Posts about snowden

Brazil, Snowden & the net at Davos

Here at Davos, I just left a media conversation with Brazilian President Dilma Rousseff at which I asked two questions relevant to the internet.

First, I asked under what circumstances she would consider granting asylum to Edward Snowden. She did not answer that question directly but said that the Brazilian government “has not been addressed” regarding an application for asylum, “therefore since I cannot possibly contemplate such a request you are working under a mistaken premise. The request was never formally submitted.” Interpret the subtleties of that as you may.

I also asked about controversial plans to require technology companies to store Brazilians’ data in Brazil, seeking her reaction to criticism that this will lead to a balkanized internet. She responded strictly in the context of criminal prosecution, saying that in an investigation into money laundering her justice department was denied access “precisely because it ran counter to the legislation of the country where the data was stored.”

“We cannot possibly accept that interference about data,” she continued. “It’s about our sovereignty…. We cannot find ourselves subject to the laws that prevail in third-party countries.” And then she added: “A compromise agreement is always possible.”

A few observations:

First, holding citizens’ data in Brazil makes it easier for the authorities to get data on those citizens for reasons good or bad.

Next, I’m surprised that she did not use this as an opportunity to continue her complaints about U.S. surveillance of Brazilian entities.

Instead, she put this as a matter of Brazilian sovereignty. That’s blunt but troubling. I’ve argued before that no nation should be able to claim sovereignty over the net.

If Brazil succeeds in imposing this data requirement, then it represents the further balkanization of the net. Brazil ends up with its own net, Iran does too, and so does China. The good-guy argument doesn’t wash for the architecture and precedent set by any good guy can be used by any bad guy.

Note also this week that Microsoft said it would honor customers’ requests to hold their data outside of the U.S. and the prying eyes of the NSA. At a practical level, it’s not hard to imagine that working for enterprise data; here at Davos, Salesforce.com’s Marc Benioff said his company can show a client the building and the rack where its data is held. But for consumer services, it is hard to imagine how, say, Bing could store, say, your search history outside the U.S. but mine inside.

And apart from those practical considerations, other tech executives said yesterday at Davos that the U.S. FISA court can still require a technology company to hand over data that is under its control, no matter whether that data is held in the U.S. or abroad.

This is a show of shadow puppets but one that could have serious, injurious impact on the net.

Back to Rousseff: The media conversation was to be off the record but after it was over she said that everything she said could be used on the record.

An odd event, it was. Asked one question about the economy of Brazil, she filibustered for half an hour, sounding — in the observation of another journalist — like a Chinese party official outlining the newest five-year plan.

The war on secrecy

Here is a post I wrote for the Guardian:

It has been said that privacy is dead. Not so. It’s secrecy that is dying. Openness will kill it.

American and British spies undermined the secrecy and security of everyone using the internet with their efforts to foil encryption. Then Edward Snowden foiled them by revealing what is perhaps (though we’ll never know) their greatest secret.

When I worried on Twitter that we could not trust encryption now, technologist Lauren Weinstein responded with assurances that it would be difficult to hide back doors in commonly used PGP encryption — because it is open source.

Openness is the more powerful weapon. Openness is the principle that guides Guardian journalism. Openness is all that can restore trust in government and technology companies. And openness — in standards, governance, and ethics — must be the basis of technologists’ efforts to take back the the net.

Secrecy is under dire threat but don’t confuse that with privacy. “All human beings have three lives: public, private, and secret,” Gabriel Garcí­a Márquez tells his biographer. “Secrecy is what is known, but not to everyone. Privacy is what allows us to keep what we know to ourselves,” Jill Lepore explains in The New Yorker. “Privacy is consensual where secrecy is not,” write Carol Warren and Barbara Laslett in the Journal of Social Issues. Think of it this way: Privacy is what we keep to ourselves. Secrecy is what is kept from us. Privacy is a right claimed by citizens. Secrecy is a privilege claimed by government.

It’s often said that the internet is a threat to privacy, but on the whole I argue it is not much more of a threat than a gossipy friend or a nosy neighbor, a slip of the tongue or of the email “send” button. Privacy is certainly put at risk when we can no longer trust that our communication, even encrypted, are safe from government’s spying eyes. But privacy has many protectors. And we all have one sure vault for privacy: our own thoughts. Even if the government were capable of mind-reading, ProPublica argues in an essay explaining its reason to join the Snowden story, the fact of it “would have to be known.”

The agglomeration of data that makes us fear for our privacy is also what makes it possible for one doubting soul, one weak link — one Manning or Snowden — to learn secrets. The speed of data that makes us fret over the the devaluation of facts is also what makes it possible for journalists’ facts to spread before government can stop them. The essence of the Snowden story, then, isn’t government’s threat to privacy so much as government’s loss of secrecy.

Oh, it will take a great deal for government to learn that lesson. Its first response is to try to match a loss of secrecy with greater secrecy, with a war on the agents of openness: whistleblowers and journalists and news organizations. President Obama had the opportunity to meet Snowden’s revelations — redacted responsibly by the Guardian — with embarrassment, apology, and a vow to make good on his promise of transparency. He failed.

But the agents of openness will continue to wage their war on secrecy.

In a powerful charge to fellow engineers, security expert Bruce Schneier urged them to fix the net that “some of us have helped to subvert.” Individuals must make a moral choice, whether they will side with secrecy or openness.

So must their companies. Google and Microsoft are suing government to be released from their secret restrictions but there is still more they can say. I would like Google to explain what British agents could mean when they talk of “new access opportunities being developed” at the company. Google’s response — “we have no evidence of any such thing ever occurring” — would be more reassuring if it were more specific.

This latest story demonstrates that the Guardian — now in league with The New York Times and ProPublica as well as publications in Germany and Brazil — will continue to report openly in spite of government acts of intimidation.

I am disappointed that more news organizations, especially in London, are not helping support the work of openness by adding reporting of their own and editorializing against government overreach. I am also saddened that my American colleagues in news industry organizations as well as journalism education groups are not protesting loudly.

But even without them, what this story teaches is that it takes only one technologist, one reporter, one news organization to defeat secrecy. At the length openness will out.

NSA by the numbers

Fear not, says the NSA, we “touch” only 1.6% of daily internet traffic. If, as they say, the net carries 1,826 petabytes of information per day, then the NSA “touches” about 29 petabytes a day. They don’t say what “touch” means. Ingest? Store? Analyze? Inquiring minds want to know.

ATTNSA

For context, Google in 2010 said it had indexed only 0.004% of the data on the net. So by inference from the percentages, does that mean that the NSA is equal to 400 Googles? Better math minds than mine will correct me if I’m wrong.

Seven petabytes of photos are added to Facebook each month. That’s .23 petabytes per day. So that means the NSA is 126 Facebooks.

Keep in mind that most of the data passing on the net is not email or web pages. It’s media. According to Sandvine data for the U.S. fixed net from 2013, real-time entertainment accounted for 62% of net traffic, P2P file-sharing for 10.5%. The NSA needn’t watch all those episodes of Homeland (or maybe they should) or listen to all that Cold Play — though I’m sure the RIAA and MPAA are dying to know what the NSA knows about who’s “stealing” what since that “stealing” allegedly accounts for 23.8% of net traffic.

HTTP — the web — accounts for only 11.8% of aggregated up- and download traffic in the U.S., Sandvine says. Communications — the part of the net the NSA really cares about — accounts for 2.9% in the U.S.

So by very rough, beer-soaked-napkin numbers, the NSA’s 1.6% of net traffic would be half of the communication on the net. That’s a fuckuvalota “touching.”

And keep in mind that by one estimate 68.8% of email is spam.

Screenshot 2013-08-10 at 8.02.09 PM

sandvine-top-traffic-apps

And, of course, metadata doesn’t add up to much data at all; it’s just a few bits per file — who sent what to whom — and that’s where the NSA finds much of its incriminating information. So these numbers are meaningless when it comes to looking at how much the NSA knows about who’s talking to whom. A few weeks ago on Twitter, I showed that with the NSA’s clearance to go three hops out from a suspect, it doesn’t take very long at all before this law of large numbers encompasses us all and our cats.

If you have better data (and better math) than I have, please do share it.

* “Reach out and touch someone” art inspired by Josh Stearns