August 20, 2013

Why "NSA Fearmongers" Are More Damaging to Free Speech than Is NSA

If you've been reading my missives for any period of time, you've probably discerned by personal viewpoint that for virtually any controversial topic, the reality exists somewhere in the center area, and not against the pegs at either end of the meter scale.

Unfortunately, our culture these days -- especially in the political arena -- has become all about extremes.

Either you're with us, or you're the enemy! Compromise is caving! My way or the highway!

Complicating matters even more, we tend to congregate increasingly with persons who already share our established points of view (either in person or online), and gravitate toward opinionated news sources that will further reinforce our existing positions.

This is the essence of "echo chamber" effects we've frequently discussed. Another analogy is a loud public address system "feedback" squeal, as noise feeds on itself through continuing cycles of uncontrolled amplification.

The current controversies over NSA programs are perhaps quintessential examples of how this all works in practice.

There are many players, and many motives.

We can definitely stipulate that oversight of NSA programs and essential associated transparency with the public has become weak and sloppy -- and is now creating collateral damage that is intolerable.

We can also probably agree that some associated NSA programs -- though likely still legal in a formal sense -- have drifted beyond an acceptable scope -- especially of concern given the oversight and transparency problems.

Reported "leakage" of foreign intelligence data to domestic agencies such as the Drug Enforcement Agency (and use by these agencies of "parallel reconstruction" techniques to obscure the original triggers for investigations) are especially worrisome, since they violate the basic premises of compartmentalization through which we draw the line between foreign and domestic intelligence operations and resulting data.

Still, there is little fundamentally new in the "revelations" we've seen that was not obvious or anticipated by followers of Congressional legislation passed in a rush after 9/11, such as PATRIOT and the Homeland Security Act. Many of us warned at the time what sorts of programs were being authorized, but we were ignored and chastised.

But for all the information we've seen about NSA to date, there is zero evidence of actual evil intent to be found -- in stark distinction to the manner in which various foreign intelligence agencies operate vast, oppressive, specifically domestic censorship and surveillance regimes -- with China and Russia being two obvious examples.

Unfortunately, many breathless observers of the NSA situation have little knowledge of (or perhaps little real interest in) how other countries operate. But in a tightly interconnected world, we cannot view NSA or other U.S. agencies in isolation -- not safely or realistically anyway.

This is true even if we ignore for now some of the "peg-huggers" at the extreme edges of the debate.

This includes most of the GOP politicos who suddenly seem to have gotten "privacy religion" -- even though they loudly supported these programs in the past and actively criticized anyone who spoke against them. We can safely relegate these members of the Grand Old Party (and indeed, some Democrats as well) to the dissembling political opportunism category. For the GOP, anything Obama did is poison and a path toward implementation of their "go to hell ordinary people" political agendas -- even if they lauded the same intelligence activities under Republican presidents.

The "let the people fend for themselves and rot" contingent that makes up a part of the "Libertarian" movement also falls into this category. They just hate government of all kinds, and NSA makes a convenient target. In their fantasies, they'll be out there shooting at the aftermath of dirty bombs and terrorist nukes with their handguns and assault rifles.

And of course there's also the contingent of well-meaning souls who just fervently believe that spying is wrong, and that if somehow the NSA could just be unilaterally defunded the rest of the world's spying agencies -- plus terrorists and their supporters -- would follow along in a glorious "kumbaya moment."

The facts are very different.

Foreign intelligence is gathered by countries all over the world -- it always has been -- long predating the development of electronic communications. Unilateral disarmament in such a context would be unthinkably irresponsible, especially since the raw truth is that there really are groups out there who want to kill us, there are plenty of fissile materials floating around for really nasty bombs, and while we may not like having to play spy for our own protection (I certainly don't) that desire doesn't change the actual threat profile by a single iota.

This is most certainly not to say that there isn't plenty of room for improvements in the ways that NSA operates. As noted, transparency and oversight is a mess, foreign-directed programs have been leaking into the domestic sphere, and in our toxic political environment this has encouraged the spread of shrill, false, and hyperbolic claims that are doing far more damage than anything actually being done by NSA.

False claims that the content of all phone calls and emails are being recorded, or the existence of "anytime, anywhere, anybody" instant wiretapping capability by low level administrative NSA workers, are but two examples.

Then we have the libelous, fallacious claims that major Internet firms are permitting free reign of their servers to NSA or other agency operatives -- false claims made all the more damaging by existing laws making it impossible for these firms to appropriately defend themselves against such allegations.

And the fallout from all this -- yes, triggered by NSA -- but now aided and abetted by the fearmongers, is a cascading effect of persons who have been unrealistically terrified into closing important sites and otherwise attempting to withdraw into the cave.

For some of the fearmongers this sort of anti-Internet response has been part of their agendas all along, often entwined with broader anti-government sentiments.

For others, it's a lack of proportionality, or lack of understanding of how tyrannical regimes actually operate (hint, I couldn't be openly blogging in any of them).

And for many of the fearful, it's a lack of technical knowledge crucial to separating the wheat from the chaff intrinsic to these discussions and accusations.

In the final analysis of course, we all gotta do what we gotta do. The range of circumstances that individuals face in these contexts will cover the gamut from absolutely justifiable concerns to utterly fantastical paranoia.

But my sense right now is that we're seeing a great deal of "knee-jerk self-censorship" that may seem appropriate if you buy into everything the fearmongers are claiming -- but is likely much less sensible in the light of actual realities.

The echo chamber, feedback effect can exert a very powerful emotional pull on all of us. So it might behoove us all to spend a bit more time pondering how much of what we're seeing amid the NSA furor is likely to be hard reality, and how much is significantly more likely to be the result of hoopla, hype, and hyperbole.

An individual decision to be sure, but an immensely important one, especially since if there's one thing that history teaches us so clearly, it's that fear and withdrawal inevitably lead to darkness, not to sunlight.


Posted by Lauren at 10:23 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 17, 2013

Microsoft's Bizarre Anti-Google "Scroogled" Campaign Jumps the Shark -- Again!

I know some great people up at Microsoft, including top-notch software engineers. And these days -- more and more -- I find myself feeling sorry for them.

I don't believe it's my place to ask them how embarrassed and humiliated they've become working for a once great firm that increasingly is sinking to tactics that one would ordinarily associate with Tea Party wacko campaigns.

Yet, Microsoft's increasingly bizarre, anti-Google "Scroogled" campaign is doing exactly that, and while we thought Microsoft had "jumped the shark" in the past, their new chapter is even more strange and inexplicable. In fact, when I mentioned this to a few people this morning, I got responses back suggesting that perhaps the new campaign hadn't really been approved, or that the site had been hacked. One person told me they did a WHOIS lookup just to verify that it really was a Microsoft site at all (it is).

I'm not going to provide any link juice to Scroogled in this posting, but the gist of Microsoft's latest weird assertions is clear enough.

Microsoft is attempting to make a "Google is evil" argument by suggesting that Google is purposely trying to confuse Gmail users into not knowing the difference between legit email and advertising.

And if you merely look at the home page for this new campaign (which has a key contextual label obscured!) or watch the associated scary sounding video (which has that same key contextual label blurred!) you might actually fall for Microsoft's misdirection.

But if you dig a little deeper, you discover that -- as has become the modus operandi for Microsoft these days -- the real story is nothing like what Microsoft claims.

Yes, Google has a Gmail ad style that delivers in the format of an email message within Gmail. But there are two crucial reasons why it's virtually impossible for anyone to confuse these ads with normal non-advertising mail.

First, the ad messages are clearly and uniquely labeled as ... ads! Not only that, the labeling is in a format that is different from that used for any other email you receive via Gmail.

But as if that weren't enough, these ad messages don't appear in your primary inbox tab as implied by Microsoft, but in the new Gmail "Promotions" tab (that's the label I noted as being covered or blurred in the two instances mentioned above).

The Promotions tab is specifically where Gmail attempts to sort emailed promotions, ads, and related materials that aren't categorized as spam.

So, quite literally, Microsoft is complaining that Gmail is labeling its ads as ads, and placing them in a Gmail tab specifically designated for ads, separate from all your other email.

Perhaps this might confuse a completely inebriated Homer Simpson, but it's hard to see how anyone else could possibly confuse such ads with the rest of their email in the manner that Microsoft's Scroogled campaign is breathlessly claiming.

If Microsoft is planning to keep repeatedly jumping the shark with this kind of pathetic, misleading material, they might wish to consider opening up a marine research facility and giving up on computers entirely.

On the other hand, then we'd have to worry about Microsoft posting exaggerated and misleading (wait for it ...) "fish stories."

(Disclaimer: I'm an occasional consultant to Google. My postings would be exactly the same if I weren't.)

Posted by Lauren at 02:27 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 14, 2013

False Attack on Google Highlights the Web's "Idiot Echo Chamber"

There was (I like believe) a time when supposedly reputable news-oriented organizations made the effort to try independently verify "news" -- at least to the extent of verifying easily available materials -- before writing about or republishing items likely to inflame passions and falsely damage reputations.

Unfortunately, it seems that on the Web these days, if you figure you can capture some quick eyeballs and their connected clicks, accuracy is the least of your concerns.

