Posts about nsa

Brazil, Snowden & the net at Davos

Here at Davos, I just left a media conversation with Brazilian President Dilma Rousseff at which I asked two questions relevant to the internet.

First, I asked under what circumstances she would consider granting asylum to Edward Snowden. She did not answer that question directly but said that the Brazilian government “has not been addressed” regarding an application for asylum, “therefore since I cannot possibly contemplate such a request you are working under a mistaken premise. The request was never formally submitted.” Interpret the subtleties of that as you may.

I also asked about controversial plans to require technology companies to store Brazilians’ data in Brazil, seeking her reaction to criticism that this will lead to a balkanized internet. She responded strictly in the context of criminal prosecution, saying that in an investigation into money laundering her justice department was denied access “precisely because it ran counter to the legislation of the country where the data was stored.”

“We cannot possibly accept that interference about data,” she continued. “It’s about our sovereignty…. We cannot find ourselves subject to the laws that prevail in third-party countries.” And then she added: “A compromise agreement is always possible.”

A few observations:

First, holding citizens’ data in Brazil makes it easier for the authorities to get data on those citizens for reasons good or bad.

Next, I’m surprised that she did not use this as an opportunity to continue her complaints about U.S. surveillance of Brazilian entities.

Instead, she put this as a matter of Brazilian sovereignty. That’s blunt but troubling. I’ve argued before that no nation should be able to claim sovereignty over the net.

If Brazil succeeds in imposing this data requirement, then it represents the further balkanization of the net. Brazil ends up with its own net, Iran does too, and so does China. The good-guy argument doesn’t wash for the architecture and precedent set by any good guy can be used by any bad guy.

Note also this week that Microsoft said it would honor customers’ requests to hold their data outside of the U.S. and the prying eyes of the NSA. At a practical level, it’s not hard to imagine that working for enterprise data; here at Davos, Salesforce.com’s Marc Benioff said his company can show a client the building and the rack where its data is held. But for consumer services, it is hard to imagine how, say, Bing could store, say, your search history outside the U.S. but mine inside.

And apart from those practical considerations, other tech executives said yesterday at Davos that the U.S. FISA court can still require a technology company to hand over data that is under its control, no matter whether that data is held in the U.S. or abroad.

This is a show of shadow puppets but one that could have serious, injurious impact on the net.

Back to Rousseff: The media conversation was to be off the record but after it was over she said that everything she said could be used on the record.

An odd event, it was. Asked one question about the economy of Brazil, she filibustered for half an hour, sounding — in the observation of another journalist — like a Chinese party official outlining the newest five-year plan.

The technologists’ Hippocratic oath

The Guardian asked me for commentary on the letter to the White House and Congress from eight tech giants about NSA spying:

Whose side are you on?

That is the question MP Keith Vaz asked Alan Rusbridger last week when he challenged the Guardian editor’s patriotism over publishing Edward Snowden’s NSA and GCHQ leaks.

And that is the question answered today by eight tech giants in their letter to the White House and Congress, seeking reform of government surveillance practices worldwide. The companies came down at last on the side of citizens over spies.

Of course, they are also acting in their own economic (albeit enlightened) self-interest, for mass spying via the internet is degrading the publics’, clients’, and other nations’ trust in the cloud and its frequently American proprietors. Spying is bad for the internet; what’s bad for the internet is bad for Silicon Valley; and — to reverse the old General Motors saw — what’s bad for Silicon Valley is bad for America.

But in their letter, the companies stand first and firmly on principle. They propose that government limit its own authority, ending bulk collection of our communication. They urge transparency and oversight of surveillance, which has obviously failed thus far. And they argue against the balkanization of the net and the notion that countries may insist that data respect national borders.

Bravo to all that. I have been waiting for Silicon Valley to establish whether it collectively is a victim or a collaborator in the NSA’s web. I have wondered whether government had commandeered these companies to its ends. I have hoped they would use their power to lobby for our rights. And now I hope government — from Silicon Valley’s senator, NSA fan Dianne Feinstein, to President Obama — will listen.

