Lessons from Snowden

There are many lessons to be learned from the Edward Snowden affair, but probably not the ones the NSA or privacy hawks want to admit.

First, a reminder to the NSA that it actually has two missions. It is not only responsible for finding out the secrets of foreign governments, it is also charged with protecting the secrets of the US. Yet somehow, not one, but two very junior employees have managed to walk out the door with several gigabytes of information classified Top Secret or higher. That type of disclosure-catastrophe was meant to have been put an end to with the Aldrich Ames case in 1994. Regardless of your position on what Snowden did, it never should be that easy to steal classified information.

What worries me most about the prosecution of Snowden and Bradley Manning is that despite spending tens of billions a year on data security, the best the US can do to stem future disclosures is to threaten to send the perpetrators to jail.

There is plenty of available technology that could be applied to lock information down to prevent disclosure. But the ugly fact of the matter is that despite the Orwellian rebranding of the War Department as the ‘Department of Defense’ (the NSA is officially under DOD), the institution is still much more interested in making war than the far less glamorous business of making America and its allies actually safe.

A case in point is the recent headlong rush into building a US cyber-command that has gleefully attacked Iran with malware known as Stuxnet and Flame. A line has been crossed.  The US has decided that nuclear facilities declared to the IAEA as “civil” are fair game for attack, despite the fact that Iran has one nuclear power station and the US has over a hundred. (Meaning: We have to more to lose from a policy of mutually-assured nuclear plant attacks.)

It is often said that people hear about intelligence failures, but never the success stories. Actually the reverse is often the case. Much of the mystique that surrounds the CIA was carefully constructed by Allen Dulles, who spun long tales of the agency’s purported successes. The fact that the price of this success was maintaining a long list of blood drenched dictators from the Shah of Iran to Pinochet was quietly hidden from view.

The aphorism is true in one sense however: We know about the traitors who get caught or confess.

Ed-Snowden

NSA leaker Edward Snowden.

What we don’t hear about is the Snowdens of the world, that the NSA has never caught, because instead of giving gigabytes of secrets to Glenn Greenwald, they sell them to the highest bidder. That secret loss of secrets does not much worry the NSA brass because it doesn’t end careers. But I worry about the fact that the NSA is not just a giant vacuum sucking up secrets from every part of the US economy, it is an organization that has shown itself to be incompetent at keeping secrets.

President Obama must have been a rather easy mark for the NSA, coming into office as he did with the US fighting not one, but two losing wars. His predecessor had weeded out every member of the General staff with the courage to tell the President that his ideas were insane. As long as the NSA was delivering the goods, Obama was not going to ask hard questions about how the goods were being found.

Now that Snowden has blown the covers off PRISM, and the fact that the US has a military agency performing blanket surveillance on every communication exchanged, avoiding the hard questions is going to get a whole lot harder.

The PRISM revelations have already started to cost US companies business. Before PRISM, it appeared almost certain that US technology companies like Amazon, Rackspace and EMC would dominate the fast growing global market in ‘cloud services’. The basic idea of ‘the cloud’ being that it is cheaper to have one company running the IT infrastructure for a thousand similar companies, than having each of those thousand companies staff up and build out the necessary data centers to do the job in-house.

All seemed to be going perfectly well until it was discovered that the US government was performing warrantless searches on a scale vastly greater than anyone had previously imagined (outside the NSA itself). A European company in the aerospace business, looking for a cloud service provider, is now rather unlikely to be buying cloud services from Amazon knowing that the NSA could be passing all their confidential trade secrets to American aerospace companies.

And this is the real lesson of ‘Lavabit’, the so-called encrypted email system that Snowden was using. If there was any doubt that Snowden was an amateur in the spook world, his choice of email encryption technology proved his inexperience, in my opinion. The basic idea of Lavabit was that it would provide ‘better’ security than Gmail because, well… I have been reading what remains of the specs online, and I really can’t see a very good reason.

Lavabit appears to have operated a service in which you could send them an email via an SSL encrypted tunnel (like gmail) and they would encrypt it and store it safe and only deliver it to the intended recipient via an SSL encrypted tunnel (like Gmail). Unless I am missing something very clever, the claim that they were ‘more secure’ than Gmail against a subpoena attack essentially came down to you trusting Lavabit not to take a copy of the email and hand it to the NSA/FBI before they encrypted it for your intended recipient.  I’m not sure I do.

The lesson I take from this whole mess is that we need to change the nature of the debate on wiretapping. We do not face the choice between “privacy” and “stopping terrorism” that the defenders of the wiretap-state would have us believe.

Instead the wiretap-state has security costs as well as benefits, and those costs may be creating greater insecurity than the boosters of unrestricted, unaccountable wiretaps would have us believe.

Share This Post

© 2018 AMERICAblog Media, LLC. All rights reserved. · Entries RSS