Thursday, June 5, 2014

Why I will not be joining the NSA protest

(copied from a twitter rant)

Some random points about the NSA and global surveillance:

Today, in 2014, paying low volume retail prices, it costs a DIY stalker $400/month to track every human going through a single street corner.  For a large government at mass scale, their costs will be 1/100th or 1/1000th of that, or lower.  The costs of tracking everyone on the planet is falling through the floor.

Don't blame the NSA for being the first to buy a hammer off a store shelf.

Most network engineers presumed the Internet has been tapped for all its life. The Internet was not built to be secure. The original Internet protocols all sent passwords and other sensitive data over the network in plaintext. To this day, the most popular email protocol sends email across the Internet in plaintext, ensuring at least 10 entities (routers) have a copy of your email. It was trivial for any university student to snoop your email.

The NSA's global surveillance is a commentary on the future of tech for everyone. What the NSA has today, other countries have tomorrow, everyone has next year.

Further, we are presented with the obvious paradox:  Law enforcement (LEA) needs to follow criminals, whereever they go. National defense needs to follow attackers around the world. If you build a space away from LEA, criminals go there, and LEA is tasked to follow.

Nevertheless...  Freedom of [physical] assocation, perhaps even freedom of thought is threatened by global surveillance.  Today's global surveillance is a natural consequence of technology, not the fault of the NSA.

We now live in a world where all authors, thinkers, activists, politicians, judges, attorneys are automatically recorded.

The movement and communications of all "wired" citizens on Earth are tracked. Relevant factor is how tech advances to permit NSA to "remember" ever higher percentage of daily data. Data firehose is staggeringly huge, even for NSA.

No matter the layers of process protections and personal honor defending such data, access to the movements and communications of everyone will be abused for political or petty reasons.

Consider NAACP v. Alabama in the context of a universally tracked digital world.

Globally, we must have a conversation about practical freedom and privacy limits to be placed on data collected without our knowledge.  This is much bigger than the NSA, and we should not get distracted from the bigger picture of global surveillance by breathing fire at the first organization that makes use of well known techniques and technologies.

My personal recommendation are laws in every jurisdiction regarding privacy, data retention, forced data expiration (deletion), decreasing use of secret evidence, and eventual notification of investigation targets.  We must avoid the "pre-crime" trap, where predictive models lock society into a straightjacket based on word or thought alone. Citizens must be able to spout off. Youth must be allowed to screw up and be forgiven by society, rather than curse a person with a minor youthful transgression for the rest of their lives.

We must encourage the government to be transparent, while protecting the privacy of our citizens in a global, internetworked society.


  1. 1) There are already laws on the books regarding snooping/peeping/eavesdropping/wiretapping for the common citizen. Just because the technology makes it easier doesn't mean it's any less illegal - does the fact that your car can go quite a bit faster than the speed limit justify speeding? Do the police get to speed around the streets when not responding to a crime?

    2) "Law enforcement needs to follow criminals, whereever they go" - One is not a criminal until convicted. Tracking everyone to catch a few violates the ethical structures of Rawls, Bentham/Mill, Kant, and even Aristotle.

    Laws are also already enforced at whim. When was the last time you were pulled over for not using your turn signal? Jaywalking? Speeding? Oftentimes laws are used to harass/intimidate, adding universal tracking just allows a wider window of opportunity.

    3) "No matter the layers of process protections and personal honor defending such data, access to the movements and communications of everyone will be abused for political or petty reasons."

    And simply ignoring it, or throwing up your hands in 'fait accompli' simply emboldens those who would misuse it. We do not do such in regards to murder - simply chalk it up to 'people being people' and letting it go. We punish those who we find guilty and hope that the punishment deters others who may choose the same action.

    We should not shy away from punishment in the form of public ostracism of the government as a means to deter actions the populace finds distasteful or causing harm.

    I agree with all of your recommendations, but few of them can be implemented if you don't have a 'flag issue' of which to gain the attention of the public, inform them of the problem (and your suggested solutions), and rally around. The NSA is that issue.

  2. You just joined the NSA protest, only in an apologetic manner. These are the discussion we should be having. Glen and Ohanian debated against Michael Hayden and Alan Dershowitz over surveillance a little while ago but that conversation was simply right or wrong, there is obviously a grey area and that is the area we should be discussing and evolving. We need really fucking good technological debate and with people we trust, to evolve technology and provide direction. Providing direction however is a bit difficult to address once you realize though that technology has an industrial complex though, and anything disruptive to that obviously won't fly well for good debate, let alone good technological conversations within companies. Without flags being raised and pressure build up, there are no excuses to really help create a change. I grant evolution of technology (and business models) a small place for an industrial complex in an apologetic manner but only a really small fucking place, we need to evolve and weed stupidity out.

    Setting unprecedented secret legal agreements between a select few countries leaves much to be desired for trust, this even affects US businesses... As technology grows we need to have the debate though, but we don't need wrong or right, we need solutions. Proper engineering, and the evolution of law and the suggestions you make are great. As GreenBeastie says though, and I agree, we needed a flag. Apart from proper usage of surveillance, which you properly validate, folks are actually more concerned over the abuses of such surveillance. We have only seen reports of abuses within the government -- it'd be silly to assume private corporations have not abused this as well, I know of even abuses over the silliest uses of technology, regardless of what the fuck attorneys say, we technology folks know it, but the general population doesn't get it, nor do they frankly give a shit, until it affects them. Laws can evolve but -- it sounds like anything some upper echelons can override law in the US (see Snowden's e-mail to general counsel). This seems wrong if the checks and balances are gone. This is seriously stupid and dangerous, and covers territory a bit beyond surveillance, those folks who may not have cared about surveillance may care about abuses in power and our constitution.

    The protests are shocks on a system that went too far, we need these shocks, if it didn't happen now it would have happened later. Educating about being complacent by understanding this was inevitable because you are in the know how doesn't help much with our own evolution, but its no different than folks who just rant. We need solutions and -- I do trust you do work on some good ones :D so even though you express complacency -- I don't buy it.