Spencer Ackerman: "Edward, there is rampant speculation, outpacing facts, that you have or
will provide classified US information to the Chinese or other
governments in exchange for asylum. Have/will you?"
ANSWER: "This is a predictable smear that I anticipated before going
public, as the US media has a knee-jerk 'RED CHINA!' reaction to
anything involving HK or the PRC, and is intended to distract from the
issue of US government misconduct. Ask yourself: if I were a Chinese
spy, why wouldn't I have flown directly into Beijing? I could be living
in a palace petting a phoenix by now."
From live Q&A with Edward Snowden at the Guardian
The thought has occurred to me more than once that if only Edward Snowden had to face a room full of geeks -- instead of WikiLeaks freaks or the FSB or whatever it is he talks to these days -- they might undo a lot of his "hysterical hypothetical claims" and they might completely pwn him. They might force him to admit that his material is based on edge-casing and not solid field data and cases that are replicable.
People think that because computer programming is "science" or "engineering" that the people who do it are "scientists" and "engineers". But they are actually hugely emotional and create incredible fantasies all the time -- they have a habit of projecting an abstraction as a virtuality, then using totalitarian methods to try to force it on reality whether it fits or not. It truly is awful stuff. If you didn't get this from reading my blogs over the years, read this amazing set of complaints from women techs trying to make it in Silicon Valley, not only from the perspective of sexism, but from the perspective of what kind of culture this is -- coercive, authoritarian, crazy. Snowden comes from that sort of crazy town -- it's nasty and vicious, but ultimately a puncturable bubble.
Why? Because there is no more blistering, hateful, malicious creature for another geek that his fellow geek. They treat each other HORRIBLY. You get a sense of this with Harper Reed's discussion of the software "pruning" process but that doesn't even begin to describe how it is -- people who have been in Second Life or even who have wrestled with Drupal installations on their company's website will know exactly what I mean. Horrid little creatues insisting on insane perfection that has no basis is reality and casting withering scorn on anybody with common sense.
So often the only antidote to this cult is sort of the innoculation immunization theory of some of the disease.
If you look at each one of Snowden's "revelations," you'll find that in every case, although the Guardian or the Washington Post has broken the stories with breathless adulation and glory with numerous fanboyz trailing them, and it seems there is no room for doubt, sometimes in obscure tech journals, someone has countered them with various fact-based objections or even just educated baffled questions. A lot of the best stuff is done on two blogs, one at the Daily Banter by Bob Cesca and the other by John Schindler who is a former NSA officer.
But for my money, the way Snowden will ultimately be brought down is in a Sharia-style court proceeding in the IRC channel when elder geeks -- crypto experts in particular -- who themselves likely hate the "security state" and "massive surveillance" still find Snowden's stuff to be crap, and precisely because they are ideologues and idealists, tear him to ribbons to "make it better".
Remember, Snowden isn't an encryption expert as such (although this entire story isn't about content and really about who gets to encrypt what) --- he's an "information architecture specialist" or "systems analyst" and those are different roles.
In the course of this geek gnawing at Snowden -- or ultimately all-out attack -- ultimately we may puncture the myth of Snowden, and I think this will go far to getting a better assessment about how our country's national security should be arranged in a world of very real and very skilled enemies, including those inside.
As a non-technical person, all I can do here is flag this issue and hope others will explore it. I often found, for example, with the hysterical anti-SOPA crusade, that few of the people retweeting the slogans or doing activist-journalism around it had actually read the bill or if they had, actually understood how the give and take of law interpretation in court actually works. They would scream that agents from Homeland Security would swoop down on teenager's blogs on Tumblr and all of Facebook would go dark -- despite numerous restrictions and caveats built into the law that defined the scope or size or value or number of repetitions or technical capacity involved in piracy ensuring that no casual blog link or upload was going to be targeted.
It was as if suddenly masses of literalist magistrate-oriented civil-law practitioners descended on a common-law Supreme Court- interpretation situation without getting the difference. We would hear the "horror" of "breaking the Internet" by having blocked links and how this would "harm" https -- yet a few lone engineers would explain that in fact this was a hypothetical - once again - and that the hysterics weren't admitting that many companies were not putting in https because of vulnerabilities or the nuisance and expense of it.
It was interesting that when Snowden -- and then Greenwald channelling him -- claimed there was "direct access" to the major Internet service providers and social media, the tech press within 24 hours was denying this. This wasn't just TechCrunch, owned by AOL, trying to do damage control over its commercial reputation. There were other scrappier geeky pubs online that took up this same theme -- what do you mean *direct*, when it's not like you have a log-on, or it's not like you've jacked into a LAN with your laptop (hey, like Aaron Swartz did with MIT, remember?)
The Verge was one of those expressing doubts. GIGAOM, which is a hugely popular gaming and tech site, said "somebody's lying" when they saw that Snowden claimed there was direct access, but the big companies said there wasn't.
An interesting comment in the GIGAOM piece came from "Sean" (emphasis added):
Snowden had the opportunity to clarify “direct access” in a Q&A conducted after that interview had taken place and he punted:
http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower#block-51bf2ac1e4b05a46aeeb319b
” Define in as much detail as you can what “direct access” means.
More detail on how direct NSA’s accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on – it’s all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.”
Compare that to Drummond’s answer:
http://www.guardian.co.uk/technology/blog/2013/jun/19/google-chief-legal-officer-david-drummond-live-q-and-a
“I’m not sure I can say this more clearly: we’re not in cahoots with the NSA and there’s is no government program that Google participates in that allows the kind of access that the media originally reported. Note that I say “originally” because you’ll see that many of those original sources corrected their articles after it became clear that the PRISM slides were not accurate. Now, what does happen is that we get specific requests from the government for user data. We review each of those requests and push back when the request is overly broad or doesn’t follow the correct process. There is no free-for-all, no direct access, no indirect access, no back door, no drop box.”I don’t think it’s a question of “who is lying?” just that there are still many unknowns.
Read some of the other comments there. Here's what someone named Richard Steven Hack says, who is skeptical of the NSA's claim and leery of Google, but inadvertently points up something that is a "dog that doesn't bark":
Yes, someone is lying – or at least spinning. It’s not Snowden who’s making a general statement that everything is being collected. Google and the other companies are spinning HOW MUCH data is being provided to the intelligence systems.
OTOH, once these collection systems are in place, I wouldn’t be surprised if the companies DO NOT EVEN KNOW how much data is being collected. Do they know whether the intelligence agency came in with one sort of collection method and then enhanced it without their knowledge to collect even more? In this respect, further technical detail WOULD be useful, but I suspect we won’t get it from Snowden. A whistle blower from Google or the NSA who maintains these portals would have to come forward.
You would think that if there were these outrages, other "persons of conscience" would come forward out of this system of the NSA employing tens and tens of thousands of people and say, "Yes, I can confirm what Snowden is saying, and here's why."
Or you would think that failing that -- perhaps they have really good salaries and perks and are reluctant to "leave paradise" as the brave Snowden did *cough* -- there would at least be conscientious *Google* people who would jump ship now and say "I alone escaped to tell you..."
But there aren't. And I think that's because this isn't about conscience, but about espionage and sabotage and we are being snowed that it is about whistleblowing.
Another crack in the Snowden hero-coder-whistleblower facade came with this challenge of the claim --- made in a Der Spiegel story engineered by Jacob Appelbaum and Laura Poitras, that the NSA vacuums up cell phone info.
And then today we got this highly interesting cri de coeur from American geeks regarding the handling of the Snowden claims by the non-techs Greenwald and Poitras, and their techie-but-inept helper Appelbaum. (I say "inept" because many of his own peers have raked him across the coals for managing Tor poorly and exposing many users to an FBI sting operation.)
Soghoian is a Soros-funded fellow, privacy expert and regular crypto kid who now works for the ACLU. He says:
It's a withering statement, if you know this crowd. In fact, he's snarking at Greenwald, who must be livid, given how much "red meat" he likely feels he's already put out for this gang.Can a tech-focused, in-depth news site please partner with @ggreenwald? The security community shouldn't have to beg for scraps.
But it's awfully thin on technical detail, and we all can see that, even being non-techies.
There's more.
Alex Stamos, another lawfarer who defended Aaron Swartz vigorously whom I challenged up and down on the Volokh Conspiracy, cries:
@csoghoian This is getting ridiculous. @ggreenwald and the other journalists need to release details so we can protect ourselves.
Ouch. These maximizers of coerced transparency for the NSA at the Guardian and hiding in Berlin in fact are scarce on the kind of details real experts need to determine if in fact they are all screwed, i.e. their crypto is shit because the NSA has screwed with the numbers.
Like a common Second Life forums-dweller scanning people's jpegs for personal clues to dox them, Soghoian is reduced to looking over Glenn's shoulder at the slides and finding glimpses of things that might mean something...like the GCHQ's SSL FlyingPig database.
Flying Pig! Imagine that!
He points out that this is a mail.ru IP address. Well, gosh, you know, it is not only legal to spy on the Russians; it is imperative.
Oh, BTW, when was Laura Poitras going to tell us that all that evil spying by the NSA on the G20 in 2009 was largely about spying on...Medvedev, the Russian president who went there. But that's a good thing. Of course you have to spy on Medvedev!
I don't have the time or ability to go through every single one of Snowden's revelations, now listed in various places, and match it to the refutations that in fact are out there -- sometimes on YCombinator or Ars Technica forums and sometimes in pieces like Bob Cesca's -- and then go to knowledgeable geeks and say, but hey, what about this? Is this really true? Does it really work that way?
I do hope somebody is doing that.
To the extent that this can be done by the private sector and in public, the better, i.e. no doubt the NSA and its review panel (with Cass Sunstein on it! Horrors!) are going to look at this sort of thing, but that's just not as credible.
Geeks like Stamos and Soghoian are pompous, arrogant asses who are insufferable -- in the way that Sam Biddle piece on the culture of men in Silicon Valley explains to you in very hair-raising fashion.
But they do know their business to some extent and can be useful, especially with multiple correctives of other arrogant assholes like themselves.
Put them to work, and I think eventually you will see Snowy nailed to the wall.
Recent Comments