Round-up of interesting reads on NSA/Snowden

Interesting pieces on the NSA affair, some provocative, from the last few months:

Scott Shane (NYT):

Another former insider worries less about foreign leaders’ sensitivities than the potential danger the sprawling agency poses at home. William E. Binney, a former senior N.S.A. official who has become an outspoken critic, says he has no problem with spying on foreign targets like Brazil’s president or the German chancellor, Angela Merkel. “That’s pretty much what every government does,” he said. “It’s the foundation of diplomacy.” But Mr. Binney said that without new leadership, new laws and top-to-bottom reform, the agency will represent a threat of “turnkey totalitarianism” — the capability to turn its awesome power, now directed mainly against other countries, on the American public. “I think it’s already starting to happen,” he said. “That’s what we have to stop.”

Whatever reforms may come, Bobby R. Inman, who weathered his own turbulent period as N.S.A. director from 1977 to 1981, offers his hyper-secret former agency a radical suggestion for right now. “My advice would be to take everything you think Snowden has and get it out yourself,” he said. “It would certainly be a shock to the agency. But bad news doesn’t get better with age. The sooner they get it out and put it behind them, the faster they can begin to rebuild.”

Shane Harris et al. (FP):

A former White House official, who served in a prior administration, said it was essentially impossible that the president wouldn’t know foreign leaders were being monitored by U.S. intelligence agencies, and principally the NSA, as part of regular operations aimed at keeping him informed about diplomatic relations and negotiations. Information on foreign leaders that is based on recorded calls or other signals intelligence is “unique,” the former official said, and its nature is obvious to anyone reading or hearing an intelligence report or receiving a briefing. “If you saw it, you’d know that it came out of somebody’s mouth,” the former official said. “I cannot believe that [Obama’s national security staff] didn’t brief the president on foreign leaders when he was going in to visit with them.” Much of that information would have comes from signals intelligence. And the failure to inform the president that a piece of information came from spying on a leader could be a fireable offense, the former White House official said. “It’s almost a dereliction not to tell him.”

Paul Pillar (National Interest):

We are partly seeing the effects of the cleverness of the activist who is masquerading as a journalist, who started his dribble of leaks with revelations about collection within the United States that is directed against terrorism, before moving on to leaks about very different forms of electronic collection, collected for very different purposes. The starting focus on terrorism has led to the habit of evaluating almost anything NSA or the intelligence community does by asking how many terrorist attacks the intelligence prevented. Actually, access to the email of an important foreign leader, if such access were to be gained, would be quite useful to U.S. policymakers in a number of respects. And again, the “it” in the reference to “trouble it has caused” properly refers to the leaking, not to the intelligence collection.

More fundamentally, if we were to resign ourselves to giving up anything that would cause a flap if exposed, on the grounds that “in the Internet era” exposure is likely, this would mean ceasing most collection of the entire intelligence community—all of it except what is directed against open source material. Most intelligence collection is kept secret because most of it assuredly would cause flaps if exposed. This is true not just of NSA’s electronic activities. Human espionage, for example, almost always involves the violation of some other country’s laws. If we were to abandon all of this, the damage from leaks would be exponentially higher. We would be the losers, and foreign-based activists dedicated to undermining U.S. foreign policy would be the winners.

 David Ignatius (WaPo):

The NSA documents that have surfaced reveal an exuberant, almost adolescent quality among the tech wizards who blew through privacy barriers. They gave their top-secret projects colorful code names such as Boundless Informant or Egotistical Giraffe. They created compartments with mottoes that sound like playground boasts: “Nothing but net” and “The mission never sleeps.” Hannah Arendt wrote famously of the “banality of evil.” This group makes one realize that childishness can be a characteristic, too. Like many hackers, NSA operatives seem to have done things sometimes for the thrill of it, just because they could […]

It’s hard to imagine global agreement on a framework for spying, which, by definition, involves breaking other countries’ laws. But the United States and the many, many other countries that conduct surveillance need new rules of the road. Conventions against torture, chemical weapons and prisoner abuse don’t prevent wars, but they do limit extreme activities of combatants. Something similar is needed here.

David Rothkopf (FP):

Echoing the White House’s sadly lame (and diplomatically tone-deaf) “everybody spies” non-defense, these insiders, who no doubt sleep in their trench coats and are risking their marriages with a steady stream of critiques of the inaccuracies in Homeland and Covert Affairs, have once again argued that spies are paid to listen in on people and that includes our friends and always has.

Were they (and the White House) a little more intellectually honest in their analyses, of course, they would find that, in the first instance, not everyone spies and that, in the second, those who do spy do so to differing degrees via differing approaches and within differing guidelines. Furthermore, the types of spying that are currently gaining much of the criticism have either been controversial within the intelligence community in the past (economic spying and spying on friends) or are so new that they are not well understood in terms of operational security risks or other implications (warehousing data hoovered out of the Internet) […]

Yes, many governments spy. But so too do all countries have armies, police forces, and tax codes. In each instance, the question is not whether to pursue the activity — it is how to do it, how to limit it, and what values should underpin it. Our spying has overreached. We took risks we shouldn’t have for rewards that were too limited.

