Schneier on Security

Nick P • July 8, 2014 12:06 AM

@ Steeeve

“I read comments on your blog entries along the lines of, “weren’t you expecting this anyway,” as an attempt to change peoples notion of what’s acceptable here in the states.”

Well, there’s that and the other version of it: weren’t you expecting the government to be pulling stuff along these lines given what we already know? There’s a lot of that sentiment in individuals and political groups with a certain amount of distrust in government.

Nick P • July 8, 2014 8:33 PM

@ AlanS

“tends to serve as a distraction from larger more important issues (state power, secrecy, privacy, state accountability, etc.) or as an ad hominem attack in defense of the NSA etc.”

It might. Remember, though, our system has enough actors in it to handle many issues in parallel. For instance, it would be different groups handling Snowden and government accountability. I’m used to juggling different lines of inquiry so that’s all I’m doing.

“The links I posted are here. I think Skeptical did post a follow-up to your original post at some stage, probably several weeks later in another Friday Squid blog.”

I appreciate it. I’ll save them so I can think about them more thoroughly later.

Nick P • July 9, 2014 7:17 PM

@ AnonymousBloke, Steeeve

NSA Director’s and Snowden’s actions don’t compare: only one is mandates and supported by law

That the people keep comparing Snowden’s actions to leaders of spy agencies is worth a solid response on why it’s a bogus comparison. That intelligence directors are scheming scumbags seems pretty consistent for sure. Unlike Snowden, they’re authorized by law to do all kinds of activities that are otherwise considered illegal. There’s also laws against leaking classified information. Put the two together, the intelligence community can do a lot of things in the course of their mission that’s not tolerated when individuals do it acting alone. The American people, Congress, Presidents, and courts have accepted this distinction for a long time. It didn’t happen yesterday or even quickly.

Let me give a specific example related to our classification system. The U.S. classification system protects most of these secret activities. Once mere executive orders, the system was codified into law by Congress and expanded on continuously. The American people allowed it and even supported the rules in many cases. Courts were willing to prosecute unauthorized releases. The system offers classifications, clearances, and the need to know concept. Unauthorized sharing is a felony. The creating organization is the owner, decides classification, decides need to know, and determines criteria for declassification. Last point is important as it’s the reason stuff published publicly is still illegal to share.

Certain projects, SAP’s and USAP’s, go beyond this. These are compartmented programs that have even more restricted access. Only a small percentage of Congress is even allowed to know what these programs do, acting as what little accountability exists. This scheme has also been allowed by Congress going back to WW2, especially Manhattan Project. The American people have mostly been fine with the black projects thinking things like B-2 bombers and nukes probably need the extra secrecy/security. The only movement against black ops came back in the Church Committee days, it was about abuses rather than the system, and the public/Congress allowed system to stay after some housecleaning. See a recurring pattern where Americans, Congress and Courts all approve of these secret operations and special legal allowances?

The NSA programs are all classified and many might be SAP’s/USAP’s. Given the above, plenty of people in Congress might have known what they were doing. Congress even mandated the goals that led to these activities. Per classification system rules, those that knew of the programs couldn’t tell anyone (even Congressmen) any details. SAP and USAP security guidelines also allow for, even sometimes demand, that an insider lies about the program when questioned. (“Weather balloon project, not a spy plane!”) Telling the truth can get you in prison if you do black project work.

So, let’s apply this to a specific example: Clapper. Clapper lied about what they were doing in the program. If that program was a SAP or USAP, Clapper is legally required to lie to protect its secrecy if he believes it’s necessary. Otherwise, he has to just not comment (“neither confirm nor deny”). There are only two situations that I’m aware of in which he could give details on those programs: the audience of the message were all cleared with a need to know; the information was declassified by program owner. That you and I know what Clapper’s answer was means the prerequisite for sharing didn’t exist. And they sure aren’t going to declassify their secret capability while it’s still useful and controversial. So, Clapper might have made the right call about disclosure whether I personally like it or not.

Now, what about Snowden? Snowden very clearly violated classification laws along with a number of others. He also doesn’t get the legal immunity provided to LEO’s and TLA’s as he was acting alone. This moves us to whether we should treat him as a whistleblower, as classification laws strictly prohibit using the system to protect criminality. So, we have to look at what he leaked. There’s a bunch of slides showing various ways NSA tries to spy on Americans, the legality of which is debatable depending on which laws and Congressional mandates you look at. This might qualify for whistleblower protection and I’m personally glad he leaked it.

Other leaks expose NSA operations against foreign targets that are clearly legal under existing SIGINT laws and policy. He also handed them to foreign organizations in countries targeted. (rolls eyes) That’s the kind of thing that gets people called a traitor and charged for espionage. His defense was that he stole a lot of material, didn’t want to accept personal risk of carrying it, and was in too much of a hurry to even cherry pick a few slam dunk powerpoints to leak. It has to be the worst defence I’ve ever seen. He had better options and put a lot of time/planning into this. He could’ve avoided this part of the leak albeit with less documents to publish and more personal risk. His choice makes him look quite treacherous to many voters I’ve talked to in an important demographic, making it a bigger mistake if he’s aiming for change driven by The People.

Note: I do think the organizations he handed it to have mostly been doing a good job on their end. I’m not criticizing them here.

So, the NSA heads and Snowden’s actions are not comparable. One side is legally allowed, even mandated, to do much of the shady stuff it does here and abroad. It’s also legally forbidden from telling anyone the specifics. The American people, Congress, Presidents, and Courts contributed to that being the status quo. I gave the details of these issues and the solution in a previous essay here. The situation cannot improve until NSA opponents understand what it is, why it happened, and the specific things (esp classification laws) that must be addressed to deal with it. And, yet, the American people have hardly pushed Congress on any of these issues (even easy ones) for a long time despite abuse after abuse. That the situation requires political action initiated by the majority means my view of the future is dim given their track record.

