December 29, 2013

Unintended Consequences: How NSA Revelations May Lead to Even More Surveillance

Itís oh so traditional to make end of year predictions, and never let it be said that I donít have at least some respect for some traditions, and least some of the time. And if thereís any topic in the spotlight for predictions at this juncture, itís gotta be where the continuing bouncing bounty of leaked NSA documents is leading us.

This is a controversial topic, to be sure. When I recently mentioned my plans for this essay to a prominent Internet activist who has been quite vocal about these issues, they urged me not to make these predictions at all -- suggesting that they wouldnít be helpful.

But Iím very much a member of the "actions have consequences" school of analysis, and I strongly feel that we need to be looking beyond the headlines, tweets, and clicks, to what the likely real world results from this maelstrom might actually be.

Before we gaze into the somewhat cloudy crystal ball or stir the pungent tea leaves, a few preliminary stipulations seem in order.

First, this is a discussion of what I feel are strong probabilities of what is likely to happen -- not that they are certain to occur, of course. And the fact of these predictions doesnít mean that you -- or I -- are going to be happy about these outcomes if they should actually occur. I know I wonít take any joy from them at all.

Of course itís impossible to proceed without at least mentioning whistleblower/leaker (pick one or both) Edward Snowden, though I agree with those who note that this story of global surveillance shouldnít be about him. Personally, I see no reason to believe that he had anything but good intentions by his own reckoning, though his modus operandi, combined with a significant degree of likely naivete, have led both he and the rest of us off in directions that he perhaps did not and has not fully anticipated. Time will tell.

Ironically for longtime observers of NSA and other intelligence agencies, and those of us who warned early about the abuses being ensconced in the PATRIOT and Homeland Security Acts -- and were accused of being unpatriotic in return -- scarcely little in the "revelations" to date are a real surprise at all. Nor are reports of intelligence agencies weakening encryption systems anything new -- concerns about NSA influence over the Data Encryption Standard (DES), reach back about four decades.

Perhaps the biggest genuine surprise has been NSAís shoddy security practices. But we can be sure that NSA and other agencies around the world are hard at work to try make sure there wonít be any more Snowdens. (Sidenote: An interesting question is whether or not there already have been the equivalent of Snowden in the scope of repressive, censoring and brutal domestic intelligence regimes such as those operated by Russia and China. One suspects that if such a person were discovered in such countries, theyíd be simply marched out, summarily shot through the head, and weíd never hear about them at all -- conveniently avoiding bad publicity of the sort now drowning NSA.)

Nor will I here address in detail the rising "witch hunt" atmosphere accusing both firms and individuals of complicity in NSA operations -- and demanding a range of immediate penalties -- while simultaneously refusing to accept the proposition that the accused (guilty or innocent) deserve due process and a chance to defend themselves -- whether or not such opportunities are legally mandated in any given case. "Guilt by association" and demanding "proof of negatives" are the practices of the dark side, not of enlightened critics of surveillance abuses.

Finally, thereís the elephant in the room. Everything weíre discussing, the millions of words and heartfelt arguments about surveillance and civil liberties, are likely to be entirely academic in the event of a significant new terrorist attack on U.S. soil. Even a "small" nuke or dirty bomb in a city center, even if relatively few people were killed and little significant damage done, would almost certainly create a headlong rush by politicians to flush our remaining civil liberties down the toilet so fast that weíd (to borrow a recurring sci-fi meme) soon be standing in line to be fitted with remote controlled, steel explosive pain collars.

- - -

When we look at the likely results from the controversies surrounding NSA and other intelligence agencies (beyond the economic benefits to the media sites who have been doling out various associated documents bit by bit for highest drama and maximal clicks), we can immediately divide the analysis into the two categories of foreign and domestic intelligence.

The analysis for the former -- foreign intelligence -- is remarkably simple. For all the handwringing and politically dissembling spin, donít expect any significant changes in the foreign intelligence realm anywhere in the world as a result of these controversies.

The reason is clear. Foreign surveillance ops -- conducted by essentially every country with the means and opportunity to do so -- are pervasive, and despite Snowden, still largely hidden from view. Since there are no effective international laws addressing this area (nor is it clear how there ever could be for secret programs!), there is simply no mechanism or path for significant reforms, whether visible or invisible, real or faked, truth or lies.

Foreign intelligence reaches back to the dawn of civilization, conducted globally everywhere, and long predates technologies like the Internet, telephone, and telegraph. The ancient Egyptians, Romans, and Greeks were masters of the art. No doubt it was well developed long before then, as clusters of early humans were concerned about what enemy (and ostensibly friendly) other clusters were up to.

Even more to the point, no countries will be amenable to unilaterally withdrawing in this sphere -- the perceived risks (both real and political) are simply too great. And itís almost impossible to postulate some sort of global multilateral agreement on reducing surveillance that could actually be proven and verified, pretty much by definition when it comes to secret programs.

What this ends up meaning is that in an international context especially, you really do want to encrypt your data links with the best encryption you can obtain or develop, just on general principles if nothing else. The goal here is to limit the scope of opportunistic, mass surveillance, not highly targeted surveillance. In practice, there are almost always ways to surveil specific targets, even if it involves a "black bag" job to install goodies on a targetís computer. Communications endpoints are especially vulnerable. Nor would it be prudent even to try stop all targeted surveillance. The sad fact of the world today is that there are genuinely evil people who specifically and deliberately want to kill civilians on a mass scale, and targeted surveillance can (and does) play an important role in stopping them.

But pervasive encryption can make mass surveillance -- which will virtually always mostly involve the communications of innocent parties -- so time consuming and expensive as to significantly limit its utility and practicability, and itís indeed mass surveillance where the most potential for abuses should indeed concern us.

- - -

Itís in the scope of domestic intelligence that we can see the most likelihood of change. Unfortunately, much smart money is now going on the bet that in the long run the result of all these revelations will actually be more domestic surveillance (under various changing names and labels) not less!

How could this be? How could this happen?

There are various clues from around the world.

For example, just weeks ago, and shortly after a high level French ex-intelligence official was quoted as saying essentially that "we donít resent NSA, we simply envy them!" France passed legislation legalizing a vast range of repressive domestic surveillance practices.

News stories immediately proclaimed this to be an enormous expansion of French spying. But observers in the know noted that in reality this kind of surveillance had been going on by the French government for a very long time -- the new legislation simply made it explicitly legal.

And therein is the key. Counterintuitively perhaps, once these programs are made visible they become vastly easier to expand under one justification or another, because you no longer have to worry so much about the very existence of the programs being exposed.

Here in the U.S., itís the NSA telephone "metadata" program that has received the most attention in the domestic context. And thereís yet another irony here -- this is the very same data that telephone companies have traditionally collected of their own volition since the dawn of itemized call billing. And while retention periods have varied widely (more on that in a bit) that data has long been considered to be the property of the telcos open for their commercial exploitation in various ways (at least until relatively recently, in some cases even available to third parties for marketing purposes).

The NSA metadata program has now been gathering conflicting court decisions, declaring it both legal and illegal, both an abomination and absolutely crucial. This strongly suggests that the Supreme Court will need to take on this issue.

But the landscape of the program is likely to change drastically before any such decision, and those persons placing their bets on the Supremes to strike down the program might be in for a disappointment. The court traditionally shows great deference to the executive branch on national security matters. Nor is the court likely to be enthusiastic at the prospect of being lambasted if they kill the program and then a subsequent terrorist attack is (rightly or wrongly) blamed on the absence of the program itself.

However, the justices stand a pretty good chance of not even having to deal with the program in its current form, because something actually worse, and even easier for them to justify, appears to be rolling into view as the tea leaves align.

The NSA metadata program has become the proverbial hot potato. And like a hot potato, itís unlikely to simply vanish. Rather, somebody is going to end up holding the smoldering spud.

Even before the recent NSA Commission report made its recommendations, it seemed clear that administration sentiment had shifted toward making this metadata the responsibility of the telephone and cable companies -- AT&T, Verizon, Comcast, Charter, Time Warner Cable and so on. The commission in fact also specifically recommended this -- or the use of some other "third party" organization for the purpose.

Notably, none of the major stakeholders seem to be seriously talking about no longer collecting the data at all.

This actually should not be surprising. As mentioned above, this is exactly the sort of data that has long been collected commercially anyway. And a key justification for the NSA program -- echoed by that very recent court decision -- is that (supposedly) we donít have an expectation of privacy for our call metadata being held in such commercial third party contexts.

So, the handwriting appears increasingly clear. Pressure will rise to move the responsibility for holding this data corpus from NSA per se, back to the carriers or perhaps some ersatz independent org, but the data will still be collected. And despite calls for more limited access by NSA and other agencies , one can safely assume that whatever access they say they really, truly need for national security, theyíre going to get -- one way or another. Thereís simply no obvious way that there will be a real return to any actual, meaningful, truly individualized search warrant requirement (no matter how any changes are ostensibly framed to the public).

Itís this focus on "privatizing" this kind of government mandated data collection that is of especial concern.

Because while the data retention policies of Big Telecom vary widely today both by company and across a range of services (telephone and text message metadata, text message content, and so on), we can bet our bottom dollars that any move toward privatization will come complete with mandated retention periods that in many cases will exceed the time that the data is retained today.

Even more importantly, these telecom companies will almost certainly be prohibited from deciding to hold the data for shorter periods, but likely will be permitted to hold it longer if they choose, still available pretty much on demand to the government.

The truth is that this sort of government mandated telecom data retention regime has long been the wet dream of government agencies in the U.S. and around the world -- a major push in this direction has been taking place in the EU for quite some time (despite the dissembling by Europeís leaders regarding surveillance -- the hypocrisy is palpable).

It is also not surprising that the thought of Big Telecom having control over even more of our data sends a cold chill down many observersí spines. Youíll recall these are the same firms arguing that they have a first amendment right to exploit, control, filter, and limit Internet data as they see fit (and may shortly have this anti-net-neutrality view confirmed by an upcoming court decision).

And unlike government agencies, which at least in theory are subject to significant regulation, Big Telecom has so far been pretty successful in arguing (in the face of a weak FCC) that they are the lords and masters of Internet access, beyond the reach of most meaningful regulations.

I donít know about you, but personally, Iíve never had any negative dealings with NSA. But Iíve been screwed over by AT&T and Verizon numerous times, as have millions of other customers and vast numbers of municipalities who have been subject to these firmsí manipulations and outright lies. To put it bluntly, and as painful as this is to say, many observers trust AT&T and Verizon far less even than NSA, and consider Big Telecom being the custodian of our data as an even more nightmarish outcome than the data being under government control, at least potentially more subject to oversight.

Of course, the best of all worlds would be not holding onto telco metadata in the first place. But if you really think thatís going to happen, Iíd like to talk to you about the potential purchase of a New York City bridge spanning the East River.

So please excuse me if I canít work up any enthusiasm for those firms or some "new third party" simply providing a new bucket into which the metadata will pour in droves.

But it gets worse.

Once these visible government mandated data retention programs are in place, the urge to expand them will be nearly irresistible.

Already, a prominent member of the NSA Commission has publicly suggested that such retention should expand to include email -- another item long on the various agenciesí wish lists around the world (again including in the EU).

And if Big Telecom goes along (whether enthusiastically or not, voluntarily or not), pressure for expanding government-ordered data retention mandates into other sectors and players also seems very likely in the long run.

- - -

This then may be the ultimate irony in this surveillance saga. Despite the current flood of protests, recriminations, and embarrassments -- and even a bit of legal jeopardy -- intelligence services around the world (including especially NSA) may come to find that Edward Snowdenís actions, by pushing into the sunlight the programs whose very existence had long been dim, dark, or denied -- may turn out over time to be the greatest boost to domestic surveillance since the invention of the transistor.

By creating pressures for a publicly acknowledged, commercially operated, "privatized" but government mandated data collection and retention regime, the ease with which new categories of long-sought data could be added to this realm -- especially in the wake of a terrorist attack that could be used as an ostensible justification -- seems significant to say the least.

Without having to worry so much about surreptitious programs being discovered, the government can concentrate on making its public case for the mandated retention of ever more forms of data -- which is already typically being collected in the course of business -- while vastly reducing or eliminating firmsí flexibility to delete and destroy such data on a more rapid and privacy-friendly schedule.

This would be a true privacy tragedy.

As I noted at the start, this outcome is not necessarily already burned into the timeline. But listen closely and read between the lines of statements by the NSA Commission, politicians, and the surveillance spooks themselves -- the foundations for this outcome are already being laid.

At least from the standpoint of the global surveillance community, being able to claim privacy-friendly reforms while actually expanding surveillance in the open under other labels would be a holy grail of 21st century spying.

The way matters appear to stand right now, it would likely be extremely unwise to discount the probabilities of this actually occurring in some form.

All the best to you and yours for 2014!

Be seeing you.

Disclaimer: I'm a consultant to Google. My postings are speaking only for myself, not for them.

Posted by Lauren at 02:06 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

December 14, 2013

Twitterís Rapid Reversal -- and the Rising Dilemma of ďPublicĒ vs. ďPublicizedĒ

By now you probably are well aware of what must have been one of the fastest major policy reversals in the history of social networking, when a few evenings ago, Twitter changed their definition of user blocking, and in the face of an enormous outcry that became an international news story within a matter of hours, announced that they were for now reverting back to their original methodology.

There are a couple of rather obvious lessons here, and at least one not so obvious lesson that is likely at least as important.

First, at Internet speeds, it's possible to lose years worth of user love in a heartbeat, if you're seen as suddenly changing the rules in a manner that your customers (users are customers, right?) feel in the large to be antithetical to their interests.

Secondly, when you screw up, don't prolong the agony -- get in front of the issue as fast as possible. When a mea culpa is in order, get the sword out, make your proclamation, and correct the situation as quickly as you can. Twitter's rapid response to a sudden crisis (albeit of their own making) was indeed both wise and prudent.

But this leaves us with a gaping question -- how did Twitter so grossly miscalculate the likely reactions to their policy change, and so massively underestimate their impact?

