Sunday, June 9, 2013

Tradecraft in the Age of PRISM

At least they have a bad-ass logo
Verizon. PRISM. Boundless Informant.  As if someone opened up a spigot, a seemingly endless stream of revelations and disclosures of the American surveillance state arrived this week. It's way too early to figure out what it all means, or what it might lead to, but we can certainly start to arrive at a few conclusions. First, from the government/law enforcement/counter terror standpoint, it seems as silly and pointless as taking off your shoes in the airport security line.  As a purely tactical matter, using metadata around phone calls and information from internet providers like Google, Microsoft and Facebook doesn't seem shocking, novel or unusual.  It may very well be constitutionally suspect, but one has to expect government agencies to do something like this.  If I was involved in a serious criminal conspiracy, I would assume all these surveillance practices were in place, and would be very careful to avoid showing up in their analysis.

Who would actually be caught by these obvious, basic authoritarian surveillance practices? The vast majority will be innocent people, and that's where the real problem lies. Otherwise, they might be better called "The Darwinian Solution to the Problem of Stupid and Amateur Terrorists".  The solution, that is, to the extent that stupid and amateur terrorists are an actual problem.  It seems that, over the last few years, the FBI had recruited, entrapped, supplied, funded and encouraged most of the 'terrorists' they then prosecuted.  It now appears likely to me that these sort of surveillance programs are how they originally located those targets.  I'll leave it to others to decide how valuable they think a program that by definition can only catch the delusional and the rank amateur, but for me, well, I have trouble believing these programs are protecting me from much of a threat.

Real criminals and terrorists have been devising effective tradecraft counters to this kind of electronic communication surveillance for over a decade. It's worth noting that the Abottabad compound where Osama bin Laden died hard did not have an electronic connection to the outside world, and his support staff did face to face meetings, not phone calls.  The delay ('latency' in ELINT speak) was well worth it in terms of operational security.  It is well understood in these circles that government agencies often don't even try to intercept message content, not because of legal or constitutional niceties, but because real bad guys use strong encryption.  It is the meta data around those messages - call patterns, cell and network member IDs and locations that are the only available data.

Have you ever been in a poor neighborhood, pretty much anywhere in the world?  Go into a liquor store, a little bodega or a shop in a market.  You will be able to buy, for cash, prepaid cell phones, the cheap hand-helds popularized on the TV show "The Wire" as 'burners'.  They are cheap, disposable and untraceable.  If you get one of the TMobile variety, and prepay at least $100 in airtime, it will not expire for one year.  If you don't have one, well, think about it in terms of an 'investment'.  For that matter, you can buy a cheap Windows computer. If you only ever boot it from a Linux USB drive, it will look like a brand new, unused computer with all your data and history on the USB drive, which can be hidden, destroyed or tossed a lot easier than a computer can. The point is that anybody who's life, freedom or mission success is dependent on avoiding government surveillance already knows how to avoid government surveillance. The whole thing is pointless, endless and useless.

An interesting point of speculation is how these revelations happened, and why they all came to light now.  One entirely plausible thought is that the exposure of these programs was engineered by the Chinese government, just as global pique at Chinese cyber-espionage is growing into a firestorm. It may not be coincidental that this same week President Obama is meeting with President Xi - if the Chinese knew about these programs and wanted to put Obama on the cyber-defensive, this would have been a pretty good way to do it.  Apparently, the leaker fully expects to be identified and prosecuted, so we can expect to know more about this in the future.  But here's the thing - it's kind of like murder. Once you're wanted for a murder, the inhibition to commit further murders is removed.  As the old saying goes, they can only hang you once. At this point, there really is no reason why the leakers that have provided the revelations of this week shouldn't go all in with everything they can get out of the building.

One conclusion is a certainty: Your electronic documents, messages and searches are subject to government surveillance, and you really can't expect constitutional guarantees to protect them.  The fight for personal privacy in the age of the internet is over, and corporations and government won.  If you find this bothersome, there are actions you can take.  You can look for providers of internet services that are not in the US, and are not subject to the kind of coercion the NSA used against the big providers like Google, Microsoft and Apple.  You can get a VPN for a few dollars a month.  Most of all, you can encrypt.  Real Public Key encryption, done right with a large enough key, cannot be realistically cracked, even by agencies like the NSA.

So ultimately, what to think about all these revelations of government electronic surveillance?  It really doesn't matter.  As long as Congress refuses to limit the surveillance and war-making power of the Executive, and as long as the Judiciary is unwilling to aggressively protect any constitutional protections except the Second Amendment, then we have no democratic recourse.  In light of the lack of a functioning Constitutional democracy, we have a kind of hybrid-autocracy with certain kinds of freedoms but no real institutional rule of law.


  1. It's Edward Snowden.

    To me, he's a hero, like Daniel Ellsberg.

    The WaPo just linked the story, and there's a billion comments already. (Yes, I'm exaggerating.)

    Many are from right-wingers who want him hanged. And many are from Obama supporters who want the same, because something something something.

  2. The claim that he somehow revealed something that professional terrorists and criminals didn't already know, or assume as if they knew is grossly disingenuous and indicates a further attempt to intimidate would-be leakers. The only people who didn't know about these electronic intelligence programs were regular folks - and they have a right to know. That said, Snowden broke the law and his employment agreement and knew the consequences, so I'm not interested in hearing any whining if he gets prosecuted and sent to prison. If there weren't potential consequences it would be impossible to claim what he did was in any way courageous.

    With all that said, the original point in the post stands. It's a stupid, useless program that isn't going to be effective against any real threat...

  3. Did you know the DHS coordinated spying on and shut down of the Occupy protests, mikey?

    Our overlords have many threats to counter. And almost limitless resources.

  4. Of course they did. A government operating something as creepily named as the "Department of Homeland Security" is going to see those sorts of protests as a threat.

    But I will challenge your conclusion that the DHS "shut down" the Occupy protests. The most brutally effective internal security operations in the world, in Mubarak's Egypt and al-Assad's Syria and Maliki's Iraq could not "shut down" protests by people who had the courage and the will to try to change the system.

    Americans? Worse, American LIBERALS? Pssshhhh. They'd chip their nail polish. Occupy never had a chance, and that had nothing to do with the people who opposed it. It had no focus, it had no real support, it had no willingness to invest the time and lives and cost that kind of fight requires.

    If you are willing to blame the collapse of Occupy in America on DHS you are merely hiding from the biggest problem working against functional dissent in America - the dissenters are not afraid, they are not hungry, they are not willing to fight for what they believe, and they are NOT willing to die for their children's futures.

    The Arab Spring was built on hopelessness. In that light, an 'American Spring' is a long, LONG way away...

  5. You know, when my dad dies the last thing I need is a headache crossing the border.