipment in the United States to collect that kind of information.”

This was, now so very obviously, not true. But who cares about a government official lying to the Congress? Only naive people, I guess. More on that in a bit.

However: Since Snowden, there are more details out there. We know about the UK’s GCHQ doing the same or even more than the NSA and over all of Europe. There is no denying anymore, by anyone.

“You’re naive”

Some people, like Matt Gemmell, say that “any sane person had already assumed” this was happening.

Better yet, objecting to the lack of privacy, specifically NSA’s direct access to the major tech companies’ data is supposed to be (quoting Gemmell again) “incredibly naive”. Worse yet: It’s not only naive, it’s also unjustified, because we shouldn’t change anything:

So what do we do about it? Probably not a lot, if we don’t want to sacrifice effective national security.

This attitude, to me, is just as dangerous as the NSA’s actions itself. Effectiveness is conservatism’s favourite justification for excessive and invasive actions of the executive branch since forever. Don’t get me wrong: I do want government agencies and the police and all of that to protect me from… yes, a bomb maybe, or some big assault somewhere in the public transportation system of say… Hamburg or whatever by “evil people”. And still, effectiveness is such a non-argument. Nobody argues that more data for the NSA gives them more of a free hand. But if effectiveness was the only variable in this game, there wouldn’t be a discussion.

It’s not called “naiveté”, it’s called “democracy”

It’s just that the “naive” people disagree with the current imbalance of security and privacy.

Only because everything can be intercepted doesn’t mean that’s what should be done. However that’s exactly what made Edward Snowden leak these documents, the sheer blanket eavesdropping, on everything. He had hoped things would change with the Obama administration, but they got even worse, he told the Guardian in the second video interview that was published (from 06:20) – thanks, Obama!

Eben Moglen, in 2012, relating to the Utah datacenter:

It’s more than just the permanence of data. It’s the relentlessness of living after the end of forgetting. Nothing ever goes away anymore. What isn’t understood today will be understood tomorrow. The encrypted traffic you use today in relative security is simply waiting until theres enough of it for the cryptoanalysis to work, for the breakers to succeed in breaking it. We are going to have to redo all of our security, all the time, forever, because no encrypted packet is ever lost again.

Everything. Surveilling on a scale like this (well, there’s no scale anymore) is by definition not a justifiable action the executive branch can take. Not here and not in the US. I know that it is possible – but that doesn’t mean it should be done or is allowed to be done. The Economist sums it up:

Having once spied on a small number of specific targets, [the NSA] now conducts online surveillance on a vast scale. It has spied on drug dealers, tax evaders and foreign firms, none of which pose a threat to national security. NSA employees have used its systems to spy on their former lovers.

It seems like General Alexander is in need of a reality check. If it is necessary to establish a system with tremendous staff and judges and courts and whatnot to give out warrants that don’t violate the Constitution, then you have to do so. It’s as simple as that. Just because with digital communication, you can access a backbone and tap in on everything, very easily, it doesn’t mean you’re allowed to.
However, according to a recent piece in Foreign Policy, this is exactly what Keith Alexander disagrees with:

“He said at one point that a lot of things aren’t clearly legal, but that doesn’t make them illegal,” says a former military intelligence officer who served under Alexander at INSCOM.

Later on, Alexander is even called naive himself (whoop!):

“But I think he has a little bit of naiveté about this controversy. He thinks, ‘What’s the problem? I wouldn’t abuse this power. Aren’t we all honorable people?’ People get into these insular worlds out there at NSA. I think Keith fits right in.”

What could possibly go wrong?

It’s not just that FP found one or two people within the NSA who were willing to discredit Alexander here. Michael Hayden, Alexander’s predecessor as head of the NSA, officially complained about Alexander’s craving for raw data before his superior, according to the same FP article.

And there’s more. A cryptography professor was asked to pull a blog post from his university’s servers, a scandal in itself. Anyway, he had posted thoughts about the recent revelation that the NSA had sabotaged the consolidation of encryption protocols:

Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough. […] The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users’ data via programs such as PRISM.

What’s left to say? I guess this cryptography expert professor guy was just too damn naive as well.

Lessons from history

Not only is it simply wrong, as shown above (if that’s possible). I also find the naiveté accusations extremely disturbing in the light of what we’re talking about. Think about what it meant if this attitude really was naive? That stateside surveillance only serves the greater good? That abuse is impossible? That more intense surveillance means greater security?
If one truly believes that, then you have to ask: Have you heard of this thing called history? I’m not die-hard left wing, I’m not protesting on the streets every other week for this or against that, but I cannot accept any authority pursuing totalitarian tendencies. And I wouldn’t have thought this counted as naive or idealistic. On a side note: Being a realist doesn’t mean accepting everything as it is or inventing justifications for the status quo.

Anyway: I am German and I kinda have to know this, but I thought Nazi Germany and the other totalitarian regime in Eastern Germany with the Stasi and all of that weren’t unheard of in the US. There’s also novels like 1984, they even made one or two movies from that. So there’s not really an excuse not to have heard of the downside of an all-too powerful government. Despite all this, it seems like Jacob Appelbaum was right when he said that Germans need to be the history teacher in this affair (great statement by Edward Snowden he reads out, you should watch the whole thing).

In more recent history, the detention of David Miranda at London Heathrow shows that competencies will be abused.
Looking into it, I can’t believe that schedule 7 of that anti terrorism law – eliminating the right to remain silent, and in Miranda’s case being blatantly abused (despite the lack of a link to terrorist activities), was actually passed in the UK.

What now?

Here I am, a German citizen living in Germany complaining about the NSA’s domestic activities. Well, the GCHQ’s activites as well as all the government agencies’ cooperation with German agencies demands a holistic approach to this. As Matt Gemmell points out correctly, we can’t allow government agencies to circumvent civil rights by doing domestic spying for each other.

We need to have a global discussion about what privacy means to us, and how it can be maintained in this digital day and age, that is just not compatible with the concept of borders.
The first step, however, has to be that domestic surveillance in the US goes back to a level that is reconcilable with their Constitution.

Thanks to Matt Gemmell, whose post was the trigger I needed to write this.