Listen to ourselves. Really.
So the NSA monitors the Internet and captures data in the form of email, phone calls, SMS message and… well whatever else travels over the Internet.
As soon as the ‘news’ broke the usual civil libertarians were wailing and wringing their hands about what an evil act this was, and wagging their fingers knowingly at the gates of the NSA as they finally had the proof – the PROOF goddammit – that the NSA is a… well, a signals interception agency. That spies on things and collects data. Secretly.
I can’t be the only person longing for a little adult conversation about this, surely?
Think back to Jack Nicholson’s speech as Col Nathan R. Jessup during the courtroom scenes in the movie “A Few good Men”. I’ll bet there are a few NSA senior managers saying something pretty similar about this incident now it’s out in the open:
You have the luxury of not knowing what I know… And my existence, while grotesque and incomprehensible to you, saves lives.
You don’t want the truth, because deep down in places you don’t talk about at parties, you want me on that wall. You need me on that wall.
I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide and then questions the manner in which I provide it.
But suppose we were to attempt to explain how PRISM supports the freedoms we all enjoy on the Internet, and in many sovereign nations in general. What might that explanation look like?
NSA’s Very Public Role
Don’t forget this PRISM-esque type of network monitoring and data gathering is what the NSA does, and has done in various forms for over 60 years. This really should not come as an earth-shattering surprise.
Their mission, and how they go about it is even on their website for all to see – pop on over to take a look for yourself.
Executive Order 12333 (Originally issued in 1981) delineates the NSA role…to…
Collect (including through clandestine means), process, analyze, produce, and disseminate signals intelligence information and data for foreign intelligence and counterintelligence purposes.
(my underlining – try reading just those words!)
Take another look at that centipede of a word towards the end there: counterintelligence. How do you think counterintelligence gets done in this day and age? Work back from how a poorly funded or just plain lazy foreign intelligence service might seek to easily and cheaply spy on the US (or any Western nation)… through the Internet perhaps… maybe using and manipulating email, mobile phone calls, SMS messaging, and social media?
Therefore what is the NSA, this publicly professed signals intercept agency, with a published remit to conduct counterintelligence under all circumstances (again, that’s direct from their website) supposed to do – where do you think their field of battle is or should be?
My very simple mind would look towards monitoring the hell out of the internet, as you can be 100% sure that some form of clandestine & subversive attack is lurking within it SOMEHOW, SOMEWHERE.
What I Think Colonel Jessup Would Argue
So based on our knowledge of the NSA let’s dispense with the shocked expressions and cries of foul play. The NSA’s PRISM program is simply them doing exactly what we need them to do; it’s why they exist, and in this increasingly online world that blurs borders and identity with a mouse click, it’s what they had to do.
With most countries, especially the US, hugely dependent upon all manner of electronic communications it is unthinkable to leave these systems unmonitored. The blatant abuse that could be unleashed by criminals and foreign intelligence services would be unprecedented and catastrophic, and our blindness to who was doing what would be a shocking negligence.
Point #1 of my Col. Jessup reality check is therefore:
- The Internet is now perhaps the most ‘critical infrastructure’ we have. It must be policed, inspected, and protected to the very best of the government’s abilities in the service of the nation.
As the NSA is funded (and probably the only organisation technically capable) to do this – that’s what they must do, and up until now they have been doing so nice and quietly, without letting the enemy know that we had the capability to see what they were up to. And this is where you have to really stop and appreciate the next point…
- You know there are dreadful people, doing and planning horrendous things on the Internet right?
They are ‘the enemy’ to all of us. The web isn’t all about the Twitterverse bragging about the perfect latte or how cuddly their cat is in less than 40 characters.
There really are people collaborating on ways to circumvent the banking system to divert billions of dollars off-shore. If they do this they can impact on the price of money, the value of shares, and make toast of your credit rating and mine until the next Millennium.
There really are individual and group terrorists who seek to use the Internet as an anonymous means to spread bomb-making knowledge, and who seek to influence the mentally ill and gullible in our society towards associating with and furthering their cause.
There really are organised perverts, seeking to obtain and share images of child rape for sexual and financial gain.
And there really are spies – agents working for foreign governments who want to use the web to steal intellectual property, uncover the military and intelligence capabilities of other countries, or discover human targets for exploitation through blackmail or bribery.
In short, the Internet contains the potential to be every bit as evil as any street in any neighbourhood in real life. Yet when we walk down a dark street In a bad neighbourhood, we expect the police to have been running intelligence operations against organised gangs and crazed individuals – even to be actively monitoring the street we are on to mitigate any threat against us. PRISM is the same thing for the Internet age.
Point #3 dovetails so closely with Point #2 it has to be made immediately:
- This process only really works best when we (‘the good guys’) have an unknown capability that they (’the bad guys’) don’t know about.
If our enemies think we have a poor capability, or that our laws and social norms prevent us from looking inside certain encrypted traffic, or into social media sites, then guess where they are going to go to try and sneak malware, propaganda, or illegal bank transactions past us?
This is why the NSA HAS to be secretive about what it does. It couldn’t just come out and say – ‘hey, we can read all the world’s Skype traffic’.
You know that funny clicking sound you heard a few days back? That was the collective sound of every criminal and intelligence operative in the world hitting DELETE on their Skype accounts once this story broke. Now they are somewhere else, doing something different. Do YOU know what they’ve moved onto? Let’s hope the NSA does.
This is why these revelations leaked by Edward Snowden are potentially devastating to all of us who have an online life. The NSA’s hand is now tipped, and the bad guys know how much deeper they have to dig to avoid being found out.
- The NSA is not big enough
You heard me right – the NSA may be able to suck in a lot of data, but it’s still not enough to fully meet its remit – let alone when the Next Big Thing hits the technology world.
Something that seems to be a conspiratorial staple of articles attacking the NSA is the claim that their budget has significantly increased ‘post-9/11’, as if that dreadful event is somehow being manipulated so the President can increase his knowledge of your Facebook likes and Breaking Bad downloads.
But hey – did you notice what else increased since 9/11?
- Registered Facebook users grew by over 8000%
- The number of Internet hosts grew by 600%
- The number of smart phones grew at least 600%
- Internet traffic grew from 1 Exabyte per year (2001), to around 44 Exabyte Per Month (2012). In the next 4 years it is expected to triple again.
And the NSA budget in the face of this data onslaught? It grew by an average of 4.76% per year (2006 – 2012).
In the light of this nominal research I would question whether the budget and reach of the NSA is growing fast enough to keep pace with the threat.
But Why Capture so Much Data?
I have no problem with the volume and scope of data captured, but one of the big complaints is ‘why isn’t it more targeted‘? I think this is because:
- With no baseline of what ‘normal’ traffic is, how are we to know what unusual looks like? Therefore we have to capture and see ‘normal’ as a baseline.
- The ability to scan/filter evil in real-time only is unrealistic – so a degree of data capture & retention is important in case something is overlooked in the instantaneous world of online activity.
- If it takes a few days or weeks to recognise that certain traffic was evil or coordinated to other types of attack, then of course we need the ability to ‘rewind the tape’ – to re-examine what occurred across multiple mediums and platforms and between multiple actors.
- To be sure that you have uncovered every tentacle of an attack you need to be able to look for it in unusual places, or indeed in the open – hiding in plain sight. The nature of the beast makes these locations un-knowable in advance, so it’s obvious you have to cast a wide net ‘just in case’.
The fact that regular people are caught up in this data trawl is as much of a pain to the NSA as it is to anyone else, I’m sure. Just having that much data, even within NSA systems, muddies the water and slows down the recovery process of what is truly important.
Unfortunately there are no simple filters that simply delivers ‘all the evil things crossing this wire – and discard everything else’. The terrorist magazine Inspire for instance contains regularly changing encryption keys and contact emails in every issue, so what could be found last month has to be deciphered afresh by the NSA the next. And to be sure they have it right and no one is obtaining instructions on how to make a bomb from a kitchen pressure cooker they need to check… you guessed it… EVERYTHING.
Of course you don’t need to take part. Close your Facebook account. Give up Twitter. Throw away your mobile.
…is that we live in a horrible world, and our main protection from the most despicable people in it are our intelligence services. Why this makes people uncomfortable I really don’t understand.
So enough of this moral outrage at this so-called ‘surveillance scandal’.
If Edward Snowden ‘doesn’t want to live in a society that does these sort of things‘, I’m not sure what sort of a naive, anarchistic (or fairy-tale) view of society he does in fact have. For someone who has had a Top Secret clearance in the past, it’s a worry that he is that naive.
If it comes down to it, I don’t want to live in a society where we DON’T do these sort of things. An alternative where agencies like the NSA are neutered because of the Wikileaks apologists is just horrendous to contemplate.
As Col. Jessup famously said back in that courtroom:
You can’t handle the truth!
But I think it’s about time a lot more people tried a lot harder to do so.