I’m usually surprised by the coverage regarding NSA/CIA/FBI spying: there’s some stuff we definitely should be scared of, and there’s other stuff that I file under “so, what?”
For example, the fact that the US government has consistently ignored its own laws regarding wiretapping: nobody who has observed any government in action should be surprised by that.
For example, Herbert Yardley published “The American Black Chamber” [archive] in 1931, documenting a slightly fictionalized version of his exploits monitoring communications during WWI, before, and after.
At the time Secretary of State Stimson said (1929) “Gentlemen do not read eachother’s mail” it was a lie; he didn’t consider the Germans to be “Gentlemen” and was only referring to not reading friendly diplomatic communications. Given the way spies think, I am pretty sure I know how the US determined which diplomatic communications were or weren’t friendly: they read them.
AT&T was a new thing, and telegraphy immediately became important. And the US government (various agencies) immediately moved to tap and compromise it. When voice telephony took over, the newly-minted FBI began doing exactly what the NSA, FBI, and CIA are doing today: tapping it. And they began building call records of who called who, and when.
That’s a vintage phone call recording device. It comes in a lovely wooden box to dampen the sound of the solenoid, as it made marks on the paper with the pulse of the ringer. The connections on the lower right match a hole in the case where the wires could go in, and the tape went out a slit in the other side. By the way, it’s really heavy – solid brass with a great big wound spring inside.
The FBI used those for a while; there’s still a lot of law on the books regarding pen registers – the initial idea was that the number you called was “just metadata”[stderr] and there was this fig-leaf game they played of pretending that the number was all that was being recorded, while, actually, they’d tap a line pretty much whenever and however they wanted to. COINTELPRO blew the doors off of that, but the American people rolled back over and went to sleep; it really doesn’t matter what you monitor, as long as you don’t try to bust everyone for the little stuff like drugs and extramarital affairs and that sort of thing. We need to be honest with ourselves – we’ve known this has always been going on and always will be: the only people who have privacy in the US are the oligarchs.
Then you have the 90s’ and AT&T whistleblowers coming out and describing the secret room(s) at phone company locations, where internet peering points were tapped. But nobody cared because the establishment told some story about “metadata” to the media and the media pretended to buy it and it really didn’t matter because, aside from a few dirtbags who needed to get busted, and the occasional political hatchet-job [stderr] it really didn’t interfere with anyone’s lives. The silk road was a thing in the early oughts, and you could buy drugs online, and child porn, and – the FBI can always excuse anything if it busts some child porn. Nobody should be shocked to find out that the government has continued its uninterrupted policy of ignoring the constitutional protections against self-incrimination or search. Nobody even cares when the FBI regularly and openly cheats in how it collects evidence by digging where it has learned there is other evidence, illegally. That process is called “parallel construction” [wikipedia] and it’s been a practice for a very long time. In the early days it was a confidential informant mentioning “the gun that was used might be in the toolbox in the garage” and now it’s “a text message that was collected without a warrant” – it’s all OK as long as there’s a warrant when the FBI agent searches the toolbox, and “oh! Look! I stumbled on a gun!” right?
I’m not saying we shouldn’t care – I hate that “so what? This is nothing new!” argument. The reason I hate it is because it’s not saying “don’t worry about government surveillance because they’ve always been doing surveillance to some degree or another” – I hate it because it’s saying “you woke up and found you’re in a police state and have always been in a police state and you’ve never had a ghost of a chance of doing anything about it.”
That’s the core message, to me, behind the CIA dumps and the Snowden dumps: we have collectively tried to do something to secure our communications but we never even had a ghost of a chance against our own government because – simply enough – they never were even going to give us that much. We used encryption because we wanted our communications to be private. Otherwise, we’d have left them public, right? The observation that we tried to speak privately argues that we have an expectation of privacy. If we were going to be allowed it, that is. Which, we’re not.
When the FBI complains (as they did consistently through the 90s!) that “encryption is making the internet go dark”[fbi] they were lying: they just wanted to pass CALEA[wikipedia] and force providers to give them obvious back doors, or the Clipper Chip,[wikipedia] which would obviously backdoor everyone’s crypto. That was just them asking nicely. But they not only never had to ask nicely, they made sure they had parallel backdoors so that even if we struggled to secure our communications by switching to Signal (or whatever) they could just go around it. In fact, using PGP – as some of us used to – probably flagged you higher in Xkeyscore because you were attempting to do secure communications and, well, we can’t have that.
