The Real Problem of NSA Computer Surveillance
Slashdot is in an uproar over the demise of Groklaw, a (formerly) amazing web site trying to analyze complex legal issues for a geeky audience. It is on Groklaw that we followed the SCO v. UNIX trials, the Microsoft monopoly trials, etc. For a nerd, losing Groklaw is terrible, like losing your Wikipedia for questions of the law.
Groklaw, on the other hand, died of its own volition. Pamela Jones, the founder and maintainer, wrote a post about why she felt she had to shut down, and blamed government intrusion. She was following the hint of Lavabit, the secure email provider formerly used by Edward Snowden, who shut down rather than comply with a surveillance order.
At the same time as the geek world is spooked by these revelations, we hear the political caste talking about NSA surveillance in glowing tones, as a patriotic duty and a first-grade technical accomplishment of the NSA. I say, political caste, because both parties are in full agreement on this.
I think there is a fundamental disagreement between most if not many geeks and the political establishment. This disagreement revolves around trust: geeks fear what can be done with the data collected; the political establishment is mesmerized by the possibilities. I believe both are correct.
First for the good news: the troves of data collected, and particularly their long memory, enable post-facto reconstruction of events in a way not possible before. The availability of data reaching back many years gives signal intelligence analysts the ability to find networks of people before they had nefarious intentions. Terrorist networks are a form of social network, and if you knew where to look online, you could probably find a whole cell mirrored as Facebook friend list somewhere.
But what about the bad news? We geeks are particularly worried about the potential for abuse, because we know how this kind of information processing works.
Politicians believe there are mechanisms in place to prevent abuse. They assume so. But of course there is no visible proof of that, because the data collection and retrieval are declared a state secret. Since the only ones privvy to the mechanisms in place are those that implement them and use them, and the politicians, it’s safe to say there are no safeguards: the NSA does as it pleases. In particular, the technical heads at the NSA do as they please.
Edward Snowden is the classical example of a technical head. When he came out with the information to which he had access, it was notable that the immediate reaction of the political class was that he couldn’t possibly have had that kind of access. But of course the NSA as an institution had access to that information, and technos implemented that access, so Edward Snowden ipso facto had that kind of access. He may not have been authorized, but since he’d essentially have to rat out himself to get detected, authorization was not a barrier of any kind.
The problem is the same faced by a growing number of entities: as computers become more important, IT staff also becomes more powerful. IT has access to everything going in and out of a network, and to everything inside the network, as well. If there is a security mechanism protecting data, it can be circumvented – especially since the ones doing the circumventing are the ones implementing the protection.
There was the case of the damning voice message left by the head of HP, Carly Fiorina, back in the day. An IT staffer leaked it, causing enormous trouble.
There was the case of the HR memo detailing layoff plans that got leaked by an IT staffer a month ahead of the planned event.
There was the case of the IT administrator for the city of San Francisco that set up his routers and applications such that only he had access, almost bringing down the entire network.
The number of cases from the private sector is enormous. The common thread: non-technos didn’t think something was possible until it happened.
To somehow believe that the same wouldn’t happen at the NSA is, plain and simple, stupid. The kind of stupid that comes from making a comment or holding a belief about something one doesn’t understand.
Here is the word from the geek: we know the data we support; we know how it’s safeguarded; we did the storing and safeguarding ourselves. It is only our ethics that hold us back.
The potential for abuse for such a huge collection of data is enormous as it is. Imagine an IT staffer digging in the past of her estranged husband, looking for tasty morsels to use in the divorce proceedings. Imagine another one looking for bits of information to get ahead of the curve on stock trades. A third one might cyber-stalk a girl he’s pining over. A fourth one might use the information he’s got to plan a heist. There is nothing preventing any of that, so it’s eventually going to happen.
But the data itself isn’t the only problem. The much larger problem is the secrecy of it. If we had good mechanisms of supervision, the collection would be potentially acceptable. But we don’t: we know that the people guarding the henhouse are the politicians, who have no skill, talent, or time for the guarding. If we didn’t know that beforehand, we know that now, after the insanely stupid comments they made after Snowden came forward.
The problem with the secrecy is that we cannot know who accessed the data, and how. Not only can the abuse described above occur with impunity – much worse can happen.
For instance, data could be intentionally planted into the systems to suggest that someone did something that didn’t actually occur. You might find yourself on a no-fly list for no reason, making your career as traveling salesman impossible. You might be ascribed membership to a terrorist organization without reason. You might find your credentials questioned.
The opposite might happen, and the records of you doing something might be expunged. Your years in college? Gone. The message you sent to your lawyer? Vanished. The proof you paid your mortgage? Zapped.
The real issue, then, is not that the NSA collects data. The real issue is that if it does so, it must open up the whats and whens and hows of access. It is completely unacceptable that we do not know how the data are used, by whom, for what purpose.
In short, the data collected by the NSA should be stored on systems whose software is openly available, with strict separation of duties, and a system that allows only monitored and logged access. Logs of data maintenance (anything involving data addition, modification, and deletion) should be available instantly (without the actual data being revealed, of course). Logs of data access should be retained and made available after a FOIA request.
I am all in favor of making data available to crime prevention units. But as a geek, I know that this is only possible if the data are handled transparently. The NSA will have to allow effective external monitoring of its practices, or we will find ourselves in a dangerous situation.