copyright notice
link to published North American hardcopy version: IEEE Computer, July, 2013
link to published International hardcopy and IEEE Xplore redacted version: IEEE Computer, July, 2013
link to letter to the editor and response, IEEE Computer, September, 2013
link to the sequel, "The Intimidation Factor," IEEE Computer, December, 2013

Designated a Computing Reviews 2013 Notable Article


accesses since June 14, 2013

Through the PRISM Darkly

Hal Berghel


The Foreign Intelligence Surveillance Court has an approval rate of 99.93 percent of all surveillance requests. While this might not meet the strict definition of a kangaroo court, it seems to fall within the marsupial family.

Last month the National Security Agency found itself exposed to public ridicule for a variety of privacy-abusing activities. Once the mainstream media and political operatives got hold of the story, the signal-to-noise ratio decreased precipitously. Perhaps this column may add some clarity.

THE EVENTS OF INTEREST

June, 2013 is a month that may live in NSA infamy. On June 5, Glenn Greenwald of the UK's Guardian newspaper posted a redaction of an order from the Foreign Intelligence Surveillance Court (FISA) signed by Judge Roger Vinson that required cell phone giant Verizon to provide “all call detail records [aka CDRs] or ‘telephony metadata' created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls…. and that no person shall disclose to any other [unauthorized] person that the FBI or NSA has sought or obtained tangible things under this Order.” This order, still in effect at this writing, covered the period April 25 to July 19, 2013 ( http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order ). Needless to say, this had a chilling effect on the public and launched a firestorm of criticism.

But the story didn't end there. It appears that on May 16, 2013 the source of the Guardian story, an employee of government contractor Booz Allen Hamilton by the name of Edward Snowden, informed Washington Post reporter Barton Gellman of a secret NSA program to intercept and collect metadata from collaborating tech companies ( http://www.washingtonpost.com/politics/intelligence-leaders-push-back-on-leakers-media/2013/06/09/fff80160-d122-11e2-a73e-826d299ff459_story.html?tid=pm_pop ). This effort, subsumed under the cover term PRISM, began in 2007 immediately after the 2008 Foreign Intelligence Surveillance Act (FISA) amendment in response to the disclosure that the Bush administration had authorized warrantless wiretaps of civilians. The Post broke the story two weeks later. Snowden also shared the information with Glenn Greenwald at the Guardian which also ran the story. Both the Post and the Guardian stories released a few nontechnical NSA-internal and confidential PowerPoint briefing slides that demonstrated some of the intent of PRISM surveillance and the involvement with high-tech companies. Of the 41 briefing slides that Snowden provided the Guardian and Post, only five - one of them being figgure 1 - have been made at this time (e.g. Figure 1).


Figure 1: The PRISM Corporate Partners Hall of Shame? Who were the corporate officers who agreed to this relationship with the NSA? Why did Apple hold out until after Steve Job’s death? Inquiring minds want to know.


Particularly noteworthy is the template header listing thebcooperating high-tech companies. Immediately following the disclosure, some of the larger companies went into denial thereby causing the Post to speculate that the NSA might have had a “side door” in situ that was fed data from the host server clusters but not directly connected. This would bring the observations and the carefully crafted corporate statements into consistency. By everyone's account the relationship between the NSA and the high tech companies is willingly cooperative, leading some to describe the NSA technology as a “data-ingestion API” ( http://mashable.com/2013/06/08/prism-nsa-direct-access/ .)

THE “TRUST ME” DEFENSE, FALSE DILEMMAS AND RED HERRINGS

As I write this, Snowden is being labeled both as saint and sinner (depending upon your political persuasion), the NSA and its sympathizers are claiming that the world is far less safe than it was before the leaks, the over-zealous “big data” politicians call for a full measure of hurt for Snowden, and the three-letter agency leaderships single him out, alone, for their wrath. If this sounds familiar, it’s the same security theater that we've gone through over the past few years with Bradley Manning (see March, 2012 installment of this column). As I pointed out at that time, the real security story addresses the question “By what/whose authority was Manning (now Snowden) given access to sensitive, classified documents?” Once again, a security clearance isn’t supposed to be a hunting permit for curiosity seekers. Based on the description of Snowden’s job title, his access to this sensitive information failed any reasonable “need to know” standard.

Once the hubris and hyperbole dies down, it will become clear that (1) the revelations were not earthshaking, (2) very little if any security was compromised, (3) the only real damage was to the continuous erosion of the credibility of the NSA and the government, and, most importantly, (4) that the “system” that produced PRISM and the Verizon court order isn't transparent, is overly clandestine, and only works efficiently in the imagination of its supporters.

The first two weeks of June seem to have produced two main defenses of the surveillance programs. The simpler of the two, is the “trust me” defense that seems to be in vogue by the political leadership – e.g., John Boehner, Harry Reid, Lindsey Graham and Dianne Feinstein. While the “trust me” defense has been a staple of totalitarian governments worldwide, it hasn't been effective with the educated electorate in the US at least since Watergate – it has become a ‘throw away' concept. However, when strange bedfellows like John Boehner, Harry Reid, Lindsey Graham and Dianne Feinstein all say there's nothing to worry about…..

The second defense is a false dilemma: the choice is to either endorse government surveillance as it is, or run the risk of increased terrorist attacks , death and disorder. Of course this begs the question whether there might be other, more constitutionally-sympathetic, effective means of accomplishing the same objective. The false dilemma tactic is currently popular with President Barack Obama and NSA director Keith Alexander, at this writing the latter of whom promises the congressional leadership imminent objective proof by enumeration.

Concurrently, most of the media emphasize the extent of the US Government's electronic surveillance programs, the leaker and his motivations, and the political reaction to both, all of which are red herrings in this context.