I’ve written elsewhere about the retro-scope:[stderr] law enforcement’s ability to go back in time and decide retroactively who might be a trouble-maker, then to retroactively strip-mine their communications. That strip-mining? That’s what the CIA and NSA and FBI’s fancy tools are for. They’re not using it to stop billionaire child molesters like Jeffrey Epstein: they’re using them to analyze the communications and activities of people who annoy billionaires.
The FBI is currently trying to push for warranted access to #NODAPL Facebook group’s membership and communications. The ACLU is bravely trying to fight this battle which has already been lost: the NSA already has that data, and now it’s sharing it “before privacy protections” (whatever that means) with other federal agencies. That means the FBI is just hand-wringing for the camera; they’re already investigating all the friends of friends of #NODAPL and people who said “I’m going” and if you just purchased a large amount of ammunition or a high capacity weapon, they’re going to be looking at your credit card purchases and see if you’re making “card present” transactions heading toward North Dakota.
The ACLU filed a motion in Whatcom County Superior Court on Wednesday to block a police warrant to search the Bellingham NoDAPL Coalition’s Facebook page. A hearing is scheduled for Tuesday morning. According to the ACLU, the Whatcom County Sheriff’s Department served Facebook with a warrant seeking data on not just the NoDAPL protesters themselves, but on people who merely interacted with the Facebook group. [ars]
The name of the game is not even collection, anymore. It’s integration and fusion. It’s tools like Palantir and Xkeyscore. The problem they have is not that they don’t have access to your data: it’s that they have all the data and it’s really hard to figure out who’s worth looking at more closely. There’s too much data. But, like when the lidless eye of Sauron turns upon you, once you become a target, your protections: your iPhone, your Signal, your Facebook, your complicated password – it’s not worth anything. The only thing that gives you a chance of staying off the radar screen is good tradecraft. Or being a billionaire. Or not giving a fuck. Those are, seriously, your three choices.
Right now there are vast fortunes being made on “big data” – data fusion, data integration. What do you think that’s for? The basic stuff is in-house: amazon notices that you buy one weird product, and it offers you a list of others that other people have bought. The other stuff: that’s not looking for “terrorism” that’s looking for potential cells of revolutionaries forming, so that – when they need to – if they need to – they can ask some database: “how many people who went to Standing Rock also swapped emails with people who were in Seattle making credit card purchases during the globalization
protestsriots?” Then refine that by weapons purchases: Oh, look, Marcus Ranum bought a dozen israeli-made gas masks on amazon.com and had them shipped to Standing Rock: put him on a watch-list and yellow-flag anyone who communicates with him who also buys explosives precursors.
I’m not writing about that like that’s the horrible future we’re doomed to if we don’t do something. That’s the horrible present we’re living in already, because – unfortunately – a lot of politically naive nerds (my peers!) designed the systems that are going to be their own shackles, because they’re hoping they’ll make enough money to be on the fringe of the minor oligarchs’ club, and they’ll be passed over and someone else who can’t afford a good lawyer (or who has the wrong skin color or name, or isn’t a citizen) is going to get investigated. This is our current reality.
I live in gun-toting 2nd amendment worshipping rural America; everyone out here would probably vote to oppose some kind of additional registration requirement on guns. What they don’t realize is that that additional registration happened silently and organically about a decade ago. They don’t realize that UPS and Fedex are required to share “metadata” and so are banks and credit card companies. What “metadata” is that? All of it. You want to know who’s buying ammo? Ask the UPS shipping database who got ORM-D packages weighing over 10lb from (long list of websites) and paid more than $50 for it. And that’s assuming that the site you bought that ammo from doesn’t have a National Security Letter from the FBI asking for their customer database and purchase records. The rigamarole about registration laws and no federal databases: that’s just stage-management for the rubes who don’t understand the kind of triggers you can build when you combine shipping flags, package weight, sender/recipient, with purchase history and website classification. Do people really think that the USPS added all that computerized tracking stuff in order to make their customers’ experience better? (Well, yes, they did, but who are their “customers”?) This is what I meant about having good tradecraft: it’s not enough to be able to assemble your conspiracy in secret, because they can go back and catch you for mistakes you made before you decided to start the conspiracy at all.
