A Fraying of the Public/Private Surveillance Partnership

The public/private surveillance partnership between the NSA and corporate data collectors is starting to fray. The reason is sunlight. The publicity resulting from the Snowden documents has made companies think twice before allowing the NSA access to their users’ and customers’ data.

Pre-Snowden, there was no downside to cooperating with the NSA. If the NSA asked you for copies of all your Internet traffic, or to put backdoors into your security software, you could assume that your cooperation would forever remain secret. To be fair, not every corporation cooperated willingly. Some fought in court. But it seems that a lot of them, telcos and backbone providers especially, were happy to give the NSA unfettered access to everything. Post-Snowden, this is changing. Now that many companies’ cooperation has become public, they’re facing a PR backlash from customers and users who are upset that their data is flowing to the NSA. And this is costing those companies business.

How much is unclear. In July, right after the PRISM revelations, the Cloud Security Alliance reported that US cloud companies could lose $35 billion over the next three years, mostly due to losses of foreign sales. Surely that number has increased as outrage over NSA spying continues to build in Europe and elsewhere. There is no similar report for software sales, although I have attended private meetings where several large US software companies complained about the loss of foreign sales. On the hardware side, IBM is losing business in China. The US telecom companies are also suffering: AT&T is losing business worldwide.

This is the new reality. The rules of secrecy are different, and companies have to assume that their responses to NSA data demands will become public. This means there is now a significant cost to cooperating, and a corresponding benefit to fighting.

Over the past few months, more companies have woken up to the fact that the NSA is basically treating them as adversaries, and are responding as such. In mid-October, it became public that the NSA was collecting e-mail address books and buddy lists from Internet users logging into different service providers. Yahoo, which didn’t encrypt those user connections by default, allowed the NSA to collect much more of its data than Google, which did. That same day, Yahoo announced that it would implement SSL encryption by default for all of its users. Two weeks later, when it became public that the NSA was collecting data on Google users by eavesdropping on the company’s trunk connections between its data centers, Google announced that it would encrypt those connections.

We recently learned that Yahoo fought a government order to turn over data. Lavabit fought its order as well. Apple is now tweaking the government. And we think better of those companies because of it.

Now Lavabit, which closed down its e-mail service rather than comply with the NSA’s request for the master keys that would compromise all of its customers, has teamed with Silent Circle to develop a secure e-mail standard that is resistant to these kinds of tactics.

The Snowden documents made it clear how much the NSA relies on corporations to eavesdrop on the Internet. The NSA didn’t build a massive Internet eavesdropping system from scratch. It noticed that the corporate world was already eavesdropping on every Internet user—surveillance is the business model of the Internet, after all—and simply got copies for itself.

Now, that secret ecosystem is breaking down. Supreme Court Justice Louis Brandeis wrote about transparency, saying “Sunlight is said to be the best of disinfectants.” In this case, it seems to be working.

These developments will only help security. Remember that while Edward Snowden has given us a window into the NSA’s activities, these sorts of tactics are probably also used by other intelligence services around the world. And today’s secret NSA programs become tomorrow’s PhD theses, and the next day’s criminal hacker tools. It’s impossible to build an Internet where the good guys can eavesdrop, and the bad guys cannot. We have a choice between an Internet that is vulnerable to all attackers, or an Internet that is safe from all attackers. And a safe and secure Internet is in everyone’s best interests, including the US’s.

This essay previously appeared on TheAtlantic.com.

Tags: , , , , , , , , , ,

Posted on November 14, 2013 at 6:21 AM57 Comments

Comments

Clive Robinson November 14, 2013 7:29 AM

@ Bruce,

One of the reasons Europe is so upset is that it appears it’s not directly the NSA spying on them but those out of Hanslope Park (MI5&6) and Cheltanham (GCHQ). Who then forward it on under the “Special Relationship”. It was interesting to note it was the US Gov that put preasure on the UK Gov and stuck the proverbial rocket up David Cammeon PM’s backside, hence his sudden condemnation of the UK Guardian.

There is still a very large amount of “dirty laundery” to be washed and it might not be a case of “The UK leaving Europe” but “Europe blackballing the UK”…

Oh and also ratteling the Europeans and the Fed Bank not giving back their gold when requested.

It’s hard to see how how the Special Relationship pair could have made things worse for themselves but I’m sure they are going to carry on getting worse until Pharia Status is recognised by each and every one of their citizens…

Romulo Cholewa November 14, 2013 7:33 AM

Interesting, I just read this story that Glenn Greenwald tweeted. I live in Brazil and we have a saying here that goes like this:

“The most sensitive part in the human body is… the pocket”.

Something tells me that such companies will drive the change due to the money they will loose.

Skeptical November 14, 2013 7:51 AM

A good essay, and one I need to think more about.

I do have a question about this claim:

It’s impossible to build an Internet where the good guys can eavesdrop, and the bad guys cannot.

Why? A form of eavesdropping, or cryptanalysis, might require resources and access that 99% of bad guys don’t have (and the other 1% might be deterred or limited for other reasons).

Are there any cases in which access which a company granted to the NSA per court order resulted in access by criminals?

Muddy Road November 14, 2013 8:05 AM

Like others I previously assumed one of the goals of the NSA was to improve cyber security for Americans and American business in particular but also the www.

Not so.

They apparently view themselves as super hackers, crackers and thieves possibly imagining “gott mit uns” etched on their belt buckles.

Bad thing. Very bad.