Meanwhile, I continue to work on various solutions to the threat of TLA’s, show the legal underpinnings of NSA’s power to voters, and use a day’s thought here or there on issues such as whether Snowden should be prosecuted for some aspect of his actions. I sure as hell wouldn’t leak a whole bin of classified information to groups all over the world without filtering it. There were alternative tactics that would’ve accomplished his mission. He’d know them and the importance of filtering having been a trained spy with field experience. That he might be legally punished for this part of what he did is worth considering and many would say worth acting on overtly or covertly. Regardless, he chose the specific course of action and it would be a sad irony if it prevents his whistleblowing from changing our laws significantly.

Note: For people wondering “where did this line of inquiry come from?” I’m just now getting around to really thinking about Snowden as I’ve mostly focused on NSA capabilities and countermeasures. Of course, that’s still getting 99% of my free time so readers and future solution builders don’t worry! 🙂

Nick P • July 9, 2014 9:24 PM

“These questionable authorities are deliberately shielded by the judicial branch in several ways which I will not enumerate here.”

Mostly by laws created by Congress and backed by all other parties except in limited cases. A legal shield.

“we need look no further than the author of the Patriot Act”

His opinions and feelings are irrelevent to what’s legal under current U.S. law.

“Fundamentally, this argument boils down to: any argument condemning Snowden’s actions whilst supporting Haydens, Clapper, Alexanders, et al. is patently hypocritical. It fails the basic test of equal application of the law.”

Not at all. If there’s a law against one and for the other, then doing one is illegal and the other is legal. That’s basic law.

” I defy you to find an advocate who thinks that the US government’s classification system is not broken. I defy you to find an advocate who thinks that the oversight mechanisms available to the oversight committees are not broken.”

Don’t dare that as I know plenty that think they’re imperfect, but good enough. You’re projecting your own feeling on so many others. I agree that the oversight is broken, the classification system is risky, the NSA is dangerous, and so on. Yet, the point of my post is that one must first realize what their actual situation is. The actual situation is that NSA’s activities are legal enough, existing classification law prevents much effort, Snowden’s actions might be a mix morally, and only leverage on Congress (voters or otherwise) can change this. Once these are understood, one can devise and formulate steps to the solution. Fooling ourself and repeating falsehoods on media, to Congress, etc will not help.

“I don’t think a single civil or criminal case based on legitimate harm and wrongdoing could be brought against Edward Snowden.”

Lol. I mentioned plenty of legitimate harm and wrongdoing. I’d start with his coworkers, the obvious leaking laws, him blowing legal operations overseas, and costing U.S. companies billions. Although I’m for giving him immunity or plea bargain for the good he’s done, I could easily imagine many companies and courts having a different view.

” as a fellow security professional I would think that you would be offended and alarmed that we’re being double taxed. We’re being forced to pay into a system where our own systems are compromised and monitored. My co-workers have been hacked, had hardware intercepted, and had their email and personal communications monitored.”

I’m typing this on a subverted system. I’m more than offended… I’ve been motivated to act and post countermeasures quite prolifically here. NSA is a spy organization, though, and my type has always expected the TLA’s to do these things. It’s their job and nature. I’m most offended by the American voters and politicians that empower these deceitful and powerful organizations. It would be hard for TLA’s to achieve their current violations if they were intensely scrutinized and faced life in prison for the types of shady stuff we’re discussing.

Work like mine used to stand a chance years ago. Now, Americans pay NSA over $200 million a year on their subversion activities with support of military, hackers, spies, and black bag operators. That’s probably enough to beat whatever I come up with several times over. How am I to think of NSA the enemy if they’re just doing what they’re told, allowed, and/or paid to do. NSA is just an hyper-aggressive dog whose owner feeds it, never leashes it, shows apathy as it tears neighbors to shreds, and uses legal influence to prevent cops from doing anything. The owner is the root cause of this problem, as with many others. The owner merely needs to become responsible. Then, the dog can be disciplined into good behavior or mercifully put down.

Instead, most people (including the owner) are shouting at the dog.

Nick P • July 10, 2014 3:36 PM

@ AnonymousBloke
(and some points for readers in general)

“I know we just met. But ask your self, “Does this guy I am talking to sound like the sort that would be against governments running black ops?””

I don’t assume anything like that. Glad you told me, though. We share the same view on ops. And Hoover is the comparison I’ve been pushing for NSA opponents to use in debates. 🙂

“Snowden definitely violated the letter of the law. I believe, as do some others, that he did not violate the spirit of the law. Snowden is one of those exceptional cases where the laws need to change.”

That’s where the debate is: the spirit of the law. Some don’t think NSA should’ve been allowed to do all this. Yet, as I showed in my essay, these kinds of capabilities and double standards had been built into our legal system for military/intelligence for decades. We’d gone through episodes of corruption (eg MKULTRA) justifying a tremendous change. Yet, it never came, Congress as a whole just reinforced the system over time, Americans supported it for various reasons, and so on. This parallel type of law, applied only to defence sector, has been part of the “spirit” of America for a long time. Going against it was even seen as unpatriotic by many.

The other aspect is NSA’s activities. Americans pushed for government to do whatever it could to prevent a 9/11. It was an irrational move motivated by fear. Each expansion of power and leak of abuse had little effect on the population besides some shouting matches. That it wasn’t put to an end quickly shows that the surveillance state was part of the new “spirit” of America. NSA was doing a fine job in the new order of things with their “Collect it All” and “Eliminate Obstacles to Sharing” approaches. The latter removed plenty of internal controls as a side effect. I’m sure that had fringe benefits for “extra-judicial activities,” as well. 😉 Crooked, but no more crooked than DOD and Congress that America tolerates.

“I see him as having architected the only way he could release what he planned to release without getting jailed and so snuffed. Very brilliant for a 29 year old.”

There were three options I presented when it all started: stay there while filtering the material; hide somewhere while filtering the material; don’t filter the material. People argued against the first two options saying he was just a smart IT guy with a consience and wouldn’t survive. Polygraphs were brought up as one risk, for instance. I conceded at the time that my options were impractical for such a person and that he did what he had to do.

Now, we know more and it paints a different picture of Snowden. He certainly had IT skills and maybe acted on conscience. However, we also know he was a CIA trained spy who worked in foreign countries undercover. That gives him a certain set of skills, like conning people & living two lives. Although, I agree with you that his experience had support and was more limited than full-on flight from U.S. govt. We also know he beat background checks, interviews, and polygraphs infiltrating to where he wanted to be. (So much for polygraph risk…) He also planned his flight and hiding quite well, especially in a country easy (but expensive) to disappear in. So, you see some 29 year old under high pressure, I see a [maybe amateur] spy doing what he does and quite professionally. And probably for good reasons he stated. So, then I look at his actions from that lens and see troubling issues with how he handled things that I wouldn’t see from the other lens.

So, how could he have done the other two options? Well, he already was well-paid as an administrator with access to the information that apparently had no effective internal controls. He could easily have grabbed a bunch of documents, hid that he had them, and processed them overtime at his home while he continued to collect a paycheck. This would give him continued access to the inside which has other benefits. If the docs were used by a group, it would give him deniability. A prerequisite is that he’d have to ensure the fingers wouldn’t be pointed at him. He had already gripped to superiors and conned people out of passwords, so he [intentionally] made this option impactical.

Note: Interesting that early on people said it wasn’t practical because Snowden was too honest and lacked skills like beating polygraphs. Over time, we find that these were entirely untrue and it wasn’t practical because Snowden had conned and said too much to stay. Ironic, yeah?

Option two involves him hiding and processing the information. Why would he do this? He claims loyalty to America and desire to minimize harm. This is best way to achieve both. The simple method is to ID trustworthy people to stay with and have helpers for equipment/communication, although latter are optional. His own plan utilized these so I know he’s capable of this method. The difference is he’d be in isolation off the grid with a bunch of computers and powerpoints, occasionally getting messages out. He’d use what cash stash he had to pay host for necessities and other rent. He’d use his knowledge of the programs (eg codewords) to quickly find the hard hitting slides and leak them. An escape might happen at some point in this or not. I lived in a situation like this for a while and it’s easier to pull off than it sounds, esp in rural areas. Not good for the mind or social life, though. Yet, that was true for his plan, too.

There is a variant of this that would’ve been my option. The files he took contained the collection on Americans he wanted to whistleblow and plenty of data on foreign operations whose release would be damaging. I’d hide in a country that could conceivably protect me from US as I go through the data overtime. I’d give an encrypted version of the whole thing to the news organizations, along with a key release mechanism. If U.S. government took action against me past trying in vain to get extradition, the release would occur to great harm. If I was fine, selective disclosures of only domestic activities would occur over time. I’d probably give the host government information on NSA activities there, optionally have serious dirt on its current leaders with similar release strategy, and offer to work to improve their national security systems. This means I’m protected both ways, possibly even by their cops or TLA depending on cooperation/corruption levels. Snowden was capable of most of this, but I wouldn’t expect him to try my approach so I’m just writing it so the next leaker considers more selective disclosure options.

So, he had some options. He burned himself on one that provided greatest risk and benefit. He ignored another he could’ve pulled off to protect himself more. He then chose an option that blew our legitimate work while whistleblowing on what he (and I) believed was unethical. So, my analysis of him is he might be doing things for the right reasons, but he did cause unethical and illegal harm to foreign ops to protect his own ass. And he might reasonably be punished for that. Even NSA leaker Binney wants him in prison for that if I recall correctly. Personally, I’m thinking of it as a side issue as reigning in the NSA is much higher priority than Snowden and his [domestic] leaks are quite helpful for that. It’s why I’m for U.S. courts treating him mercifully despite the damage I’ve identified.

Note: I also respect that Snowden pulled off what he did as odds were against him and respect your honest, fair points in the discussion. Just gotta say it as I know my writing style (or lack of it) often doesn’t come off that way. 😉

re NSA and political corruption

It’s called “The Revolving Door” at the Pentagon. It’s called legal corruption, err campaign contributions, in Congress. Most Americans I talk to about these problems know about them to varying degrees. Yet, most of them vote for politicians that do this stuff even when less corrupt one’s are on the ballet. They rarely push Congress on these issues with letters. Their focus is more on taxes, gay marriage, and so on. Their apathy and reliance on untrustworthy media outlets also makes them easy to mislead on issues like NSA’s activities. The concept is called “tyranny of the majority.” It wins out in this country a lot.

It’s why I blame the people for all this stuff. It’s also why I work on solutions for them, technical and legal, that also try to benefit all parties involved to increase chance of adoption. Using mine or not, all they have to do is care enough to use their vote and political power to make a difference. They don’t. So, we have the NSA issues, FCC issues, FDA issues, Treasury issues, and so on. It’s a root cause thing: these issues are only symptoms of another problem which continuously produces issues. Must fix the root cause. I’m at a loss for how to do that.

“You work in a system which has a wide variety of beliefs. That is tied into your identity. So, you are subjective and can not change. Unless you could somehow distance your self.”

I’ve made substantial changes to my views and life repeatedly. Your theory is either incorrect or I’m an exception to it. I’ve often been an exception so we’ll go with that. I’ve also avoided working for U.S. government or obtaining a clearance specifically to protect my rights, especially speech. Private sector and academia in my specialty were ahead of them in most ways so more interesting work. You can choose what to accept and leave with only civil penalties at worst. So, it’s easier to act on principle. Although, my hands are tied in significant ways via confidentiality agreements and the fact that people like me walk a tight rope in a surveillance state (see chilling effect).

And they’d never give a clearance to someone that published secure leaking strategies, claims that DOD are imperialists scumbags, blueprints for dissidents to safely operate internationally, attacks on their most secure stuff, defenses from most of their capabilities, and so on. I think they’d spit their government-issued coffee in my face laughing if I asked for a clearance. Or I might just get a clearance. Maybe they’d see an opportunity to get my mind focused on stuff that’s better for their goals with Espionage Act prosecution as a safety net. (shrugs) I’m not holding out for such a sweet deal (sarcasm) despite insiders offering it on many occasions.

“I think you are a sincere guy, so for you, it is best that you truly believe what you say. ”

I appreciate it. My commitment to my principles is my main asset. I’ve taken plenty of financial and mental losses due to this along with my committment to backing civil liberties. However, I do occasinally force myself to look at things from another perspective as a safeguard against my own beliefs forcing me in a bad direction. That’s what I decided to do with Snowden this week and it allowed me to see more of the moral complexity of the situation. Another example was looking at my main opponent, NSA, as an authorized agent of Congress and the people’s will. That led to the essay I linked to above where I discovered their broad mission, specific aspects of the classification system, and lack of criminal penalties for violations were the root problem. Not their lies or programs which were mere symptoms. This also changed my solutions from technological to incentives for Congress or informing the public of risk. And so I continue doing what I do while trying to avoid getting stuck in mental ruts as you keep writing about.

“I totally respect your opinion. Even if I am correct, with the above wild guess, I still respect it. You would have no choice. I appreciate, as well, hearing every manner of argument on anything I deeply consider.”

The respect is mutual. Even if my career and group was on the totally opposite end of your prediction. I could see how you’d think that, though. Not bothered by it haha.

@ Steeeve

“Actually most of this has been handled by illegally classifying evidence critical to provide proof that someones rights have been violated. That’s equivalent to throwing a rock through someones window and then claiming that the rock itself is a state secret.”

Almost. Most of the SIGINT-supporting laws, classification system, criminal immunity, and toleration of corruption go back decades. It’s been mostly solidified in law. The only new thing is collection on Americans, whose programs needed approval by key Congressional committees. If the programs exist, they were approved by lawmakers. And executive and judicial branches mostly backed them. It’s a legal grey area that they look pretty safe standing in. Worst case is it gets rolled back by future legislation, they’re ordered to stop domestic collection, and no criminal penalties happen due to conflicting laws (grey area).

“What in your mind makes something “legal under current U.S. law?””

Lawmakers introduce a bill that is passed by majority of the House, majority of the Senate, approved by the President, and not ruled unconstitutional by the Supreme Court. (A controversial view on what’s legal, I know.) Tie-ins by laws created later, affirmations via case law precedents, and support by state’s own laws add impact, too. The NSA’s mission, near immunity to prosecution, and right to lie about its classified capabilities (even to most Congressmen) are solidified by decades of laws passed the way I describe. There’s also conflicting laws and executive orders on domestic collection that give them legal leeway. All laws facilitating domestic collection must be replaced by Congress and the President with new laws that make it clearly illegal. They might also add some criminal penalties and independent auditing (esp GAO) while they’re at it.

“Prove it. I need a reference;”

I’m guessing you missed the whole Snowden debate in the media and online. It might surprise you that there were Snowden opponents that weren’t the heads of NSA. They argued he did the wrong thing, the system has issues but is acceptable, and wanted him prosecuted or shot. Many of those people identified that they work in defence sector in many levels. There were also academics, regular people, etc. Bruce even links to debates between that side and the pro-liberty side (mine). Pretending these people don’t exist is the best way to not get changes done in a situation where votes (including theirs) will matter.

“Who’s the dogs “owner” in your analogy? What’s the basis for your contention that these programs were authorized? Why in your view aren’t the administrators of these programs being discussed to the degree that Snowden is?”

I explained it above in reply to AnonymousBloke. The owner was a combination of Congress that supposed to hold Executive Branch accountable and The People that are supposed to hold Congress accountable. Both regularly approved expansions of monstrous systems with their own legal standards. Both have the only real power to deal with the situation. Both failed to reign it in during numerous abuses over a fifty year period. Both are failing to act now despite talking more about it. So… the situation is the same or worse depending on who you ask. The only thing people get wrong is the dog (NSA) isn’t the problem: it’s irresponsible owner (Congress and The People) are the one’s that need to do something different. Then NSA will become a well-behaved dog or be put down. Just like that.

@ AlanS

“However, the courts have so far taken different opinions on the matter and who knows when these matters will get to SCOTUS and what SCOTUS will decide. I think SCOTUS is struggling with technology and its impact on privacy and how to account for these changes in existing legal frameworks.”

That’s totally true. Their technological illiteracy (and lack of imagination) is essentially taking them out of the checks and balances. If they don’t understand it, they can’t rule on it effectively. I’d love to talk to them as I think the best route is to break it down piece by piece, focusing on effects rather than the tech itself. I’d use previous case law, risks like Hoover, and so on to paint the picture for them. I’d also present, as a compromise, various solutions that give TLA’s capabilities to do their jobs while respecting civil liberties. Binney’s original ThinThread design comes to mind as a good example of a compromise. Then there’s my lawful intercept, escrow, and secure multiparty computation schemes. Many opportunities that I figure SCOTUS has never heard of.

“Clearly intelligence activities have to involve some level of secrecy but government secrecy is at odds with liberal democratic society. So there is always going to be a tension. And as technology allows greater surveillance at less cost that tension is only going to increase. We know from the Church Committee that the TLAs engaged in extensive abuses over a period of decades prior to the early 1970s. So this is not a theoretical concern. What’s disturbing in the new revelations is the massive scope of the secret surveillance (much of which one could reasonably argue is unnecessary, ineffective or worse), the lack of effective controls and checks on the activities (the post-Church reforms didn’t work or were done away with), and the potential for significant abuse.”

Very well said. It’s why voters need to take action to get Congress to take action. The thing that shocks me about it most is that Congress is at greatest risk here. You’d think they’d take action if only out of self-interest for preserving their own power and eliminating blackmail risk. Believing NSA will exempt them is an unjustifiable act of faith that doesn’t make sense given Congressmen are typically good manipulators themselves. I keep trying to find a shortcut around relying on the American people and some good plan for convincing Congress to act for their own self-interest seems the best bet. Of course, I’m lacking the plan itself…

@ DB

“There are commenters on this blog who are all for everything our government does!! ”

Lol. Thanks for stating the obvious. I mean, how could anyone not notice this…

Nick P • July 10, 2014 7:10 PM

@ Steeeve

“Apart from the fact that you’re willfully defending public corruption here, I’ll reitterate: You’re missing the core point. There’s a difference between what the lawmakers write, the justices interpret, and the executive agencies purport. You’re literally ignoring two out of three of these and calling it “law”.”

Exposing corruption and its legal underpinnings isn’t defending it: it’s the first step of changing it. My legal view focuses on what all three did from the Truman Administration to right now. With few exceptions, they’ve reinforced the laws that enable this problem including laws facilitating lies, spies, difficultly of prosecution, and so on. NSA is leveraging as many of those as it can, such as recent “State Secrets” attempt to get immunity in an ongoing SCOTUS case. (Good it failed so far…) Years ago, Congress reinforced that kind of thing yet again when it granted telco’s immunity to prosecution. Unlike most things clearly illegal, I keep seeing gripes, immunity grants, and so on but no criminal prosecutions.

Doing research during our discussion, I just found this report that the organization I recommended be used for oversight (GAO) has an office at NSA that’s unoccuped. They were doing their job, working hand in hand with NSA operations with continuous feedback. The head of GAO eventually pulled its people there for a simple reason: nobody in Congress asked for a report on NSA activities “for years” as of 2008. Congress didn’t even care to audit them despite having good help. And for years. Yet, Congress members did introduce several bills to legalize sneaky activities that were revealed. That’s how much legal risk the NSA and coconspirators are facing. 😉

“claiming immunity to prosecution, immunity to oversight, and immunity from legal constraint.”

I claim immune to criminal prosecution, little oversight, and (on domestic spying) little to no legal constraint. The last one is connected to the first two. And since this is what’s happening in reality, right now, I’d say it trumps any legal theory until we see Congress or SCOTUS enforce an anti-NSA legal claim. We haven’t, so it’s either legal in practice or they don’t care to stop it. I’m not sure which is worse.

“most U.S. citizens disagree with your opinion”

Their opinion has no effect on the relevance of my claims: their vote does. Did most of them vote for Congressment and Presidents that weakened the Constitution and increased these agencies power? Yes? And often more than once despite having the voting record? What they did and are currently doing as a democratic people matters more than what they say in a poll. So far, the public’s voting record indicates that NSA and their co-conspirators will do fine so long as some false promises are made on TV along with references to scary things like 9/11.

“I cited William Binney as a source. He has more credibility in this debate than you or I. If he thinks the classification system is broken, then it likely is.”

Sure the system is broken or problematic in various ways. I posted here a replacement system by Jason Society a while back that’s a great improvement. Binney also illustrates specific problems in it that make abuses hard to publish. Yet, these issues are mostly not relevant to our discussion as I’m focusing on a very simple concept: the classification system is law, the public isn’t pushing [with votes] to get it in check, lawmakers aren’t trying to put it in check, courts are mostly not putting it in check, and this is despite all parties seeing evidence it’s being abused to hide power/money grabs. That an obsolete, ineffective system is in place is only where the problem started. That the voters and lawmakers continue to reinforce it rather than modify it to eliminate these issues is The Big Problem. (that part of it anyway)

“The real issue here is that the “owner” just found out that they own a dog. ”

The owner knew they had a dog for a long time. They allowed politicians to create secret rules, secret armies, secret capabilities, secret budgets, and so on to be managed by secret people. And led on top by politicians. The public knows politicians (and people in general) can’t be trusted with a combination of power, money, secrecy, and no prosecution. It’s why the public usually leverages First Amendment, votes and courts to keep all those politicians somewhat in check, with the Second Amendment as backup. Yet, for defence sector, they let it get done in totally opposite way.

The public was reminded repeatedly for decades of how bad these organizations can be with scandal after scandal ranging from unauthorized surveillance of dissidents to overthrowing foreign governments to MKULTRA’s subprojects that experimented on little kids trying to make them into assassins. Yet, Congress and The People continued to allow the system’s risks and corruption to build. Eventually, post-9/11, they gave the NSA even more power with fewer restrictions. That defies both the spirit of the Constitution and common sense.

And so the people, Congress, and the courts can play dumb but they were warned repeatedly about the general risk. Each time, they either defended the dirtbags or essentially gave out slaps on the wrist compared to how we treat other felonies. I didn’t see the people consistently vote the anti-Constitutionalists out of office, Congress pass laws stopping these behaviors, or courts putting corrupt heads of state into prison. I did see a tiny few scumbags loose a career over something, but otherwise remaining free and well off financially. In 2004 leaks, I was waiting for all this “illegal” and “unconstitutional” stuff to result in restricting legislation, jail time, budget cuts, strong oversight, different votes… SOMETHING addressing the issues. A decade into the problems and I’m still waiting.

To be fair, at least a few courts and Congress reps are taking some sensible action in recent years. And a Forbes writer suggested Congress might try to leverage the Speech or Debate Clause to try to dodge the classificaiton issues. Yet, as I just read the Clause, it gives immunity unless “treason, felony…” Disclosure could be considered both. And now we’re back to changing the laws being the best idea.

Nick P • July 10, 2014 11:05 PM

@ Steeeve

re my focusing less on NSA in these posts

We talked about the NSA’s guilt in a ton of threads on this blog a while back, continue to talk about them, and so on. I’ve personally been criticizing NSA activities, while developing anti-NSA tech and reform proposals, since the 90’s. There is room in a day for investigating other aspects of the situation, though. That’s what I’m doing as I look at the root cause of how the NSA got where it is, why it’s leaders aren’t in prison, why Congress still can’t get answers past what Snowden gave them, and so on. I also decided to re-evaluate Snowden himself given we’ve learned things about him that contradict previous information. This is not lack of fairness, redirecting debates, or anything else. It’s merely applying my capable mind to more than one topic.

re debates on what people didn’t know existed; cyncial, extremist points

Here’s what people knew existed: laws existed that gave many dangerous privileges to a select few organizations; the organizations were constantly involved up corrupt, wasteful, or straight-up evil activities over many decades; reporters and Congress caught the organizations breaking our laws in big ways. The media made darned sure people knew these things as the horrifying machinations of government made for good ratings. Once someone knows these things are happening, there’s an obvious debate that should follow: should we continue giving the guilty parties extra privileges in terms of secrecy, money, partial/full immunity from criminal prosecutions, and so on? Or should we significantly change these laws and structure of these agencies (esp defense sector) to prevent or more easily catch their abuses?

Far from problems nobody knew existed, the corruption that arises out of combining secrecy, power, and low accountability is a known issue that doesn’t go away. These attributes were also solidified in law by many Congressional actions people didn’t oppose and courts enforce. The debate to change this, if it happened in the past, never led to any changes. And scheme after scheme occurred with such shielding involving many government agencies up to and including the NSA’s recent activities. And the foundation they built their schemes on still exist, their schemes are still running, nobody has passed laws against mass domestic collection, nobody is forcing the information out of them, nobody has been thrown in prison, and so on. This is despite that the situation could go 180 degrees with a relatively simple legal action by Congress, esp if pushed by passionate American voters.

re the dog

Maybe the metaphor and my quoting suck. I’m dropping both in this post as you’ve suggested. Instead, I’ll go with the metaphor of intelligent humans that give more power, money, and secrecy to organizations and individuals that already betrayed their trust year after year for decades. They find out in great detail that they’re getting betrayed AGAIN, yet continue to give the scumbags money and privileges that ensure the betrayals continue. They don’t take action to remove the scumbags’ privileges, put them behind bars, or put them in the dirt. These are things they typically do to those that commit criminal acts against them. Yet, for these scumbags, they just keep supporting and/or forgiving them them while demanding they to act more honest and ethical. I like this metaphor better because it’s not a metaphor: it’s a simplified description of what Americans are actually doing in response to NSA disclosures.

“The price of liberty is eternal vigilence.” (source unknown)

I think Americans have just been trying to freeload on liberty for too long instead of pay the maintenance fee. That’s why they have less of it as time goes by. They, even Congress, better wise up and get vigilant quick. If they don’t, then they’re resigning themselves to their own slavery to a surveillance state today and who knows what later. Just remember that it would only take one Church Committee style push with one wave of legislation changing just a few things. That’s all. It’s also what nobody is doing and the results of this inaction are self-evident.

Nick P • July 11, 2014 11:43 PM

@ Wael

“If RobertT and Dirk Praet are not here, they must be somewhere else!”

Lol. Dirk is doing other things like learning Japanese. RobertT got bored with the blog having got to the point of repeating himself a lot and/or got ordered to stop giving away trade secrets. 😉 But it was worth referencing them as they might see it whether they’re commenting or not.

@ AlanS

All great points. All your data also supports my theory of the situation quite well.

@ AnonymousBloke

I know you put a lot of effort into it but I’m going to dodge the Chinese hacking discussion altogether. I did read it, though, and thought you came up with a lot of good questions, answers, pro’s, and con’s. The reason I’m not pursuing it is it’s a case whose shaky facts mean where asking plenty of questions and the whole point what to answer a question: did Snowden commit an act of treason by leaking information on legitimate (i.e. clearly lawful for NSA) operations. I proposed foreign leaks as potential evidence because NSA can legally spy on (and is encouraged to) any foreign country or citizen NSA thinks they need to know about. There are four or five countries that are off limits because they’re are partners in cr… err, intelligence… and we have a gentlemen’s agreement. 😉

So, before we go any further, you dropped comment about your beliefs on whether we should spy on allies. I mentioned we spy on allied, neutral, and enemy countries. I mentioned it’s legal. Aside from simply getting us ahead, the obvious motive, there’s a good reason our intelligence agencies spy on countries that call themselves allies or neutral: they pull stuff on us. The only way to know if they’re rigging a contract, aiding our opponents, or trying to steal our I.P. is to turn our intelligence agencies on them to some degree. If you want some background on this and which countries spy on us, here’s an excellent paper on economic intelligence gathering that gives plenty of data:

http://www.econ-jobs.com/research/31927-The-Silent-War-A-Case-for-Aggressive-Economic-Intelligence.doc

As you can see, we not only must worry about the Chinese or Russians. Our partners in Israel, France, Japan, South Korea, Taiwain, Germany and so on show up in cases of industrial or economic espionage against us. My favorite revelation was the time Mitsubishi got caught (by SIGINT) sending the highly classified and limited access President’s Daily Briefing to Japan. That they had it, who they were, and who was facilitating the transfer should be a nice reality check to many Americans about how our “partners” do things. There’s some flaws with the paper, like its bias, but it’s examples clearly illustrate that if we’re not watching the other countries we’ll merely be more clueless as to why we take huge economic hits due to their espionage activities.

So, whether people like it or not, it at least makes sense that there’s almost no restrictions on what our intelligence agencies can gather on foreign countries. They’re not supposed to use these capabilities for espionage on our side, as it’s illegal. They might anyway. Who knows. There haven’t been any real attempts to enforce strong restrictions on foreign collection because Congress knows we’re under constant attack and suffering massive losses. Our surveillance capabilities are mainly used in defense of our interests, with many victories coming from it. It’s why I say (a) it has little to do with terrorism and (b) it might be warranted while certainly being legal if overseas.

So, Snowden knows that all kinds of these countries are operating against us. So, we’re operating against them to find problems like I.P. theft or bribes. SIGINT or projects for that protect American interests. They’re also legal and the very mandate of organizations such as NSA. If Snowden leaks these, he would certainly be causing damage to our country in lost intelligence capability, economic activity, and possibly diplomatic goodwill (read: don’t get caught). That would qualify him as a traitor in intelligence circles as whistleblowers inform on stuff that’s illegal, potentially damaging to U.S. citicizens, etc. This is why Binney warned him in several interviews to stay away from the foreign stuff as it was moving from whistleblowing to being a traitor. In another interview, he flat said he should be (imprisoned?). I can’t recall the last part, but remember the look on interviewers face hearing the severe tone and words.

So, I said the Chinese example isn’t great because of the uncertainties. What can we use? Well, a simple method is to go through a list of Snowden leaks and simply note which were about foreign operations or capabilities supporting them. We can call any that must be leaked to inform on domestic collection a grey area, ignoring them for the time being. That leaves any that are straight up about what NSA or our partners are doing in other countries. So, let’s try a quick run of it with the link below that I use to bring people up to speed on the situation (with an emotionally overwhelming side effect):

http://www.tedgioia.com/nsa_facts.html

Looking at this list, only going by headlines (a handicap for me), I see these cases of foreign operations being revealed: bugging United Nations; Al Jazeera; collection in India; Mexican president; French phone records; German Chancellor among others there; 35 world leaders’ calls; calls in Spain; Vatican; OPEC; malware on foreign networks; spying on 60 countries; 122 world leaders. Bahamas. I’d like to note that half of what’s on this list are in countries that spy on us or have quite a bit of corruption along with serious economic effect. It actually makes sense we’d be using intelligence agencies there. Others are more due to the “Collect it All” mentality, but still legal and possibly beneficial.

So, Snowden did (and should’ve have) released plenty of material on the page as it’s damning information on the NSA’s activities in the U.S. Yet, the other stuff has no whistleblower purpose as it’s common internationally, legal here, and benefits us. That he released that stuff means he did in fact harm us and potentially blow operations. The U.S. has already seen a ton of lost sales, faced tough political fallout, etc. It might have happened if Snowden only leaked the domestic stuff. Yet, it certainly happened when Snowden leaked the foreign stuff. For that, Binney and others might be right to call him a traitor for that reason. But, I think it’s more fair to say he’s both a whistleblower who supported our democracy with leaks and a bit of a traitor who did damage to foreign operations with other leaks.

re Snowden’s escape and Russian angle

There’s definitely Russian activity going on here. Matter of fact, government sources say they have more spies here now than they did during the Cold War. They’re pretty clever, too. You’re points about fake documents, 2nd/3rd generation, etc are valid. Snowden could be working with, for, or even developed by Russian intelligence. Yet, you could say all kinds of things like that about all kinds of people. The mind can worry and find possibilities all day long. Meanwhile, I’m sticking with what we know which is U.S. got him stuck there and he has Russian support. Knowing the Russians, the one concern that’s justified is that Snowden gave them information. He says he doesn’t have the leaks, yet he has a memory and knows which non-OPSEC-having organizations he shared them with. Either way, he could be useful to the Russians.

Btw, Snowden’s girlfriend was a stripper. Videos and pics here. That caught my attention early on in the leaks but not for the reasons it excited everyone else. 😉 If someone was trying to work (or work with) Snowden, that’s one of the main types of women they’d use. So, I’ll say that much and add I have no reason to even think past that as it’s speculation. I stick with the data I have which so far says she just got caught up in it, he did it for the reasons he said, he might be a traitor due to foreign leaks, and he might have talked to the Russian while on their turf. The latter because let’s be real: people don’t tell this individual to f*** off, esp if they’re depending on him.

All I’ll say for tonight on this.

Nick P • July 12, 2014 4:10 PM

@ AnonymousBloke

“Which American company should the American government prefer in such negotiations? What guarantee is there that they would not prefer one American company over another? What if an American company was not in favor with the current administration? What if someone in the American intelligence agency with such data decided to use that data for money or influence on that corporation? After all, for instance, ‘how to get a company to allow you to put spy instruments in their product and get assurance they won’t tell anyone’? Maybe utilizing their intelligence agency for that company would be leverage there?”

Questions like these bring us to the reality of things. The reality is that there are no real rules other than basic human nature: cooperation and/or competition whose morals vary person to person, group to group, and where things can change in an instant. The international scene is much like that except all the countries are primarily looking out for their interests, more are looking at dollar signs all the time, and the many dependencies they have on each other means getting caught cheating doesn’t totally out them.

I’ve always been an opponent of pure capitalism. The reason is that its moral calculus is do whatever you can get away with to make the numbers go up. That naturally leads to all sorts of problems. Most people running intelligence agencies, large asset management firms, and the countries themselves are selfishly motivated. The asset firms control $20+ trillion worth of activity in several continents and have leverage on politicians in each country. So, the gist of this is that rules develop to keep benefits up and risk down for all involved. Yet, the morality of it all dictates one still tries to cheat if they can get away with it. That’s the game almost all of them are playing.

That we have 5 big time partners in crime and SIGINT support from many nations crying foul over spying says plenty. They were all involved in spying and schemes to some degree. So what are they saying? The U.S. is bad because it did more? That’s laughable because if spying for selfish gain is OK in principle, even common for nations, then doing a lot of it is smart rather than immoral. Germany, for instance, has a very scheming intelligence service (BND), a huge export market (including deals with us), and two huge capitalists firms with plenty of impact on us. With spying being OK by default, our capitalism-loving and world-policing government is surely going to look at them closely.

So, what comes of all this? Well, like I said, the heads of government and capitalists realize that things getting out of control isn’t good for them. So, they do support rules, limits, etc. Most of the spying by Five Eyes is to get leverage in politics and enforce the rules on other countries in economic espionage area. I’ve rarely seen us doing industrial espionage as U.S. has so much I.P. and state secrets it’s usually the target. The U.S. also has many ways to get a country to do what it wants without spies. So, the spying we’re doing is more about defense of the international system we want than on advancing any specific company. You could say the U.S. just like to control how the world works as it benefits them better that way. 😉

“It is one thing for American companies to worry about independent hackers, or at worst, loosely organized “organized crime”. It is a total different animal to have to worry about “state sponsored attacks”.”

My point is that they do have to worry about this no matter what. I can’t remember if it’s in the document I gave you but an intelligence head once bragged that selling the I.P. they stole paid for their entire intelligence agency’s operations. There’s also plenty that have pointed out it’s cheaper to steal I.P. than invent it. So, many important countries (or at least their businessmen) are focused on getting ahead by any means that doesn’t land them in jail. Espionage is a good strategy there for companies that can afford to pull it off and manage the risk.

