Washington Post comments: In this slide from a National Security Agency presentation on “Google Cloud Exploitation,” a sketch shows where the “Public Internet” meets the internal “Google Cloud” where user data resides. Two engineers with close ties to Google exploded in profanity when they saw the drawing.
- ashkan soltani
@ashk4n
31 Oct
My Halloween costume… #google #backdoors #too_soon pic.twitter.com/zwxaL8ahOQ
-
@ashk4n @bartongellman Did you actually prove there are these back doors or is the sketch just aspirational, i.e. a pitch from a consultant?
CatherineFitzpatrick
@catfitz
Barton GellmanVerified account
@bartongellman
-
@bartongellman I did read the story very carefully, multiple times. Can't you answer yes or no, regarding possibility this is a wish sketch
-
@bartongellman your point amounts to claiming that once again that mere collection of metadata is intrusive. I disagree. No new news here.
-
@bartongellman It's not like Google holds files in clear text in the cloud, NSA can just tap into *content* at will. Surely you don't say.
-
-
@bartongellman The lede says "secretly taps into" as fact; but the graphic says "may have," "may have" - there's the hole in your story.
-
@bartongellman I've been tuned. And I see that a) you don't have any individual cases b) no geeks external to your brotherhood confirming
-
@bartongellman Oh, so now you're saying the problem isn't "reading comprehension" but that you haven't told us yet, it's in next episode.
-
So as I pointed out, I've been unimpressed with the coverage of the "anger" that supposedly Google and other platform providers like Facebook are reputedly displaying over the NSA allegedly tapping into their servers without their consent. I'm not seeing it.
Remember Glenn Greenwald and Barton Gellman got this story all wrong when they first began talking about PRISM, claiming there was a direct tap when there wasn't -- there were merely servers made available to sequester data and hand it over to law enforcement when they had already made legitimate requests. It's not like the NSA tapped into Google or Facebook, oh, you know, the way Aaron Swartz tapped directly into MIT's servers through jacking right into their LAN network in the server closet with a laptop. You know, that kind of thing.
Except, now the story is that no, they did have access.
This funny little drawing above supposedly shows the NSA grinning and winking and sneaking in to strip away the Secure Socket Layer (SSL) of communications behind Google's back (I'm copying it here because it began as a government document which was not supposed to be in the public domain, but now is, i.e. it's not proprietary to the Washington Post).
I really had to wonder about this. I am not a techie but I do know a little bit about servers. Google has stuff encrypted. What are they saying, that in between servers when the data is piped around, in the cloud, Google is vulnerable, or that in the cloud, Google keeps things in clear text? That's ridiculous.
What this sketch looked to me was a lot like the slides in the PRISM stories -- or for that matter, the slides contemplated for the HPGary work that never came to pass.
Snowden was a contractor at Booz, Allen Hamilton. Could these slides be merely contractors' pitches to the NSA? Aspirational? Trying to find ways to serve their customer? Would that be all that Snowden really had here?
Er, wouldn't the real NSA -- the heart of the NSA -- be a little bit more sophisticated in how they work up sketches for such a dramatic thing as tapping surreptiously into the Google line? My God, this looks like the back of a paper napkin at cocktail hour -- even if it is is on a slide titled "Current Efforts."
There's something that just doesn't add up here.
And here's the thing I noticed. In the sketches accompanying the article, the lede says "The NSA, working with its British counterpart, the Government Communications Headquarters (GCHQ), secretly taps into the internal networks of Yahoo and Google." But in the text to the sketch, the phrase is "may have" several times:
The NSA may have figured out ways to tap directly into Google's privately owned and managed Internet links.
The NSA's British counterpart, the CGHQ, may have induced or compelled a third party -- such as the operator of a cable landing station, a major Internet exchange or a data center that Google shares with other companies -- to install surveillance equipment on Google's private cables.
So in fact it's just not definitive.
So I asked Bart Gellman directly, as you can see.
In a total putdown (with that faux politeness always implied when people say "respectively"), he told me I hadn't read the article. Of course I read the article, multiple times. Why do these adversarial journalists always think reading comprehension is an issue and they can merely insult the reader instead of answering the question? Could that be because Gellman himself said he didn't understand "half the documents" when he first got them?
Sure, they're complicated, and for technical insiders to decipher. But it doesn't add up. So I ask questions about it.
I asked multiple questions. I asked him to answer yes or no, whether this was a sketch that was only a consulting company's aspirations of what they could offer their client or think their client wanted, and not the actual practice. Could he answer that without calling names and implying I was illiterate?
So he finally replied "no" i.e. it is not a wish sketch but an actuality (despite the "may" in the diagrams) and said "stay tuned."
Well, as I said, this sounded like another episode of Tom Terrific.
I can't imagine why they'd drib and drab a thing like that out, and if they had proof, why it wouldn't have gone not only in this month's story, but the very first one in June. I bet they don't have anything to back this up.
As we can see in recent weeks, with much flourish, Bart added a geek to his byline -- Ashkan Soltani. Soltani is an activist with an agenda, not merely some technologist. He is author of KnowPrivacy and has a demand to strip away all the web bugs or make them visible at least in the name of privacy. BTW, Bob Cesca is the guy who really popularized web bugs by outing them on the Guardian every time they do a Snowden story demanding privacy -- LOL.
But lost in Ashkan's indignation and zeal to encrypt absolutely is a recognition that commerce is required for people's livelihoods on the Internet and commerce is a good thing and that ads are a good thing. If my local drug store web page puts bugs or cookies and follows me around to see what I'm interested in to pitch me, oh, cold medicine or a flu shot -- who cares? I like coupons. Who doesn't? (BTW, cookies and bugs are different, and they've deliberately made the bugs more scary by calling them "bugs" instead of trackers -- they aren't actual malware or malfunctions in code, just code these socialist Puritans don't like).
In other words, before there is a transition to that "getting another business model" that people like this always haughtily demand of Silicon Valley businesses, they are for stripping away the modes of making money. I'm simply not for doing that. If you are so private and can't bear the world to know something about you, stay off the Internet.
I sometimes pause to think that the half dozen or so people closest to me, with whom I talk every day and visit and spend time with every week are the ones least on the Internet, or barely on it at all, and who are face-to-face people, not people I "share" things with on Facebook or Twitter. While Twitter or Facebook "friends" might get a minute or five minutes of exchange a day, and a Second Life friend might get a 10 or even 20 minute conversation, the real friends of real life are for those conversations that go on for hours, usuall over a meal or on the telephone. Funny, isn't it? Because private life is private. It can be done. And what Snowden says at his Sam Adams awards ceremony is a lie:
People all over the world are realizing that these programs don’t make us more safe, they hurt our economy, they hurt our country, they limit our ability to speak and think and live and be creative, to have relationships, to associate freely.
Baloney. I haven't felt the slightest constraint on my ability to speak and think and associate freely since Snowden violated our country's privacy by hacking its intelligence files. It's just not true. I've had more exposure of privacy from Anonymous doxing me than anything the government ever does, even if Snowden's claims are true. And I think most people, if they are sincere with themselves, would have to concede this. If anything, his hacking has limited the ability of the US to associate freely because it has undermined the trust of allies like Germany.
Bart Gellman said that he didn't understand half of the documents he got from Snowden because they contained so many complexities and technical jargon only an insider could understand. Eventually he recruited Solani to work with him to avoid the kind of mistakes made in the initial reports.
But these people are now dependent on the Brotherhood just like clueless parents who can't program their blinking VCR used to become dependent on the nine-year-old boy in the family to fix it for them.
I was struck again by this VCR-type phenomenon when Rusbridger, editor of the Guardian referenced his ignorance in the way of technology in his piece in The New York Review of Books of just how dependent these adversarial journalists have become on the tech Brotherhood around Snowden:
A recent Economist editorial also saw the alarming significance of NSA policies weakening the integrity of the Internet itself:
Any deliberate subversion of cryptographic systems by the NSA is simply a bad idea, and should stop. That would make life harder for the [official government] spooks, true, but there are plenty of other more targeted techniques they can use that do not reduce the security of the internet for all of its users, damage the reputation of America’s technology industry and leave its government looking untrustworthy and hypocritical.
I have a confession to make: I did not myself spot that story—of how law enforcement agencies are trying to undermine private encryption capacities—that was nested in the GCHQ/NSA documents; and even when it was explained to me by the young specialist technology reporters who did grasp its significance, I did not immediately understand it. Embarrassingly, I had to sketch a childlike drawing to confirm what I thought Jeff Larson, a Web developer and reporter at ProPublica, and James Ball, our own twenty-seven-year-old reporter and technical whiz kid, were telling me.
Leave aside the fact that Wired and other tech publications have questioned whether these standards are really undermined -- again, we don't have proof and we only have Greenwald's name-calling. But more to the point, the technicians supposedly impartially helping these adversarial journalists are themselves even more biased!
James Ball was a former staff person at WikiLeaks -- a consummate "hacktivist" if not anarchist. Jeff Larson formerly ran the Red diaper-baby Nation's online work during the 2008 campaign (Obama) and now is at Propublica. He is obviously a "progressive" -- he wouldn't work there if he weren't. Now mind you, ProPublica does solid work, but it definitely tilts to the left. And even when it appears to be unbiased -- as Larson's story about Democrats re-districting in California -- there's an even deeper agenda at work. The story exposes "powerful interests" that "draw you out of a vote" -- but what's the moral? Better not to have districting. Better not to have redrawing by anybody -- by established parties. Let radical hackers make "a Better World" for you beyond parties (remember, that's what Google's Sergei Brin openly calls for.) Better not to have the organic nature of politics and instead, turn it into a machine that expertly culls opinion and drills down demographics like Obama for America did.
Ultimately, this is how democracy gets undermined -- when technicians who expose the foibles of human nature think they can do a better mechanical job of it. If the authors had focused on Republican gerrymandering, people would go on thinking that just fairness would fix it. By focusing on more beloved Democratic gerrymandering, the authorts do one of those Cass Sunstein "nudges" and force you to the conclusion that it is better not to have this kind of democracy at all. Well, no thank you, the geeks are the problem.
This is one area where I agree with Evgeny Morozov, who has written about the need to have things less than perfect, or they are not free.
Even if Gellman comes up with the goods and demonstrates that in fact the NSA really did find a way to jack into Google somehow unknown to the best Internet engineers in the world, it doesn't matter, as Loren Feldman would say. There are remedies for this, and the FISC and Congress can address it. Meanwhile, the problem remains that Google has scraped up all the data in the first place so as to become, so to speak, an attractive nuisance. And it did that largely in the name of the click-ad model. Fixing the failure to enable secure commodifying of digital items is vital to the entire prospect of a secure Internet with privacy of communications with law-enforcement still able to access for legitimate purposes.
Recent Comments