This is a critical step in sparking real debate over surveillance and civil rights. It was nice that technology companies banded together once before to battle against the overreaching copyright regime known as SOPA and for our ability to watch Batman online. Now they must fight for our fundamental — in America, our Constitutional — rights of speech and assembly and against unreasonable search and seizure. ’Tis a pity it takes eight companies with silly names to do that.

Please note who is missing off this list of signators: Google, Facebook, Twitter, Yahoo, Microsoft, Aol, Apple, LinkedIn. I see no telecom company there — Verizon, AT&T, Level 3, the companies allegedly in a position to hand over our communications data and enable governments to tap straight into internet traffic. Where is Amazon, another leader in the cloud whose founder, Jeff Bezos, now owns the Washington Post? Where are Cisco and other companies whose equipment is used to connect the net and by some governments to disconnect it? Where are the finance companies — eBay, Visa, American Express — that also know much about what we do?

Where is the letter to David Cameron, who has threatened prior restraint of the Guardian’s revelations, and to the members of the Parliament committee who last week grilled Rusbridger, some of them painting acts of journalism — informing citizens of their governments’ acts against them — as criminal or disloyal? Since they urge worldwide reform, I wish the tech companies would address the world’s governments, starting with GCHQ’s overseers in London.

And where are technologists as a tribe? I long for them to begin serious discussion about the principles they stand for and the limits of their considerable power. Upon learning that government had tapped into communications lines between their own servers, two Google engineers responded with a hearty “fuck these guys.” But anger is insufficient. It is not a pillar to build on.

Computer and data scientists are the nuclear scientists of our age, proprietors of technology that can be used for good or ill. They must write their own set of principles, governing not the actions of government’s spies but their own use of power when they are asked by those spies and governments — as well as their own employers — to violate our privacy or use our own information against our best interests or hamper and chill our speech. They must decide what goes too far. They must answer that question above — whose side are you on? I suggest a technologists’ Hippocratic oath: First, harm no users.

Oversight by conscience

Here’s a post I wrote for the Guardian this week….

Official means of oversight of American and British spying have failed. So we are left with the protection of last resort: the conscience of the individual who will resist abuse of power or expose it once it is done.

At the Guardian Activate conference in New York last Wednesday, I moderated a heated panel discussion about the NSA affair with former U.S. Senator Bob Kerrey, a member of the 9/11 Commission; Prof. Yochai Benkler, codirector of the Berkman Center for Internet & Society at Harvard; and journalist Rebecca MacKinnon, a New America fellow.

Screenshot 2013-11-24 at 8.01.05 AM

“We do not have appropriate mechanisms to hold abuse accountable,” MacKinnon said, and to more or lesser degrees, the panelists agreed that oversight is at least too weak. Said Benkler: “The existing systems of oversight and accountability failed repeatedly and predictably in ways that were comprehensible to people inside the system but against which they found themselves unable to resist because of the concerns about terrorism and national security.” Kerrey: “I don’t think we’re even close to having unaccountable surveillance [but] I don’t think it’s good oversight.” I’ll count that as consensus. We then checked off the means of oversight.

* Executive-branch oversight is by all appearances nonexistent.

* Congressional oversight didn’t exist before Watergate, Kerrey said, and when it was established it was made intentionally weak. It should be conducted, he said, “under a constant, militant sense of skepticism.” The clearest evidence that the authority that exists is not being used, he said, is that in the Snowden affair, not a single subpoena has been issued from either the House or Senate select committees.

* The secret FISA courts have proven to be rubber stamps using invisible ink — their justices sometimes concerned or reluctant, Benkler said. But they have been largely ineffectual in any case.

* Journalistic oversight is the next resort. But as MacKinnon stressed, the work of the journalist investigating spying is threatened by the spies themselves as they collect metadata on any call and message and reconstitute raw internet traffic so that no reporters and no sources can be certain they are not being watched unless they find woods to walk in.

So we are left with the whistleblower. “What the whistleblower does is bring an individual conscience to break through all of these systems,” Benkler argued. “It can’t be relied upon as a systematic, everyday thing. It has very narrow and even random insights into the system. But it can be relied upon occasionally to break through these layers of helplessness within the system.”

But this oversight, too, is jeopardized by the severe penalties suffered by Chelsea Manning and the label of traitor pasted on Edward Snowden.

“There’s no question Snowden violated U.S. law,” Kerrey declared in our panel, “and there has to be consequences to that.”

Benkler disagreed, arguing the case for amnesty. “There is a law but the law is always affected by politics and judgment,” he said. “Clearly when someone opens up to the public a matter that is of such enormous public concern that it leads to such broad acceptance of the need for change and for reform, that person ought not come under the thumb of criminal prosecution.”

There we tried to find the line that enables acts of conscience and civil disobedience to keep watch on the powerful. Benkler imagined “a core principle that when a whistleblower discloses facts that actually lead to significant public debate and change in policy — that is to say a public rejection whether through judicial action or legislative action; a reversal — that is the core or heart of what needs to be protected in whistleblowing.”

Kerrey again disagreed, drawing a parallel between Edward Snowden and Klaus Fuchs, who handed secrets on the atomic bomb to the Soviets, Kerrey contended, also out of conscience. Benkler in turn drew a line between revealing information to the public, serving democracy, and revealing secrets to an enemy. Kerrey responded that Fuchs, like Snowden, caused public debate. Benkler thought the rule could be written; Kerrey did not. You can see that we failed to find the line.

But I want to take this discussion beyond whistleblowing — beyond the past tense — the the present tense of objecting to the work one is required to do before it is done. “At what point does conscience require a person to refuse to act in a certain way that they consider completely acceptable in the system they’re in but they find completely unacceptable to their conscience?” Benkler asked.

Kerrey countered: “I don’t think every time you get a team of people working on the danger [to national security], one person can say, ‘Oh, I don’t like what we’re doing,’ and as an act of conscience blow everything we’re doing and say we’re not going to be prosecuted.”

But we must find the room for conscience to act as the check on power without facing 35 years in prison or life in exile or irreversible jeopardy to our security. We must be able to expect the honest technologist working in the bowels of Google or telecom provider Level 3 or the NSA or GCHQ to define a line and refuse to cross it. Can we expect that?

In recent testimony before Congress, Gen. Keith Alexander said the NSA is the nation’s largest employer of mathematicians — or to be exact, 1,103 mathematicians, 966 PhDs, and 4,374 computer scientists.

Where is the code of ethics that governs their work in breaking into our communication or breaking the encryption we use to protect it? Where is the line they will not cross? Doctors have their codes. Even we journalists have ours (and though some apparently never imagined a clause relating to phone hacking, others found it for them).

We have heard two Google engineers tell the NSA to fuck off for — according to Snowden’s documents — infiltrating internal traffic between servers at Google and Yahoo.

Does this challenge to the NSA give us confidence that others at Google will tell the NSA “no”? But who said “yes” to Project MUSCULAR, in what company? Was that company commandeered by the the NSA and employees with security clearance or was the work done willingly? Why didn’t the technologists who spliced that line say “fuck you”, too? Will they be more willing to do that now that this work is known? And what will happen to those who do stop at the line?

On July 17, 1945, 155 scientists working on the Manhattan Project signed a petition to President Harry Truman urging him not to use the bomb on Japan. “Discoveries of which the people of the United States are not aware may affect the welfare of this nation in the near future,” they said.

They were too late.

Here is video of the panel discussion:

The Future of the Internet from The Guardian on FORA.tv

First, the good news

First, listen to this superb and profoundly disturbing segment by On the Media producer Sarah Abdurrahman about how she and her husband and other guests at a Canadian wedding were detained and mistreated at the U.S. border crossings in spite of their citizenship — American — and because of their religion — Islam.