So, we can outlaw it, condemn it, talk about how unfair it is, and yet they all keep doing it. And our dependencies and desire for their markets mean we can’t just pack our bags. So, we have to defend against it, try to spot what they’re doing, and/or use our services to get leverage on them. It’s a terrible game. Yet, it’s apparently been this way since Sun Tzu wrote The Art of War where he promoted spies as key to prosperity and victory. You also see it in Greek writings, the Bible, and so on. It’s just how the world works.

How would we stop it, though? You can’t. The ones doing it are richer, the tech they’re using keeps getting better, and those producing the tech you want to use have incentives to cooperate with spies. Not to mention security in technology and people are both hard in general. However, a good start is for countries that are hard to pressure to pass strong data protection and privacy laws with financial incentives to encourage use of secure/private by default, end to end protected, computer systems. Businesses would also have to meet certain security requirements with regular audits. This combination might make things harder for snooping countries. Switzerland is our precedent here at least how they’ve handled banking.

“As far as I know, it is China primarily engaging in economic espionage. Not every country on the planet.”

There’s at least 23 countries doing it most reports say. Many of them are huge political and economic “allies.” The leaked U.K. MOD security manual said the top three threats were China, Russia, and Israel in that order. They’re in our threat matrix along with Japan, France, South Korea, the list goes on. There’s a lot of it. I think it’s ridiculous but it’s how a lot of these countries got to be the powerhouses they are in certain industries. And China’s, btw, is military and economic. Their new stealth fighter, for instance, probably came from secrets their infiltrators took from our programs. Why spend tens of billions developing one when you can spend millions to own the developers or their work? 😉

re aiding our opponents

Under capitalist doctrine, our opponents are everyone far as economics are concerned. The U.S. has to be No 1 and that spot has competition. There’s also the views of anyone who is a violent threat to us, anyone who threatens stability, anyone who might deny us a key resource, and so on. The point is established laws, precedents, previous decisions by the public, and SIGINT allow us to leverage intelligence to protect our interests everywhere. Snowden blows any of this, he’s (a) not revealing anything illegal, (b) not revealing what most of America opposes as they like being on top, and (c) possibly causing us economic or diplomatic harm because “do it and don’t get caught.” He did cause that harm with the foreign leaks so he’s guilty on those charges is my theory.

If one wants, the route to ending such imperialists crap is to campaign Congress and the voters to change our laws & policies. There’s plenty of people, even some in Congress, involved in such movements. They’ve gotten nowhere with voters or Congress at large. Shows you where majority stands on that sort of thing. I’m opposed to the status quo like Snowden was but that doesn’t mean I’d leak those operations. It would be obvious nobody would consider that whistleblowing unless the foreign operations were inconsistent with our law or how America does things. They’re not: they’re business as usual. (sighs)

re stealing I.P.

The U.S. government isn’t required to protect [unclassified] I.P. that I’m aware of. The only protections they do are legal: copyrights, trade secrets, patents, and so on. The owners themselves must guard their secrets, sue for violations, and so on. Other countries have different interpretations of I.P. law, which can be a factor. Most of these companies don’t do real security because it costs money. And now we’re back to how only caring about numbers going up in short term causes many of our problems [in U.S.].

The government themselves did try to take action on INFOSEC in the 80’s and 90’s. The NSA was lead evaluator. A combination of military, academia, and private parties contributed to standards that at the time could produce very secure systems. Purchasing policy dictacted only high security devices for critical operations, so the marketplace was incentivized to produce those. Then, the government started producing their own products and allowing less secure products for all their nifty features. The combo killed the high assurance market. (best account) Some speculate NSA did it on purpose as nearly unhackable endpoints and networks aren’t great for their SIGINT mission. Yet, I give all involved credit for having actually done what needed to be done back then and in recent debates I use this as ammo against NSA’s bogus, self-serving proposals for “protecting” our information systems.

In short, it’s been done right before but all involved don’t want the tradeoffs for different reasons. It’s too ugly, it costs too much, it’s a burden to use, it undermines TLA efforts, and so on. Apparently, their classified or confidental information isn’t worth the trouble. (!)

re Russian spies

It might have been a Russian that said the spying paid for the intelligence service. In any case, they’re very good at it and can be quite patient. I don’t put anything past them.

re “to finish this off”

I agree that it’s all bad for us in the long term. Just remember that our system is a plutonomy that allow a rich, powerful few to benefit at the expense of everyone else. Using TLA’s to enforce their system is their form of security: it protects them against all kinds of risks and helps them see others coming. That’s the real reason all this is going on. Almost every issue you mention can be reduced to the activities of the transnational capitalist class. I’m as impressed as disgusted by it as I can barely get how we’ve lasted this long and new doom is always on the way. The Big Crash will happen one day, though. It’s inevitable as this model is not sustainable. The only cure is people in each country to take action, change the incentives, and force accountability one way or another.

Nick P • July 13, 2014 9:27 AM

@ Steeeve

Glad you liked it. Far as technical detail, they were built to the Orange Book specifications so you just have to look up Orange Book A1 class. I have a link to GNTP/GEMSOS (and others) in this post of anti-NSA tech. That one is the evaluation report which includes design details and more. What’s not in my links is they built terminals, VPN’s, guards, and even databases on it. Currently, Aesec is marketing it for secure separation of Citrix remote desktops as well.

@ Wael, Clive

The intelligence was cooked. Many people even left the Pentagon around that time saying as much. Key people in that administration wanted to hit Iraq and Afghanistan before 9/11, then just BS’d their way into what they wanted when America wasn’t asking questions. One example was them having analysts take bullet points about WMD’s off documents from the 80’s, “integrate” them into modern summaries, and present it with modern date on it. The fuzzy black and white satellite photos from high-res, color satellites were also interesting.

The whole thing was staged. Propoganda, bad intelligence, and false flags are the three main ways to cause unnecessary wars. At least two were provably used here.