Eben Moglen on Snowden and Surveillance
This is well worth reading. It’s based on a series of talks he gave last fall.
This is well worth reading. It’s based on a series of talks he gave last fall.
aaaa • May 28, 2014 4:43 PM
It is whole book.
Moderator • May 28, 2014 5:11 PM
Yes, the news about Truecrypt is very interesting; no, you may not hijack any thread you like to post about it. See the squid thread.
Bob S. • May 28, 2014 5:54 PM
Eben Moglen presents a marvelous framework for defending democracy against totalitarian surveillance. But, the solution he offers simply doesn’t seem like enough. He suggests Ed Snowden gave us the answer which I believe is: encryption works.
Yes, technically encryption is mathematically sound and when used correctly restores the ability to communicate privately. But, of course very few persons know how to use encryption, others simply will not use it and most importantly the corporate-military totalitarians work feverishly to circumvent, hack, crack and corrupt encryption without the least restraint of law, ethics or morality. If the work around works, that’s close enough for government work.
They say it’s for our own good, you know. Or is it?
I am also sorely disappointed by so many otherwise intelligent and honest Americans who excuse oppression and the complete abandonment of our previously inalienable rights.
I am not willing to pull the plug just yet. However, I certainly police my own electronic communication trying to make I don’t type or click some secret combination of words that might ignite the masters to unleash the secret dogs from hell.
It’s a mess and I am not hopeful it can be fixed any time soon. Our current President offered us hope, but instead has left us all feeling all the more hopeless.
Leon Wolfeson • May 28, 2014 6:05 PM
Bob S. – I work in games, as a freelancer and teaching. I’m quite sure at this point I could, in theory, go completely whacko and they’d ignore me because of the number of internet conversations over so many years involving “suspect terms” I’ve had.
Heck, I’d be disappointed if my real name DIDN’T have a few intelligence files on it.
(And yes, when I mean “suspect”, I’ve worked or had students make game designs involving terrorism, nukes, asymmetric warfare, germ warfare…heck, “low intensity warfare”,)
Frankly…I think they’ve effectively DoS’ed themselves, on people like me. How do they really separate out the wheat from the chaff? That isn’t really something you can automate.
Clive Robinson • May 28, 2014 6:07 PM
Having read it, I was looking to read the second part, but the link on the Guardian page appears to be broken.
In general there is little I disagree with in the first part though I’m not sure his aluding to history is as accurate as it could be (and those sections don not have refrences to follow up).
One thing he fails to mention which is very very important is who owns PII, in the US despite safe harbour agreements it belongs to the person who collects / extorts it. In Europe the view point is general quite different, hence the safe harbour agreements. Personaly I think it’s time the EU did everybody a favour and pull the safe harbour agreements and prosecute the large data collectors such as Google and Facebook for breaching them.
Then we need to solve the idiot politico problem, basicaly the intel organisations play the “if you know what I know but can’t tell you” card and the politicos fall for it and enter into an emasculation pact where they are not alowed to talk about let alone act over the worthless dross they have sold their impartiality for…. Oversight should have neither strings nor limits, lest it become a tuppney side show missing Mr Punch.
Clive Robinson • May 28, 2014 6:24 PM
Whilst Ed Snowden is correct that the proper use of encryption is the way to go there are two necessary steps that also need to be done at a lower level.
The first is to wrest the internet physicality out of US, UK and other Five-Eye nations teritorial coverage.
Secondly to change the logical layer of the network such that traffic does not get routed into Five-Eye nations teritorial coverage, unless destined for there.
Personaly I see no reason why traffic between Italy and Portugal should end up going via the US, it makes no physical or logical sense to do so.
When it comes to encryption nations should use link encryption between them. That is prior to my traffic leaving the national teritory I am in it should be encrypted under the key of the country it is destined for, and only once it’s in the destination country should it be decrypted. This should be standard for all traffic even if it is already encrypted.