Welcome back. I told you it well done, didn’t I? I’d be screaming bloody murder at such treatment but Abdurrahman kept her journalistic cool and curiosity, trying to get the facts and understand our rights, asking questions, in spite of never getting answers. People have been saying lately that Verizon picked on the wrong person in me. Well, U.S. Customs and Border Protection could not have picked a worse person to detain: a smart, accomplished journalist with an audience.

I would hope that CBP is humiliated by this and will change, but our government isn’t humiliated by spying on the entire damned world and won’t change that, so I’ll give up my hope. Nonetheless, this story is the perfect bookend to the Guardian’s reporting on the NSA, showing a government that is out of control — because its citizens can no longer control it. Well done, OtM. Thank you, Sarah.

Now the bad news. Next came a story that did have me shouting at the radio as geographer Jim Thatcher condemned major tech companies with broad brush — without specifics, without evidence or proof, only with innuendo — for the possibility they could be redlining the world and diverting users away from certain areas. “It’s hidden what they’re doing,” he said. If it’s hidden, then how does he know they’re doing it? Not said. Microsoft had a patent that could do things like this but Thatcher acknowledged that “Microsoft may or may not” every use it. They could.

Brooke Gladstone laments Google’s purchase of Waze for $1.3 million because “we are being sold for our data, it’s an old story.” No, I was using Waze at the very moment I heard that because (1) I get data of great value back, helping me avoid not opium dens but traffic jams and (2) I generously want to share my data with others who have generously shared theirs with me. This is an example of a platform that does precisely what news organizations should do: help the public share its information with each other, without gatekeepers.

Next, Thatcher says with emphasis that “theoretically” Google could charge coffee shops for directing us to one over another. Then Thatcher acknowledges that it’s not happening. It could. And he dollops on a cherry of fear about technology and “for-profit” corporations.

Don’t you smell the irony in the oven, OtM? You properly and brilliantly condemn the CBP for detaining Americans because they are Muslims and because Muslims could do terrorism even when they don’t. Then, in the very next segment, you turn around and needlessly condemn technology companies because they could do things some guy imagines even though he admits they don’t.

Those are two sides of the same phenomenon: moral panic, the unsubstantiated suspicion that some apparently alien entity — Muslims or (OMG!) for-profit technology companies — could upset the social order, a fear often fanned by media.

Put down the fan, OtM, and learn the lesson from Abdurrahman’s superb story that your role — you of all media outlets — is to throw cold water on such unwarranted fright-mongering.

Mind you, these two segments were surrounded by two more very good reports: one that gives us a guide for what to ignore in breaking news (so as not to fan flames) and another about how — surprise, surprise, surprise — technology can lead to good ends. I remain a fan and loyal listener of OtM. And that is why I humbly offer you a map to guide you away from a dodgy neighborhood called technopanic.

This is what prior restraint looks like

rusbridger drive

Last night, while being interviewed by Charlie Rose with Janine Gibson and former NSAer Stewart Baker in New York, Guardian Editor-in-Chief Alan Rusbridger pulled out of his jacket pocket a symbol of press freedom and attempts to muzzle it: a piece of the Mac that the UK’s spies from GCHQ destroyed in the paper’s basement. The rest is destined for a museum in London and the Newseum in Washington.

The war on secrecy

Here is a post I wrote for the Guardian:

It has been said that privacy is dead. Not so. It’s secrecy that is dying. Openness will kill it.

American and British spies undermined the secrecy and security of everyone using the internet with their efforts to foil encryption. Then Edward Snowden foiled them by revealing what is perhaps (though we’ll never know) their greatest secret.

When I worried on Twitter that we could not trust encryption now, technologist Lauren Weinstein responded with assurances that it would be difficult to hide back doors in commonly used PGP encryption — because it is open source.

Openness is the more powerful weapon. Openness is the principle that guides Guardian journalism. Openness is all that can restore trust in government and technology companies. And openness — in standards, governance, and ethics — must be the basis of technologists’ efforts to take back the the net.

Secrecy is under dire threat but don’t confuse that with privacy. “All human beings have three lives: public, private, and secret,” Gabriel Garcí­a Márquez tells his biographer. “Secrecy is what is known, but not to everyone. Privacy is what allows us to keep what we know to ourselves,” Jill Lepore explains in The New Yorker. “Privacy is consensual where secrecy is not,” write Carol Warren and Barbara Laslett in the Journal of Social Issues. Think of it this way: Privacy is what we keep to ourselves. Secrecy is what is kept from us. Privacy is a right claimed by citizens. Secrecy is a privilege claimed by government.

It’s often said that the internet is a threat to privacy, but on the whole I argue it is not much more of a threat than a gossipy friend or a nosy neighbor, a slip of the tongue or of the email “send” button. Privacy is certainly put at risk when we can no longer trust that our communication, even encrypted, are safe from government’s spying eyes. But privacy has many protectors. And we all have one sure vault for privacy: our own thoughts. Even if the government were capable of mind-reading, ProPublica argues in an essay explaining its reason to join the Snowden story, the fact of it “would have to be known.”

The agglomeration of data that makes us fear for our privacy is also what makes it possible for one doubting soul, one weak link — one Manning or Snowden — to learn secrets. The speed of data that makes us fret over the the devaluation of facts is also what makes it possible for journalists’ facts to spread before government can stop them. The essence of the Snowden story, then, isn’t government’s threat to privacy so much as government’s loss of secrecy.

Oh, it will take a great deal for government to learn that lesson. Its first response is to try to match a loss of secrecy with greater secrecy, with a war on the agents of openness: whistleblowers and journalists and news organizations. President Obama had the opportunity to meet Snowden’s revelations — redacted responsibly by the Guardian — with embarrassment, apology, and a vow to make good on his promise of transparency. He failed.

But the agents of openness will continue to wage their war on secrecy.

In a powerful charge to fellow engineers, security expert Bruce Schneier urged them to fix the net that “some of us have helped to subvert.” Individuals must make a moral choice, whether they will side with secrecy or openness.

So must their companies. Google and Microsoft are suing government to be released from their secret restrictions but there is still more they can say. I would like Google to explain what British agents could mean when they talk of “new access opportunities being developed” at the company. Google’s response — “we have no evidence of any such thing ever occurring” — would be more reassuring if it were more specific.

This latest story demonstrates that the Guardian — now in league with The New York Times and ProPublica as well as publications in Germany and Brazil — will continue to report openly in spite of government acts of intimidation.

I am disappointed that more news organizations, especially in London, are not helping support the work of openness by adding reporting of their own and editorializing against government overreach. I am also saddened that my American colleagues in news industry organizations as well as journalism education groups are not protesting loudly.

But even without them, what this story teaches is that it takes only one technologist, one reporter, one news organization to defeat secrecy. At the length openness will out.

What are you thinking, Mr. President?

I wrote this for the Guardian, where the discussion is quite lively, approaching 1,500 comments. I’m posting it here a few days later for the purposes of my own archive.

What are you thinking, Mr. President?

Is this really the legacy you want for yourself: the chief executive who trampled rights, destroyed privacy, heightened secrecy, ruined trust, and worst of all did not defend but instead detoured around so many of the fundamental principles on which this country is founded?

And I voted for you. I’ll confess you were a second choice. I supported Hillary Clinton first. I said at the time that your rhetoric about change was empty and that I feared you would be another Jimmy Carter: aggressively ineffectual.

Never did I imagine that you would instead become another Richard Nixon: imperial, secretive, vindictive, untrustworthy, inexplicable.

