One Year Ago ...
... in its 2013 June 06 UK edition, The Guardian published an article by Greenwald, MacAskill & Ackerman, "NSA collecting phone records of millions of Verizon customers daily", alleging mass-surveillance of Americans under a Foreign Intelligence Surveillance Court (FISA) order requiring the company to hand over meta data of all calls for a specified period. While this followed the 2006 revelation of warrantless wire tapping by the Bush administration, the fact the order authorized targeting American citizens for mass-surveillance came as a surprise, as did the possession of a secret order compelling compliance and gagging Verizon disclosure.
Later that day, Washington Post and The Guardian published articles outlining the NSA PRISM program, by which the agency conducted global mass-surveillance on the internet of foreign and US citizens by accessing the servers of internet service providers, again citing secret documents including pages from PRISM Program slide decks internally documenting the program. More alarming still, it implied cooperation by major US corporations including Apple, Facebook, Google, Skype, Yahoo and others, which they quickly denied.
Trigger Alert: Powerpoint Train Wreck Ahead
June 8, The Guardian reported another secret NSA program in, Boundless Informant: the NSA's secret tool to track global surveillance data, complete with NSA heat maps showing the density of data collected, country by country around the globe, including the USA.
Where were they getting this secret information?
As Washington reeled from the disclosures, The Guardian reveled the source on June 9, naming a US citizen, Edward Snowden, age 29, as the source of the leaks.
As I stepped out into an early morning thunderstorm in Hong Kong June 11 and grabbed a copy of the SCMP, I suddenly came face to face with Mr. Snowden …
… well almost, as he sat in his room at The Mira Hotel 500m up the road and I slogged though the rain to the MTR station.
Memoranda and questions after the fold.
And then ...
In the months that followed, we learned through reports in The Guardian, The Washington Post, The New York Times, Der Spiegal and The Intercept as well as the constant stream of news from other publications, electronic media and blogs that (just to mention a few key points) :
• NSA and it's UK counterpart, GCHQ (General Communications Headquarters), two of The Five Eyes, have a very close working relationship including collaborative efforts to hack global telecommunications and internet networks using physical intercepts and all manner of software bugs, malware, man in the middle attacks, phishing, honeypot & waterhole schemes, spoof websites and botnets one normally associates with internet crime syndicates
• NSA and GCHQ conduct quid pro quo spying on each others's citizens to circumvent civil liberty and privacy laws, including US Constitutional rights
• NSA has extensively hacked the IT infrastructure of various sovereign states, friend and foe alike, including telecom infrastructure, banking systems, government networks, major universities and major commercial corporations
• GCHQ aided and paid by NSA physically hacked into more than 200 leased-line and trans-oceanic fiber-optic cables to install splitters to divert raw data streams from servers to obtain unencrypted plain text data in transit or in-process between data centers, including NSA hacking of lease-line cables linking internal Google servers to gain unencrypted email and user data in clear text
• In addition to the usual Cold War style diplomatic spying outposts, NSA and GCHQ have conducted widespread surveillance and bugging of EU governmental organizations, the UN, various NGOs and numerous trade and treaty negotiation sessions, particularly those hosted in the US and UK
• NSA has carried out widespread bugging of the personal telephones and computers used by foreign government leaders and heads of state, friend and foe alike, including close allies such as German Chancellor Angela Merkel
• NSA TAO physically intercepts computing and IT infrastructure equipment manufactured by American companies including Cisco Systems routers to install physical bugs, malware, relay beacons and BIOS hacks to gain access to the systems of customers and evade detection, even if software is upgraded; specific server firewall hacks include IRONCHEF for HP Proliant, FEEDTHROUGH for Juniper, JETPLOW for Cisco and HEADWATER for Huawei (suggesting, ironically, one not buy Chinese servers to avoid becoming an NSA spying target)
• Working covertly with the US NIST, the foremost and most respected scientific standards organization in the world, NSA inserted engineered vulnerabilities in data encryption standards to make them easier to decode and gain access, thereby undermining the security of global data systems including banking systems, and paid major IT security company RSA millions to include compromised crypto in their products
• Researched, harvested and purchased (for millions) "Zero Day Exploits" or computer application code defects unknown to the public or software publishers that enable NSA to exploit vulnerabilities to gain access to systems, while putting the public at risk
• NSA and FBI collaborated to provide information on US citizens obtained under FISA warrants to the IRS and DEA, including advising them how to "scrub" the information by filing warrants retroactively to "discover" the information through legal channels
• NSA developed means to harvest address books and "buddy lists" from social media and gain access to accounts to plant false information and pornography to discredit or compromise users, utilizing spoof browser cookies to track and spy on users
• NSA and FBI developed hacks to access data in smartphones and PCs and to gain undetectable access to control microphones and cameras to spy on owners in private, including hacks for iPhone, Android and Blackberry devices
• NSA tracks millions of mobile phones obtaining billions of transaction records that enable them to track geolocation, and harvests millions of text messages for analysis daily from these same systems
• In an apparent research and demonstration project, NSA intercepts and analyzes the entire data flow of the Bahamas mobile phone network
• NSA is compiling an ever growing archive of images taken from the internet and analyzed by facial recognition software to match facial image mapping data to personal identifiers and has hacked into the government ID databases of sovereign nations to obtain massive amounts of photo ID and personal data
And while doing so, has concealed, misdirected and lied to the public and elected officials about it all. Of course there is much more, but isn't this enough for us to consider the implications? Isn’t this already more than we can process?
"Collect it all, sniff it all, process it all, exploit it all"
That is how, in a moment of candor, the NSA described its mission and methods, and that has been the goal of its last leader, General Keith Alexander, for almost two decades. Alexander was capitvated by the idea having it all long before 9-11 handed him the keys to the kingdom and carte blanche to spend billions on an IT infrastructure construction binge to realize his dream. School lunch programs should be so lucky.
But what has that bought? And at what cost?
The standard argument starts and ends with one word: TERRORISM.
The lives of Americans, the American experience, the defining characteristic of the nation is now TERRORISM. And the irrational fear and reflexive reactions that engenders.
FDR must be rolling in his grave. Fear finally won.
So has this mass-survellience worked? Do we have objective evidence?
No. Piling the hay higher and faster hasn't helped to find more needles.
The sad fact is, NSA cannot actually point to a single significant case where the pervasive mass-surveillance deployed since 9-11 has stopped a single incidence of terrorism and their claims to Congress of doing so have not stood-up to scrutiny. Just more lies and mis-direction from professional liars (that is part and parcel of their job, so why would we expect anything different?).
Indeed, as close as it gets is something that should cause any thinking person to stop dead in their tracks and wonder how far in the opposite direction this leads: the fact that metadata obtained using electronic surveillance by the NSA has been used as the basis to assassinate unidentified persons suspected of terrorist activities using remotely controlled drones in kills authorized by the President of the USA.
Remove the stars and stripes and exceptional goodness and what do we find?
Dare I say the word TERRORISM?
I’d better not or I’ll lose the audience, but it’s conceivable some people would see it that way, and never forget it.
Instead I’ll ask:
• Is that the example the US wants to set for the world?
• Is that how we define the future of politics by other means?
• With technology that does not require yellow cake or aluminum tubes?
• Having demonstrated what not to do with atomic weapons, is the US now providing an object lesson in the perils of cyber-warfare? Or of a modern surveillance state?
Perhaps many people applaud that and are willing to have that done in their name with no more thought than they give to surrendering their privacy, due process and other civil rights, because they don't believe it affects them.
But do you accept them surrendering your name and your rights? Who asked and who agreed?
Never mind the rest of us. Really.
I can’t speak for America. Those are not my rights and that is not in my name.
But I can say this: we now know that in the eyes of the US government, the only rights that matter are the rights of Americans and only when they demand them. With conditions.
The rest of us have no rights.
Despite all the sweet talk about respect, nobility, exceptionalism and that warm and fuzzy "good public debate", the message the rest of the world has gotten is a raised middle finger.
We get it. Message received.
So what about the cost?
Finally, if we reduce American interests in the rest of the world to economic interest, it is time to take stock of where this is leading the US in the global community.
This is what has the US IT industry running scared; they depend on revenue from a global market dominated by Americana companies and they see that slipping away. Finally, after abusing the dominant position of the US, the NSA is killing the goose that laid thier golden egg.
It is already happening; 3 solid quarters of decline in IT infrastructure equipment and even dominant services like Google are beginning to feel the squeeze.
They have lobbied, they have meet at the White House, CEOs have written public letters to appeal directly to the President to please get this under control, but it has not happened.
Instead, Obama all but ignored the recommendations of his hand picked task force, paid lip service to the concerns of civil libertarians and the IT industry, kicked the ball to Congress to “reform” and then lobbied hard to ensure that did not happen. Not this year. Maybe not this term. Maybe never.
So this industry is doing the only thing it can, to play defense by raising the cost of survellience by moving toward the “Dark Net” of encryption the security communitity has been fighting for decades, but it will be a legal and technical arms race, and one where the competition may take strategic advantage to preserve their rule of law and pursue their economic intersts.
Much has been said about the undesirability of a “Balkenized” internet and how that would restrict commerce and the free flow of information, but is does not look the same on both sides of the fence, and the meteoric rise of internet commerce in China (minus the unlimited freedom of speech) proves a point not lost on the industry if it is on the government (and I think that is the situation).
But then, what has the IT industry done for anyone lately?
Most of us don’t get paid for blogging, so do we really have a stake in this internet thing?
Thanks for reading one year of pent-up commentary. Happy Snowden Day!
What say you?
** Update 2014.06.06 **
I want to clarify and add a few points:
• The dates and times I refer to for publications are the LOCAL DATE of the publication included in the byline or link time stamp. Generally, this means a morning publication by The Guardian (UK) or Der Spiegal (Germany) may be one day ahead of US publications such as NYT or WaPo. Thanks to freakofsociety for catching my dating error for the first item, corrected to 2013.
• A lot of the discussion went off-topic to China and the concurrent 25th anniversary of the Tian'anmen incident June 05. As the diarist, I don't mind this and think the question is fair game given the fact we have a Chinese discussing American surveillance, so why not the reverse?
So why did I chose one and not the other?
First, I think my diary topic is timely and current and of interest to the site readership, which is mainly American, not Chinese.
Second, Chinese tend to view Tian'anmen somewhat differently than Western people, who see it as a monolithic defining event of Chinese history. To Chinese, it was a incident that started as a public mourning of a beloved leader, became a labor demonstration and then a student demonstration about class fees (which is generally where it started to get Western attention). What is often missed is the fact it lasted weeks and that the Chinese government negotiated with the students for a long time before hardliners made the fateful decision. It was far longer than any comparable Western demonstration except for Occupy Wall Street, some of which also ended badly with violence and repression. I'd suggest people learn more about the incident and modern Chinese history in general for some perspective.
Third, what was my personal experience? In the mid-80s I attended university in the USA and returned to China in January 1988, spending the remainder of the year in Japan as a company recruit. I passed through Hong Kong in May 1989, the week before it ended. I marched in Central District. Later I took the train from Hong Kong to Shanghai (then a 1.5 day trip), As the talks between students and officials deadlocked, we worried what would happen. I thought they should go home because they had made their point. The day after the square was cleared, on June 06, students and workers marched in Shanghai. Just one day and then everyone went home. We didn't have all the news from Beijing but enough and people were angry.
Lastly: This caused me a period of inward reflection and self-doubt about a lot, but in a couple of years I decided it was just an incident and life moves on. I decided to stay in China because of my family and because I felt responsibility to be a citizen of a society. That what I try to be. Finally, this is a wound on China that will heal and it's Chinese business to face it. I doubt that will happen soon, but I think it will be in the next 10 years. Mostly, we have moved on and forward. Mostly but not totally. Today I have a wife, a daughter and a job that are my main focus, but other interests too. I'm very lucky to travel because of my job and think everywhere there are good and bad things, that is the human condition. It's always good to see more and learn.
• I found a good article on EFF today: 65 Things We Know About NSA Surveillance That We Didn’t Know a Year Ago, that should be of interest to many. I like EFF because they are serious about their work and work globally to promote a free and open internet, which is a difficult task, but one every Daily Kos member should support.
• I noticed this got rescued, thanks to my anonymous benefactor!
This is all too long, thanks for reading if you did.