Mike B November 14, 2013 8:12 AM

Yeah, US firms losing business to China for security reasons. I hope people have good luck with that. Every country will use whatever levers it has to promote its own interests. Some countries are more nasty than others. Pick your poison.

As long as the people who run major corporations are crooks and as long as governments have laws and regulations that can either ruin their businesses or send them to jail they will play ball.

Gweihir November 14, 2013 9:20 AM

@Skeptical: You are approaching this wrong. Past cases are unsuitable to judge the security of a system, the development is moving to fast. Hence security and risk analysis has to be predictive.

You are also barking up the wrong tree: Cases were a company has user data and just shares it on a court order are not cases of an “insecure Internet” or of “eavesdropping”. They may be judicial misconduct or things done in a police state where the law is worthless to ordinary citizens, though.

Examples where the claim becomes blatantly obvious are the NSA sabotage of crypto implementations and protocols. Sure, in some (but by far not all) cases, only the one that put in the backdoor initially has the access key. But deployed solutions live long and eventually deliberate insecurities will be found and exploited. For a “secure” backdoor, the key could leak, or somebody could use a bot-net (criminals) or a large cluster (governments) to break them. Or somebody could be coerced or bribed to hand over the key. It can also happen that the “secure” backdoor is far less secure than though. After all, it was not subject of public scrutiny when deployed.

Then there is the other problem: Even if the NSA puts in a really secure backdoor, everybody else has to protect against it as the NSA does economic espionage. And if others copy that tactics, US companies have to defend themselves against it as well. (Also note that most relevant companies today are operating globally…) This raises costs for everybody massively, as standard solutions cannot be trusted anymore. But these raised costs come with no advantages whatsoever, the money and the productivity it represents is just destroyed. If you want a capitalist’s definition of “evil”, this is it.

Gweihir November 14, 2013 9:26 AM

@Muddy Road: Also note that your nationalist US-centric view does not work anymore in today’s world. The US cannot stand alone. It has nothing that makes it special except a relatively large size and a big ego.

And if, say, about 8 billion non-US citizens want their Internet usage to be secure, the US could well find itself left behind.

Zach November 14, 2013 10:08 AM

@Skeptical: Snowden wasn’t the first NSA employee to walk out of there with the keys to the kingdom, nor will he be the last.

Winter November 14, 2013 10:29 AM

@Clive
“Oh and also ratteling the Europeans and the Fed Bank not giving back their gold when requested.”

Terry Pratchett is a visionary. Read “Making Money”.

Winter November 14, 2013 10:33 AM

Btw, that is a very good security story too. It is a good story whether it is true or not.

Federal Reserve Refuses to Submit to an Audit of Germany’s Gold Held in U.S. Vaults
http://nsnbc.me/2013/04/18/federal-reserve-refuses-to-submit-to-an-audit-of-germanys-gold-held-in-u-s-vaults-2/

The FED came to all countries in Asia, Latin America and Africa and told them their gold holdings might not be safe because of the war, and they should permit the FED to take all of it to the US for safekeeping. Many countries obliged, receiving FED gold certificates in exchange, but when they later tried to cash in those certificates and reclaim their gold, they were told the certificates were fake, that they contained spelling and other mistakes which the FED would never have made, and that the serial numbers were wrong. And the FED still has all that gold.

John November 14, 2013 12:57 PM

@skeptical:

Are there any cases in which access which a company granted to the NSA per court order resulted in access by criminals?

Perhaps not the NSA, but abuse of US Government mandated lawful intercept capabilities by unknown 3rd parties, yes:

While this is the first major infiltration to involve cellphones, the scheme did not depend on the wireless nature of the network. Basically, the hackers broke into a telephone network and subverted its built-in wiretapping features for their own purposes. That could have been done with any phone account, not just cellular ones. Nevertheless, there are some elements of the Vodafone Greece system that were unique and crucial to the way the crime was pulled off.

from http://spectrum.ieee.org/telecom/security/the-athens-affair

The article was written in 2007, but the bugging happened prior to the Olympic games in Greece in 2004.

This one went public, but it’s generally kept very quiet when it does happen, assuming such abuse is detected at all (and you can’t assume the NSA would a) notice, b) care, or c) fix.)

Remember – absence of proof is not being proof of absence.

Anura November 14, 2013 2:22 PM

On a related note:

http://news.cnet.com/8301-1009_3-57612322-83/google-were-bombarded-by-govt-requests-on-user-data/

The US government is on a data-gathering spree at Google, new data from the search giant reveals.

Between January and June 2013, the US government issued nearly 11,000 requests to Google asking for user information, or about 42 percent of the global total. India was second with nearly 2,700 government requests.

The collective requests from governments around the world during that six-month period have more than doubled in the three-and-a-half years since Google’s first government transparency report, which covered the second half of 2009. “And these numbers,” Google said in a blog post Thursday, “only include the requests we’re allowed to publish.”

It’s the things that Google can’t share about those data requests that really has the company hot and bothered.

Martin November 14, 2013 2:51 PM

The company I work for is looking at opening a data center in Germany; where there are some of the strongest piracy laws in the world. Why? Because customers don’t want their data in the US; because the US cannot be trusted.

Martin November 14, 2013 2:53 PM

that should have been privacy, not piracy… serves me right for reading Bennett Haselton article on P2P privacy/piracy in another tab at the same time.