This state of affairs creates what I've been calling the "idiot echo chamber" -- as usually idiotic accusations spurt out from a single source and then echo around the Net as purported facts -- when in reality they're nothing of the kind.

We've just been treated to another vivid example of this, courtesy (initially) of reliably Google-hating "Consumer Watchdog" and Putin's propaganda channel "Russia Today (RT)."

This sorry sequence began when Consumer Watchdog breathlessly proclaimed that Google had been caught in a legal brief proclaiming that "Gmail users have no expectation of privacy." RT picked up the story, and sites that we normally would consider to be reasonably reputable started echoing it without further investigation, playing on the current climate of government surveillance furor (and in many cases, related hyperbolic and unjustified paranoia).

Unfortunately for the fearmongers, there was a problem.

The specific quote and associated legal discussion didn't actually relate to Gmail users at all, and had been taken obviously and utterly out of context.

In fact, the language in question related specifically to third-parties sending email to Gmail users, not to Gmail users themselves.

We all know (or should know) that when you send email to someone, that someone normally has the right to process and use that email as they see fit. If you send email to a Gmail user, or a user of any other email system, that email becomes subject to that system's facilities for spam and phishing scanning, sorting, searching, saving, forwarding, redistribution, and all manner of other operations of the addressee's chosen email environment.

All Google was saying (in this ridiculous case where plaintiffs are insanely arguing that a Gmail user receiving email from a non-Gmail user shouldn't be able to use the full scope of Gmail functions), is that in normal cases the sender of email doesn't get to dictate what the receiving email system (and receiving user) does with it.

Any other interpretation would be both disingenuous and in any practical sense utterly ludicrous.

If news sites had bothered to take a few minutes to inspect the actual court filing (widely available online), they should have immediately noticed that the section of the filing containing the supposedly controversial statement specifically related to non-Gmail users' expectations, and so in reality wasn't a controversial statement at all -- simply common sense and widely accepted practice.

I don't really expect any better from Consumer Watchdog or Putin's RT. But it seems reasonable to at least hope for more sense from mainstream news and other websites who portray themselves as accurate sources of information.

Here's some free advice for those latter sites. The next time you see a story on your screen -- regarding any topic -- that seems so outrageously controversial that you just know it will attract viewers like flies to honey no matter how inaccurate it is, please consider doing yourselves and your audiences a favor -- and spend a bit of time thinking about whether or not the story really makes any sense -- and then try to do at least a modicum of investigation and confirmation before dumping it onto your own websites.

Yes, you may give up some clicks in the short run, but at least you won't keep renewing your starring roles in the "idiot echo chamber" deluxe.

(Disclaimer: I'm an occasional consultant to Google. My postings would be exactly the same if I weren't.)

Posted by Lauren at 01:57 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

August 11, 2013

"How I Learned to Stop Worrying and Love the NSA"

Once upon a time, I knew a spy.

He died long ago, and honestly I don't even remember his name -- or at least the name by which I knew him.

He was about as much a polar opposite from James Bond as it would be possible to imagine. He was big and loud, rather vulgar, and frankly quite ugly. He had a loud, annoying laugh that made him an embarrassment to be with in a restaurant or other public places. You wouldn't want to even look at him twice -- which of course is exactly what you really want in a spy -- not the suave look of the fictional 007.

He was also one of the nicest and most fascinating people I've ever met.

By the time I knew him he was semi-retired. He was an agency operator -- exactly which agency never formally specified -- who had spent most of his professional career in Eastern Europe on one side or the other of the "iron curtain."

He lived in a big, ramshackle old house near downtown L.A., and I'd drive out there to help him with his latest toys, some early CP/M microcomputer systems.

I was deeply engaged in early UCLA ARPANET work back then, and he knew of my interests in what were -- for the time -- advanced communications networks, systems, and security.

He'd tell me stories.

Nonchalantly, seemingly carelessly -- but I knew all along that he chose every word with great care -- he'd speak of things that were simultaneously fascinating and often seemingly nonsensical, wondrous but exceedingly unlikely.

The mutual acquaintance who had introduced us had warned me about this.

"Assume that about half of what he tells you is false," I was told, "He does this to protect himself. But the more unlikely what he tells you might seem to be, the more likely it's actually accurate."

In subsequent years and decades, I found this advice to be true, as the once absurd nature of my friend's many statements often fell into place like pieces of a jigsaw puzzle, finally brought into focus by the march of world events and technology.

Back in those early days, NSA was still sort of half-heartedly pretending that it didn't even exist -- the "None Such Agency." Representatives would show up at conferences with name badges that only identified them as "Department of Defense" -- but we all knew who they really were.