Bob S. • May 28, 2014 7:01 PM
“How do they really separate out the wheat from the chaff?” ~Leon
That’s the beauty of “collect it all”. They can secretly and selectively choose who crush under their boot heel, reward, leave alone and be satisfied that they are thus controlling and terrorizing the entire population.
Maybe your number simply hasn’t come up. Yet. Or maybe it has and you simply don’t know it, and maybe never will.
Right now, the US military via the NSA is handing over electronic suspected evidence of crimes to federal agencies and others. They pick and choose based on their own secret policies.
In the past 10 years here have been several spectacular arrests made of persons that defied any normal sense of police investigations. Evidence came from the blue so it seemed. It bugged me. There could only be ONE way they found out, mass surveillance. However, there was always a highly improbable cover story which the obedient press regurgitated.
But, now we know. When they so choose, they pick someone out of the crowd and bury him with the entire weight of the government. Then another, then another. It’s only a matter of time.
Spaceman Spiff • May 28, 2014 8:10 PM
This is one of the best paragraphs I’ve read in a long time:
At this point, a vastly imprudent US administration intervened. Their defining characteristic was that they didn’t think long before acting. Presented with a national calamity that also constituted a political opportunity, nothing stood between them and all the mistakes that haste can make for their children’s children to repent at leisure. What they did – in secret, with the assistance of judges appointed by a single man operating in secrecy, and with the connivance of many decent people who believed themselves to be acting to save the society – was to unchain the listeners from law.
Chris Abbott • May 28, 2014 9:57 PM
This is a great article. I agree with every point made in the article. Government surveillance has become such an epic problem, that I actually caught it myself on one of my customer’s computers.
I had a machine that was clearly infected with something. The only symptom was a stunning decrease in bandwidth. I used multiple anti-malware programs, hunted through the registry and everything else and found absolutely nothing. Out of curiosity, I took a peak at the network resource monitor and looked at the gazillion IP addresses it was phoning home to. One of them I found to be owned by USAICOE in Fort Huachuca, Arizona through a simple WHOIS. Windows itself was the application uploading and downloading data (service host). It’s an army intelligence agency. I learned that apparently, anything with a 6.x.x.x IP goes there. When I told him about this, he mentioned a family member having a clearance. So I completely nuked the hard drive.
As far as free online services like Google go, I agree that full disclosure is necessary. Unfortunately, these services could not be free if they didn’t advertise using keywords in searches and e-mails. I would propose this: A system in which ONLY algorithms could use keywords in the user data (searches, e-mail, ect). A system in which employees nor anyone else could access this data. Keep searches and e-mails encrypted in a fashion that only certain parts of the system could access the info. I think this may be a possible way to solve that problem.
As far as general surveillance goes, the solution is this: Encrypt everything from end-to-end. From your cable modem to the ISP to the server you’re visiting. Make all communications and online activity heavily encrypted. Have multiple algorithms be NIST FIPS standards, so if one breaks, we can quickly implement another in the same cryptosystems.
This is the only way.
Chris Abbott • May 28, 2014 10:03 PM
The third paragraph in my previous post is likely difficult to implement and verify for public trust…
AlanS • May 28, 2014 10:06 PM
He could make a stronger case in places. For example the general warrant discussion is weak because there is a much longer and wider tradition in opposition to general searches than the “American constitutional tradition”. It’s a very American-centric text. Privacy is just being attacked by the NSA/USG? I think not. He is writing in a British newspaper in the land of GCHQ.
He writes: “We have an American constitutional tradition against general warrants. It was formed in the 18th century for good reason. We limit the state’s ability to search and seize to specific places and things that a neutral magistrate believes it is reasonable to allow. That principle was dear to the First Congress, which put it in our bill of rights, because it was dear to British North Americans; because in the course of the 18th century they learned what executive government could do with general warrants to search everything, everywhere, for anything they didn’t like, while forcing local officials to help them do it. That was a problem in Massachusetts in 1761 and it remained a problem until the end of British rule in North America.”
Yes, but the British had been bringing arguments against general warrants going back to at least the previous century. And at the same time James Otis lost the Paxton case there were a number of notorious British trespass cases (e.g. Wilkes vs. Wood, Entick vs. Carrington) brought against the use of general warrants in England. These cases, which the plaintiffs won, were well-known in the American colonies and are often referenced by SCOTUS in 4th Amendment cases. The Britsh were rejecting general warrants in Britain at the same time they were being used in the American colonies. They apparently had their own “distinction between home and away”.
name.withheld.for.obvious.reasons • May 29, 2014 7:07 AM
Am afraid “a strategy” is not useful–this is an “individual” response to group-think acting on individuals (one group w/multipliers, thwarting many “ones”). Governance for all intents and purposes is given to governance. Aaron Swartz demise seems to becoming more clear–he’s strong stance on CISPA/SOPA–his communications to individuals deemed enemy of the state–and his treaty on open access seems to be a lethal combination. No amount of encryption, personal security, or mechanisms to protect ones self seems to be applicable. The fact that the dead drop application for whistleblowers he was crafting was during the application of pressure from the U.S. government. There is a desperate effort to “military” all domains. This is not NOBUS, it is NOYOU–especially if any ability to align activities in contradiction to the proper school of thought is made apparent drop the calculus and stick with arithmetic my friend, you’ll only get hurt. Good night, and, good luck!
Mr. Pragma • May 29, 2014 8:54 AM
Not meaning to be disrespecting Mr. Moglen who seems to be an intelligent, very well educated, and well intentioned man, but …
just in the subtitle I find major errors, hardly tenable (let alone proovable) assumptions, etc.
Let me remind you that we know little to nothing about Snowden, about the details, about what really happened, about the value, let alone the correctness or completeness of the information given by him, and about many other factors.
Yet there seems to be a strongly and wide readiness to accept pretty everything “from” (or attributed to) him as truth and fact.
Similarly it is widely assumed (or even taken as a fact) that the us, the 5 eyes states, and others are democracies and that all the gross violations of democratic principles and rules, of laws, of constitutions, are “just singular and/or temporary aberrations” in otherwise healthy democracies.
Neither of these assumptions / beliefs are reasonable tenable.
In fact, a behaviour befitting a democratic, strictly constitution based, and solidly legal(ly acting) state, has become/is the exception in todays usa and many other states.
To make the situation worse, the “fourth power”, the media, usually are not researching and investigating critically but rather are largely colluding with the criminal actors, helping to cover up their crimes, and helping in keeping the democratic image of those states.
I agree with Mr. Moglen in desiring a “good” state, one that is guided by constitution and law, one that understands itself as a servant to its citizens and not a despot.
But every cure needs a proper diagnosis first. Before repairing something one must know the true state of things.
And we do not know the state of things. We do not know the full truth about the criminal organization the usa government and agencies have become. In fact, we know very little and much of what we know is tainted, doubtful, partial.
We do not know about the spying, eavesdropping, and other illegal activities. We do even not know about Mr. Snowden and his revelations.
What we really know is precious little.
We know, for example, some few patterns like the one to call illegal actions “necessities” for “security” and to blame “terrorists”. We know that pretty every “act of terrorism” has not — and almost certainly could not — been properly investigated; typically the “guilty” have after some police/investigation theater simply been declared by the authorities.
In fact the situation is so dire that it is the very parties assumed involved in illegal and anti-constitutional actions who have — and use — the power to quite successfully deny us from investigating them and the state of things.
The solutions for this problem constellation is not merely (believed to be) trustworthy processors, OSs, or encryption. I honestly wish the solution could be to somehow repair the center of those very grave problems; because I understand the many us-americans are victims, too, and because I understand that probably the a majority of us-americans would want a democratic and fair state, too. Probably it would even be possible to make a majority of us-americans understand that exceptionalism is profoundly counter the very principles of democracies (and, in fact, the very base upon which the “public servant” criminals consider themselves exceptional and such not bound to constitution and law).
But no matter how much I wish, the situation is obviously so grave and corrupted that the only sensible solution is to bring the usa down and to hope that the people in “we the (usa) people” then do their part to make sure that the former winners of the current system do not stay winners any longer.
In doing that, in working to (legally!) bring down the usa, one at the same time can gain a considerably enhanced level of privacy and security (by simply staying away from all the, possibly, probably, or potentially tainted and corrupted products and services).
A last word to the us-americans. It’s your country, it’s your responsibility to clean up your sh*t. Unfortunately, too many of you preferred to enjoy the short lived and expensive advantages of playing unfair with the “row” (“rest of world”, a slightly less confrontative version of “nobus”). Unfortunately, for instance, too many of you failed to understand the fertility of exceptionalism, i.e. that by accepting and exceptionalist stance against other countries you also layed the groundwork needed for your criminals to apply that very exceptionalism against you, their own people, too. Unfortunately, too many of you failed to understand that tools and weapons are not selective but people are that is, that once the principle “fuck’em all!”, meant to refer to the rest of world, would very soon find application against yourself; after all, isn’t it all but guaranteed that a politician who is lauded for advantages gained through “fuck’em! We’re the usa” policies and actions will sooner or later arrive at applying that principle against his very citizens, too? of course, first only against, say, the “chicos” or “them communist bastards” but finally …
Leon Wolfeson • May 29, 2014 12:45 PM
Bob S. – So you’re saying it’s.,..security theater?
moo • May 29, 2014 3:29 PM
Moglen is an American. He’s writing mostly for an American audience (but also for anyone in any country who wants to see freedom and democracy exist in the 21st century).
He was published in a UK newspaper, The Guardian, because they still take journalism seriously and are willing to publish political speech that goes against the world’s listeners/masters. Do you really think a similarly high-profile U.S. newspaper would be willing to publish an essay like this? I think they are too cowardly to do so. Though it would be nice if I turned out to be wrong.
Otter • May 29, 2014 8:03 PM
Those who have remarked upon Moglen’s historical errors – and the rest of us who noted them in passing – should remember that Moglen is an American. All the history he as ever been taught has had essential elements removed, and has been supersized with a slathering of distortion, misinformation, and outright lies.
We don’t need to spank naughty Eben – nor his careless teachers.
We do need to identify the errors, no matter who repeats them, and the mistaken conclusions they imply.
AlanS • May 29, 2014 10:00 PM
The fact that the article is in the Guardian means that a largest chunk of the the readership will be British. But even if he was just writing for an American audience, treating it as parochial matter misrepresents the problem.
Reading the article you get the sense that the surveillance we have now was an adaption of the MIC to the post-cold war era, facilitated by 9/11, which gave the expansion a compelling rationale. And that the allies were dragged along by the Americans. Yes, I guess up to a point. But modern liberal states and the corporations that inhabit them have always been in the surveillance business. (The UK, as presumably do other countries such as Germany, do quite well in this regard without any encouragement from the US.) Surveillance is not new. What is new is the vastly expanded scope. In the US, back in the 1970s the Church committee documented decades of abuses by the various US TLAs. And back in 1928 Brandeis, in his dissenting opinion in Olmstead, already foresaw what was to come:
“Moreover, ‘in the application of a Constitution, our contemplation cannot be only of what has been, but of what may be.’ The progress of science in furnishing the government with means of espionage is not likely to stop with wire tapping. Ways may some day be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Advances in the psychic and related sciences may bring means of exploring unexpressed beliefs, thoughts and emotions. ‘That places the liberty of every man in the hands of every petty officer’ was said by James Otis of much lesser intrusions than these. To Lord Camden a far slighter intrusion seemed ‘subversive of all the comforts of society.’ Can it be that the Constitution affords no protection against such invasions of individual security? (Lord Camden was the judge in the British general warrant cases in the 1760s I cited above.)
If you look at the history of privacy since the end of the 18th C. it has been one long, depressing retreat with occasional hiccups. The primary limitation has always been the technical means. For government and business, for those whose raison d’être is manipulating and managing populations, there can never be enough information.
Yes, and I agree with Eben that “Hopelessness is merely the condition they want you to catch, not one you have to have.” But is what is happening now just an unevenness in the curve or have we reached an inflection point?
Jukka V • May 30, 2014 7:41 AM
My problem is with the mainstream. People who are not techies, but I care about. These people may have heard of some nsa leaker. Some of them may even know facebook has privacy switches – but these people do not know and care the issues.
My question is : How do we render the issue of caring irrelevant? I’m getting tired to talk on all these egotistical animals, so I wnt to get to a point where we could actually suggest a box sold on radioshack, when they ask for internet connectivity.
Mandegrant • May 31, 2014 8:41 AM
‘Shock therapy’. They start to care only when the shit hits them directly. Some don’t even after that, but those are hopeless anyway.
Jukka V • June 1, 2014 4:29 AM
“They start to care only when the shit hits them directly. Some don’t even after that, but those are hopeless anyway.”
That’s exactly my problem. Some people would rather die than accept their world isn’t perfect. The problem is the issue of wether they care still is relevant. I wanted to make such question irrelevant in a way there’s no meaning in asking the question anymore. The question seems to remain relevant and therefore easy to ignore, because we haven’t put security, privacy or freedom in every single box sold, so people still need to care in order to get those three things. That’s the issue, not if they care or not. We cannot force it to everybody who don’t care, but we can make the world such that they get it even if they don’t know they should ask it.
Our world isn’t perfect either. privacy, encryption and security is god damn hard even if it works. and it cannot protect from intentional failure.
DB • June 1, 2014 5:57 PM
First, we need to make a world where those who DO care about “security, privacy or freedom” CAN get it… We aren’t really there yet as far as hardware and software goes.
AFTER that, then we can worry about making it so widely available that even those who don’t care might stumble upon it sometimes too.
David Henderson • June 3, 2014 5:49 PM
Late addition to this thread:
Phil Zimmerman devised a web of trust model when it comes to personal communications as part of PGP circa 1991. Key signing parties established trust level in an antinuke group threatened by DoD spies.
It must have hurt to be confronted with “I dont fully trust you.” feedback.
Much as I hate to say it today, that web of trust model/personal key signing is just as needed nowadays as it was then.
Trust in the internet as an impersonal entity that maintains individual privacy and anonymity has died.
Partial solutions are detailed in: “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance by Julia Angwin”
Peter Gerdes • June 13, 2014 1:10 AM
Ohh give it a break with that totalitarian non-sense.
Surveillance by the NSA might be bad but it isn’t even close to the most oppressive things done to citizens by the US government. We are totalitarian when police officers stop and frisk people at whim and otherwise (as they often do) exercise great coercive power over those they dislike while favoring others.
There are a thousand ways that various branches of the US government are tyrannical…broad surveillance that after revelation still has as many supporters as detractors in the voting public is hardly the worst. The very fact that it happened so long and no one knew about it means in shares almost nothing in common with the kind of abuses of kingly power that ground our concept of tyranny.
The government’s enforcement of banking regulation in a way that effectively forces banks to kick out customers who are in the adult industry, gun industry, tobacco retail etc.. is somewhat tyrannical. There, groups of people who displease the powers that be are being punished on whim without a chance to defend or appeal and that is somewhat tyrannical.
The government’s continued non-enforcement of drug laws against respectable white college kids amounts and police and prosecutors giant discretionary power to convict almost anyone of a crime is fairly tyrannical.
The government jerking off to your emails in it’s secret facilities hardly qualifies.
Maybe you worry it presents the risk of tyranny? That one day soon the government will stop just watching and start using that info to ensure their group retains governmental power? That’s more reasonable even if I think it unlikely.
AlanS • June 13, 2014 8:42 AM
Well, yes it could flip into totalitarianism but you are probably right. As has been pointed out by Bruce and others, people are very focused on a “1984” type of outcome in relation to surveillance. Or in the writings of Foucault, people tend to latch onto his writings about the disciplinary power and panoptic mechanisms. But Foucault went on to write about quite different forms of surveillance and “security mechanisms” that he saw as the dominant mechanisms of power in the modern neo-liberal state. These are much more subtle.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment