How to speak the truth and yet lie? Ask General Alexander

Old joke in the industry: the difference between a sales person and marketing person is that the marketing person knows when he’s lying.  Which is General Alexander?

Let’s appreciate that the head of a spying agency is in a tough spot.  Allies and citizens of the U.S. alike are outraged, making an actual dialog difficult.  Leaders, however, must address hard issues head on and truthfully; and they must demonstrate command of the subject matter, or we waste our time.

Let’s go through some of the General’s statements:

“the assertions… that NSA collected tens of millions of phone calls [in Europe] are completely false”.

– From a BBC article

Maybe, but he and the president have in the past made the distinction between so-called “meta-data” (which the rest of us just call “data”).  And so maybe the NSA doesn’t have access to the calls, but he has not denied that they have access to who people called, the time and date they called, and for how long.  What is the truth?

Yesterday The Washington Post dropped another Snowden bombshell, indicating that the NSA was intercepting Google customer traffic by tapping into their communications lines.  The Guardian had previously reported that GCHQ was tapping fiber cables.  Alexander’s response, this time?

This is not NSA breaking into any databases. It would be illegal for us to do that. So, I don’t know what the report is. But I can tell you factually we do not have access to Google servers, Yahoo servers. We go through a court order.–From CNN

Except in this case, the NSA is not accused of breaking into servers, but rather tapping communications off of fiber cables.  By answering a charge that wasn’t made, either general doesn’t understand the issue and therefore cannot meaningfully inform the President or the public, or he does understand the truth and is intentionally prevaricating to the public.  What is necessary is a public debate over the policy issues relating to surveillance, and when it should and should not be authorized.  The people leading that dialog should be truthful and informed.

I’m sure the general is aware that everyone has their day of reckoning.  It’s time for his.  The president needs to find a new director of the NSA who can intelligently advance an honest discourse.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

I had no knowledge of the NSA’s programs, but I’m not surprised by most of it.  James Bamford articulated in The Puzzle Palace in 1980 what the NSA was capable of, and it has always been clear to me that they would establish whatever intelligence capabilities they could in order to carry out their mission.  There are several areas that raise substantial concerns:

1.  NSA’s own documents indicate that they intended to interfere with and degrade crypto standards.  That on its own has caused the agency substantial harm to its reputation that will take decades to recover from.  But they haven’t just sullied their own reputation but that of the National Institutes of Standards and Technology (NIST) who are a true braintrust.  Furthermore, they’ve caused the discounting in the discourse of anyone who is technology knowledgeable who have either recently held or currently hold government posts.  I will come back to this issue below.

2.  It is clear that the FISA mechanism just broke down, and that its oversight entirely failed.  Neither Congress nor the Supreme Court took its role seriously.  They all gave so much deference to the executive because of that bugaboo word “terrorism” that they failed to safeguard our way of life.  That to me is unforgivable and I blame both parties for it.  In fact I wrote about this risk on September 12, 2001.  I wrote then:

I am equally concerned about Congress or the President taking liberties with our liberties beyond what is called for. Already, millions of people are stranded away from their loved ones, and commerce has come to a halt. Let’s not do what the terrorists could not, by shrinking in fear in the face of aggression, nor should we surrender our freedom.

Sadly, here we are.

3. There are reports about law enforcement taking intelligence information and scrubbing the origin.  Where I come from we call that tampering with evidence in an egregious attempt to get around those pesky 4th and 5th amendments.

4. The NSA’s activities have caused great harm to U.S. services industry because other nations and their citizens have no notion as to when their information will be shared.  This is keenly true for companies such as Google and Microsoft who, it is reported, were ordered to reveal information.  The great Tip O’Neill said that all politics is local.  That may be true, but in a global market place, all sales are local.

It would be wrong to simply lay blame on the NSA.  They were following their mission.  Their oversight simply failed.  Congress needs oversight.  That is our responsibility.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Hello Insecurity, Goodbye Privacy. Thank you, President Obama

Some people say that Internet Security is an oxymoron, because we hear so much about the different ways in which hackers and criminals break into our data, steal our identities, and even use information to commit “real world” crimes like burglary, when it becomes clear that someone’s gone on vacation.  Well now the Obama Administration along with the FBI and NSA are proposing to make things worse, according to an article in today’s New York Times.

According to the Times, the government is going to propose requiring that developers give up on one of the key principals of securing information– use of end to end encryption, the argument being that law enforcement does not have the visibility to information they once had, say, in the Nixon era, where the NSA acted as a vacuum cleaner and had access to anything.

As our friend Professor Steve Bellovin points out, weakening security of the Internet for law enforcement also weakens it for benefit of criminals.  Not a month ago, for instance, David Barksdale was fired from Google for violating the privacy of teenagers.  He could do that because communications between them were not encrypted end-to-end.  (Yes, Google did the right thing by firing the slime).

This isn’t the first time that the government has wanted the keys to all the castles, since the invention of public key cryptography.  Some of us remember the Clipper chip and a government-mandated key escrow system that the Clinton Administration wanted to mandate in the name of law enforcement.  A wise friend of mine said, and this applies equally now, “No matter how many people stand between me and the escrow, there exists a value of money for me to buy them off.”  The same would be true here, only it would be worse, because in this case, the government seems not to be proposing a uniform technical mechanism.

What’s worse– this mandate will impact only law abiding citizens and not criminals, as the criminals will encrypt data anyway on top of whatever service they use.

What you can do: call your congressman now, and find out where she or he stands.  If they’re in favor of such intrusive policy, vote them out.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Bamford’s latest update on the NSA

James Bamford is well known for his revealing of the National Security Agency in The Puzzle Palace, published in 1983.  He has written two updates since then, Body of Secrets and The Shadow Factory, the latest one covering the Bush Administration in some detail.  Bamford’s technical details in The Shadow Factory are nowhere near as good as they were in The Puzzle Palace, which is something that really attracted me to his writing.  Also, in this book, Bamford seems to play both sides of the fence, at one point arguing that the attacks on 9/11 were an intelligence failure, while at the same time arguing that we must safeguard our civil liberties.  This works, mostly because he successfully argues (in my opinion) that the government had all the power it needed to stop the attacks, but that incompetence ruled the day.

To be sure there are a few points I would take issue with.  For one, although I despise the name, it was probably a good idea to roll together many agencies into the Department of Homeland Security.  But quite frankly even that was done ineptly, as we have seen from auditor reports, again and again.

Returning to the Shadow Factory, in this update Bamford highlights the role of the Internet and the change in the nature of communications, where many communications have moved from sattelite to fiber, and from simple voice circuits to voice over IP.  He talks about certain organizations wanting to hire Cisco employees simply to reverse engineer IOS and find ways to install back doors.  I have no way of knowing if that has happened.

Bamford retreads much of the story about the illegal spying the NSA did within the United States, and how James Comey would not recertify the program.  While it makes my blood boil to think that anyone in government would think that such a program was legal (certified by the attorney general or not), that part of the story isn’t so much about the NSA as it is about Dick Cheney and David Attington.  Quite frankly I think Bob Woordward has covered that ground as well as could be covered.

Were I to give advice to Mr. Bamford it would be simply this: it is difficult to read just one of the three books he’s written, as either the earliest is woefully out of date, or the latest doesn’t stand on its own without having read the earliest.  A consolidated update that combines all three seems in order.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]