I’ve not looked at the ongoing NSA storytelling for quite a while
Since my last post, we’ve seen a book by Glen Greenwald (which I haven’t read yet), a TV interview by Edward Snowden (which I have not watched all the way through), tales of Chinese hackers, and miscellaneous Russian military adventures. Far too much to keep up on.
This week we see lots and lots of very public “push back” from major Internet companies.
These companies asserting that they are (finally) actually protecting user data from snooping. This is presented as a brave face off with “the government”. And it is very, very publicly announced. Obviously, these companies are acting in their own interest more than ours, since their business model depends on masses of people ignorantly providing personal data to the company (but not to the US government).
To help the narrative, the US government speaks its own part in this story (quoted in the NYT:
“Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies.”
This is a beautifully phrased, “non denial denial”: there is no implication that the data will not be available, only than there is no longer voluntary cooperation. I have no information on the subject, but personally, I wouldn’t bet that the NSA can’t get what it wants, one way or another.
Snowden has really hurt Google and all. They had be sleazing along, having it both ways. They talked a game about privacy (though they are in the business of invading privacy), while silently letting the NSA and others get whatever data they want. Now they have to make a show of defending their users from the NSA; lest their users will flee to be exploited by other sharks. Can’t have that.
Snowden revealed some extremely embarrassing holes, and, as in the case of OpenSSL, we find that the supposed geniuses of the private sector had cut corners in many ways. They are now, finally, instituting measures that should have been done ages ago. These upgrades certainly will make it harder for civilians to dink around with your traffic.
Given that the NSA has a mandate to protect US communications, they must be quite pleased to have these basic measures promulgated widely. Having the companies publicly sass them is a small price to pay to get this technology out into the world.
Furthermore, the NSA is being very cooperative in this effort: it is publicly complaining about these actions, and decrying the “lack of cooperation”. This rhetoric is, of course, critical to make the measures credible to the users—and to keep US companies competitive globally. Imagine how people would take it if the NSA officially approved of the defensive measures!
So now everyone everywhere knows the NSA is listening, but some may believe that gmail or whatnot is “secure” from the NSA. Everyone knows that Google et al are “geniuses”, so their magic must be better than government magic, no? They may also believe that the Internet companies are “on your side”, “trust us”.
In my most paranoid moments, I can see that the NSA still has means to access communications when it needs. Maybe more paperwork. Maybe more complex technical measures (wireless is still full of gaping holes, the switches still have backdoors, root keys can be obtained). All the more reason to try to keep people swimming in this lagoon, so they don’t have to go fish elsewhere.
But remember NSA’s other goal: depriving enemies the use of the Internet.
For adversaries, real adversaries, not crusading journalists, there is a tough decision. Is it safe to use the Internet? What services are safe to use? Or do I have to do without? Uncertainly, fear, and doubt. In this way the NSA is depriving enemies of easy, carefree access to the Internet.
All this has never been about you—though you have a role to play in the narrative.