Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Squid Song |
| Really Clever Bank Card Fraud »
July 29, 2013
Obama's Continuing War Against Leakers
The Obama Administration has a comprehensive "insider threat" program to detect leakers from within government. This is pre-Snowden. Not surprisingly, the combination of profiling and "see something, say something" is unlikely to work.
In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for "high-risk persons or behaviors" among co-workers. Those who fail to report them could face penalties, including criminal charges.
Posted on July 29, 2013 at 6:28 AM
• 59 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
You know there's another name for leakers...its called spies. If one doesn't have a method to actually enforce laws against disclosing things then don't expect anything to ever be kept secret.
I cannot see the term leaker equating to spy; not all spies are leakers, not all leakers are spies.
I had no idea the Department of Agriculture was such a hotbed of conspiracy, paranoia & leaks, meriting the need for constant employee surveillance.
@JeffH - just wait till you see the Welsh department of Agriculture...
"The emphasis on individual lifestyles, attitudes and behaviors comes at a time when growing numbers of Americans must submit to extensive background checks, polygraph tests and security investigations to be hired or to keep government or federal contracting jobs. The U.S. government is one of the world’s largest employers..."
That is seriously scary. Especially since they are supposed to look for "attitudes and behaviors – like financial troubles, odd working hours or unexplained travel".
It sounds like there will be very little place for those who like to travel more then is the norm, prefer to work at times different then their coworkers or have minority opinions. It sounds like there will be an enforced conformity in a lot for work unrelated parts of life.
Welcome to the GDR!
This sound more and more like the Staatssicherheit in the German Democratic Republic, where nobody trusted anyone and quite a few ruthless & cunning people used the system to further their own interests.
No doubt "Insider Threat" will lead to a new wave of mobbing, discrimination and individual power struggles within the agencies and contractors.
And since being stressed and tense will make you suspicious, you better have the cools of a pro poker player and Hollywood class acting skills. If you are just a bright hard-working guy/girl you sure will be outmatched by some ruthless egomaniacs sooner or later.
Just when you thought that the gov spying on everybody cannot be topped, it certainly will be by everyone spying on everybody.
For some reason I'm reminded of the Salem Witch Trials.
aaaa: Those of us who enjoy travel for its won sake have been getting extra scrutiny from our FSOs since Collateral Murder was shown at HOPE a few years ago.
Funnily enough, they're also asking questions about why there's another way of contractors quitting and heading back the unclassified world...
Quis custodiet ipsos custodes?
Hopefully this signals the beginning of the end for these squabbling power-mad tribes. Who would work for, with or want as a neighbour anyone from these dominions of insanity?
It's really true - there is no left, right, black or white, it's a continuum on a wheel and the US is heading directly into Franco territory. Good luck with that lads. Oh, and really good luck with keeping that Special Relationship going with your erstwhile allies.
Monitoring everyone and neutralizing potential troublemakers...
- Rage against the Machine
Does 'leaking' include politicians in an election year ?
Five years ago I was hopeful, when a (black) democrat won the elections in the USA. Now I see that he is not willing and not able to change the US administration. Even worser It is running directly to a state where nobody can trust his neighbor or even his partner. It is running towards the mentality of the GDR or the Stalin regime.
In the '50 we had the McCarthyism: shortly we will see the same pattern in the USA: false accusations against opponents to ruin careers.
The difference with the '50? even more data on traffic and behavior, which you can't explain.
America was always the example of the free and democratic western world; now it will be the example of controlling its own people and a warning to other countries to be careful with civil rights.
Or am I too pessimistic?
In the USSR they were called stuckah ... informers and were looked down upon. Perhaps we need to import that practice for the U.S.?
Leaks of politically sensitive information are a fact of life in Washington. Spies leaking secret information while also a fact of Washington and have always been hunted. Treating both as the same thing is setting a bad precedence. It will mean that people in the government will be spending too much time watching out that they don't trigger an investigation of themselves reduce there productivity thereby setting up an environment of paranoia.
Snowden represents a third category of leaker, the would be whistle blower. Look at where we would be without Mark Felt, the Watergate scandal's "Deep Throat". The criminal behavior of a US president would have gone undiscovered. While I will not argue against his guilt of going outside the bounds of just whistle blowing. He was justified in letting the US people know that our government was working outside US law. The measure of a patriotic leak is that the information being leaked is something that is happening inside the government that is outside the law or violates the public trust. The NSA's broad data grab meets both criteria.
