Unusual public post.

2013.10.05

Normally, any post I make here that isn’t essentially notice of a change of address or relationship status or anything of that sort, is kept relatively private. I’m going to make an exception of this post, because I feel pretty strongly that the public debate on the Snowden leaks about NSA activities is hamstrung by ideologies, and missing some very important points.

It’s worth noting that ideologically, I tend to lean towards free societies with accountable, transparent governments, and all those nice things, and away from activities that superficially emphasize security. This leaning is not strictly idealistic though, as I’ve seen a rather strong correlation in the past century between freer countries, and dominant countries (both militarily and economically), and strongly suspect that the dominance is a consequence of the freedom.

Looked at this way, erosion of civil rights in the name of security is not merely ideologically questionable, it is severely counterproductive. And in this light, I’ve spent a decent chunk of the past few months wondering how the recently disclosed NSA surveillance program is counterproductive, rather than merely ideologically questionable.

The answer that eventually came to me was pretty straightforward: the described data stores are an enormously valuable target for the enemies of the United States to attack. This would of course be an attack with the intention to make use of it, not to deny the NSA use of it. Imagine what the MSS, the FSB, or various organized crime cartels (e.g. drug cartels) could do with that data.

It’s really not much of a strech to see foreign and criminal powers using NSA-gathered data to e.g. blackmail American politicians, military officers, business leaders, or scientists into acting against the interests of their country. It’s no more of a stretch to see them doing social network analyses on the data to find out who in their organizations are likely to be American agents, and to purge said agents (or use them as avenues for disinformation, or…).

I also find it deeply distressing that the main argument that gets put forward for these programs being allowed to continue is roughly “we’re not after you, good citizen; you can trust us”. It distresses me because it is, on its face, a pretty emotionally compelling argument. I have a sister who’s a military officer, and an aunt (my godmother, no less) who’s a retired spy. These are both people whom I trust deeply, and it borders on being personally offensive to hear a suggestion that they’d handle access to such data with anything less than the utmost professionalism and respect.

By extension, it seems easy to infer that an overwhelming majority of the agents who can access PRISM and related data stores are similarly honourable and professional. I say “seems easy” because I’ve already made a sampling error. My sister and my aunt are people whom I’ve known my entire life (well roughly 3 years less than my entire life for my sister, since she’s a younger sister); I’m drawing my sample entirely from a pool of people whom I trust. Foreign spies, organized criminals, and other undesirables who may gain access to our data, simply aren’t people who I would know (or know as such).

Based on that, I can’t rightly assume that such people don’t exist. Nor can I assume that such people will be perfectly (or near-perfectly) denied access to the data in question. Security systems fail, just like every other sort of system. They’ve failed in the past, and they’ll fail again. Because of this fact, it’s incumbent upon those who rely on these systems to try and minimize the damage that gets done when they fail.

On top of all that, it’s very much worth considering that the system in question has already failed (if partially). Edward Snowden has run off with God only knows what, and is now in Russia. He probably had his hard drive mirrored and a keylogger installed on his computer during his first shower on Russian soil (if not sooner).

The obvious mitigant for failures of this nature is simply to aggressively remove any data on Americans, or American allies from the databases in question, and to establish similarly aggressive filters to prevent such data from ever getting into said databases. Given that the data in question has no legitimate value to American interests, and an enormous potential value to adversaries, there is simply no reason to keep it around–unless it’s a honeypot.