Nick P November 14, 2013 3:35 PM

@ Stanislav

“Mr. Schneier, why do you endorse Silent Circle? Their product is closed-source – and shows virtually every other symptom of being a special-ops front.”

Funny you say that because they even have ex-SEAL’s on their team. Just make me feel so secure knowing ex or current special operators really believe in keeping me safe from the US govt’s surveillance activities. 😉

vas pup November 14, 2013 3:36 PM

My main concern is that pendulum is going to swing to the opposite direction (as usually – moderation is not working) meaning either total surveilance or no required surveilance at all.
Could it be set up policy (open to the public) which regulates legitimate targets of surveilance for the purpose of internal security (criminals, including white collar; terrorists regradless of their motive) inside the borders and defence goals outside?
I just want to remind statement out of “All Kings Men” (may be cynical, but still true): “You can make goodness out of badness only”. Law enforcement is part of society. People working there are not from the other planet or country.
I am absolutely against demoralizing them by indiscriminative attacks/bashing. Personal responsibilty is key, I guess.

Mike Anthis November 14, 2013 5:50 PM

The US political sensibility swings between trust and distrust of the government. Roll back eleven or so years, and Joe Sixpack would have cheered the NSA along. Anyone who suspected government motives was easily branded as non-Patriotic.

The truly patriotic position is to promote the safety of the citizens from the government primarily, and from crime secondarily. That doesn’t play well when a national security event occurs. The cycle seems to have a period on the order of a century or so.

Romer November 14, 2013 6:21 PM

@vas pup 3:36 PM “Law enforcement is part of society. People working there are not from the other planet or country. I am absolutely against demoralizing them by indiscriminative attacks/bashing.”

Agree. The programs in question have been in the works for decades, e.g., TIA and Able Danger and their predecessors. Their intent was/is to protect lives, as conceived largely by the military.

And that has always and consistently pitted these methods against the 4th Amendment, which is the law of the land and, really, the most important thing (and always an inconvenience to law enforcement and soldiers).

They’re not bad people, but the reach exceeds the grasp, and it’s got to be put to a stop.

Romer November 14, 2013 6:35 PM

@Mike Anthis 5:50 PM “Roll back eleven or so years, and Joe Sixpack would have cheered the NSA along.”

Not really. Total Information Awareness (TIA) was shut down under public criticism 11 years ago.

The programs we’re hearing about today had their direct genesis in TIA, quietly transferred out of DARPA under different names. Obviously they’ve become self-sustaining and monumental breaches of the 4th Amendment, as was predicted more than 10 years ago, and even before.

The 4th Amendment was enacted by the Founders in order to prohibit General Warrants (the cause of Lexington and Concord), but General Warrants are precisely and exactly what the secret FISA court issues to authorize these programs.

Jonathan Wilson November 14, 2013 6:56 PM

The mission of the NSA has always been to both spy on everyone’s communications AND keep American communications from being spied on.
It seems like the “spy on everyone else” side of the fence has now taken over from the “protection” side of the fence.

Dirk Praet November 14, 2013 8:08 PM

@ Bruce

Now that many companies’ cooperation has become public, they’re facing a PR backlash from customers and users who are upset that their data is flowing to the NSA.

Not just from customers and users, but just as much from civil liberties organisations and – more importantly – governmental organisations like the European Parliament’s Civil Liberties Committee. Earlier this week, MEPs grilled M/S, Google and Facebook officials in an ongoing inquiry into NSA and GCHQ mass surveillance, where a spokeswoman for M/S admitted that they are not encrypting their intra data centre traffic (around 2 40′). This did not go down well.

Although – thanks to the UK and Sweden – we are still far from any direct EU action against US cloud service providers, the prospect of facing tighter laws outside the US or a suspension of Safe Harbour agreements is an absolute nightmare to them, the more because having to comply with conflicting legal obligations for all practical purposes would put them between a rock and a hard place. And that’s a no-win situation.

Another initiative to take note of is the preliminary version of a resolution on online privacy at the UN General Assembly, jointly proposed by Brazil and Germany on November 7th.

@ vas pup

Law enforcement is part of society. People working there are not from the other planet or country. I am absolutely against demoralizing them by indiscriminative attacks/bashing.

Nobody is attacking any low-ranking individuals, but whoever within NSA/GCHQ is maintaining that their mass surveillance programs serve counterterrorism purposes only is either totally deluded or lying, and deserves to get bashed (in the figurative sense, of course).

@ bcs

Some people are pushing to get laws changed to make it harder for US agencies to get at privately collected data

While others are doing exactly the opposite. Dianne Feinstein’s “FISA Improvements Act” was recently passed 11-4 by the Senate Intelligence Committee and would pretty much cement all current NSA programs pertaining to domestic surveillance. Great oversight !

@ Martin

The company I work for is looking at opening a data center in Germany

They may also wish to take a look at Swisscom’s “Swiss Cloud“. Data protection and privacy is a long tradition in Switzerland and which they have vast experience with.

@ Gweihir

The US cannot stand alone. It has nothing that makes it special except a relatively large size and a big ego.

Not entirely. One of the biggest advantages the NSA and its little helpers have had so far was that the internet is largely controlled and commandeered by the US with much traffic in transit passing through the country. This is now going to change, with for example Deutsch Telekom lobbying the government to enforce tougher privacy protection by helping to keep German internet traffic within national borders. Whether or not this balkanisation is a good thing is of course an entirely different question.

