NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] "How I Learned to Stop Worrying and Love the NSA"

             "How I Learned to Stop Worrying and Love the NSA"


Once upon a time, I knew a spy.

He died long ago, and honestly I don't even remember his name -- or at
least the name by which I knew him.

He was about as much a polar opposite from James Bond as it would be
possible to imagine.  He was big and loud, rather vulgar, and frankly
quite ugly.  He had a loud, annoying laugh that made him an
embarrassment to be with in a restaurant or other public places.  You
wouldn't want to even look at him twice -- which of course is exactly
what you really want in a spy -- not the suave look of the fictional

He was also one of the nicest and most fascinating people I've ever met.

By the time I knew him he was semi-retired.  He was an agency 
operator -- exactly which agency never formally specified -- who had spent 
most of his professional career in Eastern Europe on one side or the other
of the "iron curtain."

He lived in a big, ramshackle old house near downtown L.A., and I'd
drive out there to help him with his latest toys, some early CP/M
microcomputer systems.

I was deeply engaged in early UCLA ARPANET work back then, and he knew
of my interests in what were -- for the time -- advanced
communications networks, systems, and security.

He'd tell me stories.

Nonchalantly, seemingly carelessly -- but I knew all along that he
chose every word with great care -- he'd speak of things that were
simultaneously fascinating and often seemingly nonsensical, wondrous
but exceedingly unlikely.

The mutual acquaintance who had introduced us had warned me about

"Assume that about half of what he tells you is false," I was told,
"He does this to protect himself.  But the more unlikely what he tells
you might seem to be, the more likely it's actually accurate."

In subsequent years and decades, I found this advice to be true, as
the once absurd nature of my friend's many statements often fell into
place like pieces of a jigsaw puzzle, finally brought into focus by
the march of world events and technology.

Back in those early days, NSA was still sort of half-heartedly
pretending that it didn't even exist -- the "None Such Agency."
Representatives would show up at conferences with name badges that
only identified them as "Department of Defense" -- but we all knew who
they really were.

This was already changing, however.  A few years later, a pair of
gentlemen openly identifying themselves as from NSA showed up suddenly
at the UCLA ARPANET machine room asking for me by name.  It turned out
they wanted advice about some software I'd worked on previously and
was still maintaining at the time -- but that's another story.

All of this is a rather long-winded way of noting that NSA -- in one
form or another -- has been present (and more importantly, recognized
as present) for a very long time, as have the parallel organizations
in other countries both democratic and totalitarian.

And anyone who hasn't understood that these agencies around the world
have made it their business to monitor communications have either not
been paying attention or are purposely fooling themselves.

Governments' interests in keeping tabs on communications, especially
international communications, predate the Internet, ARPANET,
telegraphy, or any form of electronic communications, of course.

It seems safe to assume that as soon as man started passing messages
back and forth, the "powers that be" were already finding ways to try
monitor those communications, for motives good or ill -- or sometimes,

So it is unrealistic in the extreme to assume that governments 
today -- either of the Chinese or Putin's Russian variety where political
blogging can get you thrown into prison, or the more democratic but
still nosy versions of the West, are going to change their
surveillance ways fundamentally, even if they claim such changes for
public relations purposes.  Calls for "defunding" of these agencies
are fundamentally as unrealistic as the most violent and inane
pronouncements of the "Flat Earth" Tea Party wackos.

The uncomfortable truth is that the differences between these various
governments are much less in what they surveil in terms of
communications, but rather in terms of what they actually do with that
surveilled data.

We already know about Chinese and Russian prisons and work camps
filled with political dissidents, everyone from bloggers to young
women convicted of archaic "crimes" like blasphemy.

And here in the West, we can watch with some bemusement as countries
like Great Britain and Germany point their fingers at the U.S. and
NSA, while their own agencies' surveillance operations expand,
arguably with even fewer legal constraints than here in the USA.

Six of one or half a dozen of another.

Which leaves us with quite a quandary.

Given that there are (as my friend the spy used to say) folks out
there who really want to kill us (there are), but that we also desire
reasonable privacy in our communications (we do), what are our
practical next steps?

I believe there are several related paths, all of which should be
explored simultaneously.

Transparency is crucial. It is not at all unreasonable to assert that
NSA -- even given the now dissembling politicians behind PATRIOT, the
Homeland Security Act, and other enabling legislation -- have by and
large been operating with what they believe to be good motives, not
conscious evil of any kind.

But government has strayed particularly into the dark side by
attempting to block even basic information regarding the extent and
scope of authorized surveillance programs, and by making it difficult
or impossible for Internet firms -- falsely accused of extensive
complicity -- to appropriately defend themselves with at least
aggregate reporting data.  There is a notable dichotomy between
Internet firms such as Google, Twitter, Yahoo, and Microsoft who have
been loudly protesting this situation, and the relative silence from
entrenched "Big Telecom" as represented by the traditional phone
companies and dominant ISPs.

Opportunistic communications encryption should be encouraged whenever
possible.  Not that it will likely stop determined government
interests in accessing the underlying information on a targeted basis
if they really want to, but because it may help -- by invoking time
and expense constraints -- to discourage large-scale snooping where
justifiably focused targeting is not actually present.

And finally, we come to "trust" -- an old-fashioned word these days,
it seems.

We can drive ourselves into delirium imagining what might happen in
theory, but in practice unless you're going to live alone in a cave,
trust is a foundational requirement for human life.

This is one reason why contamination of foreign intelligence data with
domestic communications is particularly problematic.

It's one thing for agencies to insist that "minimization" procedures
are employed to expunge domestic data inappropriately collected in the
course of foreign-targeted surveillance.  But when such data finds its
way, for example, into the genesis of domestic Drug Enforcement
Administration cases, triggering retroactive attempts to cover the
associated sources with "parallel reconstruction" techniques -- even
if legal -- serious concerns are immediately raised, for this is a
fundamental violation of trust regarding how such data is to be
appropriately used.

Ironically, for all our discussions and handwringing about
communications surveillance in general around the world, we end up
pretty much with the same concepts we had at the beginning.

At least in our ostensible democracies, we must appropriately depend
upon our elected representatives to deal with us honestly, and to both
set and enforce the parameters under which national security
operations relate, focus, or otherwise impinge on both foreign and
domestic concerns.  Ultimately it is we, via our politicians, who are
the ones that control -- and fund -- the surveillance agencies
themselves, around the world in whatever democratic countries.

These agencies are instruments of our own creation, and are largely
staffed with dedicated workers who believe in their missions and are
attempting to fulfill them as our elected representatives instruct and

If we are unhappy or dissatisfied with the ways that these agencies
perform, or the manners in which the data they generate is used, the
fault goes directly back to those politicians and the people who
elected them -- you and me.

To paraphrase a popular saying, "There's no free lunch in democracy."

I'm pretty sure my old friend the spy would have agreed with that.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com

nnsquad mailing list