"...It was also the duty of the Blockleiter to spy on the population and report any anti-Nazi activities to the local Gestapo office; this allowed a Nazi terror state. This was helped by keeping files on each household (Haushaltskarten). Due to such activities, Blockleiters were particularly disliked by the general population."
When what you do has gotten so unethical and repulsive that insiders become a massive threat to it, then maybe what you do is not what you should do?
Fortunately, the current US administration is not only evil, but also stupid. But that is the last chance to prevent what will be coming otherwise.
'Through counter intelligence it should be possible to pinpoint potential... troublemakers... and neutralise them'
If I wasn't already on every 'list' going this post is pretty much guaranteed to get me on at least one.
Que the competing contractors ratting each other out.
This has gone far beyond "troublemakers". They need to sniff out people with intact personal morals and the backbone to do something about it when they see wrong being done. That could be a bit more difficult.
Although the tactics that they employ against whistleblowers has worked for criminal societies like the Mafia for a long time: Talk to outsiders about the "business" and get annihilated. They seem to have not quite worked up to killing whistleblowers (they already torture them), but that cannot be far into the future. If "by their methods thou shall recognize them" has any truth to it, it is quite clear what the nature of the current US administration is...
This is so obviously illegal and it is being done out in the open. Whistle blowers are supposed to be protected. They help uncover government that's gone AWOL and like the press they are supposed to help the public stay informed so we can take appropriate remedial actions against governmental crime. Now we have an administration that routinely engages in illegal activities yet the public doesn't get outraged. I guess that's why it's happening.
--You know there's this public entity called "the government", that collects/steals money from these private entities known as "taxpayers" and "private companies". One of them has more of an obligation to be (way) more open about what they do w/ money they collect and the other does not since they don't collect money. When private companies become so large that they choke all competition and in some cases advise the government, those boundaries are mixed and resembles what some have called "Fascism".
It will mean that people in the government will be spending too much time watching out that they don't trigger an investigation of themselves reduce there productivity thereby setting up an environment of paranoia.
--And to build on that scenario we are thus stuck supporting the same old farts chosen by other old farts spitting out braindead rhetoric on the same issues no one really cares about anymore. Thus you have an environment of sheer worthlessness and talented individuals (or those that want to do something they see as productive) want the F out.
" I give confidential press
briefings ; you leak ; he's been
charged under Section 2a of the
Official Secrets Act . "
Usually any news item that began with the words "The Bush Administration..." would raise hopes of reading something truly ridiculous... Happy days again!
New movie, working title " Dr. Schneier or: How I
Learned to Stop Worrying and
Love the Database "
@Mike B, et al.:
A leaker is only a spy if you regard the public as the adversary, as this administration appears to.
Is this light at the end of the tunnel?:
Major opinion shifts, in the US and Congress, on NSA surveillance and privacy
Pew finds that, for the first time since 9/11, Americans are now more worried about civil liberties abuses than terrorism
A lie at the end of the tunnel:
"Mr. Snowden will not be tortured. Torture is unlawful in the United States," U.S. Atty. Gen. Eric H. Holder Jr. wrote in a letter to Russian authorities regarding NSA leaker Edward Snowden.
re Scared: Mr Snowden won't be tortured, because Holder will just bring back John Yoo to give a legal opinion that what is done to Snowden does not constitute torture.
It's interesting to note that Obama's promise to Protect Whistleblowers on the Change.gov site has disappeared.
I believe it is time for the citizenry to take on the role of whistleblower, and, it is time for the whistleblowers to forcibly remove the absolute traitors from our halls (and out-houses) of government. The electorate has proven itself to be completely incompetent--seems there is a corollary. Those that believe there is the slightest chance of turning this boat around is going to require direct action.
Snowden is not a whistle-blower or a spy, he is a law breaker and a traitor. Whistle-blowers observe or identify authority being abused/laws being broken and reports them to various watchdogs. Spies steal secrets and then turn them over to their employers usually without letting the victim know their secrets were stolen so the intel will be still valid. The NSA wasn't breaking any laws, it was executing what Congress (on multiple occasions) authorized it to do. Whether that was constitutional or not is another issue. Don't confuse legal vs constitutional. They are two different things. For example, it was legal to own people for centuries until those laws became unconstitutional. If Snowden can show that the NSA was breaking the law or exceeding it, he should have gone to a watchdog group. If he had been arrested from the fruits of that survelience, he could have sued that the law was unconstitutional. He could have gone to his congressman with his beliefs. However, The constitution doesn't provide for citizens to decide for themselves what laws passed by Congress are constitutional or not, that is for the 3 branches of govt that represent him do. Snowden fraudulently signed oaths so he could steal classified documents and expose classified programs. By definition, he broke the law and by exposing classified programs to the world (and thus the enemy) he is a traitor to his country.
The watchdogs of the 3 branches are the people themselves. If they don't like what their representatives are doing, they vote in someone else. But they have to know what their representatives are doing first.
" The constitution doesn't provide for
citizens to decide for themselves
what laws passed by Congress are
constitutional or not "
" The answer lies
in the fact that there are two
types of laws: just and unjust. I
would be the first to advocate
obeying just laws. One has not
only a legal, but a moral
responsibility to obey just laws.
Conversely, one has a moral
responsibility to disobey unjust
this leaking would never have happened if the US intelligence services had done what they're _supposed_ to do, which is spy on _actual_ threats to the US. instead, they saw and see fit to spy on US citizens inside the US, which is an overt violation of the spirit of the US Constitution. the most obvious and just countermeasure to leaks like Snowden is to *stop spying on US citizens inside the US*.
adding another layer of paranoia in institutions already riddled with trust issues will not solve anything. the "see something, say something" line is propaganda meant to make stupid people feel safe, it will only cause grief inside intelligence services.
@matt a "True" whistleblowers in your meaning have been ignored or ridiculed as paranoid and crazy. What do you suggest then?
@Matt a. A couple of days ago, Bruce had a good blog about breaking the law. When you want to change the world someone has to break the law.
Snowden a traitor? Yes to the government, possibly no for a lot of people who really care for the US.
Unconstitutional is illegal!!!
As an official whom to you and I has sworn an oath to protect and defend the constitution is not only guilty of criminal negligence they are also guilty of treason. There isn't a yard arm tall enough to properly hang all of the people that signed the authority to the FISA 2008 that consists of the deliberate act to create a deliberate secret court. And, if you are so deliberately ignorant of these facts I suggest you do more reading. Seek out the enabling legislation and statutes and confirm your arrogant belief that the gobnit is in the right. I challenge you to establish the innocense of these officials. I seem to be able to quantify a significant mountain of evidence that suggests a criminal conspiracy against the U.S. citizenry. The most troubling aspect of this is the blatant attack on the constitution and the sovereign.
@JeffH: Spy, leaker, or other: which was Clarence Beeks?
"The NSA wasn't breaking any laws ..."
ObGodwin: In a way, neither were the Nazis. Had Germany won the war, not a single one of them would have ended up in prison for following orders.
Not surprisingly, the combination of profiling and "see something, say something" is unlikely to work.
The linked articles mainly suggest that these things can't be used to predict leaking. That's probably true, but that doesn't mean it won't "work"--we don't know that was ever the true intent. Creating a culture of fear and paranoia might have a chilling effect, and "failing to report suspicious behavior" is one of those convenient crimes that pretty much anyone could be found guilty of.
"The NSA wasn't breaking any laws ..."
Yep, that's a problem.
--I would say go retake a college American History class but I think you should start w/ a high school level civics one. We know that James Madison and Thomas Jefferson used "cyphers" to protect their correspondences meaning they valued privacy; based off their statements I assume they would value the "people's" privacy too or at the very least let them communicate in ways that don't reveal much to snoopers.
I'm quite happy with the "insider threat" program. Government employees get a chance to experience the same stuff regular citizens do: guilty until proven innocent (seizure of property and money without being arrested or charged with a crime), continuous tracking and monitoring even when not suspected of anything, the assumption that you are or have committed a crime (IRS), etc.
It could be argued that Snowden saw something and said something. It can also be argued that an insider threat program falls under common security awareness programs that are in place at many companies. The intent and the extent of the Obama program however is of an entirely different magnitude and is strongly reminiscent of similar Stasi and Securitate programs in the former GDR and Romania. I am not convinced that the perceived benefits thereof outweigh the catastrophic damage to employee health, productivity and morale. I wonder if anyone has done any research on the effects of working in an environment where paranoia rules supreme and people need to be very careful about anything they say or do for fear of getting reported by a collegue, losing their job or being grilled by security services.
@ matt a
If Snowden can show that the NSA was breaking the law or exceeding it, he should have gone to a watchdog group.
Interesting observation to which the answer, at least in theory, is yes. But can you also name any that would not have landed Snowden in jail immediately and in a cell next to Bradley Manning ? Feel free to believe AG Holden's recent statements to the Russian minister of justice, but which in the light of what happened to Bradley Manning are pretty much in sharp contrast with what is really happening on on the shopfloor. Let's have a look at some possible candidates:
1. The PCLOB: surely you must be joking. I refer to a comment I made when we discussed them somewhere last week (I think)
2. The FISC: not their job. They take requests from the government only anyway.
3. A representative on the House or Senate Select Committee on Intelligence: they already knew and/or didn't care. A recent Senate hearing with Keith Alexander over the Snowden revelations was attended by not even half of all senators. Those who knew were barred from talking about it even if they wanted to. Over the last two years, Ron Wyden had hinted about the NSA's overly broad surveillance many times, and nobody ever picked up on it.
4. A representative not on any of the two SCI's: would probably have passed the file on to his SCI. See 3.
5. The White House or someone else in the administration: given their unprecedented war on whistleblowers like Manning, Kiriakou, Drake, Sterling et al probably not a smart choice either.
6. Wikileaks: didn't turn out really well either for Manning or Assange.
7. ACLU or EFF: both are nonpartisan non-profit organisations which in my opinion would have been a valid option, but are not exactly official government watchdogs.
8. An Anonymous affiliate: mostly amateurs, incapable of proper OPSEC and heavily infiltrated by government operatives from all over the world.
Snowden was proven right not to trust US mainstream media either as most of them came out as government lapdogs. I believe taking it to non-US press (The Guardian) for all practical purposes was Snowden's best and probably only option to get this information out and finally have the public debate and scrutiny people under democratic constitutions domestic and foreign are entitled to.
It's very simple. First Bush, and now Obama, have apparently decided that the measures they think are necessary to win the War on Terror are incompatible with the constitutional system of government that defines the United States. They know they could never get authorization for them through the normal process of legislation and judicial review.
So in the name of securing the Homeland, they set up a parallel classified government, with authority established by classified memorandums from Executive Branch lawyers and authorized by a growing body of secret laws made by a secret court. The parallel classified government exempts itself from the restrictions and checks and balances mandated by the constitution, and also from public laws that get in the way of surveillance, indefinite detention, or whatever else the Executive decides is necessary for the War Effort. The wall of secrecy that keeps the enemy as well as the American public ignorant (and keeps those members of Congress who need to know about it properly gagged into silent inaction) is essential to the operation (and continued growth) of the parallel classified government.
The greatest threat to this parallel classified government isn't the ostensible enemy, but the armies of personnel working for the agencies and the favored outsourced corporations who need access to the classified information. At least some of them are likely to be troubled by what the parallel classified government is doing, and also by the very concept of a parallel classified government. If knowledge of it becomes public, it's likely to provoke outrage that will threaten the operation (and continued growth) of the parallel classified government, which will by definition imperil the security of the Homeland. Thus the obsessive secrecy and the unprecedented aggressive pursuit of treasonous traitors (i.e., leakers).
Of course, someone inside (i.e., Snowden) was indeed troubled by what he learned, and the cat is out of the bag. Americans being a fearful flock of cowering sheep who are conditioned to eagerly give up their rights in exchange for promises of security (cf. TSA), there isn't as much outrage as there should be. But members of Congress are finally starting to assert their role in the constitutional system of government that they've allowed the Executive to bypass for years. There probably will be some changes to the parallel classified government.
The damage is done, so now it's a matter of trying to contain it by punishing the innocent (cf. TSA).
Riiiiiiiiiiiiiight... All this will mean is that a few innocent people go to jail...
Whatever happened to the "most open administeration ever"?
Makes you pine for the relatively innocent days of Tricky Dick ...
Back in primary school in the ACT, we were handed these story cards as literacy aids that the USIS it seems had handed out to the Australian schools at minimum cost. And on one there was a very funny little story about a minute of silence during a memorial service for a deceased comrade at the USSR Dept of Agriculture, iirc.
The problem was that the clock stopped. And no one had either the seniority or the nerve to tell anyone else that the minute was over, or do something to stop this "minute" of silence.
That is the effect this daft policy will have.
We may yet come to look upon the Soviet Union as a model of sanity and decency.
If institutional trust is the foundation of society, then we should expect that increasing institutional distrust leads to the attrition of society.
@Mike B said:
> You know there's another name for leakers...its called spies. [...]
> A leaker is only a spy if you regard the public as the adversary, as this administration appears to.
The big difference in between a spy and a "leaker" is that the former is paid with cash and you never hear about him in the news, and the later will pay - maybe with his life.
I.e. whatever is distributed for free by the "leaker" was available for a very long time to anyone having big amount of untraceable cash.
No, I did not see any elephant in the kitchen.
How very nazi-commie of the government! (referring to the article.) :-)
There really needs to be a good, all descriptive word for tyrannical behavior. Even "tyrannical" does not do it justice. "Nazi" is probably the best for it.
The idea is to inform on the "spies" whom you really know are the real informers. Basically, you are doing bad things and don't want anyone to tell on you, your boss, their bosses, and others in the government. Like Manning and Snowden busted you for doing bad things.
If you don't want whistleblowers, probably a good idea to stop doing bad things... right? (Of course, that is impossible.)
"Don't confuse legal vs constitutional. They are two different things."
Is anybody really this ignorant, and yet this willing to judge?
Mike B • July 29, 2013 6:41 AM
You know there's another name for leakers...its called spies. If one doesn't have a method to actually enforce laws against disclosing things then don't expect anything to ever be kept secret.
The article is about Obama asking people in government to spy on each other, which is the irony here. Spy on each other to try and detect who is most likely to not be able to stomach what other noxious, illegal deed that might cause a government employee of conscience to inform on them to the American people.
I realize, of course, such people of conscience means nothing to some, they can not tell the difference between an Aldrich Ames and a Daniel Ellsberg.
Deep Throat, aka Mark Felt, was the bad guy in the Watergate affair, and Nixon was the good guy for these people.
They never would have watched Valkyrie, about a guy in the Nazi regime trying to kill Hitler, because that guy was the bad guy and Hitler was the good guy for them. All they could know is "who is in power", not "right and wrong".
The Ass Kisser without a spine.
"Conscience" is as imaginary to them as the easter bunny is.
Just a nitpick. One reason for the department of agriculture to be worried about this kind of stuff is that tens of millions of dollars can be made by advance/unauthorized access to some of their information, like crop forecasts. So there's a serious incentive to leak.
Doesn't excuse the lunacy, but if we think about the threat as corporate espionage rather than whistleblowing it puts it in a slightly different light.
Y'know, leakers, I believe, are another "kind" of whistleblower.
If an organization is doing nothing wrong then they should have nothing to hide, should they?
C'mon, if this whole "nothing to hide" crap being spooned out to us "regular citizens" as a means of coping with a surveillance state, why can't it work the other way?
It seems cliche to draw parallels to 1984... but this sounds exactly like it.
Wonderful denial of service attack.
The only thing that protects us from government abusing their powers is their incompetence.
It's Nixon's White House Plumbers all over again.
@Dave: "It's Nixon's White House Plumbers all over again."
Actually, if you've looked at the degree of lawlessness in the White House since then, Nixon was an incredible under-achiever.
No administration since then has had completely clean hands... and, really, one wonders how far before Nixon's time the rot had been spreading.
Compared to the last 5 presidents-- and, really, I don't recall much from the Carter presidency beyond an inability to make omelettes in the midst of inflation that would have made a better souffle, and I'm not sure I want to count Ford's time as a stand-up comedian-- Nixon actually looks pretty good, but, then, nostalgia only looks good when you look at the current idiots wielding more power than they should.
I really do think that the whole "If you're not doing anything wrong you have no need for privacy" mind-set needs to apply to the administration as well.
Maybe we really need to re-examine the WHY we need secrecy to this level; I think we may be going over-board. We need a whole transparent metadiscussion over what needs to be held secure and make sure that the definition of what kind of subject matter DESERVES secrecy all while we make sure that a cover letter for each item is freely available explaining the need.
Yes, I have a bad and un-trusting attitude... but I'm good at it!
Trust goes both ways; If my government does not trust me and believes me to be a crook, well, I sure am not going to trust them.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.