I do care about security. I survived the attack on the World Trade Center and I believe 9/11 was allowed to occur through a failure of intelligence. I thank TSA agents for searching me: applause for security theater. I defend government’s necessary secrets. By the way, I also defend Obamacare. I should be an easy ally. But your exercise of power appalls me. When I wrote about your credibility deficit in the Guardian, I was shocked that among the commenters at that great international voice of liberalism, next to no one defended you. Even on our side of the political divide, I am far from alone in urgently wondering what you are doing.

As a journalist, I am frightened by your vengeful attacks on whistleblowers — Manning, Assange, Snowden, and the rest — and the impact in turn on journalism and its tasks of keeping a watchful eye on you and helping to assure an informed citizenry.

As a citizen, I am disgusted by the systematic evasion of oversight you have supported through the FISA courts; by the use of ports as lawless zones where your agents can harass anyone; by your failure on your promise to close Guantanamo, and this list could go on.

As an American often abroad, I am embarrassed by the damage you have caused to our reputation and to others’ trust in us. I find myself apologizing for what you are doing to citizens of other nations, dismissing the idea that they have rights to privacy because they are “foreign.”

As an internet user, I am most fearful of the impact of your wanton destruction of privacy and the resulting collapse of trust in the net and what that will do to the freedom we have enjoyed in it as well as the business and jobs that are being built atop it.

And as a Democrat, I worry that you are losing us the next election, handing an issue to the Republicans that should have been ours: protecting the rights of citizens against the overreach of the security state.

Surely you can see this. But you keep doubling down, becoming only more dogged in your defense of secrecy and your guardians of it. I don’t understand.

The only way I could possibly grant you the benefit of doubt is to think that there is some ominous fact about our security that only you and your circle know and can’t breath or the jig will be up. But I don’t believe that anymore than I believe a James Bond movie or an Oliver Stone conspiracy theory. You can’t argue that Armageddon is on the way and that al Qaeda is on the run at the same time.

No, I think it is this: Secrecy corrupts. Absolute secrecy corrupts absolutely. You have been seduced by the idea that your authority rests in your secrets and your power to hold them. Every attack on that power, every questioning of it only makes you draw in tighter, receding into your vault with the key you think your office grants you. You are descending into a dark hole of your own digging.

But you know better, don’t you? In a democracy, secrecy is not the foundation of authority; that is the basis of dictatorships. Principles and their defense is what underpins your office.

First among those principles is the defense of our freedom. Security is only a subset of that, for if we are not secure we are not free. Freedom demands the confidence that we are not under attack, yes, but also that we are not being surveilled without our knowledge and consent. The balance, which we are supposedly debating, must go to freedom.

Transparency is another principle you promised to uphold but have trammeled instead. The only way to assure trust in your actions is if they are overseen by open courts, by informed legislators, by an uninhibited press, and most importantly by an informed citizenry.

As political and media attention turn away from you, you have an opportunity to rise again to the level of principles, to prove that your rhetoric about change was not empty after all, to rebuild your already ill-fated legacy, to do what is expected of you and your office.

You could decide to operate on the principle that our privacy is protected in any medium — not just in our first-class letters but in our emails and chats and calls — unless under specific and due warrant.

You could decide to end what will be known as the Obama Collect it All doctrine and make the art of intelligence focus rather than reach.

You could decide to respect the efforts of whistleblowers as courageous practitioners of civil disobedience who are sacrificing much in their efforts to protect lives and democracy. If they are the Martin Luther Kings of our age, then call off Bull Connor‘s digital dogs and fire hoses, will you?

You could decide to impress us with the transparency you still can bring to government, so that the institution you run becomes open by default rather than by force, as it is now, under you.

You could decide to support a free press and stop efforts — here and, using your influence, with our friends in the UK — to restrain their work.

You could decide that whether they are visiting our land or talking with our citizens by email or phone, foreigners are not to be distrusted by default.

You could try to reverse the damage you have done to the internet and its potential by upholding its principles of openness and freedom.

You could. Will you?