I haven’t commented recently on the “NSA Narrative” which plays out in public through a variety of messages.
As I have argued before, one of the NSA’s (and GCHQ’s) missions is to deny enemies the free us of IT and the Internet. This is very, very difficult, but certainly requires both technical moves such as outlined in these reports and, just as important, a world wide understanding that “We are watching you”. Furthermore, “we have near magical powers”, so you mustn’t trust IT or the Internet.
Furthermore, much of what these agencies do must be secret. But how can you deter your enemies if they don’t know how powerful you are? The answer is to, as much as possible, have others “reveal” and complain about your activities, to make sure that adversaries understand the mysterious and overwhelming technology you are using. In this light, we can see that Mr. Snowden has done more than anyone to promote this story, which I call “The NSA Narrative”.
A round up of recent news illustrates the narrative in action.
Recently, we have been treated to reports by Kaspersky Lab that someone (obviously the Five Eyes) has penetrated the firmware of PC’s. [PDF] To the degree that this is accurate, this would give the intruders pretty much unfettered access to the computer, regardless of whether it is connected to the Internet, and undetectable by almost all tools and devices.
Shortly after that, we hear that Lenovo had deliberately implanted spyware (they claim it was adware) in the BIOS of some of their computers. This software connected back to mysterious servers, supposedly to serve advertisements, but who really knows. And regardless of who put it there, could the NSA not have known about it, and used it if needed?
And we hear several reports that the Five Eyes hacked into Dutch firm Genalto, largest makers of SIM cards. The object would be to obtain root passwords and enable the agencies to decrypt mobile phone conversations. It is no surprise that this would be a prime target. There have been no reports about other intelligence agency’s efforts in this area, though my guess is that they would be a target for everyone.
First, these reported technologies and methods are not only plausible, they are things that we studied in the ‘80s. Knowledgeable people would have assumed that top intelligence agencies could and would be doing such things. In other words, this isn’t revealing any “secret”, in the sense that everyone suspected these capabilities might be in use. (In fact, it is wise to assume that the really important capabilities are still secret.)
Second, the reports have been in the form of “leaks” or “discoveries”, that are met with public shock and condemnation. How can people be surprised if intelligence agencies are attempting to penetrate strategic key stores, particularly ones outside their legal control? Is anyone really shocked that the NSA and related agencies have many, many techniques for snooping and sneaking on the Internet? Of course not.
But what better way to let adversaries know about these (supposed) capabilities than to have independent experts, public media, and politicians complain? The NSA can’t just tell you about this, who would believe that? So they make sure that there are “leaks” of plausible but not too harmful information, which the respond to by non-denials and hounding leakers—to show how “credible” the information is.
Along these lines, I call your attention to the Silicon Valley Gambit being played out these past years. In public, the big tech companies—whose business models depend critically on data collection and analytics—pretend to fight the declared policies of the US Government—whose business model depends critically on data collection and analytics.
At the same time, one of the biggest companies in the valley is Palantir, which appears to be owned and operated by the CIA and friends. It’s not exactly clear what Palantir is up to, but it is easy to see why the CIA et al would want to be competent in data and analytics, and it makes sense to fish at the source.
And to contribute to the important narrative, a very convenient “leak” revealed the ubiquitous and magical powers Palantir wields.
As an aside, I note that the descriptions of what Palantir is doing (apparently quite well) is totally consistent with what the research directions the government was pushing 15 and more years ago. (e.g., ) I’m glad to seek that this investment has paid off.
- Thomas, James J. and Kristin A. Cook, Illuminating the Path: The Research and Development Agenda for Visual Analytics. IEEE Computer Society, 2005. http://vis.pnnl.gov/pdf/RD_Agenda_VisualAnalytics.pdf