IN CONTEXT

The NSA’s PRISM project and its access of Verizon’s phone logs aren't isolated 4th Amendment assaults. Open source information that confirms the breadth and depth of government surveillance has been widely and publicly available for many decades. The US government’s passion for surveillance and stealth is anything but new in signals intelligence - only the circuits and frequencies have changed. In context,

So, PRISM (aka US-984XN) is far from a new development. It is merely one of the more recent programs that have been revealed. Think of it as a of as a supplement to existing intelligence gathering activities. This toothpaste is out of this tube.

CYBURBAN MYTHS

As the timeline shows, the government through various three-letter agencies willingly accosted if not assaulted 3th Amendment protections long before 9/11. The claim that all of this surveillance was necessitated by 9/11 and the subsequent global war on terror is a myth.

A December, 2000 NSA memo shows that a case was even then being made for pushing the boundaries of constitutional limits on surveillance ( http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB24/nsa25.pdf ). Particularly notable are the references to “major policy issues” on pages 31-2. To wit, here are some relevant quotations:

A second myth is that rigorous oversight of surveillance activities is present. Token, yes - rigorous, not so much. When Director of National Intelligence James Clapper refers to the FISA court as one component of an “extensive oversight regime, incorporating reviews by the Executive, Legislative and Judicial Branches.” (cf. http://www.wired.com/images_blogs/threatlevel/2013/06/PRISM-FAQ.pdf), that should be understood in the limited sense that there is minimal congressional awareness restricted to a few committees and one element of the judiciary. The latter, called the Foreign Intelligence Surveillance Act (FISA) court, is worthy of elaboration.

Clandestine surveillance and intelligence activities are statute-driven in the sense that they're enabled, and sometimes motivated, by changes in federal statutes and Executive Orders. When agency activities are determined to be outside the law, both the laws and activities are thus brought into agreement. The classic illustration is the 2008 modification of that was motivated by the 2005 discovery that the George W. Bush administration had authorized warrantless wiretaps that included US citizens which produced a flurry of lawsuits. To forestall further litigation and 4th Amendment challenges, FISA was amended to ensure that federal surveillance objectives, basically as practiced, would be legal. In this way, federal law seamlessly integrated itself with the interests of investigative and intelligence-gathering agencies. So when a government official reports that agency activities comply with the law, this is true a priori. Of course, the more interesting question is whether the laws are both constitutional and consistent with the public's expectations from participatory democracy.

Since the expiration of the Protect America Act in 2008, FISA became the centerpiece of oversight efforts. To my knowledge, the only people who claim that the FISA court is proactive in its oversight are the people who benefit from its minimalism.

Mother Jones recently ran a story that suggests that the FISA court is of the "rubber stamp" ilk ( http://www.motherjones.com/mojo/2013/06/fisa-court-nsa-spying-opinion-reject-request ). According to Mother Jones, FISA has approved 99.93 percent of all Government Surveillance Requests (11 of 33,900 since FISA's inception in 1978, and none in the past year). Given this approval rate (the 11 denials must have been whoppers!), it might seem simpler and less expensive to abolish the court and turn the approval process over to a clerk. The numbers speak for themselves. Although FISA might not meet the strict definition of a kangaroo court, it falls somewhere within the marsupial family.

Also worthy of mention is the obvious political bias of the FISA court. Of the 11 federal judges that make up the current court, nine were appointed to the federal bench by Republican presidents (Reagan 3, George H.W. Bush 1, George W. Bush 5, Clinton 1, Obama 1), and all FISA justices are appointed by the Chief Justice of the Supreme Court– himself a Republican appointee to the federal judiciary. If the intention of the legislation that created the FISA court was to give the appearance of non-partisanship, it didn't happen.

WHERE ARE WE HEADED?

It has been fashionable for much of the past century to criticize “big government.” Fiscal conservatives and neoliberals speak of “big government” in the sense of scope and size of budget. However, there's another, important sense of “big government” – one that refers to the degree of control that a government exercises over its citizens. This is the sense of big government that produces the dystopia of which George Orwell and Aldous Huxley wrote. The recent Verizon/PRISM expose is the most recent wake-up call that this latter dimension is worthy of our sustained attention. I find it ironic that the opponents of big government in the former sense seem inattentive to big government in the latter? I'll make some predictions.

What we will see in the near future:

What we would like to see:

Harvard evolutionary biologist Stephen Jay Gould introduced the theory of punctuated equilibrium whereby evolution is seen as long periods of stability interrupted by brief periods of rapid change. In our present context, the “steady state” is the subtle but continuous erosion of personal privacy and liberty by big government, punctuated by occasional restraint in the form of Ervin committees, Church Commissions, Iran-Contra hearings, and occasional unauthorized disclosures. The playwright William Archer once said that “drama is anticipation mingled with uncertainty.” This holds for security theater as well.

URL PEARLS:

The specific details on Snowden’s discussions with the two reporters is under some dispute (http://www.wired.com/threatlevel/2013/06/snowden-powerpoint/#slideid-57991).

For the historians among you, the redacted CIA “family jewels” are now available online on the George Washington University NSA Archive site at http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB222/index.htm. Former CIA Director Colby’s revelations were extremely unpopular with conservatives and strong government types, and his testimony contributed to the “Halloween Massacre” that reorganized President Gerald Ford’s Cabinet in 1975. Colby was replaced as Director of the CIA by George H.W. Bush, Secretary of Defense James Schlesinger was replaced by Donald Rumsfeld, Dick Cheney replaced Rumsfeld as Chief of Staff, Henry Kissinger was fired as National Security Advisor, and Vice President Nelson Rockefeller was encouraged not to seek re-election. PRISM is part of the new millennium “family jewels.”