June 11, 2013

Snowden's NSA Truths, Untruths, and Where We Go from Here

As the NSA/Snowden situation gradually comes into sharper focus (though not Snowden himself, who is apparently on the run after exiting his luxury hotel in Hong Kong) we are faced with an interesting dilemma.

Some of what he has claimed is clearly true and has been acknowledged. Some of what he claims is obviously false. And various aspects of his claims (or at least how his claims have been interpreted) are logically false.

There is a lingering sense that he may have grabbed and released some materials without necessarily ever having been "read into" all of the associated programs or understanding them in context.

We know his stated, altruistic motives. There also seems a bit of "martyr complex" in his behavior, but psychology isn't my specialty.

Nor am I in the "revenge, retribution, and punishment" department -- our public officials seem to have those aspects well in hand with rather bloodthirsty calls for him to be publicly drawn and quartered even before a full investigation and trial.

In the Snowden "true column" so far, we have the telephone metadata collection programs, which authorities have now admitted have been long in place.

A Republican congressman who was a key author of the PATRIOT Act has been making a lot of hay over the last couple of days claiming that the program is an overreach of PATRIOT authorization.

It likely was not -- and he knows it. Such abominations in PATRIOT have been loudly protested by civil liberties groups at every opportunity. The congressman knew full well what he was authorizing. Known informally as "Mr. Impeachment," he was already calling for Obama's impeachment before any of these current NSA stories, and was a key force in pushing through Clinton's impeachment years ago. Now that he sees a political opportunity to try distance himself from the legislative monster he created, he's trying to change history. It won't work.

Odds are that courts will find that the appropriate notifications were provided to the necessary legislators, and that the abuses of privacy represented by the NSA telco metadata program will be found to be legal.

In the Snowden "logically false category" to date, we have the claims (or interpretations by media and others) that the major Internet companies have provided direct NSA access to Web company servers, allowing the intelligence community free reign to rummage through user data.

The firms have all categorically denied this, and it seems clear that the PRISM program in question is actually a FISA/NSL compliance mechanism, with all data demands individually vetted and then either accepted or challenged by the firms.

And then there's the "obviously false" category. Snowden claims that, "Any analyst at any time can target anyone ... I, sitting at my desk, certainly have the authorities to wiretap anyone -- from you or your accountant, to a federal judge, to even the President."

Even if a 29-year-old outside firm NSA contractor had the technical means to perform such actions on such a scale -- which seems unlikely in the extreme -- we know with absolute certainty that he would not have had the authority to do so. Period.

So on this point he is certainly outright lying, exaggerating, or is seriously misinformed. Take your pick.

What this all means for Snowden's overall credibility remains to be seen, but we can still draw some useful conclusions from the situation even now.

Some pundits have declared these events the "death knell" of cloud computing. This is not the case, though we can stipulate that government overuse of FISA/NSL authorizations appears to be a genuine problem.

Cloud resource systems provide so much value to users, in terms of capabilities and reliability among so many other factors, that it is impossible to contemplate most consumers moving forward with alternative models, especially considering the ever more demanding requirements for features, storage space, and other functionalities that consumers and businesses are demanding.

Having said that, I believe consideration should be given to providing cloud-based document and email systems the capability to provide at least limited locally-homed capabilities for special cases.

Various systems already come close to this. Gmail and Google Drive now provide excellent "offline" access capabilities, allowing creating, reading, replying, and otherwise manipulating materials without an Internet connection, using later connections to synchronize data automatically.

Perhaps an additional capability could be "local sync only" -- meaning that connections would only be used to sync the copies between local devices, but not leave copies on the central servers.

To be clear, I don't see such an capability as being practical for more than a limited subset of overall use cases. Perhaps some users would want to tag some specific documents, or correspondence with particular parties, for handling in this manner, with the understanding that they'd be giving up major capabilities for those items by not being able to work with them via the full-featured Web interfaces on central systems.

And I believe it would be entirely appropriate for services to set reasonable limits on the use of such "local" capabilities, at least for services being provided without fees.

But the cloud is crucial to our computing and communications futures, and ultimately our main goal in this context must be to bring our laws back into a real balance, where government secrecy isn't an ever expanding default condition, and civil liberties once again attain the stature of overriding importance that our Founding Fathers so earnestly intended.

As is so often the case, we must deal with these issues in both the technology and policy realms -- one or the other alone won't do, and the tasks involved will be anything but trivial, especially in the current political environment.

Still, the first step on this road is a realization of the scope involved, and in that respect Snowden's NSA saga -- even given the apparent melange of his various truths and non-truths -- has served a useful purpose.

Now the ball is in our corner, and there's hard work ahead.

Interesting times, indeed.


Posted by Lauren at June 11, 2013 09:10 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein