Schneier on Security
A blog covering security and security technology.
« Has Tor Been Compromised? |
| Kip Hawley on Fixing the TSA »
August 7, 2013
Restoring Trust in Government and the Internet
In July 2012, responding to allegations that the video-chat service Skype -- owned by Microsoft -- was changing its protocols to make it possible for the government to eavesdrop on users, Corporate Vice President Mark Gillett took to the company's blog to deny it.
Turns out that wasn't quite true.
Or at least he -- or the company's lawyers -- carefully crafted a statement that could be defended as true while completely deceiving the reader. You see, Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, because the government was already able to eavesdrop on users.
At a Senate hearing in March, Director of National Intelligence James Clapper assured the committee that his agency didn't collect data on hundreds of millions of Americans. He was lying, too. He later defended his lie by inventing a new definition of the word "collect," an excuse that didn't even pass the laugh test.
As Edward Snowden's documents reveal more about the NSA's activities, it's becoming clear that we can't trust anything anyone official says about these programs.
Google and Facebook insist that the NSA has no "direct access" to their servers. Of course not; the smart way for the NSA to get all the data is through sniffers.
Apple says it's never heard of PRISM. Of course not; that's the internal name of the NSA database. Companies are publishing reports purporting to show how few requests for customer-data access they've received, a meaningless number when a single Verizon request can cover all of their customers. The Guardian reported that Microsoft secretly worked with the NSA to subvert the security of Outlook, something it carefully denies. Even President Obama's justifications and denials are phrased with the intent that the listener will take his words very literally and not wonder what they really mean.
NSA Director Gen. Keith Alexander has claimed that the NSA's massive surveillance and data mining programs have helped stop more than 50 terrorist plots, 10 inside the U.S. Do you believe him? I think it depends on your definition of "helped." We're not told whether these programs were instrumental in foiling the plots or whether they just happened to be of minor help because the data was there. It also depends on your definition of "terrorist plots." An examination of plots that that FBI claims to have foiled since 9/11 reveals that would-be terrorists have commonly been delusional, and most have been egged on by FBI undercover agents or informants.
Left alone, few were likely to have accomplished much of anything.
Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative.
There's much more to come. Right now, the press has published only a tiny percentage of the documents Snowden took with him. And Snowden's files are only a tiny percentage of the number of secrets our government is keeping, awaiting the next whistle-blower.
Ronald Reagan once said "trust but verify." That works only if we can verify. In a world where everyone lies to us all the time, we have no choice but to trust blindly, and we have no reason to believe that anyone is worthy of blind trust. It's no wonder that most people are ignoring the story; it's just too much cognitive dissonance to try to cope with it.
This sort of thing can destroy our country. Trust is essential in our society. And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers. Study after study demonstrates the value of living in a high-trust society and the costs of living in a low-trust one.
Rebuilding trust is not easy, as anyone who has betrayed or been betrayed by a friend or lover knows, but the path involves transparency, oversight and accountability. Transparency first involves coming clean. Not a little bit at a time, not only when you have to, but complete disclosure about everything. Then it involves continuing disclosure. No more secret rulings by secret courts about secret laws. No more secret programs whose costs and benefits remain hidden.
Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions.
Accountability means that those who break the law, lie to Congress or deceive the American people are held accountable. The NSA has gone rogue, and while it's probably not possible to prosecute people for what they did under the enormous veil of secrecy it currently enjoys, we need to make it clear that this behavior will not be tolerated in the future. Accountability also means voting, which means voters need to know what our leaders are doing in our name.
This is the only way we can restore trust. A market economy doesn't work unless consumers can make intelligent buying decisions based on accurate product information. That's why we have agencies like the FDA, truth-in-packaging laws and prohibitions against false advertising.
In the same way, democracy can't work unless voters know what the government is doing in their name. That's why we have open-government laws. Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society.
Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I'm expected to know which companies protect their users' privacy and which encryption programs the NSA can't break. The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do.
This essay originally appeared on CNN.com.
EDITED TO ADD (8/7): Two more links describing how the US government lies about NSA surveillance.
Posted on August 7, 2013 at 6:29 AM
• 84 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How do you know when a CEO or politician is lying?
Their lips are moving.
" Accountability also means voting, which means voters need to know what our leaders are doing in our name."
Not to go all Ralph Naderite on you, but for this to work, there has to be an actual choice that voters can make, rather than the current choice between
"Lying + Drones" and
"MOAR Lying + Drones + Torture"
("have you got anything without so much 'lying' in it?" "Well, there's lies, lies, lies, spam, baked beans, drones and lies, that's not got much lying in it" "lies, lies, lies..." "bloody vikings!")
I think it's important to note that the part about "outlook" in this article is misleading: MS allowed access to encrypted email inside outlook.com, not the Oulook application.
At least, that's what the linked article states (I have no idea or information regarding any kind of potential backdoor inside the Oulook application encryption functionality).
We have to realize that our Western ('free') democracies have turned into another form, where intelligence organisations are acting as state in a state. I really doubt if even Obama have the power to change this totalitarian behaviour.
We still have elections and possibly we move from Democrats to Republicans, but in the end nothing will change as non of the administrations will have the power to stop NSA, FBI or what organisation else.
It's also worth the government remembering that global business is global.
Saying it's OK we only spy on foreigners is OK, until it means all foreigners stop using your only remaining export - software services
The thing is, what's being described here isn't really "trust", it's wanting to be aware of everything that's being done so you KNOW nothing bad is going on (ironic, given the topic). "...vibrant public-sector watchdog groups that analyze and debate the government's actions" seems like a pretty good way to make the government security agencies totally unable to do their jobs.
Secrecy is a required part of what they do, which is why "trust" is so important. I'm not sure the best way to go about ensuring the existence of that trust, although there have been good suggestions elsewhere (adding a public advocate to FISA proceedings is an interesting one). But the suggestions being made here would seem to go way, way too far.
1. Add all corporate lawyers and those employed by corporations;
2. Their lips don't have to move: breathing is sufficient ...
@NobodySpecial: the estimated loss of turnover in US cloud services caused by PRISM is just 21 to 35 billion USD:
Makes me wonder how much loss online-porn has already suffered because people don't feel unwatched anymore ;)
Democracy tself has been totally corrupted. Parties both agree on questions that can be asked in debates colluding with each other to avoid meaningful dialogue. Robocalls harass voters to give them the wrong voting address or time in hopes they won't show up. Only the party with the most money wins, meaning they get into office owing a huge group of lobbyists everything.
Media is corrupted with them, since they are also for profit they need to tote the party line or are denied access to officials. That fascism sprang from this situation is no surprise. The agencies operating with no civillian oversight and near unlimited resources will only get more and more corrupted by their own power they keep increasing in secret courts.
Voting doesn't do much good when all the candidates are lying. Obama railed against the Patriot Act provisions that allowed the secret collection of telephony data when he was a US Senator campaigning for president. As soon as he became president he worked to expand the very powers that he promised to curtail.
So it turns out that it did not matter who I voted for. Or democracy is fundamentally broken. Unless, of course, Bruce himself will run as an independent presidential candidate. What say you Bruce???
Mission creep or a creepy mission?
There is evidence that the NSA is not creeping. It is a full on
forced march. If I could spell Blitzkrieg I would use that word.
The metal roof on my house may not be enough.
One of the costs of betrayal: at some point, people start distrusting categorically. "Everybody lies. Yeah nobody has even accused AppoogleSoft corp. of lying, but I still know they are because everybody lies.
Another side effect of the government being so deceitful is it gives conspiracy theorists and unscrupulous journalists much more ability to spread misinformation, and no one is the wiser. All the public is left with is noise.
Guifi.net is a community network with more than 21,000 nodes that covers a vast geographic area. It is a relatively safe network to use because it is build and maintained by a community.
The Free Network Foundation in the US also promotes the deployment of networks which are under the control of the people.
If we cannot trust the state and the companies, we have to take the initiative and try to build communities that serve our needs.
The Peer to Peer Foundation describe a new production models in which we collaborate with each other as peers. It is working very well with FLOSS. We also see very good results of the work by the community in Wikipedia. It is about changing our behaviour from "consumers" to "participants". It is not easy. And it will take time.
I guess this is just another lost cause Mr. Paine. All you people don't know about lost causes. Mr. Paine does. He said once they were the only causes worth fighting for and he fought for them once. For the only reason any man ever fights for them. Because of just one plain simple rule. Love thy neighbor. And in this world today of great hatred a man who knows that rule has a great trust. You know that rule Mr. Paine and I loved you for it just as my father did. And you know that you fight harder for the lost causes than for any others. Yes you'd even die for them. Like a man we both knew Mr. Paine. You think I'm licked. You all think I'm licked. Well I'm not licked. And I'm gonna stay right here and fight for this lost cause. Even if this room gets filled with lies like these. And the Taylors and all their armies come marching into this place. Somebody will listen to me.
There's a wonderful euphemism for the "not quite true" that was made famous by Sir Robert Armstrong, a British cabinet secretary, during the 1986 Australian trial to prevent publication of the memoirs of Peter Wright, a former MI5 agent: "economical with the truth". The use by Armstrong was widely mocked at the time and has since become a common phrase for mocking lying politicians, civil servants and others in the UK.
The phrase is believed to originally come from Edmund Burke:
Hi, Regarding this statement:
"NSA Director Gen. Keith Alexander has claimed that the NSA's massive surveillance and data mining programs have helped stop more than 50 terrorist plots, 10 inside the U.S. Do you believe him? I think it depends on your definition of "helped." We're not told whether these programs were instrumental in foiling the plots or whether they just happened to be of minor help because the data was there."
I think the more clear question is:
Did the data help *lead* to finding the 50 plots, 10 in the US.. or did they find the people involved using good, old-fashioned police foot-work, and then look up the data?
If it's the latter, that means storing all our data and surveilling us is unnecessary, and the NSA could have asked for data after finding out about plotters.
I also appreciate your point about how the NSA and FBI folks egged on people.. and then "caught" them.
I wonder what has happened to the notion of "entrapment" .. which used to be something the police couldn't do.. but now, in sending people they want to track a virus in an email, getting them to click.. they do seem to be engaging in something akin to it. What do you think about this?
Thanks for writing all you do.. it's extremely helpful and good for the democracy !!
The first step required to restore that trust would be an unconditional pardon for Manning and Snowden.
Secrecy is sometimes needed for state agents to do their jobs. But this culture of impunity has developed because these bodies believe that their activities will be secret indefinitely.
It is not clear that to do their jobs, these activities must be kept secret indefinitely. Quite likely, most could be released after a year, many more after 5 years, and almost all after 10.
This suggests a way of holding the security agencies to account. The default assumption should be that members of the public affected by (including snooped on) by these agencies should be informed after a certain time has passed. Exceptions should only be for good reason, and the longer the exception is held for, the higher and more independent the scrutiny that must be applied.
If agents expect that their actions will one day be scrutinised, the culture of impunity would be broken.
This is what pols and civil servants do. Here's the Armstrong exchange, although maybe in this case he was being too candid as far as the government was concerned:
Armstrong: It was a misleading impression. It does not contain a lie.
Lawyer: What is the difference between a misleading impression and a lie?
A: A lie is a straight untruth.
L: What is a misleading impression - a sort of bent untruth?
A: As one person said, it is perhaps being economical with the truth.
Part of the problem with the original Guardian article about Microsoft is that it was written by a either Google or Apple fanboy because it clearly insinuates that Microsoft wanted to spy on its users. The other part is that it very likely contains a number of factually wrong assertions.
And Microsoft's denial is a bit scary, they deny some very specific accusations (sharing encryption keys, subverting SSL, giving direct access) but ends with what ammounts to "we have more to say, and want to say it, but the US Government doesn't let us do it"
"Accountability also means voting, which means voters need to know what our leaders are doing in our name."
You're forgetting that most Americans are incredibly stupid, and know only what they get from television and the internet.
I would have to say that a problem with this line of analysis is *convincing* the current monied/political elites of the value of living in a high-trust society. Typically elites do better than the poor in low-trust societies, if only because they have more resources to spend on gated communities, security guards, and other self-protective mechanisms. They can better afford the higher transaction costs and absorb some of externalities without being beggared.
Right now, for instance, our political elites do not seem concerned about appearing trustworthy or about whether U.S. tech companies are seen as viable international trading partners. It's hard to imagine the political coalition that could impose trust-restorative measures if these are not seen as desirable by our political and financial elites.
Bruce, you wrote:
"Google and Facebook insist that the NSA has no "direct access" to their servers. Of course not; the smart way for the NSA to get all the data is through sniffers."
I'm curious what you think of tech journalists like Ed Bott who have argued that the denials from Google and Facebook mean that Snowden/Greenwald simply misunderstood PRISM:
@Snarki, child of Loki: I think you have the right point, but I'm not sure about cause vs effect. The Vietnam War soured a generation of Americans on the notion that Government Intervention was a force for good. Those folks are voters, or the parents of voters. Idealists that felt we just needed to get government right before we let it run our lives, folks who remember the governments successes of WWII, are dying out.
Voters are looking for liars. They want liars that will tell them that government will give them what they want at the expense of "somebody else". We have two parties, which differ only in their selection of "somebody else". Voting means picking between liars and trusting that they're not going to do as much as they promised. Voters that want 10% more government spending have to choose between a Democrat that promises 100% more spending and a Republican that that promises a 30% cut in spending. Reasonable folks who make compromises aren't on the ballot; because when folks like that run they lose in the primaries.
Perhaps in the NSA we've found something the US Government can be good at. OK, perhaps it a creepy and repressive thing, but we have a celebration of competence at NSA. Compare that to the TSA. TSA is "normal government", it promises/lies to you offering complete security through a combination of scanners, minimum wage workers, and wishful/magical thinking. The NSA, on the other hand, says it only looks at foreigners, carefully audits it's workers to catch abusers, and follows court procedures defined by the Legislative branch. We're not concerned that they do that, but rather that they do so much more. They find 50 tips that law enforcement can run down and catch folks. Compare that to the skyjackers caught by TSA.
Are Americans getting the government they want, and mad at the NSA for not being incompetent? Seems to fit the facts on the ground.
@snarki, child of loki
There are other choices.
Next time vote Green or Independent.
Talk about them to your friends, family and coworkers.
Put pressure on media to change the current Presidential debate format that is actually conducted by a bipartisan body of D's and R's, so that other parties get exposure.
Bruce Schneier for Secretary of Homeland Security!
"Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions."
But: most of Congress already thought there was a sufficiently robust court system, the NSA felt that Congress had been fully informed through appropriate channels, and everyone on the inside thought that the public sector had access to as much information as it could have without damaging national security.
What additional mechanism do you propose, that you think won't deterioriate to the exact same situation as this one? How do you look at the long legal history of surveillance, its repeating cycle of scandal and new constraints and the complete failure of those constraints, and say, "But this time, the checks and balances will work"?
Personally, I think the only thing to do is to go back to the original sense of the Fourth Amendment and say, no warrantless wiretapping, no general warrants, no surveillance without specific probable cause, no exceptions, ever. There shouldn't even be something like FISA to allow exceptions for special cases.
@Petréa: That, and owning up to your mistakes instead of trying to shoot the messenger.
I mean, Assange committed no crime whatsoever, the US govt is perfectly aware of that, yet they threaten him with the whole nine yards.
Just one example.
It's worth noting that, in an environment of secrecy, whistle-blowers are a key part of "verify".
Why would anybody want to trust the gang of stationary bandits? Because those are "our" bandits?
Stockholm syndrome running rampant.
"The government consists of a gang of men exactly like you and me. They have, taking one with another, no special talent for the business of government; they have only a talent for getting and holding office. Their principal device to that end is to search out groups who pant and pine for something they can't get and to promise to give it to them. Nine times out of ten that promise is worth nothing. The tenth time is made good by looting A to satisfy B. In other words, government is a broker in pillage, and every election is sort of an advance auction sale of stolen goods."
- H.L. Mencken, Prejudices, First Series (1919)
If only somebody would realise that Skype is a European Company based in Luxembourg it may take the discussion in front on a different legal system with a different weight on Data Privacy. I have raised this multiple times during discussions but it appears more and more poeple believe companies exist in "the cloud".
CTRL+F -> "Luxembourg"
@Thierry - Skype is owned by Microsoft
It can be HQ'ed anywhere it likes but when the NSA knock on the door in Redmond they get the red carpet treatment
@NobdySpecial - I am not sure what this adds to my statement or to the discussion. I expect everyone to know that since the consequences of the Patriot Act where discussed publically (Cloud).
Take it in front of the system that can put the directors of the company potentiall of in jail.
re: companies that have said "we have more to say, and want to say it, but the US Government doesn't let us do it"
I think it's a cop out. I'm curious in what manner, and how much, all of these companies are being compensated for their cooperation. The supposed billions of loss of services as (primarily) foreigners withdraw from using U.S. based internet services would seem to be an incentive that it's increasingly in their interest to rat out the U.S. government.
If any two of these companies were to totally rat out the government, what's the government really going to do? Destroy them? Throw their CEO's in jail? The more vindictive their response, e.g. treating those companies as Snowden, et al, have been treated, they only significantly hurt the perceived value and trust in the state, as once the government is ratted out, the "damage" will be have been done. The toothpaste isn't going to go back into the tube. They could fine them into non-existence, maybe.
Any of these companies themselves could spill their guts through wikileaks or any number of traditional methods. So why are they hiding behind this "the government won't let us" bit? What sanction have they already been threatened with? Or what carrot have they already been fed?
@cmurphy: Their compensation is that they get to have what they want on their web sites instead of http://cdn.arstechnica.net/wp-content/uploads/... .
If you willfully violate a court order, such as a national security letter, a judge can sanction you in whatever way they consider "reasonable and proportional". In past cases, indefinite confinement has been considered "proportional". The lack of predefined penalties serves to make these orders significant. One must obey the judicial branch in a country with the rule of law.
It was the least untruthful thing he could say.
When the back-dooring of Skype was reported earlier this year:
was it Microsofts own Server(s) or was it the NSA's XKeyScore Server in Redmond, that is receiving copies of all traffic, which poked at the URLs captured from the chats? I would not be surprised if it is the latter.
So "No, they do not have access to our servers" might be true, but deceiving. They don't need access to Microsoft's Servers, if they get all communication replicated to their own servers next door.
Am I the only one to remember why Martha Stewart went to prison? They couldn't convict her of insider trading. The conviction was for lying to the government, a federal felony.
Where are the arrests now?
Another trust issue...
Most American's trust that someone else (those of us serving in the military as well as those serving in the FBI and other security services) will assume the physical risks associated with executing national security missions. At any given moment less than 1% of the US population serves in the military. Less than 10% of the US population has served at any point in time.
I feel betrayed but not by the government. I feel betrayed by those that reveal capabilities (inaccurately I might add) while we remain at war.
In 2012 the US hit a total of over 2000 deaths of US military personnel after 11 years of war in Afghanistan.
It strikes me that as I read online blogs about how the government has "betrayed" its citizens by invading their privacy, that I never see any specifics on the victims. Who are the "victims". Am I a victim? Am I experiencing the plight of a victim of tyranny or of a surveillance state? I sure don't feel like a victim. Who has been killed? Who has been wrongly convicted?
I have no illusions that my government (including the security services) is perfect, but I find the comparisons to between the government and the Nazi SS to be outrageous. At the same time I find the claims that Snowden and Manning are heroes to be ill-considered. The list of all that have paid the ultimate price is far too long to list here, but here are the true heroes that have died in Afghanistan in July of 2013. These are heroes:
Army Spc. Nicholas B. Burley
Army Sgt. Stephen M. New
Army Sgt. Eric T. Lawson
Army Spc. Caryn E. Nouv
Army Spc. Rob L. Nichols
Army 1st Lt. Jonam Russell
Army Sgt. Stefan M. Smith
Army Spc. Anthony R. Maddox
Army Staff Sgt. Sonny C. Zimmerman
Marine Lance Cpl. Benjamin Tuttle
Army Pvt. Errol D.A. Milliard
Army 1st Sgt. Tracy L. Stapley
Army Spc. Hilda I. Clayton
And the "heroes" that died killing Afghans - how exactly did that make me safer?
Every drone strike on a wedding party causes another million people to dislike America, a few 1000s to hate it and convinces a few to do something about it.
So far the war in Afghanistan has been the best terrorist recruiting exercise in history.
@Anonymous service member
Seriously? We "remain at war" primarily because it makes money for some well connected people. I'm sorry your friends lost their lives but while I'm sure they were well intentioned, it wasn't for my safety. These capabilities were too secret to hold a public debate over, but could be sold to the UAE. Don't make me laugh. Nothing but CYA bullshit by a bunch of assholes who were probably listening and laughing the last time your buddy got hot and heavy on the phone with his girl back home (http://www.wired.com/threatlevel/2008/10/we-snooped-on-i).
Ouch -- this is, I think, truthful and compassionate for all of us to deal with.
It makes me ache to some extent that we have no interest in advancing knowledge (when deception occurs) -- verifiable and open truth makes us better long term [this statement I make and believe - disagree you may]. The sadness for me is that perhaps there is some natural law in human behavior for lying that makes it the better strategy. So I must decide from within which is the course that makes me better -- lying or truth. How on earth does one make a decision like this? How will I know a lie, how will I know truth -- each I want to discover.
Schneier -- kinda agree on this ... ugh.
"Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative."
Anonymous service member
--You're damn right I'm not going to serve. Ever notice what happens when we go to war? Rich sons don't get sent off to die. I don't want to get barked at by Lieutenant Dan and contribute further to a police state going towards a military state. I don't like choppers and drones flying over my head too, get it away from me. Maybe if they used their resources more wisely and if the FBI and LE didn't physically harass me. I'm a victim and some sick puppies to this day still continue to follow me and I don't know if it will ever stop. They invaded my house, went in my bedroom, follow me in my car. This caused me mental damage and now I have such severe trust issues I can't form relationships where I trust someone for at least like 6 months.
I saw footage from Afghanistan where they blow holes in innocent people's houses then give them a paper slip for reimbursement. Not to mention swat-like invasion pointing rifles, screaming at them in their own house, ordering them around. I would hate that. What "army" are they fighting?
Sorry for all your buddies and working w/ those in the military is nice b/c they really pull their weight in any project; but the military needs to focus on space and not fighting wars that most of the people don't even feel.
@Anonymous Service Member,
What exactly was it they were doing that was so "heroic"? When you use that word to describe everyone (oh, sorry, only Americans, because, well, fsck the furriners/Afghans) who dies or is killed in a warzone, you really cheapen its meaning. Were they providing medical care to someone who wasn't their buddy? Were they talking with people who lived in the area so that they could better understand them as people and thereby provide what the locals wanted? Were they protecting young girls going to school so that when those girls became women they could be doctors or engineers or even clothing designers or farmers if that is what they wanted? Or were they simply following orders? Driving or riding in a truck/apc/helo in the wrong place at the wrong time? Standing up too tall in their compound and getting sniped? Sleeping when a surprise mortar hit nearby? None of those later activities sound all that "heroic" to me, but I'm not the best person to say. To paraphrase the words of General George S. Patton: No poor bastard ever won a war by dying for his country. He won it by making other bastards die for their country.
So, if we are truly in a war, one for which our very survival as a nation is at stake, then let the gloves come off. We would commit genocide. We would be the monsters of the planet that so much of the Muslim and poor world considers us. Let's turn in to the Draka and quit pretending to be the good guys. I'm sorry, but that's not the kind of world I want to live in.
You haven't heard mention of TIA for a reason. The effort was fought pretty hard even in a public that was allowing many surveillance state efforts. Real ID is an example piece of enabling legislation for TIA efforts that got shot down or stalled in many states. The heat that was put on the program made it largely disappear. The only question was whether it was mostly shut down or merely disappeared from sight as the capabilities were compartmentalized into new other programs.
Now, we know the answer to that one, don't we? ;)
@Anonymous Service Member,
The people serving our country deserve all of our respect. Death in service, regardless of reason, should be recognized as a supreme gift to all of our citizens.
Our leaders disrespecting why they are willing to fight for us - to protect our rights and freedom - is a harsh crime against both our troops and our citizens. Freedom isn't free. A few more may make the ultimate gift if we miss that call or email that might have provided confirmation of other intelligence. But obtaining that information by violating why they fight means that we all lose more.
If any two of these companies were to totally rat out the government, what's the government really going to do? Destroy them? Throw their CEO's in jail?
Former Qwest Communications chief executive Joe Nacchio was sentenced to six years in prison on illegal stock sales charges, alledgedly after refusing to cooperate with the NSA. Do you really believe Steve Balmer or Tim Cook would like to go there or risk having some IRS teams over that probably already know where to start looking ? I didn't think so.
What you're proposing can only work if
1) the accumulated losses as a result of their collaboration with the NSA would be so high as to become a serious liability
2) All of Silicon Valley and the SF Bay Area would band together to blow the lid so no person or company could be singled out for the expected "iron fist" approach. (strength through numbers)
@ Anonymous service member
I can only speak for myself, but please do not think for a second that my questioning of the USG/NSA surveillance state implies any disrespect whatsoever for folks as yourselves, on a daily basis risking their lives on the many US battle grounds.
No single group of people in recent history has been betrayed more by their government than those that laid down their lives or returned home maimed for a war started under false pretext as was the case in Iraq.
Retired Brigadier General Robert Carr during the Manning trial stated under oath that no US service men had been killed as a result of the Afghan logs Pfc. Manning seized and Wikileaks published. Although General Dunford, commander of the International Security Force in Kabul, to date maintains that the war in Afghanistan after 11 years can still be "won", many international analysts agree that geopolitically the presence of US and NATO forces does nothing for regional or US national security. Although the taliban maintain ties with AQ, their leadership now mostly operates out of Pakistan, and what's left of AQ has mostly relocated to the failed state of Yemen where they have established a strong presence (AQAP).
My personal take on the issue is that you and your valiant colleagues are being sacrificed on the altar of
- a US foreign policy that does not permit pulling out of the country without incurring massive loss of face both home and abroad.
- a military-industrial complex that is the only party left to benefit/profit from the Afghan war going on.
Rest assured that whistleblowers like Bradley Manning and Edward Snowden in exposing the lies and the secret machinations of the deep state not only did so with the general public in mind, but were just as well thinking about the countless service men and women led to believe that they are protecting the nation but in fact are getting killed to serve the interests of a privileged elite only. Having served in the military myself at one point, I salute you because I believe a soldier deserves better than that.
People are ignoring the story, not because it doesn't matter to us but because they already have our data, and there's nothing we can do that will either punish them or take it away from them.
I'd love it if I'm wrong about that.
About all we can do in the meantime is to watch them back as much as we can, and share reports of every new power-grab far and wide before they can shut us up.
And work on defeating them technically when they do get around to censoring the net.
Eventually, enough publicized atrocities will motivate a majority of the public to change things. If we can prevent the bad guys from stopping the publicity from happening.
"Restoring Trust in Government"
It is true that a society cannot survive when trust does not exist. The entire social order depends critically on trust. Commerce, the rule of law, incentive to self-betterment (because you trust that the fruits of your efforts will not be arbitrarily stolen from you), are all that holds a society together. Take them away and you have nothing but an inevitable slide into chaos and barbarism.
The problem with this article, is the assumption that it is possible to restore trust in government once it is broken. This is actually a wishful delusion - a case of normalcy cognitive bias. http://en.wikipedia.org/wiki/...
It is a refusal to accept that this is a one way slide now, into a disaster none of us have experienced before. You cannot restore social trust, using the mechanisms of the untrusted existing system. The voting system is broken (rigged electronic vote counting.) The mainstream media is broken (no legal obligation to tell the truth, and owned by just six corporations, all with congruent agendas.) The political party system is broken (tweedle dee and tweedle dum, fake platforms constructed to give an illusion of choice.) The rule of law is broken (too many examples to list.)
The destination of this slide is inescapable. It can end only in violence.
The one question remaining is what scale of violence will be involved. Whether this will take the form of civil war, revolution, or classical societal collapse.
In the present age, with the weapons and nuclear materials stockpiles that exist now, both civil war and simple chaotic societal collapse would very likely reach the same end point - mega-deaths and very long term radioactive contamination. In my opinion the only possible survivable path for Western Civilization involves a short, sharp overthrow of the exiting Ancien Regime and all its components.
But we have no ideological replacement. No clear vision of how Good and Freedom may be restored. It is not just trust that is broken. It is ourselves.
_existing_ Ancien Regime
I thought they said at the time that they were moving the pieces of it to other programs...
not a comprehensive solution, but we (as voters, citizens, or whatever) need to be less tolerant of lying and to expand our understanding of a lie. if you include "creative lying" (intricate fabrication via clever word choice) and also blatant lies by omission, we come closer to understanding deception. the latter are more subjective and more difficult to prove than direct lying, but no less insidious.
i disagree to some degree to those who would say that the system we have is undemocratic. we have the gov't we deserve, and our democratic republic is a reflection of our fears that guide us to direct our political leaders to protect us from every conceivable threat, and to take extreme action to give us this assurance, even if that safety is an illusion, and even if the govt itself might arbitrarily take our freedoms away by administrative accident or for a contrived thought-crime. our democracy works so well that our collective wishes will erode the very democracy that we've installed. this process is not nearly complete, and might reverse itself, but the process has certain begun.
Why is Apple trying to pretend, are they ashamed that they gave in to a shady surveillance project? Well they should be. http://vpnexpress.net has already revealed that they are involved. They should have known that we would find out sooner or later. It's really disappointing that they would try to hide it from consumers just to save their ratings.
The United Police States is destroying itself from within.
I've said it before: Computers are too complex to be secure.
Government being out of control is only a tiny portion of the larger problem.
@RSaunders: "One must obey the judicial branch in a country with the rule of law." Seems facetious. It's increasingly a country with a government that ignores rule of law whenever the law is inconvenient to follow. It's not exactly a role model engendering trust when the most common kind of "government transparency" is its own blatantly obvious double standards on who/what is to follow the law.
I agree with Bruce's steps that it would take to restore faith. Unfortunately I don't think anything like that will be done. I have yet to see the scale of outrage it would take to have such a massive reversal of course. There's too much inertia, and in the wrong direction. We can't rely on voters forcing accountability of their elected leaders, because every mainstream candidate with the remotest chance of being elected in our two party system is firstly and fundamentally a liar. Even still, no one person, even a new president, really has the power to dismantle the surveillance state. And the voters who elect these people are largely uneducated on these issues.
I remember watching the outrage over the TSA's body scanners and enhanced patdowns, which directly and more personally affected far more of the electorate. All that outrage didn't do much good.
Our only hope is what E.S. says is happening. The system will eventually self destruct from within.
You can't restore trust in government if you don't lock up the majority of the political class in Alcatraz and start over with new people. That includes past politicians, e.g. Bushes, and as well the majority of your Congres from which you may keep Ron Paul and perhaps 3 other guys.
Your politicians are bribed to the bone marrow and you can't build a trustworthy government with them. It won't ever be anything else than corporate fascism like now and like in the past decades if not longer if those people will be allowed to stay in public functions.
I can think of a number of possibilities:
• Backdoors placed in operating systems and network components.
• Coercion of anti-virus companies not to detect federal spyware.
• Use of anti-virus products as spyware.
• Use of malware to search computers / cell phones.
• Use of malware on cell phones for acoustic and optical surveillance.
• Use of malware for attacks on foreign infrastructure (Stuxnet).
• Use of malware to place fake evidence.
• Use of collected information for economic and industrial espionage.
• Use of collected information for blackmail of international and maybe US politicians.
• Use of pure "metadata" to identify targets for drone strikes.
• Large scale cooperation with credit card companies.
• Large scale cooperation with document shredding services.
Google Tails operating system. Enjoy.
"Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions."
There's another problem with this. The article has a nice set of evidence attached to it, but that took how much time to research and compile? Four hours? Eight hours?
Analyzing by watchdog groups is a useful and necessary part of oversight, but it's also good to realize that as long as they have very limited resources compared to the organizations they intend to watch, the latter can use their superiority in FTE's and money to simply swamp the opposition in actions to analyze. Worse still. At the moment, more thoroughness is asked of watchdog groups than of their opponents, further tilting the balance against oversight.
At the end of the day, this is also very much a matter of money. If the public in the US can regain control of the purse strings, that should do some good. Provided they can be educated in these difficult subjects of how governments work (and are related to their personal lives) in sufficient numbers to form a public opinion.
"I thought they said at the time that they were moving the pieces of it to other programs..."
Some people did. Some said the initiative was stopping. Some said nothing. It was inconsistent. The paranoid among us just assumed that they were still developing the capabilities under black programs because they couldn't pass up power like that. Their inconsistency about what they were doing with TIA seemed, in my opinion, to be further evidence of it. A lack of a straight answer often means they're hiding something.
Part of the problem with the original Guardian article about Microsoft is that it was written by a either Google or Apple fanboy because it clearly insinuates that Microsoft wanted to spy on its users.
I won't speculate here on beginnings of MS (the Gates family and their friends in Washington). But I suggest you wake up and smell the COFEE to better understand the MS business model of strategic "partnerships". MS might not be unique in, um, "fully monetising their market opportunities" - but they're certainly not innocent.
The other part is that it very likely contains a number of factually wrong assertions.
What were those "very likely" "factually wrong assertions" (is that like, "probably bullshit but we can never know either way"?)
Officials' lies are all too effective, since a large segment of the population wants to believe them. Why? Because, as we contemplate the liberty-for-security bargain we're being offered by our governments, our human brains are wired to make a terrible miscalculation:
"This is Your Brain on Terrorism" http://libertymcg.com/2013/07/23/...
Trust? We, the sovereign, are under attack. At a minimum everyone is a suspect, and you speak of trust. I trust we are screwed, our tools and civil mechanisms have been undermined. Executive, congress, and the courts are all but figurative in relationship to their charter. What course of action could possible redress this issue? I suggest that the Galaxy Police show up and revoke our license to operate a planet.
Democracy has failed.
The ancient greeks knew that democracy would lead to a government formed of pseudo aristocrats, pre-selected for their connections to money and power.
The ancient greeks didnt practice democracy, but instead chose a system of government where their 'representatives' were chosen by lottery, thus ensuring their representatives were truly representative of the population at large.
They ran their government for hundreds of years on this principle
For people to be professionally honest, you have to pay for honesty as a service. It's not something you can expect without cost. So, you need to tax enough to fund regulatory agencies with a sole purpose of being transparently honest. To make that work, you need those who benefit most immediately from regulation -- citizens -- to have enough money to tax.
But wealth is too concentrated. However, the public does have one meaningful card to play: the military. A huge amount of international wealth right now basically rests on the fact that the U.S. military is the most powerful entity on the planet and will protect the interests of the wealthy. And the military only functions as it does because of a class of dedicated people in the public who have a concept of honor and self-sacrifice and *trust*, who are in it for reasons other than advancement and personal interest, and so are willing to kill and die for a cause. It is these servicepeople and their families who can, just by refusing to be soldiers and thereby denying the rich their self-sacrificing protectors, kick the ladder of impunity out from under the people on the platform, who one can only hope will work to change things before they swing. But conditions will first have to be seen as bad enough that not even poverty or idealism will be able to make people believe this country is worth fighting for.
So basically, the citizenry has to become disillusioned enough to de-legitimize and withdraw from, or redirect, the military -- cripple the golden goose -- until that citizenry is given a large enough slice of the financial pie to pay for the honesty and honor and decency that makes soldiers able to believe themselves good guys again.
On the lighter side, dissidents beware, your email suggesting that the gobnit is up to no good might be a reason to investigate you. The question is: If my email service is hosted in Malaysia and I went an email to myself--am I a target. Who am I kidding, must be one already.
"The supposed billions of loss of services as (primarily) foreigners withdraw from using U.S. based internet services would seem to be an incentive that it's increasingly in their interest to rat out the U.S. government."
An interesting point. But, where are those other services? Do you know of any service comparable to the ones provided by Microsoft, Google, Facebook, Apple, Yahoo!, etc.?
"I'm curious in what manner, and how much, all of these companies are being compensated for their cooperation. "
They're not being thrown in jail, they're not having their domain names seized, and last but not least, they're not letting random NSA/FBI/whatever agents mess around with their massive infrastructures and quite possibly breaking them. They have lots of reasons to cooperate with those agencies.
@cmurphy: I just can't go along with "government that ignores rule of law". When the IRS goes off the rails, it's a big scandal and folks start losing their jobs. It's news, because it doesn't happen very often.
The NSA outrage is very different. Folks are outraged that what the NSA is doing isn't illegal. The Supreme Court decided you're not entitlted to any privacy in your phone records, the Patriot Act allows government to do many intrusive things.
I agree with you in that I'd prefer US attitudes were the British "Keep calm and carry on", or Bruce's "Refuse to be terrorized", but the bottom line is that US citizens say "connect the dots" and "something, even something that infringes liberty, must be done". The US government is towing that line.
If you want a detailed discussion of how the NSA spying is legal, read the ODNI counsel's speach at the Brookings Institute. Be forewarned, this is a lawyer at Brookings, so the wonky-level is really high. If you're mad that this is the law, I might agree, but this is clearly the rule of US law.
Edward Snowden's e-mail service provider shuts down.
Ladar Levison, owner and operator of Lavabit, LLC says it best,
Do you know of any service comparable to the ones provided by Microsoft, Google, Facebook, Apple, Yahoo!, etc.?
Email: all ISP's (at least over here) give a free email address and some aliases with your subscription, including a web interface to manage them. Nobody really needs an Outlook, Apple, iCloud, Yahoo or Google email address.
Search engine: you can use DuckDuckGo instead of Google, Bing or Yahoo.
Facebook alternatives: Pinterest and Foursquare come to mind. There's also the Russian Vkontakte (VK), Bebo and Diaspora to name just a few. The catch: smaller US players may be drafted by the NSA too as they become bigger. Seeking refuge at Chinese or Russian social networks may get you your own personal file at the FSB and/or PLA.
Cloud synchronization and sharing: the Norwegian JottaCloud and Swedish CloudMe are emerging as viable alternatives for Google Drive, SkyDrive, iCloud, Box, Dropbox and the like. I would advise caution with any Swedish service, though.
Cloud providers: I am not aware of any European company that's anywhere near big US players like Amazon Web Services, Rackspace and the like, but it is quite likely that over time a number of regional players will significantly grow as a result of Snowden's revelations and the current push by German and French authorities to promote non-US cloud providers.
So far, for private individuals and companies alike, it was just highly convenient to chose US providers, especially when their services came for free or at a very competitive price. All of this has changed now, and both groups are starting to look into non-US alternatives that are either already there or in the process of getting there. You just need to look for them.
Sadly, I think Ladar Levison, owner of the Texas-based Lavabit put matters rather succinctly:
"... I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States,"
When will the US government understand that their voracious appetite for private/personal information, from innocent people, is damaging the people and companies that pay their wages.
I do not think anything can be done to repair these nations. Sticking to just the US, for example, trust is not just about these security systems. The US just led the nations into a war with Iraq under the claim they had WMD. They have been effectively kidnapping and torturing innocent internationals.
I noticed yesterday a report went out yesterday "1 in 25 Americans was arrested last year". The US has the largest percentage of citizens in prison. There are military bases in many countries. There is no stopping the growth of the "industrial-military complex".
The political system is corrupt. Politicians are run by money by special interests, and they are wiretapped by their government.
There are many other problems, but if you just stick to the surveillance systems: that is a clear violation of the founding laws of the country. And they are, so far, getting away with it. Worse, these violations happened in the past. Here they are again.
No one back then got any sort of serious punishment for those violations. The federal investigative agency (FBI) has Hoover's name on the building. (The judge who overlooked his secret doings, much which remains classified for a great many more years, himself was aghast at this very point.)
One of the small handful who received any punishment at all was the man in the FBI who leaked the Watergate details. They knew he was the leaker, we now know.
Further, if you look at the now known (partially) history of Hoover you see he had these sorts of systems and they were often illegal. He simply pushed them underground when this happened.
This same trend happened with this recent resurgance. Talk of these systems, like the TIA (Total Information Awareness) program was brought up years ago, and by public backlash, was shoved down. Stellar Wind was shoved down. Only, it all went live.
All of this is highly criminal and unethical behavior.
Even if the government makes major moves to repent and dismiss all of this, other elements would just push it underground. Right now there is no more repentance on these issues then there is over Iraq not having WMD.
So, it looks like the US is going to go full blown totalitarian. And the "patriots" in responsibility are doing this with eyes wide open.
Confidence here should be it will not last and "history" will regard them as the shameful creatures they are. They will join the pantheon of histories worst, those who made the world a hell. You only have one life to live and if that is who you are, that is who you will always be known as.
When Bruce has no idea . . . . . We're screwed.
Where's you source where General Carr said no US service member died as a result of wikileaks? What I've seen reported in that General Carr said that no Afghan nationals named in the logs had been killed for cooperating with the US. That's very different that what you're claiming.
"...revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative."
They don't really "tell the truth." They - to include the government, Google, Microsoft, Facebook, et al - carefully construct lawyerly statements which are specifically designed to deceive the American public.
This kind of stuff really really angers me! I wish these companies would drop the bullshit and straight up tell us that they've been in cahoots with the govt.
I hate spin doctoring. I hate PR. Grrrr
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.