@ Skeptical

A form of eavesdropping, or cryptanalysis, might require resources and access that 99% of bad guys don’t have (and the other 1% might be deterred or limited for other reasons).

Until the bad guys catch up. Introducing deliberate weaknesses and backdoors from a security point of view is NEVER a good thing and sooner or later will jump up and bite everybody in the ass. It’s just as short-sighted as companies focussing on fast money and the results of the current quarter only. The topic has been discussed several times before on this blog.

Erkki November 14, 2013 8:50 PM

The Baffling Patronage of Silent Circle

“I have serious problems with Silent Circle, whence I concluded that due to the project’s closed nature:

“…there exists no method of verifying the effective security properties of Silent Circle, or to verify if, at all, the application does anything more or less than what it says it does. […] Silent Circle stands in the same area as Skype: both promise encryption and yet offer no method to verify the security, integrity and reliability of their claims.”

65535 November 14, 2013 9:46 PM

Most the commentators have covered my thoughts. I’ll keep my observations short.

  1. The US IT data mining partnership with the military has huge consequences. It is ripe for abuse. It also puts every US company on the untrusted list. Who in their right mind wants to give important data to a company that will/must share it with government? I would guess few to none. All US based companies are suspect. This may turn out to be a huge liability to all US based companies.

  2. It clear that US tech companies with high Price-to-Earnings ratios (or no earnings at all) were desperate to monetize its customer’s data by giving/selling it to the government/military. This transfer of customer’s data has now become a weapon. The military considers everybody an enemy (other that it’s benefactors). This weapon could turn the US into a police state (Senator Boxer is doing her best to hasten the trend – she is trashing her constituents). This destructive behavior must stop!

  3. The monster is out of the bottle. The quickest method of stopping this monster is to drastically cut funding (starve him until he crawls back into the bottle).

Scott Ferguson November 14, 2013 10:49 PM

Another great essay.

The only thing it doesn’t address is the ‘possible’ benefits of co-operating with the NSA (and others of their ilk).
If my Operating System and Applications company actively helped the NSA spy on my customers could I expect them to promote my products?

Blinded By The Fed November 14, 2013 11:02 PM

@Dirk Praet “It’s just as short-sighted as companies focusing on fast money and the results of the current quarter only. The topic has been discussed several times before on this blog.”

The short-sightedness of companies is a rational response to an economic environment where long-range planning has been made impossible because of interest rate manipulation by the Fed, which produces asset bubbles and the boom/bust cycle.

These two papers cover the concepts involved:

“Interest-Rate Targeting During The Great Moderation: A Reappraisal”,
http://www.cato.org/cato-journal/winter-2009/interest-rate-targeting-during-great-moderation-reappraisal

“Asset Bubbles and Their Consequences”, http://www.cato.org/publications/briefing-paper/asset-bubbles-their-consequences

Rolf Weber November 15, 2013 1:16 AM

@Bruce
>

Now Lavabit, which closed down its e-mail service rather than
comply with the NSA’s request for the master keys that would
compromise all of its customers, has teamed with Silent Circle to
develop a secure e-mail standard that is resistant to these kinds
of tactics.

The FBI requested the key, not the NSA.

And I wonder which e-mail standard could be resistant. I cannot imagine any server-based service ever could. Even if the encryption and the related keys are only hold on the client site, this doesn’t change the fact that emails come and leave in the clear.
Any government can force operators to turn on logging (at least on demand). Nothing more was demanded with the Lavabit pen/trap order.

Nick P November 15, 2013 1:42 AM

@ Rolf Weber

“I cannot imagine any server-based service ever could. ”

You have two possibilities there:

  1. Trusted attestation.
  2. Tamper-resistant, secure hardware.

In either case, the software that’s running on the server has to be open or at least independently verifiable. Then the hardware must work as advertised. Also, it must be foreign designed and made with obfuscations that make one-size-fits-all attacks unlikely to work. At this point, a centralized design can resist law enforcement requests and potentially allow detection of orders to backdoor. The NSA is then forced to subvert the machine, manufacturing, etc. They have capabilities in that area. Such are much more difficult than a court order.

Of course, I’m not saying this is practical. Just possible.

Autolykos November 15, 2013 5:30 AM

@Rolf Weber: I don’t see why it couldn’t (but I might be overlooking something fundamental). The encryption could happen client-side as well, and the server only transfers encrypted messages and (optionally) verifies the public key of the recipient (there should be a second channel so you don’t have to trust the server, obviously). If the protocols are open and well-documented, people could even write their own client to make sure it doesn’t have backdoors. With a browser plugin, even webmail should be possible.

65535 November 15, 2013 6:02 AM

@John and skeptical

How does CALEA fit in to these NSA trap doors used by criminals?

Further, while looking into this out-of-control monster, I see a legal hurtle stopping the reform of the NSA. Again, it is the “CALEA” signed in 1994.

[Wikipedia]

“The U.S. Congress passed the CALEA to aid law enforcement in its effort to conduct criminal investigations requiring wiretapping of digital telephone networks. The Act obliges telecommunications companies to make it possible for law enforcement agencies to tap any phone conversations carried out over its networks, as well as making call detail records available. The act stipulates that it must not be possible for a person to detect that his or her conversation is being monitored by the respective government agency.”

“Common carriers, facilities-based broadband Internet access providers, and providers of interconnected Voice over Internet Protocol (VoIP) service – all three types of entities are defined to be “telecommunications carriers” and must meet the requirements of CALEA.”

