Steven Levy, who specializes in massive articles looking into aspects of the tech industry, has a new one for Wired, called How the NSA Almost Killed the Internet
. It basically looks at how the NSA legally coerced the tech companies into having to comply with certain court orders to hand over information, and how the tech companies have been gagged from explaining what's going on. And then... he gets the NSA's side of the story. Much of what's in there is stuff that you probably already know (especially if you read Techdirt regularly), but I wanted to call out a few tidbits that I hadn't seen or heard anywhere else before:
- Google doesn't charge the government for requests for information:
FISA requires the government to reimburse companies for the cost of retrieving information. Google says it doesn’t bother to charge the government. But one company says it uses that clause, hoping to limit the extent of the requests. “At first, we thought we shouldn’t charge for it,” says an executive of that company. “Then we realized, it’s good—it forces them to stop and think.”
This is kind of a "damned if you do/damned if you don't" situation. I know plenty of folks in the civil liberties community go back and forth on it. When companies do charge, then you see articles about how companies are "making a profit" off of violating our privacy. If they don't charge, then you see arguments about how they're making it too easy for the government to get info. Either way, the standard has been to charge basic costs, so it's interesting to see that Google doesn't charge at all, probably betting on the fact that if they did, it would be misrepresented. Of course, the fact that they don't might be misrepresented as well.
- The NSA has no response to fear of future abuse of programs beyond "we'd never do that." Seriously.
Critics charge that while there is not yet any evidence of massive abuse of the NSA’s collected data, there is also no guarantee that a future regime won’t ignore these touted protections. These officials discounted that possibility, saying that the majority of NSA employees wouldn’t stand for such a policy. “If that happened, there would be lines at the Inspector General’s office here, and at Congress as well—longer than a Disneyland line,” Ledgett says. (The fates of several NSA employees-turned-whistleblowers indicate that anyone in that hypothetical queue would be in for a ride far wilder than anything in Anaheim.)
Sure, except there's a very long history of the NSA and the FBI doing exactly the opposite (the claim of no evidence of massive abuse is not actually true). And, as Levy notes in that final parenthetical, the way whistleblowers are treated these days would probably shorten that line quite a bit.
- Keith Alexander admits that companies were compelled to comply and admits that we should stand up for the companies not to be harmed by all of this:
“This isn’t the companies’ fault. They were compelled to do it. As a nation, we have a responsibility to stand up for the companies, both domestically and internationally. That is our nation’s best interest. We don’t want our companies to lose their economic capability and advantage. It’s for the future of our country.”
This is just bizarre. If he doesn't want the companies to lose their economic capability and advantage, maybe he shouldn't have undermined a large portion of it.
Those words could have come from a policy spokesperson for Google, Facebook, Microsoft, or Yahoo. Or one of the legislators criticizing the NSA’s tactics. Or even a civil liberties group opposing the NSA. But the source is US Army general Keith Alexander, director of the NSA. Still, even as he acknowledges that tech companies have been forced into a tough position, he insists that his programs are legal, necessary, and respectful of privacy.
- Companies were given about 90 minutes to respond to the (misleading) claims in the original PRISM article that they had given the NSA direct access to their servers.
“We had 90 minutes to respond,” says Facebook’s head of security, Joe Sullivan. No one at the company had ever heard of a program called Prism. And the most damning implication—that Facebook and the other companies granted the NSA direct access to their servers in order to suck up vast quantities of information—seemed outright wrong. CEO Mark Zuckerberg was taken aback by the charge and asked his executives whether it was true. Their answer: no.
This remains one of the most unfortunate bits about the Snowden leaks. While I think that Barton Gellman, Glenn Greenwald and Laura Poitras have done an incredible job with most of their reporting, the original PRISM stories that appeared in the Washington Post and Guardian both came out rushed and were misleading, which is still impacting how people are reporting on these things today. The PRISM program and Section 702 of the FISA Amendments Act have serious issues that need exploring, but it's all been distorted by the misleading initial claims, which implied things that just weren't true.
Similar panicked conversations were taking place at Google, Apple, and Microsoft. “We asked around: Are there any surreptitious ways of getting information?” says Kent Walker, Google’s general counsel. “No.”
- The NSA claims it uses the very same encryption that it tries to push everyone else to use. Yes, the same encryption that Snowden docs have revealed was compromised by the NSA.
And the NSA insists that, despite the implications of those Snowden-leaked documents, it does not engage in weakening encryption standards. “The same standards we recommend are the standards we use,” Ledgett says. “We would not use standards we thought were vulnerable. That would be insane.”
Sorry, but no one believes that one at all. The clear takeover by the NSA of NIST standards shows that's clearly not true.
- The NSA still doesn't realize how serious all of this is. They still think it's just been blown out of proportion.
They understand that journalism conferences routinely host sessions on protecting information from government snoops, as if we were living in some Soviet society. And they are aware that multiple security specialists in the nation’s top tech corporations now consider the US government their prime adversary.
But they do not see any of those points as a reason to stop gathering data. They chalk all of that negativity up to monumental misunderstandings triggered by a lone leaker and a hostile press.
- Patent troll Nathan Myhrvold is also completely clueless about national security:
Former Microsoft research head Nathan Myhrvold recently wrote a hair-raising treatise arguing that, considering the threat of terrorists with biology degrees who could wipe out a good portion of humanity, tough surveillance measures might not be so bad. Myhrvold calls out the tech companies for hypocrisy. They argue that the NSA should stop exploiting information in the name of national security, he says, but they are more than happy to do the same thing in pursuit of their bottom lines. “The cost is going to be lower efficiency in finding terrorist plots—and that cost means blood,” he says.
This is stupid on so many levels. First, the old argument that it's somehow equivalent of tech companies and the NSA to make use of information -- a claim that Levy ridiculously repeats multiple times in his article -- is a line that has been debunked so many times it's really beneath Levy to give it any life at all, let alone refuse to point out how stupid it is. Companies provide a direct service to users, and they make a decision: If I give this information, I get this service in return. It's a decision made by the consumer, and a trade-off where they decide if it's worth it. We can argue that people should have more information about the costs and benefits, but it's still a trade-off where the final decision is their own. The NSA, on the other hand, is not providing a choice or a trade-off. They're just taking everything in exchange for nothing. And, oh yeah, they have guns and can put you in jail -- something no company can do.
Second, Myhrvold incorrectly buys completely the line that all this data collection has been helpful in stopping terrorists. There's just one problem: there is no evidence to support that. Besides, based on his idiotic reasoning, we might as well just do away with pretty much all our rights. For example, I'm pretty sure that we could all have protected Myhrvold more completely if there were video cameras streaming video of everything he did within the privacy of his own home, cars, office or just walking around, right? We could certainly make sure that no one was attacking him or, better yet, that he wasn't about to attack anyone. The cost of not spying on every moment of Nathan Myhrvold might mean "blood." So, based on his own logic, we should violate his privacy, right?
All in all there's a lot in the article that's worth reading, but those were a few key points that really stood out.