Hearing on FISA review, September 26, 2013. C-SPAN.
NSA chief Gen. Alexander slams "sensational reporting" here -- and I couldn't agree more. Why aren't there more journalists questioning this narrative and doing more investigation of the principles involved in making the claims against the NSA?
Once again Mike Masnick is printing tendentious bullshit.
Like Glenn Greenwald, Marcy Wheeler and others of these "progressive" or libertarian writers, he is in such a bubble of antagonism that he can never see any nuances or turn off the hate and snark machine. You never feel as if there is intelligence there on Tech Dirt, just reptilian cunning.
One of the favourite things of the snarky geeks to do is pretend that the government or some politician has done something "illegal" or "the same thing" as some figure like Snowden or Manning whom they are targeting or prosecuting -- as if to say, "See, they get away with it because they are privileged elites, but the hackers can't" blah blah.
Their absolute favourite is to try to witch-hunt and then call-out with malicious glee some political leader who seems to be violating secrecy while themselves complaining about hackers. Much of the time this is sheer ridicularity.
DID FEINSTEIN LEAK LIKE SNOWDEN? OF COURSE NOT
This story about Dianne Feinstein is so typical claiming she "accidently gave away" the story that NSA taps the Internet backbone. But scrape away all the geeky rant here and look at what the NSA even in its redacted form, wrote, as referenced in this story:
Back in August, when the FISA courtdeclassified its ruling about NSA violations, the third footnote, though heavily redacted, did briefly discuss this "upstream" capability:
The term "upstream collection" refers to NSA's interception of Internet communications as they transit [redacted] rather than to acquisitions directly from Internet service providers such as [redacted]
Then look at what Feinstein said in Congress (covered on C-SPAN) per Kevin Bankston
Upstream collection... occurs when NSA obtains internet communications, such as e-mails, from certain US companies that operate the Internet background, i.e., the companies that own and operate the domestic telecommunications lines over which internet traffic flows
So what's the big deal?
Either the NSA gets the communications from the companies "directly," i.e. they go to them and give a request to get it and deal with them directly although they don't get it by jacking directly into their servers or they get it from the backbone -- again from companies by going to them with requests.
BACKBONE IN BACKGROUND ISN'T SURFACED
Even if there is some notion here that the NSA is tapping directly into the backbone to get overseas Internet traffic -- and there isn't in actually that crude way -- you have to say: so what?
They are tapping in order to find certain things for which they have "probable cause" to put under surveillance between they are trying to monitor and stop terrorism and other crimes. Good!
There is no evidence that they take the entire firehose of the entire Internet into their hands and dredge it arbitrarily leading to actual civil rights violations. IF a machine does this and collects certain data, it's to a grid that fits a certain mandate that is in fact overseen by internal reviews and the FISA courts.
Naturally, there are the mandatory guffaws from the geeks because Feinstein said "backround" instead of "backbone". Since "Internet backbone" is not some special technical phrase but used widely, it's obvious she simply misspoke, but no, we have to turn it into a "teachable moment" when we insist that Congress is "too stupid" to legislate about technology (a notion I resolutely reject, as there are plenty of experts available and the principles of law involved are basic and not rocket science; usually what hackers mean when they say this is that this or that congress person isn't doing what they want or isn't like their famous extremist Ron Wydall.)
But I don't see that Feinstein is "leaking" anything or that in fact there is some smoking gun or some scandal. The NSA spies. Good, that's what it's supposed to do! It spies by dredging communications pipelines in some fashion to track terrorism, crime, etc. Good!
The challenge them to the civil liberties gang and hacker hysterics is to find actual concrete cases where the NSA somehow actually wrongfully put someone under surveillance for no good reason, or even gave information that got someone arrested unlawfully in the end. Bring it. Not seeing it.
WITTES PUSHES BACK
Fortunately, there's Benjamin Wittes of the Lawfare blog and Brookings Institution to push back on all this Greenwald and Masnick Snowden hysteria. He has produced many good articles challenging the hacker take on this with careful review of the legal principles and facts as they are known so far.
Read his lastest post, for example, related to this hearing. Wittes counters most of the bad argumentation on this from all over with these sorts of eloquent statements:
I have gone through the declassified documents very carefully, and these disclosures to my mind show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a remarkably low rate of the sort of errors that any complex system of technical collection will inevitably produce. They show robust compliance procedures—as DeLong’s quip in the aisle yesterday accurately reflects. They show earnest and serious efforts to keep the Congress informed, notwithstanding some members’ protestations that they were shocked to learn that NSA—having repeatedly informed Congress that it was engaged in bulk metadata collection—was actually telling the truth. And they show a remarkable dialog with the FISC about the parameters of the agency’s legal authority and a real commitment both to keeping the court informed of activity and to complying with the FISC’s judgment. The FISC, meanwhile, in these documents looks nothing like the rubber stamp that it’s portrayed to be in countless caricatures. It looks, rather, like a serious judicial institution of considerable energy.
To the extent that members of Congress agree with this analysis—and many members of the intelligence committee do—the principal task in the current environment is to defend the existing structures, publicly and energetically, as both Feinstein and Chambliss have done. It is not to race to correct imagined structural deficiencies in the system and thereby to appear to be reforming what one actually supports—and thereby contribute to the delegitimizing of those structures. To be sure, there are reforms that would be valuable in the way of increasing transparency, increasing accountability, codifying now-public standards, and even tightening those standards. But to my mind, we must pursue these reforms in the context of a defense of the basic oversight structures themselves. And the defense of these mechanisms necessarily involves a defense of some degree of limitations on transparency. In other words, the challenge of transparency here is a really subtle one: It is to inject transparency within the basic confines of an oversight system that is actually designed to protect secret
TRUST THEM, THEY'RE FROM THE GOVERNMENT
He then looks hard at the Big Data collection issue -- the firehose of data, the strict rules for the use of only parts of this data, and the internal legal restraints.
And he comes down with the perspective of trusting a liberal democratic state under the rule of law:
The first is law. Unless you believe that the intelligence community is a lawless enterprise that will not follow the rules, this puts a premium on the substantive content of the law Congress writes to govern this area. In other words, the reason it matters what the rules are is that we assume that the law actually will constrain NSA.
And then he doesn't just leave it as blind and dumb trust in one's government -- which leads the Marcy Wheelers of the world to call you a Stasi lover and other twitterers to call you Obama bots or Sheeple or worst -- he specifies why you can trust the government -- because there are checks and balances and consequences:
It is really important to distinguish between the technical capacity to do something and whether that thing is actually going to happen. The D.C. police could easily raid my house today. They have the technical capacity to do it. Yet I have near-total confidence that it will not happen. The FBI could wiretap my phone. It certainly has the technical capacity to do so, yet I have a near-total confidence that it will not happen. The reason for my confidence is two-fold: the substantive law would not support either action, and there are robust compliance measures that mean that were lawless action were to take place, there would be accountability at many levels and I would have a remedy.
Yet the EFF and ACLU gang keep squawking that everything is secret, we "can't know what is done in our name" blah blah. Well, if you have elected officials and they monitor this, you have to trust them to some extent and the notion that Congress "wasn't informed" has been pretty well debunked at this point. This isn't being Sheeple, it's acknowledging that division of labour is what you have in a modern society -- and that intelligence activity cannot be transparent in the maximum way the hackers want it.
WELL, WHO WOULD YOU RATHER HAVE CONTROL YOUR PRIVACY?
And really, Wittes finally cuts it down to this proposition:
In the era of Big Data, the compliance regime is a big part of the whole ballgame. If you believe the compliance regime inadequate, after all, the government already has the data. But one thing we have learned an enormous amount about is the compliance procedures that NSA uses. They are remarkable. They are detailed. They produce data streams that are extremely telling—and, to my mind, deeply reassuring.And here’s the rub: I believe that my liberty is more secure with NSA collecting this material subject to these rules and this compliance regime than it would be if NSA declined to do so.
Of course, Greenwald and the gang don't see it this way, and if it were up to them, this collection would be entirely shut-down, unless miraculously law-enforcement got data from some other technique that the hacker crowd is willing to approve (real-life trailing of suspects?) and then tasked a phone or Internet company -- with a warrant -- to look at specific records.
Here's how I see it even more starkly. We have a choice in whose hands and under what authorities the firehose of all communications are going to be, and how these communications are accessed. It can involve:
1. Governments, for better or worse, who possess the physical infrastructure and capacity to hold and tap the Internet and are under rules, laws and oversight internally and by Congress;
2. Private companies, that are directly interfacing with the public as they produce the content that affects privacy and who are not subject to outside oversight and often don't even have fair internal procedures;
3. Hackers who hacker data on a whim, at will, and themselves remain secret, and demand maximum encryption -- and who are subject to absolutely no accountability.
