The best answer to PRISM’s abuses is strong cryptography in the hands of the public

Trying to make sense of the official pronouncements about the National Security Agency’s PRISM program is like trying to nail Jello to a wall.

First, a quick primer.  PRISM is a highly classified NSA program whereby the computer servers of nine Internet companies, including Microsoft, Yahoo, Google, Facebook, Skype and YouTube, are tapped by the US government. We now know that the disclosure of PRISM’s existence came from disgruntled NSA contractor Edward Snowden.

Now back to the confusion that is the official response to PRISM going public:

  • Snowden, we are to believe, is a terrible person: dishonest, disloyal and a traitor to boot. But we can nevertheless have absolute confidence in the NSA wiretap program, the honesty and integrity of the people who run it, and the safeguards that would prevent anyone abusing that trust.
  • The administration welcomes the debate on PRISM, but is committed to making sure that the person who made that debate possible spends the rest of his life behind bars.
  • Congress is outraged that the administration would make use of the powers granted by Congress in the PATRIOT act of 2001, and the subsequent renewal in 2011.

Easier to make sense of than the evasions, are the outright lies:

In March, at an open congressional hearing, Sen. Ron Wyden (D-Ore.) asked Director of National Intelligence James Clapper a simple question: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper said the NSA does no such thing. We’ve now seen pretty obvious evidence to the contrary.

When NBC’s Andrea Mitchell asked Clapper over the weekend about the exchange, he said the question was “not answerable necessarily by a simple yes or no,” so he “responded in what I thought was the most truthful, or least untruthful, manner by saying, ‘No.’ “

And then there is Rep. Peter King, who only last month was calling for Holder to resign for merely obtaining a court order to get the telephone records of a reporter who had published leaked intelligence. Yet, this week King is calling for Greenwald to be prosecuted for reporting the Snowden leaks.

Greenwald’s response is classic, pointing out that King lied when he accused Greenwald of threatening to leak the names of CIA agents, and that he was not going to take lessons in National Security from a supporter of the IRA.

The Rosetta Stone in the British Museum (photo by Hans Hillewaert)

The Rosetta Stone in the British Museum (photo by Hans Hillewaert)

While these phenomena may appear to be contradictory and inconsistent, they are all explained by a simple model: Whenever a bureaucrat talks about ‘damage to national security,’ they actually mean ‘inconveniently revealing truths that embarras us’. And congressmen like King simply say whatever they think will make them popular at that moment, regardless of consistency with their earlier statement,s or whether it is true.

I don’t hold a security clearance, and I have never been on the NSA payroll as either a contractor or an employee. But I work in information security, and it is impossible to work in the field at a high level without interacting with the NSA at some point.

One of the biggest myths being peddled regarding PRISM is the notion that the NSA only spies on bad people. Anyone saying that is either ignorant of what they are talking about, a liar or both. Intelligence agencies exist to gather information, and to get information you spy on people who you think might have the information you want.

During the 1990s, the civil field of information cryptography was engaged in a long struggle with the NSA and FBI to enable the use of strong cryptography in network applications such as the Web browser you are using to read this post. These events are known in the field as ‘the cryptowars’. They began when a Federal grand jury began hearing evidence that Phil Zimmerman had violated the export control act by publishing PGP on the Internet, and ended with the launch of Windows 2000, that contained strong cryptography without a back door access mechanism.

During the cryptowars we were attacked in the same terms that Snowden is being attacked today: You are helping terrorists, organized crime, and pedophiles.

Zimmerman spent three years under threat of imminent prosecution. Twenty years later that same strong cryptography is the reason we can shop on the Web and bank online at home. And while President Obama is asking for targets to cyber-attack, my focus is on working out ways to defend critical infrastructure at home. Without water, sewer and electricity, New York City would become a major public health hazard in days. We live in an awfully big cyber-house to start throwing cyber0stones. Even the NSA now agrees that strong cryptography is essential to our cyber-defense.

The NSA was founded on the belief that control of information was vital to national security. The NSA has a dual role, to help the US government protect its own information and to learn as much as possible from everyone else. The Web is founded on the exact opposite principle: To put people in control of their own information. I first got involved in the Web in 1992 because I didn’t think that Rupert Murdoch, a conservative Australian press baron, should be the person deciding who governs Britain. Securing the Web means putting users, not governments, in control of who sees their data.

We don’t yet know how much of a threat PRISM is to civil liberties, and it is quite likely we will never know. According to one report, PRISM is a highly targeted lawful intercept program in which Google, Facebook et. al., release information in response to a court order by means of a Secure FTP connection. According to another, PRISM is a covert program that has established direct connections to the Internet exchanges into which the major data centers connect.

It is quite possible that both reports are correct, and two programs were given the same code name to confuse the issue in case of discovery. If people really want to chase white rabbits, perhaps the whole scheme is a cunning 11th dimensional chess plan devised by Obama to trick the GOP into repealing the PATRIOT act out of spite.

As a result of all of this, progressives will press for repeal of the PATRIOT act.  And even though the next extension in 2015 is almost certain to be approved, it will certainly be a more costly process for the administration than the last renewal.

But even if PATRIOT is modified or repealed, what one Congress does can be undone by the next. And the George W. Bush has proved that an administration can still wiretap without warrants, and even commit torture with impunity.

Repeal of PATRIOT is highly desirable, but the solution is to put strong cryptography into everyone’s hands in a form that draws the fangs of the NSA for good.

Share This Post

© 2018 AMERICAblog Media, LLC. All rights reserved. · Entries RSS