John Schindler (20 Committee):

One former DGSE officer boasted that, while his service was not quite as capable as NSA, technically speaking, it is still one of the five best SIGINT agencies in the world, adding that it listens in on many world leaders: “I had telephone tap transcripts in my hands of President George W. Bush that we carried out,” he admitted. Is the current public fuss caused by Snowden’s relevations “populism or crass ignorance?” he wondered, “because we obviously send our reports to [our] political authorities.” […]

While France, like Germany, is not part of the Five Eyes SIGINT alliance, it shares a great deal of information with NSA regularly and in 2010, according to the report, Paris came close to joining the alliance but the Obama White House scuttled the deal in the end. There is also a tight intelligence sharing relationship between DGSE and the BND, its German equivalent, and it’s evident that French spies are more than a tad displeased with all the public fuss in Germany about matters that are best left out of the public’s eye, in France’s view. That Chancellor Merkel is exploiting the Snowden crisis to get her country fully into the Five Eyes system is the common perception among French officials […]

In all, this is exactly the mature, nuanced view of intelligence that one would expect from France, a country with excellent espionage services that form a key part of the Western intelligence alliance against common enemies and threats. I wish America had more such friends.

Schindler again:

At bottom, Germany (like France), seeks not to shut down NSA espionage, rather to get closer to it. Berlin has long been jealous of London and the other Anglosphere members of the so-called Five Eyes community, the SIGINT alliance born in the Second World War which, to this day, constitutes the most successful international intelligence partnership in world history. Perhaps because they were on the wrong side when that alliance was created in the days of the ULTRA secret, German intelligence agencies have always wanted into the club and its privileged inner circle. Although Germany enjoys a tight spy relationship with the United States (and Britain too), Berlin knows its place, and it would like an upgrade.

Abandoning the US-German intelligence partnership is simply not an option, no matter what politicians may say, and regardless of how much hysteria is created by the media. The reasons for this are well known to intelligence insiders, and are elaborated in a new report in the Berlin daily Die Welt. Its title, “Technically Backward and Helpless,” is painfully accurate. There can be no doubt that Germany’s intelligence and security services, preeminently the Federal Intelligence Service (BND, Germany’s CIA plus NSA equivalent) and the Federal Office for the Protection of the Constitution (BfV, equivalent to Britain’s Security Service), are indeed deeply dependent on American partners, and have been since the day of their creation […] “Without information from the Americans, there would have been successful terrorist attacks in Germany in the past years,” explained a BfV official, truthfully.

Alan Rusbridger (NYRB):

A more plausible answer is that the British intelligence services simply find it extremely difficult to deal with journalists. Which, in itself, is illustrative of the wider problem of balancing surveillance with civil liberties. How on earth do you reconcile something that must be secret with something that begs to be discussed?

Until comparatively recently it was forbidden to name the heads of the UK intelligence services. The British press then had a voluntary compact—the Defence Advisory (DA) Notice system—under which editors can unofficially seek advice on security matters. The retired air force wing commander who administers it says that between 80 and 90 percent of journalists are happy to submit their copy to him in advance of publication.

The two main intelligence agencies, MI5 and MI6, will never comment on the record and typically prefer to deal with one or two journalists in each news organization—always on an unattributable basis. I have known them to refuse to deal with a particular reporter who wrote what they considered to be unsatisfactory stories.GCHQ is even less at ease in dealing with the press. The NSA was happy recently to speak to Der Spiegel. Not so GCHQ. In eighteen years as editor I have never once (knowingly) met any official from the Cheltenham-based agency.

The head of one of the other agencies once told me: “We’re a secret organization. There’s nothing in it for us in being more open about what we do. We see no need to change.”

John Lanchester (Guardian):

There’s no need for us to advance any further down this dark road. Here are two specific proposals. The first is that the commissioners who superviseGCHQ include, alongside the senior judges who currently do the work, at least one or two public figures who are publicly known for their advocacy of human rights and government openness. The “circle of secrecy” needs to include some people who are known for not being all that keen on the idea of secrecy.

My second proposal is for a digital bill of rights. The most important proviso on the bill would be that digital surveillance must meet the same degree of explicit targeting as that used in interception of mail and landlines. No more “one end overseas” and “sigint development” loopholes to allow the mass interception of communications. There can be no default assumption that the state is allowed access to our digital life.

Bruce Schneier (Guardian):

If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by theNSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers. We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I’ve just started collecting. I want 50. There’s safety in numbers, and this form of civil disobedience is the moral thing to do.

Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information. We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for theNSA to subvert.

Daniel Soar (LRB):

But ‘collection directly from the servers’ was what the slides said, and the implication was that the full unencrypted traffic from everyone’s favourite web services was being piped wholesale into the NSA’s databases. The implication turned out to be wrong. What happens is that an NSA analyst ‘tasks’ PRISM by nominating a ‘selector’ – meaning an email address or username – for collection and analysis. In other words, PRISM allows an NSA worker to submit a request, which is invariably granted, to monitor an individual Gmail account or Yahoo identity or Facebook profile and have all its activity sent back to the NSA. (In this context, ‘direct access’ is accurate: if a selector has been approved for monitoring, the NSA has access to it in real time.) One of the slides the Guardian didn’t disclose – it appeared a few days later in the Washington Post – showed a screenshot of the tool used to search records retrieved through PRISM. The total count of records in the database – in April, when the slide was made – was 117,675. It’s worth looking at that number. Facebook has a billion users: half of the internet-connected population of the planet has an account. The fraction of those whose full unencrypted activity the NSA was actively monitoring can be no more than 0.01 per cent. This isn’t to pretend that the NSA high-mindedly refrains from seeking access to our baby pictures or inane comments on other people’s baby pictures. But it does suggest that you don’t fill in a form to access a random Mexican’s timeline unless you expect to get something out of it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s