So what's it going to be? Which one of these or which combination? Shouldn't it be obvious why I'm for Door No. 1 -- because that's the option that really does have public oversight, unlike the others?
We more or less have no. 1 with parts of no. 2 now, but no. 3 whacking away at both and upsetting the status quo.
But...It's not like you get a *fourth* choice where companies, heeding the most extreme advice of extreme hackers, seal off your privacy from themselves (not when they need it for marketing and management of their platforms!), and don't ever enable government access in any way at any level (but...do they want to be good law-abiding corporate citizens or not?).
And it's not like you would get hackers content with leaving it at that, either.
THE HACKERS OFTEN DO RUN THINGS
Yet no company and no government is going to accept a regime where hackers run things -- in fact, what we have now is a regime where hackers run things and that's precisely the problem. Their damage is rampant and they are ubiquitous. Hackers are fighting hard to bring their Autonomous Unicorn Realm into being, but they are constrained not only by internal fighting or power struggles but capacity.
Corporations are basically the ones with the largest capacity now (Google). And for now, they are forced to be constrained by governments that take them to court (like the US is now on their grab of wi-fi streams which none of the Greenwalds and Appelbaums are complaining about at all, and aren't welcoming the court-case on this at all.)
ARE AMERICAN COMPANIES HURT BY SNOWDEN?
There's been a constant tech press refrain that Snowden's revelations are going to "hurt American business" -- Europeans, especially Germans are going to dump American services because their data "isn't safe". While there are German Internet/email companies running "made in Germany" sort of campaigns now, and Russia has really run with this concept big-time (and held meetings with Google about it as a result), I haven't heard of some big, huge dent in the services' business.
This piece on Facebook's "headaches" doesn't show that there is somehow a drop in Facebook usage as a result.
The claim that Facebook is "dying" is a special, recurring geek myth that has to do with software autocracy, coder culture and such, "progressive" politics that hate what Zuckerberg's lobbying arm is doing now -- and all this leads to the placing negative stories based on skewed spinning of the Pew and other polls about usage - and deserves a special post. Unfortunately, Socialbakers stopped publishing country data on usage so it's hard to know if there is a "Snowden drop" yet -- but note that even in April before Snowden's revelation, the Guardian was claiming a drop.
And again -- regarding privacy, these companies are on the run anyway, and were before Snowden. In fact, long before Snowden, the EU privacy commissioners were constantly trying to sue Google or deal with Google politically. And some of that is bearing fruit now.
This case questioning gmail scraping in order to pitch ads is indicative of what we are seeing now.
WILL THE PROVIDERS GO AFTER SNOWDEN ON THEIR OWN?
I wonder if there is serious damage to FB or Google or Twitter that rather than fend off attacks in court or "manage perceptions" in governments, they might finally turn around and say, "Hey, we need to get Snowden -- and Greenwald, Poitras and Appelbaum."
Don't think their corporate board rooms don't have people discussing this, and don't have corporate security people who are examining this. These companies have CONSIDERABLE monitoring capacity of course -- if they want, they can pull Appelbaum's, etc. Google searches and such and use their VAST sleuthing and networking skills -- they are everywhere, all over the world, doing everything and knowing everybody -- to find out what's really up.
My bet is that if they come to suspect that this hack is either a sectarian hysterical hype by the extremists at the Chaos Computer Club, who aren't co-terminous with Google executives although they overlap with Google engineers OR that it is a sinister Russian active measures exploiting WikiLeaks wittingly or unwittingly, they will fight back in their own inimitable way -- planting stories in the tech press which they are masters at doing, planting Youtubes which they are masters at doing, planting Twitter hashtags which they are masters at doing.
If they think Snowden has taken food off their table, they will fight back harder than any government and eventually they will target him and the rest of the G9 crew -- unless of course they admire and love him - which I suspect some do - because ultimately he is about freeing the Internet for more use and more ad clicks and less resistance from firewalls.
I think in fact they will find that the privacy movement is not one that serves their interest, howver, even if they try to play the game of saying they will now provide more of it for their customers, because privacy mitigates against their ability to scrape and tape info for their purposes, too. They can go through somewhat faint motions as they are doing now of tasking the government to have "transparency" on their information requests, but they may find that doing this, and even finding there are only 37,000 of them out of gadzillions of transactions will undermine rather than bolster public confidence.
Recent Comments