The Intercept has a story about Palantir [intercept] that’s worth a read. But I see it as sort of deceptive because it misses the point: Palantir is not particularly useful unless it has a gigantic, huge, dataset behind it. A tool for analyzing and building networks of relationships based on tenuous data (like, “thin thread”s – get it?) – that’s a job for AI but the real story is the depth and detail of the dataset. The threat is not Palantir, the threat is big data and that threat materialized a decade ago. Every private corporate dataset is potentially not private against the police state: remember, when the American of Japanese ancestry were detained in concentration camps during WWII: they were rounded up based on census data that was supposedly gathered for, well, purposes other than rounding people up and putting them in concentration camps. Palantir isn’t the problem, it’s your ebay history, your amazon history, your Facebook friends list, and all of those have been winnowed through and the interesting bits have been flagged and sorted and attached to your master database record.
Consider this story: [guardian]
A New York woman says her family’s interest in the purchase of pressure cookers and backpacks led to a home visit by six police investigators demanding information about her job, her husband’s ancestry and the preparation of quinoa.
Michele Catalano, who lives in Long Island, New York, said her web searches for pressure cookers, her husband’s hunt for backpacks and her “news junkie” son’s craving for information on the Boston bombings had combined somewhere in the internet ether to create a “perfect storm of terrorism profiling”.
“Quinoa” is code for something horrible, I’m sure. But how did this happen: “had combined somewhere in the internet ether” No, that was an example of an over-broad rule some analyst did a fishing expedition on. Someone was looking at a Palantir console and it detected a bunch of matching terms between over here and over there and drew a bright red line. So six police investigators showed up at someone’s door asking about her husband’s ancestry.
The police and the national police serve the establishment: the rich, the powerful, the corporations (in that order) As the US heads toward ever-increasing spiral of inequality and unrest, they’ve already chosen which side they’re on: they’re already buying increasingly militarized technology and establishing the long-term databases that will allow them to decide who to round up and when. It’s not happening now, but we’re actually at a point where the government is investigating people because of who people they know swap Facebook messages with. Let that sink in.
The situation is vastly worse than most of us realize. It’s probably worse than I can imagine. Your Xkeyscore probably went up a tiny amount just for reading my blog. But you may as well stick around, it’s already too late.
Back in the late 80s/early 90s some people used to put “NSA fodder” .signature lines on their USENET postings. I did that, myself, but intermittently (because if you do it always, it’s really easy to filter) The fancy tools like Palantir – those were written as a response to the incredible new complexity in the info-sphere: not because it’s harder to find stuff it’s because there’s so much more to find.
I just want to circle back and encourage you to think a bit about “parallel construction.” If you have any idea that there’s a rule of law, trial by evidence and a jury of peers, that should cure you. Because the idea of presenting evidence in court is so that the defense can challenge it and part of the challenge is whether it was lawfully obtained. The government admits that its premier law enforcement agency regularly manipulates how it gathers evidence, in order to protect the secrecy of how it illegally surveils its targets. This is not a new thing: this is how it has been done since the 70s (and probably sooner). That stuff about “rule of law”? They’re referring to the golden rule, baby: that’s the only rule that’s respected.
Privacy for the oligarchs: The President can have Marilyn Monroe or Monica Lewinsky or Kay Summersby or whoever in the Oval Office for a tryst and they never show up on the activity logs kept by the massive staff. The staff that knows where the oligarch is every minute of every day. And the other oligarchs are safe because, hey, as long as there’s no political hay to be made, who cares if Bill Clinton flies on Jeffrey Epstein’s mobile teenfuck palace? It is a gigantic 727 flying around controlled airspace and people get into and out of it through airport security. Yes, there are surveillance camera frames galore of young girls getting on and off that plane. Of course all that stuff is recorded and monitored; the establishment just ignores it. Unless you annoy The President like Khizr Khan. Of course, this is how history has always been: the powerful are the only people who have any right to privacy. Peasants have whatever anonymity they get because they don’t matter. Any of us who think we have any privacy: we’re peasants.
My quip about “thin threads” above: I’m referring to Binney’s analysis engine for NSA “thin thread”[wikipedia] which was, basically, Palantir without a pretty programmable user interface. There are a lot of techniques for clustering information. It’s an AI problem, really, and human AIs are getting pretty good at this kind of thing. I’d be utterly shocked if there weren’t IBM salespeople falling all over themselves trying to pitch Watson to the FBI and NSA. Uh Huh:
Both the N.S.A. and the Central Intelligence Agency have been testing Watson in the last two years, said a consultant who has advised the government and asked not to be identified because he was not authorized to speak.[nyt]