Thursday, August 15, 2013

The Surveillance State And Commandeering

Bruce Schneier has some excellent advice for technology companies.

There are lots more high-tech companies who have cooperated with the government. Most of those company names are somewhere in the thousands of documents that Edward Snowden took with him, and sooner or later they'll be released to the public. The NSA probably told you that your cooperation would forever remain secret, but they're sloppy. They'll put your company name on presentations delivered to thousands of people: government employees, contractors, probably even foreign nationals. If Snowden doesn't have a copy, the next whistleblower will.  

This is why you have to fight. When it becomes public that the NSA has been hoovering up all of your users' communications and personal files, what's going to save you in the eyes of those users is whether or not you fought. Fighting will cost you money in the short term, but capitulating will cost you more in the long term.   
...
You, an executive in one of those companies, can fight. You'll probably lose, but you need to take the stand. And you might win. It's time we called the government's actions what it really is: commandeering. Commandeering is a practice we're used to in wartime, where commercial ships are taken for military use, or production lines are converted to military production. But now it's happening in peacetime. Vast swaths of the Internet are being commandeered to support this surveillance state.

We live in a time where all of our emails are collected by our government. If you encrypt it you become a target. If it doesn't change we all lose.

8 comments:

Aircrap said...

"Pretty good anonymity" can be achieved within the US by using nondigital communication steps (airgaps) prior to using a surveilled system like email or posting comments (heh). Even prior to Snowden, we suspected encryption and anonymizing clients--"pretty good encryption"--were likely to fail even for very experienced users. Everyone is sloppy, not just the government, and techies tend to overlook that even digital handoffs have human-based trust issues.

The authoritarian approach has another problem besides leaks however. Using information to change physical reality leaves a tell, a pattern, even if the information source isn't leaked. The shape and source, and sometimes content, of the information can be deduced from that pattern. For example, the discriminating police violence against Occupy protesters. Only some officers committed violence (usually high rank) and some protesters were obviously targeted. That would be a tell that a) information was not shared equally and was hierarchically protected and b) the information allowed for strategic violence particularlized to individuals (or perhaps to individuals with symbolic importance).

Even when "parallel construction" occurs, as in the illegal DEA prosecutions, there are usually statistical tells. It's hard to rewrite reality.

The issue for existing companies may be to fight. But there may be room for new companies to create more efficient airgap or nontracking strategies as a product. Businesses may have need for nondigitized information transfer--the return of pneumatic tubes and bike messengers!

In the future--encrypted LANS with one-off network software in randomized base code? Encryption of content may give way to structural encryption. It's hard to rewrite reality, but rewriting an internet may be fairly simple--if the goal is security rather than open source friction free communication.

For now though, the meta for creative businesses may be a return to geographically clustered localization with multiple airgap data transfer. The immediate future for web privacy is to get crucial parts of process off the web, and to see secure information transfer as a wholistic process. Authoritarian dinosaurs like Google or the NSA or Obama will continue to try to rewrite the social need for democratized, non-hierarchical privacy, but they may simply be showing vulnerability to currently small entities that can outcompete them over time.

Gaptoothed Woman said...

The drones are coming--don't put too much hope in the airgap.

I'm less worried about truly court-warranted (not NSL) government access to documents, which would satisfy the Fourth, then the courts dismissive stance on privacy expectations in public spaces.

The sort of relationship mapping that goes online is entirely conceivable in physical space, and probably already occurs with cell location data.

I agree with the underlying idea that the elites are forcing real world cultural changes that would not develop organically, that do not represent the real wishes or interests of the population as a whole.

I have trouble seeing even alternative corporate structures as any better. Corporations aren't really a check on power.

The real goal isn't total individualized control over documents, but real process for govts to get that access, and corps having to go through govt process to get it too. The model should be paper documents. Content crypto with user keys is good enough to get us back to the Fourth.

The bigger problems are intrusions into the physical sphere, and gov/corp impersonations online.

Remember in Groundhog Day when Bill Murray knows Andie MacDowell's favorite ice cream? He creeps her out. That's what's happening now--the elites are starting to creep us out with their unearned knowledge of us, their predictions (accurate or not). This creepiness will increase as physical world data is added to online data, particularly without consent.

Credibility Gap said...

Amazing:

http://www.theguardian.com/world/2013/aug/16/nsa-revelations-privacy-breaches-udall-wyden

Why is Feinstein defending the NSA knowing more revelations will surely prove, again, that she is a liar, a creep, and a traitor?

Why isn't Clapper in jail awaiting his prelinary hearing?

What exactly is Holder doing to prosecute Alexander?

Why is the President AWOL yet again? What did he know, and when did he know it?

Resign, Mr. President. Resign in shame.

Winston Smith said...

http://www.salon.com/2013/08/16/hey_washington_post_print_the_nsa_interview/singleton/

The reality-engineering crew at the NSA White House slipped here a little. Retroactive off-the-record?

Still you have to admire their reach, silence from the "independent" columnists at the New York Times, for example.

The NSA has plenty of data to trade for media compliance (or blackmail).

Miranda Wrongs said...

So here's another tell, this time from the detention of Glenn Greenwald's spouse, David Miranda.

Undoubtedly at the behest of the US, the British arrested the Brazilian citizen, held him for nine hours, and confiscated his electronics.

Mind the airgap:
Mr. Miranda was in Berlin to deliver documents related to Mr. Greenwald’s investigation into government surveillance to Ms. Poitras, Mr. Greenwald said. Ms. Poitras, in turn, gave Mr. Miranda different documents to pass to Mr. Greenwald. Those documents, which were stored on encrypted thumb drives, were confiscated by airport security, Mr. Greenwald said. All of the documents came from the trove of materials provided to the two journalists by Mr. Snowden. The British authorities seized all of his electronic media — including video games, DVDs and data storage devices — and did not return them, Mr. Greenwald said. NYTimes

So, both the authoritarian governments involved and Greenwald/Poitras all assume an airgap is necessary to move these docs (Miranda). They aren't trusting the web.

We'll watch for tells on whether they can crack the encryption. We doubt it in this case. If so, that may be a tell of a key capture firmware in hardware or thumbie. All they'll probably gain is a drop on the next story, allowing Obama to avoid blatant lying. Probably this detention was just intimidation, the way authoritarians also pick on family members of dissidents. It really seems Obama is desparate.

The detention of Miranda would seem lawless. Perplexing.

Fritz Gerlich said...

If the husband of a journalist is now a "terrorist" for legally carrying a memory stick, and the President can legally assassinate US citizens without due process who are "terrorists"...

I think Obama's message to Poitras and Greenwald is clear. He means to murder them.

The long knives are coming out, but our media and politicians are silent.

Sam Ervin said...

Wyden and Udall (with an assist from Paul) should consider revealing the rest of the "iceberg" from the well of the Senate. Let's get on with it.

Greenwald and Poitras are just doing their jobs. But, it's really time for a government process to originate from Congress, which should own the investigation and reveals just as the Watergate and Church committees came to own abuse of power and illegal surveillance scandals of the Seventies.


Tin Shat said...

This is also a "tell" that airgap interception is pretty crude, even for electronic media. They basically have to violate the law and your person to get the information.

It's also the reason they keep decreasing the air in the tubes: stop and frisk, thick international border lines, drones and built in surveillance on the streets.

What the NSA is trying to do, with the help of (often clueless) local governments and the illegal fusion centers, is to map off-web relationships by assigning metadata to our physical movements in the same manner as phone calls or email.

They also are trying some efforts to record and caralog content, from microphones (on Spokane busses for example) to wackier emotion-reading facial rec software. The basic idea is the same as with phone/web--they are building an index of our movements and connections that will guide use of a content database of documents, recordings, etc.

They are no where near this kind of infrastructure in the US, but Alexander imposed a pretty good working model in Iraq. The significance of drones is that the NSA will no longer need to work through local governments for either funding or permissions. They can hover a drone a foot outside your bedroom window and it would be perfectly legal. More likely is a synced temporary net a hundred feet above special events or areas, barely perceptible.

Expect a desenstization campaign with Billy the Terrorist-Fightin' Drone at the Super Bowl. Then at political rallies, concerts...

NYPD pioneered a non-drone version from poles to monitor Occupy, and likely coupled physical surveillance with content surveillance of Occupier digital activity. We're already there. That's why Miranda's thumb drives scare the authoritarians so much.