August 11, 2013

"How I Learned to Stop Worrying and Love the NSA"

Once upon a time, I knew a spy.

He died long ago, and honestly I don't even remember his name -- or at least the name by which I knew him.

He was about as much a polar opposite from James Bond as it would be possible to imagine. He was big and loud, rather vulgar, and frankly quite ugly. He had a loud, annoying laugh that made him an embarrassment to be with in a restaurant or other public places. You wouldn't want to even look at him twice -- which of course is exactly what you really want in a spy -- not the suave look of the fictional 007.

He was also one of the nicest and most fascinating people I've ever met.

By the time I knew him he was semi-retired. He was an agency operator -- exactly which agency never formally specified -- who had spent most of his professional career in Eastern Europe on one side or the other of the "iron curtain."

He lived in a big, ramshackle old house near downtown L.A., and I'd drive out there to help him with his latest toys, some early CP/M microcomputer systems.

I was deeply engaged in early UCLA ARPANET work back then, and he knew of my interests in what were -- for the time -- advanced communications networks, systems, and security.

He'd tell me stories.

Nonchalantly, seemingly carelessly -- but I knew all along that he chose every word with great care -- he'd speak of things that were simultaneously fascinating and often seemingly nonsensical, wondrous but exceedingly unlikely.

The mutual acquaintance who had introduced us had warned me about this.

"Assume that about half of what he tells you is false," I was told, "He does this to protect himself. But the more unlikely what he tells you might seem to be, the more likely it's actually accurate."

In subsequent years and decades, I found this advice to be true, as the once absurd nature of my friend's many statements often fell into place like pieces of a jigsaw puzzle, finally brought into focus by the march of world events and technology.

Back in those early days, NSA was still sort of half-heartedly pretending that it didn't even exist -- the "None Such Agency." Representatives would show up at conferences with name badges that only identified them as "Department of Defense" -- but we all knew who they really were.

This was already changing, however. A few years later, a pair of gentlemen openly identifying themselves as from NSA showed up suddenly at the UCLA ARPANET machine room asking for me by name. It turned out they wanted advice about some software I'd worked on previously and was still maintaining at the time -- but that's another story.

All of this is a rather long-winded way of noting that NSA -- in one form or another -- has been present (and more importantly, recognized as present) for a very long time, as have the parallel organizations in other countries both democratic and totalitarian.

And anyone who hasn't understood that these agencies around the world have made it their business to monitor communications have either not been paying attention or are purposely fooling themselves.

Governments' interests in keeping tabs on communications, especially international communications, predate the Internet, ARPANET, telegraphy, or any form of electronic communications, of course.

It seems safe to assume that as soon as man started passing messages back and forth, the "powers that be" were already finding ways to try monitor those communications, for motives good or ill -- or sometimes, both.

So it is unrealistic in the extreme to assume that governments today -- either of the Chinese or Putin's Russian variety where political blogging can get you thrown into prison, or the more democratic but still nosy versions of the West, are going to change their surveillance ways fundamentally, even if they claim such changes for public relations purposes. Calls for "defunding" of these agencies are fundamentally as unrealistic as the most violent and inane pronouncements of the "Flat Earth" Tea Party wackos.

The uncomfortable truth is that the differences between these various governments are much less in what they surveil in terms of communications, but rather in terms of what they actually do with that surveilled data.

We already know about Chinese and Russian prisons and work camps filled with political dissidents, everyone from bloggers to young women convicted of archaic "crimes" like blasphemy.

And here in the West, we can watch with some bemusement as countries like Great Britain and Germany point their fingers at the U.S. and NSA, while their own agencies' surveillance operations expand, arguably with even fewer legal constraints than here in the USA.

Six of one or half a dozen of another.

Which leaves us with quite a quandary.

Given that there are (as my friend the spy used to say) folks out there who really want to kill us (there are), but that we also desire reasonable privacy in our communications (we do), what are our practical next steps?

I believe there are several related paths, all of which should be explored simultaneously.

Transparency is crucial. It is not at all unreasonable to assert that NSA -- even given the now dissembling politicians behind PATRIOT, the Homeland Security Act, and other enabling legislation -- have by and large been operating with what they believe to be good motives, not conscious evil of any kind.

But government has strayed particularly into the dark side by attempting to block even basic information regarding the extent and scope of authorized surveillance programs, and by making it difficult or impossible for Internet firms -- falsely accused of extensive complicity -- to appropriately defend themselves with at least aggregate reporting data. There is a notable dichotomy between Internet firms such as Google, Twitter, Yahoo, and Microsoft who have been loudly protesting this situation, and the relative silence from entrenched "Big Telecom" as represented by the traditional phone companies and dominant ISPs.

Opportunistic communications encryption should be encouraged whenever possible. Not that it will likely stop determined government interests in accessing the underlying information on a targeted basis if they really want to, but because it may help -- by invoking time and expense constraints -- to discourage large-scale snooping where justifiably focused targeting is not actually present.

And finally, we come to "trust" -- an old-fashioned word these days, it seems.

We can drive ourselves into delirium imagining what might happen in theory, but in practice unless you're going to live alone in a cave, trust is a foundational requirement for human life.

This is one reason why contamination of foreign intelligence data with domestic communications is particularly problematic.

It's one thing for agencies to insist that "minimization" procedures are employed to expunge domestic data inappropriately collected in the course of foreign-targeted surveillance. But when such data finds its way, for example, into the genesis of domestic Drug Enforcement Administration cases, triggering retroactive attempts to cover the associated sources with "parallel reconstruction" techniques -- even if legal -- serious concerns are immediately raised, for this is a fundamental violation of trust regarding how such data is to be appropriately used.

Ironically, for all our discussions and handwringing about communications surveillance in general around the world, we end up pretty much with the same concepts we had at the beginning.

At least in our ostensible democracies, we must appropriately depend upon our elected representatives to deal with us honestly, and to both set and enforce the parameters under which national security operations relate, focus, or otherwise impinge on both foreign and domestic concerns. Ultimately it is we, via our politicians, who are the ones that control -- and fund -- the surveillance agencies themselves, around the world in whatever democratic countries.

These agencies are instruments of our own creation, and are largely staffed with dedicated workers who believe in their missions and are attempting to fulfill them as our elected representatives instruct and demand.

If we are unhappy or dissatisfied with the ways that these agencies perform, or the manners in which the data they generate is used, the fault goes directly back to those politicians and the people who elected them -- you and me.

To paraphrase a popular saying, "There's no free lunch in democracy."

I'm pretty sure my old friend the spy would have agreed with that.


Posted by Lauren at August 11, 2013 10:29 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein