Snowden disclosures reveal NSA abuse

I had no knowledge of the NSA’s programs, but I’m not surprised by most of it.  James Bamford articulated in The Puzzle Palace in 1980 what the NSA was capable of, and it has always been clear to me that they would establish whatever intelligence capabilities they could in order to carry out their mission.  There are several areas that raise substantial concerns:

1.  NSA’s own documents indicate that they intended to interfere with and degrade crypto standards.  That on its own has caused the agency substantial harm to its reputation that will take decades to recover from.  But they haven’t just sullied their own reputation but that of the National Institutes of Standards and Technology (NIST) who are a true braintrust.  Furthermore, they’ve caused the discounting in the discourse of anyone who is technology knowledgeable who have either recently held or currently hold government posts.  I will come back to this issue below.

2.  It is clear that the FISA mechanism just broke down, and that its oversight entirely failed.  Neither Congress nor the Supreme Court took its role seriously.  They all gave so much deference to the executive because of that bugaboo word “terrorism” that they failed to safeguard our way of life.  That to me is unforgivable and I blame both parties for it.  In fact I wrote about this risk on September 12, 2001.  I wrote then:

I am equally concerned about Congress or the President taking liberties with our liberties beyond what is called for. Already, millions of people are stranded away from their loved ones, and commerce has come to a halt. Let’s not do what the terrorists could not, by shrinking in fear in the face of aggression, nor should we surrender our freedom.

Sadly, here we are.

3. There are reports about law enforcement taking intelligence information and scrubbing the origin.  Where I come from we call that tampering with evidence in an egregious attempt to get around those pesky 4th and 5th amendments.

4. The NSA’s activities have caused great harm to U.S. services industry because other nations and their citizens have no notion as to when their information will be shared.  This is keenly true for companies such as Google and Microsoft who, it is reported, were ordered to reveal information.  The great Tip O’Neill said that all politics is local.  That may be true, but in a global market place, all sales are local.

It would be wrong to simply lay blame on the NSA.  They were following their mission.  Their oversight simply failed.  Congress needs oversight.  That is our responsibility.

WCIT and the ITU?

Flag of ITU.svg

The International Telecommunications Union (ITU) is making the news these days, in part because there is about to be a treaty conference called the World Conferences on International Tariffs (WCIT).  What is the ITU? and what do they do?

The ITU is a specialized agency of the United Nations that focuses on telecommunications.  It has four components:

  • A general secretariat;
  • A standardization sector or ITU-T;
  • A radio coordination sector or ITU-R; and
  • A development sector or ITU-D;

The radio sector coordinates spectrum allocation and so-called “orbital satellite slots”.  It also is responsible for standardization of time.  The development sector focuses on the special needs of developing countries.  The standardization sector has over 150 years set international standards for telecommunications, starting with the telegraph.  The general secretariat manages logistics of the three sectors, and represents the ITU to other international fora, and to the U.N.

How has the ITU been relevant to you?  There are several key standards that are worth taking note of:

  • E.164 specifies pretty much what a telephone number looks like, starting with the international dialing code.
  • G.711, G.719 and others specify how voice is encoded into data.
  • X.509 is the basis for the public key infrastructure that is in use on the World Wide Web.
  • D.50 specifies accounting standards by which international carriers bill each other, or so-called settlement rates.  There’s real money involved in this one.

This is some pretty important stuff.

The ITU-T was formed out of the CCITT, which was a coordination committee, primarily made of European governments.  These days, its membership spans 193 countries. Only governments may vote, although civil society and paying sector members may have some influence.

So what is WCIT?  WCIT is a treaty-level conference in which all those lovely accounting rates are agreed upon.  But they’re not stopping there.  The ITU-T has had a very limited role in the Internet’s development.  Standardization and governance over the Internet falls to several classes of entities:

  • National governments with their own sets of laws;
  • Standards organizations such as the IEEE, IETF, W3C, and 3GPP; and
  • Not-for-profit organizations such as ICANN and Internet Registries.

This latter group focuses on what I call “internals”.  That is- how do you get an IP address or a domain name?  The Internet has grown over 1.25 billion users with very limited involvement of the ITU-T.

Now governments want to take a firmer hand in areas such as how addresses and names are allocated and cybersecurity.  That is what WCIT is about.

More about the ITU and WCIT in the future.