“The CALEA Implementation Unit at the FBI has clarified that intercepted information is supposed to be sent to Law Enforcement concurrently with its capture.
On March 10, 2004, the United States Department of Justice, FBI and Drug Enforcement Administration filed a ‘Joint Petition for Expedited Rulemaking’ in which they requested certain steps to accelerate CALEA compliance, and to extend the provisions of CALEA to include the ability to perform surveillance of all communications that travel over the Internet — such as Internet traffic and VoIP.”

“As a result, the FCC adopted a “First Report and Order” concluding that CALEA applies to facilities-based broadband Internet access providers and providers of interconnected (with the public switched telephone network) Voice-over-Internet-Protocol (VoIP) services.”

“In May 2006, the FCC adopted a ‘Second Report and Order’, which clarified and affirmed the First Order:

• The CALEA compliance deadline remains May 14, 2007.
• Carriers are permitted to meet their CALEA obligations through the services of “Trusted Third Parties (TTP)” — that is, they can hire outside companies, which meet security requirements outlined in CALEA, to perform all of the required functions.
• Carriers are responsible for CALEA development and implementation costs.

“In the years since CALEA was passed it has been greatly expanded to include all VoIP and broadband internet traffic. From 2004 to 2007 there was a 62 percent growth in the number of wiretaps performed under CALEA — and more than 3,000 percent growth in interception of internet data such as email.”

“By 2007, the FBI had spent $39 million on its DCSNet system, which collects, stores, indexes, and analyzes communications data…”

“In order to be compliant, IP-based service providers (Broadband, Cable, VoIP) must choose either a self-contained probe (such as made by IPFabrics), or a “dumb” probe component plus a mediation device (such as made by Verint, or they must implement the delivery of correctly formatted for a named subscriber’s data on their own…”

“The Electronic Frontier Foundation has filed several lawsuits to prevent the FCC from granting these expanded domestic surveillance capabilities…”

https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

It would appear that all US communications providers must have a trap-doors built to virtually all communications systems.

I understand that CALEA requires a warrant of some type. But, I am not sure of the rules of the FISA court and if said warrants can be mass-warrants or after-the- fact warrants or the like.

Do any of you legal experts have opinions on the intersection of the NSA/FISA secret rulings and CALEA law? Will CALEA keep a loop-hole open for the NSA to use? Will CALEA have to be re-interpreted to stop the NSA?

Mike the goat November 15, 2013 6:10 AM

This is why we need end to end encryption (properly implemented being the caveat) for all data that crosses the Internet. We always knew that wire surveillance was trivial – even back when we were all using telnet for remote admin. There is no excuse now. Processors are fast enough and the overhead is negligible. I think we need not just encryption everywhere (ie using TLS) but a fundamental redesign at the protocol/stack level. We need a new TCP but with authentication and integrated encryption so that we don’t need to use TLS – but just know if we make a connect() to a host and it succeeds that the host is authenticated and any data sent will be encrypted as per negotiated settings.

Rolf Weber November 15, 2013 6:21 AM

@Autolykos
The problem is incoming (or outgoing as well) email, which the server necessarily needs to have in the clear (at least in memory). So the government could force the operator to a source code change in order to implement logging (or even copying) of the emails.

As Nick said, this can only be avoided (or better said made detectable) by some trusted computing approaches. But I doubt this will be very practical, too.

Dirk Praet November 15, 2013 8:12 AM

@ Blinded By The Fed

The short-sightedness of companies is a rational response to an economic environment where long-range planning has been made impossible because of interest rate manipulation by the Fed, which produces asset bubbles and the boom/bust cycle.

Interesting papers, thanks for that. But I definitely wouldn’t underestimate the power of sheer unadulterated greed and instant gratification in the pursuit of bonuses either. I’ve witnessed quite some incredibly stupid decisions and strategies that had nothing to do with micro or macro economic influences, but everything with the inability and unwillingness to consider anything beyond 3 months ahead. Just like cocaine addicts not planning anything further than their next hit.

Blinded By The Fed November 15, 2013 10:22 AM

@Dirk Praet I’ve witnessed quite some incredibly stupid decisions and strategies that had nothing to do with micro or macro economic influences, but everything with the inability and unwillingness to consider anything beyond 3 months ahead.

Churchill’s said you can always count on Americans to do the right thing after they have exhausted all other possibilities. That pretty much describes a culture where concrete-bounded thinking is the norm, a consequence of philosophical pragmatism.

The ability to plan long range requires two things: having a sound grasp of the factual situation and the capacity to think abstractly about how to fit means to ends in order to achieve a goal.

Philosophical pragmatism systematically wipes out abstractions and logical thinking.

Bad Fed policy wipes out the factual basis for long range planning. The ability to weigh present versus future values rests on an interest rate that is tied to reality. The general capital budgeting decision where decisions are made to expend money on short term goals or on long term goals, all depends on the specific interest rate that prevails. That number figures into time value of money calculations. A now/later decision might be decided in favor of building a factory when interest rates are low, but the reverse could be true when interest rates are high.

It used to be that the prevailing rate of interest reflected a connection between the amount of saved capital available to lend and the demand for borrowing those savings. A long range decision based on that type of interest rate would be tied to reality, such that if a factory was built, that by the time it was finished, customers would have sufficient savings to buy the things the factory produced.

What the Fed has done is to arbitrarily disconnect the link between saving and lending, arbitrarily detaching interest rates from reality.

Anura November 15, 2013 1:55 PM

The biggest problem we have right now has less to do with the Fed and more to do with the technological advances we have made. The 70s, 80s, and 90s were all about the same in terms of economic growth (despite what various partisans would have you believe), but the 2000s, have been piss poor, even before the recession. There are two reasons for this: 1) the technology is now there to making outsourcing significantly easier to manage, which has been more difficult or cost prohibitive before the days of the internet and personal computer and 2) businesses have been investing in technology not to grow, but to improve profit margins or further capture existing wealth.

Theoretically, in a perfect world where everyone is perfectly rational and perfectly well informed, offshoring and improving efficiency should allow resources to be freed to focus on other areas, but it hasn’t because the economy is not a fricitionless vacuum. The problem is that even though employees are able to produce more per person, their wages haven’t gone up to match that efficiency, in fact household income for the bottom 80+% of the population was down from the 1990s peak for the entirety of the 2000s. The economy is about producing goods services to be purchased, and when you get to the point where all growth is going into the hands of people who already have more money then they can spend, it just limits future growth.

Does this mean we should take efforts to make businesses more efficient? No, it means we need to be proactive to make sure everyone benefits from the growth in efficiency, not just the business owners. Whether it’s increasing minimum wage, identifying other problems (health care costs are a big contributor to the decline in wages, although total employee compensation as a percent of GDP is down either way), or income redistribution, something needs to be done or nothing will be resolved. Technology only gets better, and business will become more and more efficient over time.

We focus too much on things like debt and monetary policy, and not enough on what our actual problems are. GDP growth needs to be the focus, and that requires people to have the money to purchase things so people have a reason to invest in growth, and not just play games in the financial sector. We also way oversimplify the deficit; it’s not a number in dollars that matters, it’s a ratio of debt to GDP that matters, and if you aren’t paying attention to what you cut, you can actually make the debt to GDP ratio grow more than it would otherwise by cutting the deficit. If your debt exceeds GDP, and you cut $1 billion in debt at the cost of $1 billion in GDP, then your debt to GDP ratio goes up, and you make the economy worse while worsening the problem you are trying to solve (and debt is already less important of a problem than the economy at the moment, not to mention easier to deal with when the economy is strong).

sahlberg November 15, 2013 7:28 PM

I think a lot of the commentary is missing a vital part.

Part of being a policy maker in a country is to also, as far as laws and treaties permit, make choices to benefit your domestic industry.

Normally this means that you can not usually make laws or policy that creates unfair competition, beneficial to domestic industry and disadvantaging, or disallowing, foreign companies.
Unless of course you are big enough you can ignore the WTO with impunity.

Now here appears a new golden opportunity for any country with domestic cloud,networking,storage,software industry. National security concerns always trump WTO.
Simple, germany will not unfairly disadvantage the global cloud providers and unfairly benefit domestic german cloud providers.
This is not about unfair trade policies, it is a matter of national security and thus you can circumvent any complaints to the WTO.

Every policy maker will use this as a convenient excuse to benefit domestic companies and disadvantage us companies without the fear of invoking the WTO.

NSA just handed every foreign country in the world a free get-out-of-jail card for creating policies that disadvantage US companies. Thanks a lot.

65535 November 15, 2013 7:43 PM

@Mike the goat

“This is why we need end to end encryption (properly implemented being the caveat) for all data that crosses the Internet.”

I agree.

I have seen attempts at it. This involved Server verification, User verification, and Client device verification plus encryption. But, as the Blackberry saga showed that can be subverted by government orders.

Speaking of end to end encryption, is there an encryption strength limit imposed by law in the USA (for users in the USA)? I have not come across any specific laws restricting the strength of encryption for users in the USA (but, I could have missed something).

Anura November 15, 2013 8:24 PM

@65535

There are only restrictions on export of encryption, because they are considered munitions. It’s a hilariously sad example of our representative’s lack of understanding of technology (export? Algorithms are ideas FFS!) and lack of ability to change useless laws (see also regulations on alcohol container sizes).

Clive Robinson November 16, 2013 5:59 AM

@ 65535,

I’m not aware of “key size” limits, but that’s not the problem.

CALEA is one of the problems it requires a Federal LEO back door be provided by “service providers” and it’s ambiguous in wording and intent.

As far as I can see, if the Feds cann’t get the plaintext or whatever it is they want they can force your comms service provider to provide it… Which means your ISP mat be required to plant illegal software onto your system but must not inform you or do it in a way that can be detected by you…

Which may well be the justification of DNS etc spoofing to get javascript and worse onto your machine…

This means “end to end” has to start and end outside of the comms channel to stand a chance of working.

Which boils down to air-gap at either end with final paper and pencil style decoding…

Thus multilevel encryption using devices (paper pencil analogs) that cannot be attacked by malware etc.

If you search back on this blog for conversations between @ Nick P, myself and others on “transaction authentication” and it’s issues it will give you an idea of the problems involved.

Skeptical November 16, 2013 12:56 PM

Thanks for that example John. It does show how a wiretap capability provided by a company can be subverted (though I didn’t see the article state that the capability was built in by Ericsson per US legal requirements).

However, it sounds both rare, and like the type of security failure that can occur regardless of whether the government has access.

Let me ask two related questions:

What is the range of incremental or added risk to what negative outcomes from telecoms retaining the technical capability to hand over the content of communications upon legal request?

What is the range of incremental or added risk to what negative outcomes from the US Government developing the technical capability to access such communications without the cooperation of the communications provider?

Let me add the reason why I ask them:

Would the security experts here agree that security is not a binary ranged function? A bank vault isn’t either secure or not secure, right? It’s secure against some threats, but not against others. Bank robbers with tanks will probably defeat a vault. Bank robbers with pen knives probably won’t. The question is whether it’s “sufficiently secure”, i.e. meets agreed upon thresholds.

Yet much of the rhetoric about the NSA seems to implicitly incorporate that kind of “it’s secure or it isn’t” judgment. From a policy perspective, that just doesn’t make any sense to me.

The particulars of risks and outcomes matter here. Whether it’s logically possible for a malicious actor to take advantage of the NSA’s capabilities doesn’t help resolve what is ultimately a policy question. If the configuration is such that the chances of malicious use by another actor are extremely low, while the benefit of the NSA’s capabilities is much higher, then it may be rational to allow the capability, no? But this all depends on specifics.

65535 November 16, 2013 6:27 PM

@Anura

I see what you are saying. It is the export of high encryption systems to other countries that runs afoul of the esoteric munitions laws. But, high encryption is OK with the USA.

@Clive

So, the totality of your statement is that encryption must start before entering US based com’s and be decrypted out side of US based com’s. If I am missing something please correct me.

This CALEA is a troublesome loophole for US individuals – and a wonderful loophole for the NSA (including the ability to plant bugs on US individual’s computers or iphones). This seems to be unethical and possibly illegal. Are there any legal remedies to CALEA (probable cause, the Fourth Amendment and, so on) that can be used?

It would seem that CALEA could be used to spy on competitive business people and politicians. It could be used for a lot of dirty tricks.

65535 November 16, 2013 6:39 PM

@Clive

One more question. Did you determine if individual warrants were needed to start CALEA surveillance? Could the FISA court invoke mass spying via CALEA?

My concern is mass warrants or after the fact warrants can be used that in a situation involving an individual calling his lawyer those confidential conversations could be recorded tilting the legal playing field.

Clive Robinson November 17, 2013 12:16 PM

@ 65535,

In theory warrants or other official request is required at some point in time…

But theory is a long long way from practical access especialy when logging information is not mandated as part of the implementation, and in theory it would be illegal for the service provider to make such information known even accidently. Such as by a hacker or discruntaled employee outed it, which kind of makes keeping detailed logs a liability…

As for all the rules you can read the legislation online, but you’ll find it difficult if not impossible to find interpretation etc. Just as with NSLs and all the other Oh so secret interpretation.

I don’t know if you have seen the news but APPLE has put up a partial canery over one very small part of the available legislation. I don’t know what the master plan is but it might just force the Feds to not use that bit of legislation and use some other. Apples legal bods might reason that such “behaviour modification” of the Feds is worth playing for for a whole heap of reasons.

Dirk Praet November 17, 2013 6:17 PM

@ Skeptical, @ 65535

However, it sounds both rare, and like the type of security failure that can occur regardless of whether the government has access.

Some other examples come to mind, like the 2006 SISMI Telecom affair in Italy. We also know that the Chinese breached Google’s system for providing surveillance data to the FBI.

If the configuration is such that the chances of malicious use by another actor are extremely low, while the benefit of the NSA’s capabilities is much higher, then it may be rational to allow the capability, no?

Which again begs the point: what benefits, and to who ? We keep hearing a lot of rhetoric about terrorists and the scores of evil plots that were foiled by the NSA’s mass surveillance programs, but Gen. Alexander himself admitted in a Senate Judiciary Committee hearing early October that there were only one or two cases in the US were they actually did.

So let me reverse the question: what is the measure of success we can evaluate these programs against to justify their cost not only in monetary resources but also in terms of erosion of privacy and civil liberties, risks related to deliberate weakening of protocols and infrastructure, loss of face and trust on the world stage, compromising diplomatic relations – even with allies – and economic damages to the entire US tech industry ?

As Susan Landau so eloquently said in her March 2012 paper called “The Large Immortal Machine and the Ticking Time Bomb“: “As an architected security breach, CALEA compliance is a ticking time bomb.” But I refer to Bruce’s essay on the FBI’s CALEA II proposal that appeared in Foreign Policy end of May this year and was also discussed on this blog here. I believe you will find some of your questions adequately addressed there.

65535 November 18, 2013 1:58 AM

@Clive

Thanks. I believe that investigators require no warrant up to a certain stage. But, if the government wanted to use tapped (port mirrored) information in court they would probably need a warrant – or an after-the-fact warrant.

I also saw, the Apple report with the “we have never gotten a 215 request” which could act as a dead-man’s switch or broad signal should that line disappear in future reports.

The Apple tables just show broad numbers of LEO request in 1000 range increments. That is not helpful. The stolen equipment reports are more detailed which is of little interest. Feel free to correct me if I am wrong.

@Dirk

“…let me reverse the question: what is the measure of success we can evaluate these programs against to justify their cost not only in monetary resources but also in terms of erosion of privacy and civil liberties, risks related to deliberate weakening of protocols and infrastructure, loss of face and trust on the world stage, compromising diplomatic relations – even with allies – and economic damages to the entire US tech industry…”

That is the eight hundred pound gorilla in the corner. It could due enormous damage.

CALEA is very troubling. Your links point out the wide ranging problems with CALEA. I have a feeling that it is the ultimate loophole for the NSA.