I suspect that part of the answer involves understanding and appreciating the issues of "public" vs. "publicized" (allow me to coin the term "PvP" for short) in social networks -- a category of concerns only now really coming into focus and discourse.'

"Public is public" -- you've likely seen me say this many times. It is foolhardy to assume that a public posting will be seen only in the context in which it was originally made, or to pretend that a public statement can somehow be effectively erased after the fact. The so-called "right to be forgotten" -- that suggests trying to censor information that has already been extant on the Web, either from websites, search engines, or both, is entirely impractical and potentially vastly dangerous to fundamental free speech rights and more. Such anti-speech laws must be vigorously opposed.

Yet there is a difference between sending a posting out to the members of a mailing list, or your followers on a social network -- vs. having the same message blaring out of loudspeakers for all to hear on every street corner of the planet.

The difference relates fundamentally to "discoverability" -- how likely it is that any given posting will be seen or found beyond the context in which it was originally made. In other words, simply because a posting is publicly available to find in a search engine and to read via a public URL, doesn't equate to purposely "publicizing" that material beyond its original posting context.

There are many facets to this dilemma, and various aspects of them apply to most social networks today, including Twitter, Facebook, Google+, and others.

The aspect perhaps most relevant to the recent Twitter reversal relates to an increasingly popular concept in social networking, amounting to the idea that it's acceptable -- even desirable -- to present different logged-in users, and non-logged-in observers, completely disparate views of the same underlying discussion threads, streams, or user status states.

So, for example, logged-in user A may see a different "public" stream of discussion than that observed by logged-in user B, and non-logged-in C may see something different in other ways -- in some cases actually even more complete than what A or B might be seeing, depending on possible user blocking relationships between B and A.

This takes us to the heart of the Twitter controversy. Under their now aborted changes, blocking a user would have only prevented the blocking party from seeing what the blocked party was saying -- the latter would be able to continue publicly harassing the blocker -- and having such remarks seen by everyone who would have seen them previously -- except the party who triggered the ersatz block itself. This situation was quite reasonably described by critics as being roughly equivalent to being offered a blindfold and earplugs to deal with someone covering your home with graffiti, or, to characterize it a different way, "Lie back and think of England [go ahead, look it up!] ...

Supporters of Twitter's changes argued that blocking a user never really stopped them from seeing your public postings anyway, and that not informing someone that they were blocked would help prevent possible reprisals from the blocked party (on the theory that they wouldn't catch on to the fact that they were blocked).

But most any battered woman is likely to tell you that assuming harassers are stupid, or that ignoring them is a solution -- is utterly and perhaps lethally wrong.

It is true however that those public postings would still be visible if you went out looking for them. But the inability to directly associate with them, within the context of the specific streams and threads themselves, is still highly significant once blocking has been enabled.

There's a slippery slope aspect to all this as well in the broader social networking context.

Once you accept the proposition that it's OK to not inform someone that they've been blocked, and to present them with a version of a stream or thread that is actually more limited than that seen by other users or even the public, it becomes much more acceptable to spread this mindset into other areas.

User A may not realize that the comments they posted on page B are only visible to A, and not to anyone else (unless A logs out and inspects the page from that vantage point) -- or that comments written by A and queued for moderation, or rejected by moderators, may still appear to logged-in A as if they are publicly viewable, even though they are not yet (or never may be).

The practicality of such approaches when attempting to manage large social networks seem clear enough, but the resulting dilemmas are arguably ethically dubious at best.

These conflicts become even more noteworthy as the concept of "public" spreads into third-party contexts beyond the scope of original postings, a situation I alluded to above.

When a posting made publicly to a set of followers becomes routinely visible and highlighted to affinity and interest groups who are not largely congruent with that original posting audience, the impact of the posting itself can change in a fundamentally qualitative manner, both unexpected and unwelcome from the standpoint of the posting party.

In essence, the public posting has now been publicized in a place and manner not in accordance with the poster's original intentions.

By analogy, if you went looking for a job by posting your information publicly on a tech job website, you probably wouldn't want that information crossposted to a publicly available sex magazine (or perhaps you would, but the point is that you likely don't want the job website to perform that crossposting without your explicit permission.)

As you can see, the entire "public vs. publicized" arena is nontrivial to grasp in its scope, and I can really only scrape the surface here today.

But the next time you hear discussions about public information on the Web, particularly in relation to social networks, the next time you hear someone say "public is public" (including me!), I urge you to consider the fascinatingly complex maze of twisty passages that reside between public and publicized, and how best we may find our way through them without the use of magic wands or magic words [insert "XYZZY" joke here? Naw ...]

Be seeing you.

Disclaimer: I'm a consultant to Google. My postings are speaking only for myself, not for them.

Posted by Lauren at 11:45 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein