By: Gregory P. Bufithis, Esq. (CEO) and Eric De Grasse (Chief Technology Officer).
10 June 2013 – Wow. So George Orwell and Philip K. Dick were right: “They quite literally can watch your ideas form as you type” (quoting Glenn Greenwald, the blogger who revealed the existence of PRISM as leaked to him by Edward Snowden, the 29-year-old former C.I.A. computer technician). Although what immediately came to mind was the 1998 movie “Enemy of the State” which had Gene Hackman playing a disillusioned National Security Agency (NSA) analyst who says “the agency has been in bed with the telecommunications industry for decades, and they can suck a salt grain off a beach.” As the MIT Technology Review said at the time, that movie was more documentary than fiction. While the visual tracking abilities of the government were way overblown in the film, the RF tracking abilities were vastly underestimated, as were the relationships among and between members of the military-industrial complex. As Dwight Eisenhower said in his famous military-industrial complex speech our public policy “could itself become the captive of a scientific technological elite”. And so it has come to pass.
But how did a short-term 29-year old computer technician contractor get access to such super-secret information such as PRISM? As explained by Cedric Leighton, a former deputy director of the NSA: “In past years someone like Snowden may not have had access to briefings detailing these collection programs, but now with the push from a ‘need to know’ to a ‘need to share’ philosophy, it’s far more likely for an IT contractor like him to gain access to such documents.”
For us and most observers of the privacy and surveillance landscape, the revelation that the NSA has been collecting piles of information from telecoms and technology companies … extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time … feels like someone telling us that water is wet. There have been any number of signals in the last few years that this kind of surveillance and data collection was going on, with scores of detailed stories on how the U.S. government was not just spying on its own citizens, but doing so on a scale that would dwarf anything that all but the most paranoid would imagine. As we wrote not too long ago citing scores of references, privacy is dead and anonymity is dead. Deal with it.
And quite frankly all of this “shock” in the media and by politicians (many who now say “we knew”) felt a little bit like these guys:
Surveillance? Spying? I’m shocked!!
Oh, yes. Even the Europeans were “shocked” … until UK ministers came under pressure to explain their security services using the U.S. data trove, with fingers also pointing at Germany’s security services. In fact as we learned at a recent workshop in London on data security the Europeans are no slouches when it comes to surveillance of its own citizens — data privacy be damned. Although if you have been following the chatter on Twitter and Facebook about this string of revelations over the past few days you sense something along the lines of a collective shrug by everybody.
The U.S. moved from democracy to intelligence state/surveillance state a very long time ago. We have put more intelligence officers in policy offices, law enforcement agencies, and military units. We have militarized our police forces. And we actually want this since we put so much pressure on our intelligence services. After the Boston bombings and the recent horrific killing of the Army officer in the UK social media sites were lightening up with “why in hell did we not know about this??!!” It turns out we knew quite a bit about the perpetrators of both acts … but not enough to stop them … and we’ll never know how many incidents have been stopped by the intelligence services due to their massive surveillance systems. But at this point it’s a little tough to put this genie back in the bottle or control him. And we’ll let somebody else argue/discuss the trade-offs of collective security vis-a-vis privacy.
Technology has made all of this so easy. Today, a revolution in software technology allows for the highly automated and instantaneous analysis of enormous volumes of digital information so America’s spies have the ability to track the activities and movements of people almost anywhere in the world without actually watching them or listening to their conversations. One of the more intriguing elements revealed over the weekend by The Guardian showed a “global heat map” that appeared to represent how much data the NSA sweeps up around the world. It showed that in March 2013 there were 97 billion pieces of data collected from networks worldwide; about 14 percent of it was in Iran, much was from Pakistan and about 3 percent came from inside the United States, though some of that might have been foreign data traffic routed through American-based servers.
Even our good friends over at the IBM Watson team got a hat tip. From a New York Times article (also picked up by numerous other news sources):
I.B.M.’s Watson, the supercomputing technology that defeated human Jeopardy! champions in 2011, is a prime example of the power of data-intensive artificial intelligence. Watson-style computing, analysts said, is precisely the technology that would make the ambitious data-collection program of the N.S.A. seem practical. Computers could instantly sift through the mass of Internet communications data, see patterns of suspicious online behavior and thus narrow the hunt for terrorists. Both the N.S.A. and the Central Intelligence Agency have been testing Watson in the last two years, said a consultant who has advised the government and asked not to be identified because he was not authorized to speak.
As we have stated in numerous posts, from health care to retail sales analysis to litigation review to medical diagnosis to TMT analysis to government work to [insert pretty much anything here], Watson is there.
Note: and for a very detailed look at the unfortunate “dark side” of IBM and massively organized information we refer you to IBM and the Holocaust by Edwin Black which Rob Robinson recently profiled on his site Complex Discovery (click here).
Also, one point about collecting the metadata (the array of peripheral information concerning actual data, like phone call audio or the text of an email). Government shills and in-house government intelligence analysts have tried to reduce the furor by saying this collection was a “minor incursion” into privacy. Dead wrong and they clearly did not go to the Georgetown Law Cybersecurity Law conference (our video coverage coming later this week). Pieced together, details of this kind can paint a very detailed picture of lives and our associations. When separate streams of data are integrated into large databases — matching, for example, time and location data from cellphones with credit card purchases or E-ZPass use — intelligence analysts are given a mosaic of a person’s life that would never be available from simply listening to their conversations. As we noted early this year from a study highlighted by Nature magazine, just four data points about the location and time of a mobile phone call make it possible to identify the caller 95 percent of the time.
Yes, some incredible analytics at work here … and technology. For instance, the microphone on some powered-off cell phones can act as a room bug. And a technology known as trilaterization allows tracking of an individual’s location, moment to moment. The data, obtained from cellphone towers, can track the altitude of a person, down to the specific floor in a building. The Chinese government spy system can probably match U.S. spymasters point for point. We’ll have more in our Georgetown conference report later this week.
As for Mr. Snowden’s employer Booz Allen … well it has become one of the largest and most profitable corporations in the U.S. almost exclusively by serving a single client: the U.S. government. As noted by the New York Times and The Guardian, over the last decade much of the company’s growth has come from selling expertise, technology and manpower to the NSA and other federal intelligence agencies. The government has sharply increased spending on high-tech intelligence gathering since 2001, and both the Bush and Obama administrations have chosen to rely on private contractors like Booz Allen for much of the resulting work. How close are they? The Obama administration’s chief intelligence official, James Clapper, is a former Booz executive. The official who held that post in the Bush administration, John McConnell, now works for Booz. The company employs about 25,000 people, almost half of whom hold top secret security clearances, providing “access to information that would cause ‘exceptionally grave damage’ to national security if disclosed to the public,” according to a company securities filing. Oops.
But this latest security issue is not their first. The company has also had at least one previous highly publicized problem maintaining data security. In 2011, files maintained by Booz Allen were acquired by the online activist group Anonymous, which claimed to have stolen tens of thousands of encrypted military passwords.
For now, the technology giants like Google, Facebook and Microsoft battle to maintain their credibility on privacy issues issuing strongly-worded denials that they had knowingly participated in PRISM with phrases like “outrageous accusations” and “we never heard of PRISM”. The battle is somewhat focused on the PRISM Powerpoint slide that states NSA had “direct access” to their servers. But as more slides were released over the weekend it became clear that some major technology companies have, at the very least, taken steps to make it easier for intelligence agencies to access the information they want.
So undoubtedly more to come. Time to dust off our copy of the Foreign Intelligence Surveillance Act and prepare.
No comments yet... Be the first to leave a reply!