The SISMI Telecom spying episode is probably a close example of the military using LEO equipment and rules to spy on citizens. The military has millions of people and families. The Mexican Zetas gang started out small. Now its quite large. That’s a very bad trend.

The Google breach is probably worse considering the NSA/Level 3 spying. I would guess the Chinese have a way into Level 3 and their unencrypted lines holding Google together. Further, the Chinese kicked Google out of their domain (probably for aiding the NSA).

It seems like the NSA is a “Roach Motel” where your personal information checks-in but never checks-out. I don’t like the one-way information trend.

Skeptical November 18, 2013 8:42 AM

Dirk –

Which again begs the point: what benefits, and to who ? We keep hearing a lot of rhetoric about terrorists and the scores of evil plots that were foiled by the NSA’s mass surveillance programs, but Gen. Alexander himself admitted in a Senate Judiciary Committee hearing early October that there were only one or two cases in the US were they actually did.

I’m not begging the question because I’m not posing an answer to it. My point in the last comment is entirely that specifics matter, and that judgments about whether something is logically possible (e.g. if the NSA can do it, then someone else can do it) don’t really answer security questions in a way that can shape policy.

I completely agree that one would need specifics as to the benefits, as well as the costs, of various programs to assess whether they are good ideas.

So let me reverse the question: what is the measure of success we can evaluate these programs against to justify their cost not only in monetary resources but also in terms of erosion of privacy and civil liberties, risks related to deliberate weakening of protocols and infrastructure, loss of face and trust on the world stage, compromising diplomatic relations – even with allies – and economic damages to the entire US tech industry ?

On the benefit side, you’d need to know the value of the intelligence being produced. On the cost side, you’d need to know – and this was the point of my comment – specifics about the security risk (not simply a vague “if the NSA can access it, then it is less secure”), and specifics about civil liberties, foreign relations, and economics.

Dirk Praet November 18, 2013 5:20 PM

@ Skeptical

(e.g. if the NSA can do it, then someone else can do it)

I get your point, but mine was that it is not a stand-alone question, especially when it comes to policy making.

So, for argument’s sake, let’s assume that the value of the intelligence gathered trumps that of the combined cost of erosion of privacy and civil liberties, impact on foreign relations and economic damages caused by these programs. (I’m omitting a few more to make the list not too long). A successful subversion/backdoor that allows the NSA access and keeps out the bad guys requires the following:

  1. It needs to be innovative, subtle and well hidden. When discovered by an adversary, it is compromised. An adversary in this context can be anything ranging from a white hat researcher or a state actor. Even without positive proof that it is a backdoor, people will start shunning the product/service it is discovered in, thus rendering the backdoor less efficient or even useless. Think RC4, Intel RDRAND and Dual_EC_DRBG.
  2. In order to avoid exploitation by 3rd parties upon discovery, it will require some complex cryptographic techniques to hide what exactly it is doing. We’ve seen that in Stuxnet and its relatives. Given its experience with crypto and probable lead on the rest of the playfield, the NSA is in a very good position to do this. But it may conflict with 1., and from what we have learned from the Italy and France cases, certain backdoors were compromised nevertheless.
  3. In order to compensate for adversaries over time catching up with disadvantages in computational power, breakthroughs in analysis techniques or defense against 0-days/other exploits, the backdoor will need some kind of update or (auto-)destruct mechanism. This is feasible, but will increase the chances of it being found out about.
  4. Last but not least: the NSA needs to be able to keep it(s) secret(s). However clever your backdoor, if an insider runs off with practical knowledge thereof, it’s game over.

From a risk management perspective, I’d say that such practices can only work to your advantage as long as you’re using them for very specific targets only, for a short while and with very few people knowing about it. You can even afford occasionally losing a backdoor or having one exploited.

But the moment it becomes an industrial activity with hundreds of thousands of people involved targetting the entire globe and on a permanent basis, it’s only a matter of time before someone gets hold of your secrets and the entire thing totally blows up in your face. The NSA did not have a contingency plan for Edward Snowden. It’s unlikely they had one for a state actor or organised crime syndicate either. If such a party was able to do the same as Snowden, it’s fair to say that with their programs they have made the entire world less secure.

Figureitout November 18, 2013 10:49 PM

I’d say that such practices can only work to your advantage as long as you’re using them for very specific targets only, for a short while and with very few people knowing about it.
Dirk Praet
–Some nasty practices were implemented on me and everyone needs to know about it.

If such a party was able to do the same as Snowden, it’s fair to say that with their programs they have made the entire world less secure.
–Um, how do us citizens know if another random NSA agent went rogue and sold all our secrets to the Russians? Given that USB’s were even allowed in the agency, they just have no clue and are asking to get f*cked so we can give more money to them. No way they can be this stupid.

Voltaire November 22, 2013 7:36 PM

A little tweeter told me the NSA spy scandal is about moving from NSA v1.0 (government version) to NSA v2.0 (corporate version).

The only thing worse than a single government spying point is the same which is (in response) the same from multiple corporate points!

It’s no accident that people will dump money into the latter based on (ironically) what happened in the former.

Anselm November 26, 2013 3:50 AM

The only thing worse than a single government spying point is the same which is (in response) the same from multiple corporate points!

I’m a lot less worried about Google and Facebook than I’d be about the US government. I don’t have to send stuff to Google and Facebook, and Google and Facebook don’t get to send me to Guantanamo Bay just because they feel like it.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.