Lessons from Snowden

There are many lessons to be learned from the Edward Snowden affair, but probably not the ones the NSA or privacy hawks want to admit.

First, a reminder to the NSA that it actually has two missions. It is not only responsible for finding out the secrets of foreign governments, it is also charged with protecting the secrets of the US. Yet somehow, not one, but two very junior employees have managed to walk out the door with several gigabytes of information classified Top Secret or higher. That type of disclosure-catastrophe was meant to have been put an end to with the Aldrich Ames case in 1994. Regardless of your position on what Snowden did, it never should be that easy to steal classified information.

What worries me most about the prosecution of Snowden and Bradley Manning is that despite spending tens of billions a year on data security, the best the US can do to stem future disclosures is to threaten to send the perpetrators to jail.

There is plenty of available technology that could be applied to lock information down to prevent disclosure. But the ugly fact of the matter is that despite the Orwellian rebranding of the War Department as the ‘Department of Defense’ (the NSA is officially under DOD), the institution is still much more interested in making war than the far less glamorous business of making America and its allies actually safe.

A case in point is the recent headlong rush into building a US cyber-command that has gleefully attacked Iran with malware known as Stuxnet and Flame. A line has been crossed.  The US has decided that nuclear facilities declared to the IAEA as “civil” are fair game for attack, despite the fact that Iran has one nuclear power station and the US has over a hundred. (Meaning: We have to more to lose from a policy of mutually-assured nuclear plant attacks.)

It is often said that people hear about intelligence failures, but never the success stories. Actually the reverse is often the case. Much of the mystique that surrounds the CIA was carefully constructed by Allen Dulles, who spun long tales of the agency’s purported successes. The fact that the price of this success was maintaining a long list of blood drenched dictators from the Shah of Iran to Pinochet was quietly hidden from view.

The aphorism is true in one sense however: We know about the traitors who get caught or confess.

Ed-Snowden

NSA leaker Edward Snowden.

What we don’t hear about is the Snowdens of the world, that the NSA has never caught, because instead of giving gigabytes of secrets to Glenn Greenwald, they sell them to the highest bidder. That secret loss of secrets does not much worry the NSA brass because it doesn’t end careers. But I worry about the fact that the NSA is not just a giant vacuum sucking up secrets from every part of the US economy, it is an organization that has shown itself to be incompetent at keeping secrets.

President Obama must have been a rather easy mark for the NSA, coming into office as he did with the US fighting not one, but two losing wars. His predecessor had weeded out every member of the General staff with the courage to tell the President that his ideas were insane. As long as the NSA was delivering the goods, Obama was not going to ask hard questions about how the goods were being found.

Now that Snowden has blown the covers off PRISM, and the fact that the US has a military agency performing blanket surveillance on every communication exchanged, avoiding the hard questions is going to get a whole lot harder.

The PRISM revelations have already started to cost US companies business. Before PRISM, it appeared almost certain that US technology companies like Amazon, Rackspace and EMC would dominate the fast growing global market in ‘cloud services’. The basic idea of ‘the cloud’ being that it is cheaper to have one company running the IT infrastructure for a thousand similar companies, than having each of those thousand companies staff up and build out the necessary data centers to do the job in-house.

All seemed to be going perfectly well until it was discovered that the US government was performing warrantless searches on a scale vastly greater than anyone had previously imagined (outside the NSA itself). A European company in the aerospace business, looking for a cloud service provider, is now rather unlikely to be buying cloud services from Amazon knowing that the NSA could be passing all their confidential trade secrets to American aerospace companies.

And this is the real lesson of ‘Lavabit’, the so-called encrypted email system that Snowden was using. If there was any doubt that Snowden was an amateur in the spook world, his choice of email encryption technology proved his inexperience, in my opinion. The basic idea of Lavabit was that it would provide ‘better’ security than Gmail because, well… I have been reading what remains of the specs online, and I really can’t see a very good reason.

Lavabit appears to have operated a service in which you could send them an email via an SSL encrypted tunnel (like gmail) and they would encrypt it and store it safe and only deliver it to the intended recipient via an SSL encrypted tunnel (like Gmail). Unless I am missing something very clever, the claim that they were ‘more secure’ than Gmail against a subpoena attack essentially came down to you trusting Lavabit not to take a copy of the email and hand it to the NSA/FBI before they encrypted it for your intended recipient.  I’m not sure I do.

The lesson I take from this whole mess is that we need to change the nature of the debate on wiretapping. We do not face the choice between “privacy” and “stopping terrorism” that the defenders of the wiretap-state would have us believe.

Instead the wiretap-state has security costs as well as benefits, and those costs may be creating greater insecurity than the boosters of unrestricted, unaccountable wiretaps would have us believe.

Share This Post

31 Responses to “Lessons from Snowden”

  1. Lina Miny says:

    NSA now realizes that their security system is not enough to protect the data they hold.
    _____________________________________________________________________
    Geld verdienen

  2. GaiusPublius says:

    This really is a MustRead. You nailed one big piece of it, Myrddin.

    I’ve been writing about the huge opportunity for corrupt uses of NSA-collected data by people with access, and friends of friends of people with access. Tip of the tip of the iceberg, IMO. This expands v.well on how and why. Thanks!

    GP

  3. karmanot says:

    Bingo! DeBord nailed it. DeBord might argue that the ‘tipping point’ itself is a reflex of the Spectacle.

  4. Mocas Dad says:

    Nobel Peace Prize winner! As a liberal who was already thoroughly disenchanted with Obama (his pre-election vote on telecom immunity, rick warren, reagan adulation, promising to double down on Afghanistan, closed door deal making with big pharma, etc), I was waaaay more WTF about that prize than most RW wackos. Maybe Putin will be the next winner.

  5. dula says:

    Senate committee had authority to expose NSA all along:

    http://www.commondreams.org/headline/2013/08/13-5

  6. bkmn says:

    And as far as Manning, why does a low ranking private have access to all this information?

    Who is responsible for him having access to all that “critical” information?

    That is the person that should be on trial.

  7. cambridgemac says:

    Read Societe du Spectacle, by Guy DeBord. As I recall, he argued – 40 years ago – that western societies were already split between those “on the inside” (with access to “secret” information) and everyone else. With concentric circles of people more in the know than others. I believe Orwell anticipated this. Anyway, the point is, we’ve been like this for a long time. Only now we’ve reached a tipping point.

  8. Naja pallida says:

    For what? I personally wouldn’t nominate any of them for dog catcher, much less higher office – or their current office.

  9. BeccaM says:

    I’m beginning to think we’re also dealing with the creation of a new kind of class division: The regular folks and those with access to the secrets, particularly those relating to the regular folks.

    And those with access to the most secrets are now saying they need access to even more previously private information and the ability to conduct surveillance — either in real-time or by accessing data already gathered — any time they choose, for reasons they assure us are necessary, but which we’re not allowed to know about.

    The existence of the secrets themselves is supposed to be secret and accountable to no one.

  10. Bill_Perdue says:

    His racist murders of Anwar al-Aulaqi, Samir Khan, ‘Abd al-Rahman Anwar al-Aulaqi and Jude Mohammed, his wars of aggression and war crimes, his attacks on unions and working people, his malign indifference to people of color and immigrant bashing are criminal acts. I’ll leave it up to the lawyers to figure out if they’re also treason, but whatever they’re defined as they’re ringing a death knell for Democrats and Republicans who advocate more of the same.

    And that’s a good thing.

  11. HolyMoly says:

    He shouldn’t be the one awarding the Medal of Freedom or Medal of Honor to either Manning or Snowden.

    If he violated the Constitution, then the Constitution says exactly what O’s fate should be. But alas, we have too many people who will say “but he did it for the right reasons” or some such nonsense, and he’ll get a pass.

    Future presidential hopefuls would likely want to give a little leeway now in exchange for the same treatment for themselves when they get into office. Pretty much what O did…he didn’t prosecute ANYone from the Bush administration for war crimes they obviously committed. I suppose he figured he didn’t want to be subject to the same accountability in the future. Look Forward, Not Backward…unless you’re looking at Snowden, Manning, or some other such powerless individual.

  12. HolyMoly says:

    On the NSA’s inability to keep secrets: There’s an old saying — and I’m paraphrasing here — that the odds of classified material being revealed is directly proportional to the number of people who are privy to that information…squared…or something like that.

    We now know that not only are they spying on all of our phone calls, but that they’re sharing that information with the FBI, DEA, IRS, etc. (which means, of course, they are eavesdropping on the CONTENT, not just the metadata of our calls…how could they know you’ve said something of interest to the IRS unless they were listening?). Each time they let another agency in on the secret, they’re adding hundreds or thousands more people to the list of those who know about it.

    If Snowden didn’t consciously leak the information, it was only a matter of time before someone inadvertently blurted it out in court, on the golf course, to the neighbors, or across the dinner table. Once it gets that far, the floodgates are open, and there’s no stopping it.

    That to me is a severe case of incompetence on their part, and really they should have been surprised that the secret lasted as long as it did.

    In the case of this eavesdropping, it appears to me to be in violation of the Constitution, and I don’t believe classifying lawbreaking is a legitimate use of classification. Anyone aware of this should be obligated to let the cat out of the bag. Snowden felt obligated, and courageously did so.

    In the case of information that really SHOULD be kept classified, that really DOES affect national security, I have little faith in the NSA’s ability to keep anything secret for long. They really do need to be more careful in the future.

  13. nicho says:

    I’d take Michelle Bachman before Randy.

  14. nicho says:

    And Obama who has violated his presidential oath to uphold the Constitution, which, for the record, he took four times, what about him?

  15. nicho says:

    For what? Nuthouse? Jail? Unemployment? Washroom attendant?

  16. BeccaM says:

    I’m right there with you, Nicho.

    Snowden and Manning were just two men with access to the most sensitive of information. There are, in fact, thousands of people just like them doing similar jobs, with similar degrees of access.

    And we humans are flawed creatures. We’re prone to temptation and corruption and petty abuses of power, and make no mistake: Access to information that nobody else has is power.

    Our entire system of government — a democratic republic — was predicated on not trusting anyone to remain uncorrupted by the power they wield. Now our leaders “welcome the debate” that wouldn’t have been possible had not whistleblowers let us in on what was being done in our name, but those same leaders also make it clear they have absolutely no intention of stopping what they’re doing.

    They may say they want these powers and need these powers, but we citizens supposedly have the right to say, “Sure, but you can’t have them. It’s too much. The tradeoff isn’t worth it, because we value our civil rights, including the right to privacy.”

  17. caphillprof says:

    If Lavabit was so unsecure, then why was it so successful for Snowden?

  18. caphillprof says:

    Who else in the Senate or House would you suggest?

  19. Indigo says:

    This is getting exciting. It’s almost space opera and it’s surprisingly close to fictional cyber-opera. If what’s going on with Manning and Snowden and Assange is really for real, the future is already here and it’s nothing like what today’s Establishmentarians relish about their role in Plutocratic Today. As Cicero once said under distinctly separate circumstances with disturbingly resonant undertones, “Ubinam gentium summus?” [Where in the world are we?]

  20. MyrddinWilt says:

    No, the RSA patent expired long ago, we had a party for it.

    The problem with things like Lavabit is that they are the sort of security scheme that is easy to use but not at all secure in practice. It is called ‘end to end’ security but this is only marketing speak. Unless there is some additional piece I have not managed to discover a description of, Lavabit was not end to end security in the technical sense.

  21. ezpz says:

    And now we have this – (Common Dreams):

    Obama Appoints Documented ‘Liar’ to Convene NSA Review Board

    Investigation established by Clapper is part of president’s so-called transparency reforms

    http://www.commondreams.org/headline/2013/08/13-8

  22. Naja pallida says:

    Crazy for crazy sake is not a solution, nor even an idea toward a solution.

  23. guest3 says:

    Rand Paul!

  24. Bill_Perdue says:

    Manning and Snowden should be pardoned, awarded the presidential Medal of Freedom and compensated for being persecuted and in Manning’s case, tortured by the Obama administration.

    In addition, Manning, who fulfilled his oath to uphold the Constitution and then some, putting life and liberty at risk, should be awarded the Congressional Medal of Honor.

  25. rerutled says:

    After reading your description of Lavabit’s security, I went scrambling. The press has been calling Lavabit’s (former) service “end-to-end cryptographically secure”; and the site’s old tech descriptions are now gone. But reviews in the press describe the process as you do: text sent unencrypted through an SSL tunnel to lavabit.com; then encrypted for the recipient; then saved on their servers. This is clearly vulnerable to the possibility you site — that lavabit could make a copy of the clear text message once received by them from the sender. I don’t get why anyone fanatical about security would use such a service; the better approach always being to encrypt the message with the recipient’s private key on the sender’s computer. I’m not sure why public key cryptography hasn’t become a default standard yet — perhaps the patents held by RSA still hold.

  26. Bill_Perdue says:

    That could be dicey.

    We’d get rightwing anti-worker, zionist, mad dog warmonger Biden.

    Ford, except for the comic relief of his pratfalls, was no improvement over Nixon. https://www.youtube.com/watch?v=jlz0he9rtKw

    On the other hand it would be a well deserved kick in the face for the right wing Democrat party and would be very educational.

  27. GeorgeMokray says:

    So would Tom Paine. Remember that Robespierre imprisoned him after he’d been elected to the National Convention.

  28. Max_1 says:

    Thomas Payne would be a terrorist to this Congress and Administration…

  29. GeorgeMokray says:

    John Naughton’s piece in The Guardian (http://www.guardian.co.uk/technology/2013/jul/28/edward-snowden-death-of-internet) is the only commentary I’ve seen which digs deeper into the ramifications of the Snowden Effect, although Jeff Jarvis also has written touching on some of these issues:

    the internet as a truly global network are numbered
    the issue of internet governance is about to become very contentious
    the Obama administration’s “internet freedom agenda” has been exposed as patronising cant
    no US-based internet company can be trusted to protect our privacy or data

    and cloud computing is, to coin a phrase, under a permanent cloud

  30. Max_1 says:

    High Crimes
    IMPEACH

  31. nicho says:

    I’ve been saying this all along. The administration is painting both Snowden and Manning as low-level, emotionally disturbed, undereducated hirelings — yet they had access to the country’s most sensitive information. This tells you one of two things: Either the security apparatus of the NSA and the military is incredibly and unacceptably flawed or those perpetrating these constitutional violations are so filled with hubris, they thought they could put information of their war crimes and crimes against the Constitution in plain sight and not suffer consequences. Neither prospect bodes well for the empire.

© 2019 AMERICAblog Media, LLC. All rights reserved. · Entries RSS
CLOSE
CLOSE