Schneier on Security
A blog covering security and security technology.
« Optimizing Airport Security |
| The Legality of Government Critical Infrastructure Monitoring »
September 7, 2011
Outing a CIA Agent
Interesting article on how difficult it is to keep an identity secret in the information age.
Posted on September 7, 2011 at 6:17 AM
• 22 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
It is one of those curiouse things privacy, Goverments demand it of them and their employees for a whole host of mainly unjustified reasons, whilst in turn doing every thing they can to strip it from the people again for a whole host of mainly unjustified reasons.
Oh and for "John" if he should ever read this, the thing about "there's no I in team" is the obvious reply for any one who hears you say it, which is "there's no U in team either". So just consider how you are alienating yourself from those who are helping you build your career. Some of whom will one day no doubt take great pleasure in wiping their climbing boots on you as they climb up and over such is the way in highly bureaucratic Government and Federal organisations the world over.
The CIA was and is one of the instruments of US imperialism. Gary Hart is a long-time representative of the American establishment. He supported the war on Iraq. It is no surprise that he also defends the Company and the reactionary Intelligence Identities Protection Act.
And I thought it was easier for CIA agents to keep their cover now that the US president isn't G W Bush!
He has nothing to hide. Right?
Mistake #1 was saying that there was a single Bin Laden analyst in the first place.
In fairness, I think the real point that this episode brings out is that the CIA puts a higher priority on publicizing its successes than on keeping information secret. True, the internet means that any interested person could take the information about "John" that the agency chose to release and deduce his identity, but even before the rise of the internet an interested party with a moderate capacity for research could have figured out who he was, if armed with that information.
There’s no I in TEAM but there is a ME if you look close enough…
http://cryptome.org/0004/cia-john/cia-john.htm - Interesting
The point of double-standards regarding privacy, is a vital point indeed. But it is becoming something of a bent-fork-standard, in that privacy seems nearly reserved for those of dubious character exclusively, and nil for the normal.
I don't know how many have pondered the very realistic nightmare of the entire social collective of private information falling into the hands of a relatively-few super-twits, but it will certainly be a nightmare.
"But one former CIA official tells the paper that even with the agency's action, "There's no way they can unring the bell about who he is."'
Is the most damning part of the article. Of course it's true that one cannot unring the bell and this is as much the case with the CIA agent's identity as it is with any other use of biometric data, such as required by REALID. In the long run there are only two possible options. (1) ban the collection, collation, and dissemination off identity data or (2) have a free for all where anyone can play the game. Personally, I'm all in favor of #1. But Facebook is overwhelming evidence that most people think differently. At the end of the day identity data is just one more bit in a larger stream and rather than crying about it we all better get used to the idea that privacy just doesn't exist anymore. And that includes the CIA and other so-called secret agents. This incident isn't a "security blunder" it's a hint at what is fast becoming a new way of life.
I would say that in the information age the only way to efficiently protect your privacy and hide your identity is by going really lo-tech or falling off the grid alltogether.
"I don't know how many have pondered the very realistic nightmare of the entire social collective of private information falling into the hands of a relatively-few super-twits, but it will certainly be a nightmare. "
"I don't know how many have pondered the very realistic nightmare of the entire social collective of private information falling into the hands of a relatively-few super-twits ..." Google, for sure, but apparently not Google+
I've pondered this for some years now. It's not all that hard for credit reporting agencies, advertisers with marketing profiles, and acronymic agencies to build up a quite sophisticated profile of individuals very quickly. As in "push a key" quickly.
I predict that it will be very difficult to conceal full-time participation in any particular activity, so that most covert work will necessarily be done by part timers and/or amateurs with another, unrelated or deniable source of income.
> Is it fair for the CIA to ask news outlets not to probe information that the government itself released?
So they are suggesting that the CIA wants to cover up THIS instance of a data-leak by asking news outlets not to do such research?
This kind of research has been known for years in the intelligence industry. So you can bet that adversaries like the CIA's counterpart in Iran, Irak, Afganistan, or wherever know of these techniques.
The only way to stay vigilant that you don't accidentally release too much information, or get yourself a false sense of security, is to have the press occasionally uncover such bloopers and to be more careful next time. That's what the press is for: to uncover and point out such errors.
"I predict that it will be very difficult to conceal full- time participation in any particular activity, so that most covert work will necessarily be done by part timers and/or amateurs with another"
It happened a long long time ago, and the solution was worked out by most agencies prior to the 1970's. It's just that now it's more open it's become more obvious and some people call it "contracting".
One of the reasons forign countries are so deeply suspicious of journalists as spys is because a lot of people working on the fringe of journalism are exactly that.
Another method was a "nod and a wink" to engineering and similar countries with their sales reps. It got so bad that at one point it looked like Mosad had three seperate divisions of IBM.
New lesson #1 for CIA operatives - wear a variety of ties.
I'm wearing a tie just like that, I'm also quite tall, maybe I should raise my personal alert status...
"Is it fair for the CIA to ask news outlets not to probe information that the government itself released?"
Attention news outlets: Do not let anybody know that the emperor wears no clothes.
Why does the agent's role make them more likely as a retribution target than anyone else in the Situation Room photo?
Doesn't it seem like many terrorists would be content with an inaccurate spread of targets?
The AP mentioned that John was standing "just outside the frame" in the iconic photograph [...]
The Associated Press couldn't have guessed this on its own, so the question becomes who told them this fact? My guess is that one of the other people in that picture is the big mouth, and probably dropped this little nugget to a reporter as a way of staying "friendly" with the press.
As always, the responsibility for keeping government secrets begins with government; and yet, as is often the case, the responsible party, rather than owning up to it, will try its damndest to shift the blame to someone else.
Gawker, and in a larger sense, the press, is a convenient scapegoat for the government's self-induced embarrassment and inconvenience.
@anon 2:26 PM
While others in the situation room would be reasonable retribution targets, 'John' doesn't have a security detail to protect him.
> I predict that it will be very difficult to conceal full-time participation in any particular activity, so that most covert work will necessarily be done by part timers and/or amateurs with another, unrelated or deniable source of income.
The Halting State (by Charless Stross) has something like this as a side plot: a massively multiplayer augmented reality game called "spooks", it turns out it's not just a game...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.