This was already changing, however. A few years later, a pair of gentlemen openly identifying themselves as from NSA showed up suddenly at the UCLA ARPANET machine room asking for me by name. It turned out they wanted advice about some software I'd worked on previously and was still maintaining at the time -- but that's another story.

All of this is a rather long-winded way of noting that NSA -- in one form or another -- has been present (and more importantly, recognized as present) for a very long time, as have the parallel organizations in other countries both democratic and totalitarian.

And anyone who hasn't understood that these agencies around the world have made it their business to monitor communications have either not been paying attention or are purposely fooling themselves.

Governments' interests in keeping tabs on communications, especially international communications, predate the Internet, ARPANET, telegraphy, or any form of electronic communications, of course.

It seems safe to assume that as soon as man started passing messages back and forth, the "powers that be" were already finding ways to try monitor those communications, for motives good or ill -- or sometimes, both.

So it is unrealistic in the extreme to assume that governments today -- either of the Chinese or Putin's Russian variety where political blogging can get you thrown into prison, or the more democratic but still nosy versions of the West, are going to change their surveillance ways fundamentally, even if they claim such changes for public relations purposes. Calls for "defunding" of these agencies are fundamentally as unrealistic as the most violent and inane pronouncements of the "Flat Earth" Tea Party wackos.

The uncomfortable truth is that the differences between these various governments are much less in what they surveil in terms of communications, but rather in terms of what they actually do with that surveilled data.

We already know about Chinese and Russian prisons and work camps filled with political dissidents, everyone from bloggers to young women convicted of archaic "crimes" like blasphemy.

And here in the West, we can watch with some bemusement as countries like Great Britain and Germany point their fingers at the U.S. and NSA, while their own agencies' surveillance operations expand, arguably with even fewer legal constraints than here in the USA.

Six of one or half a dozen of another.

Which leaves us with quite a quandary.

Given that there are (as my friend the spy used to say) folks out there who really want to kill us (there are), but that we also desire reasonable privacy in our communications (we do), what are our practical next steps?

I believe there are several related paths, all of which should be explored simultaneously.

Transparency is crucial. It is not at all unreasonable to assert that NSA -- even given the now dissembling politicians behind PATRIOT, the Homeland Security Act, and other enabling legislation -- have by and large been operating with what they believe to be good motives, not conscious evil of any kind.

But government has strayed particularly into the dark side by attempting to block even basic information regarding the extent and scope of authorized surveillance programs, and by making it difficult or impossible for Internet firms -- falsely accused of extensive complicity -- to appropriately defend themselves with at least aggregate reporting data. There is a notable dichotomy between Internet firms such as Google, Twitter, Yahoo, and Microsoft who have been loudly protesting this situation, and the relative silence from entrenched "Big Telecom" as represented by the traditional phone companies and dominant ISPs.

Opportunistic communications encryption should be encouraged whenever possible. Not that it will likely stop determined government interests in accessing the underlying information on a targeted basis if they really want to, but because it may help -- by invoking time and expense constraints -- to discourage large-scale snooping where justifiably focused targeting is not actually present.

And finally, we come to "trust" -- an old-fashioned word these days, it seems.

We can drive ourselves into delirium imagining what might happen in theory, but in practice unless you're going to live alone in a cave, trust is a foundational requirement for human life.

This is one reason why contamination of foreign intelligence data with domestic communications is particularly problematic.

It's one thing for agencies to insist that "minimization" procedures are employed to expunge domestic data inappropriately collected in the course of foreign-targeted surveillance. But when such data finds its way, for example, into the genesis of domestic Drug Enforcement Administration cases, triggering retroactive attempts to cover the associated sources with "parallel reconstruction" techniques -- even if legal -- serious concerns are immediately raised, for this is a fundamental violation of trust regarding how such data is to be appropriately used.

Ironically, for all our discussions and handwringing about communications surveillance in general around the world, we end up pretty much with the same concepts we had at the beginning.

At least in our ostensible democracies, we must appropriately depend upon our elected representatives to deal with us honestly, and to both set and enforce the parameters under which national security operations relate, focus, or otherwise impinge on both foreign and domestic concerns. Ultimately it is we, via our politicians, who are the ones that control -- and fund -- the surveillance agencies themselves, around the world in whatever democratic countries.

These agencies are instruments of our own creation, and are largely staffed with dedicated workers who believe in their missions and are attempting to fulfill them as our elected representatives instruct and demand.

If we are unhappy or dissatisfied with the ways that these agencies perform, or the manners in which the data they generate is used, the fault goes directly back to those politicians and the people who elected them -- you and me.

To paraphrase a popular saying, "There's no free lunch in democracy."

I'm pretty sure my old friend the spy would have agreed with that.


Posted by Lauren at 10:29 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein