by Myrddin
Plenty has been said on what the NSA has done to break the Internet.
They have attacked the Internet fabric at every level, they have
collected data indiscriminately and illegally.
The NSA lawyers claim otherwise of course, and I know that in the
modern US army there is nothing that happens without the sanction of a
lawyer. The guy sitting in the seat next to a drone pilot isn’t the
co-pilot, he is a lawyer and his function is to tell the drone pilot
whether his actions are legal according to the law of war. Or rather,
that is the theory. The real role of the lawyer is similar to the role
of a priest at an execution: to absolve the state from the sin of the
act they are about to commit. John Yoo immunized the members of the Bush
cabinet against prosecution for war crimes and now the lower ranks
demand the same protection.
Among the spurious legal theories concocted by the surveillance state
is the notion that bulk interception of all traffic is not a ‘search,’
provided that nobody looks at the
actual data without first
getting a court warrant. According to this theory, the NSA can put me
under Internet surveillance 24 hours a day for twenty years, collect
every message I send, whether public or private, and do all of this
without any court authority whatsoever. They can perform surveillance on
the entire country just in case someone later is suspected of being a
terrorist.
The term terrorist is of course a notoriously fuzzy one. It is never
applied to heads of state, unless they are officially enemies. So
General Pinochet can murder tens of thousands of people without getting
slapped with the ‘terrorist’ label, and Saddam Hussein can start a war
that kills over a million and still be considered a good guy right up to
the point where he threatens the West’s oil supply, when it is suddenly
remembered that he is a monster.
The less frequently asked question is ‘why?’
If the NSA really believed that what they were doing was essential to
national security, why would they spend so much time boasting about it
and stroking each other’s egos?
It is almost a quarter century since the fall of the Berlin wall. US
and NATO security needs have changed dramatically since, but the
obsession with collecting tanks and planes and ships continues. The US
military is by far the country’s biggest jobs program.
While the men and women in uniform are always paraded, they’re not
the real beneficiaries of the national security state. It is the
‘defense’ contractors that make the fortunes, and they buy up
politicians in both parties to keep the cash spigot open full. Congress
believes that there isn’t enough money for food stamps, or children’s
nutrition programs, or Medicare or Social Security for that matter, but
they just voted to buy yet more tanks that even the Pentagon says they
don’t need.
Edward Snowden
Reading through the Snowden documents on the NSA budget, I was rather
shocked to see that the rationale the NSA leadership gave for
increasing the NSA budget was based on the age and demographic profile
of NSA employees, rather than an assessment of actual national security
needs.
Unlike most military institutions, a majority of NSA employees are
civilian, about 80%. But most of the management positions are for
military officers. As in the career civil service, the majority of the
civilian employees know that however well they do their job, virtually
all the top positions are reserved for appointments from a different
candidate pool.
As in the civil service, there is a culture clash between the
leadership and the bulk of the employees whose career ambitions are
severely truncated. But unlike a political appointee, whose career
horizons are rarely longer than the next election cycle, US military
officers are expected, indeed required, to be ambitious for promotion.
Officers who don’t make their promotions on time are required to retire.
All it takes to end a military career is one poor performance review,
one reprimand.
The naïve would imagine that such a scheme would ensure that every
officer is anxious to do their job. But since an officer’s performance
review is written by their commanding officer, the ambitious officer is
better advised to help his commanding officer convince his own superior
that
he is doing his job well.
So now imagine what happens when the officer commanding the NSA gives
the order that the agency is going be the biggest baddest espionage
agency it can be, collecting all the information it can, through all the
means available – the order that Gen. Alexander gave when he took over
the leadership of the NSA from Hayden.
Everyone in the agency chain of command is suddenly on notice that
they must deliver the intelligence goods, or start looking for work in
the private sector, or at the very least
appear to be delivering
the goods. Preferably in some really impressive Powerpoint slides that
will be left on an internal sharepoint server run by a 29 year old
sysadmin with a girlfriend who works as a stripper (sorry, pole dancer).
NSA is already almost certainly penetrated by every major foreign power
And don’t forget that any intelligence agency that can be penetrated
and rolled in 18 months by a 29 year old working without accomplices is
almost certainly penetrated by every major foreign power with the
inclination to do so (remembering of course that many powers may have
recently acquired the inclination to do so by reading the Snowden data
dump).
People in US intelligence circles frequently ask why China spends so
much time and effort trying to steal US industrial secrets. Well maybe
they have penetrated the NSA top to bottom and have to create a cover
story to conceal the origin of the terabytes of data they are pulling
from the NSA feeds every day.
The Snowden documents are themselves a form of intelligence, albeit
not one the NSA intended to produce. When reading such documents I first
ask why the document was written, who the intended audience is and what
the intended change in their behavior was. The NSA documents are for me
an illustration of the boasting generals problem, rather than the more
thoroughly researched Byzantine generals problem.
Did the NSA really introduce moles into the Internet Engineering Task
Force (IETF) to subvert and disrupt the standards process? I suspect
not, but they certainly produced documents that strongly imply that they
did.
What sort of tradecraft produces codenames like PRISM and MUSCULAR?
None that I know. PRISM immediately suggests splitting light ,which
immediately suggests tapping some sort of fiber optic.
These are not the type of names that are chosen to obscure the purpose of a program, they are chosen to boost the egos of the generals who direct them.
NSA 2.0 must become NSA 3.0
Understanding why the NSA acted as it did does not make their actions
any better. They have committed egregious criminal acts for which there
will almost certainly be no criminal accountability. They have acted
without any discipline or self control.
The last time the NSA faced a situation like the present one is when
the Church Committee tried to assess the damage caused when US
intelligence agencies ran amok for two decades, hijacking democratic
governments and replacing them with brutal dictators.
By the time the NSA had recovered, electronic cipher machines had
replaced the Enigma-style electromechanical schemes. Virtually all
government communications were now beyond reach. What saved the NSA from
irrelevance was the rise of the Internet — and NSA 2.0 was born,
gleefully hoovering up all the data it could from the electronic
commons.
What was missed in the change of targets was the fact that the
Internet is not merely a communications medium, it is now the medium for
virtually all international and national change. The Internet is a
critical infrastructure, a fact that the NSA itself acknowledges. Yet
the NSA was attacking that infrastructure.
NSA 2.0 is or will shortly be dead. Much of the NSA’s information
gathering capability is going to be lost as pervasive encryption
replaces pervasive surveillance. More importantly, foreign governments
are going to be attacking the US Internet with the same techniques and
tools.
I don’t know what shape NSA 3.0 should take, I am an engineer, not a
manager. But I do know what its mission should be: To protect US and
allied information systems from attack. All else must be secondary.
A
flashlight powered by your body temperature would be really useful for
power outages or camping. Ann Makosinski, a 15-year-old student from
Victoria, British Columbia, developed 
