Somehow this quote from the interview by Thomas Drake, a former senior executive of the NSA and a decorated Air Force and Navy veteran[1], carries a bit more weight for me than the widely trumpeted blatherings of Dick Cheney[2], winner of five draft deferments[3]:
I actually salute him. I will say it right here. I actually salute him, given my experience over many, many years both inside and outside the system. Remember, I saw what he saw. I want to re-emphasize that. What he did was a magnificent act of civil disobedience. He's exposing the inner workings of the surveillance state. And it's in the public interest. It truly is.
I agree with the overwhelming majority of your post but I have to say the draft dodging/deferring comment was a little odd. I think its really tough for us (people who have grown up under an all volunteer service) to pass judgement on how a previous generation dealt with the draft, even more so if we pass those judgements as civilians.
I have never served in the military. But I am old enough that my brother fought in Vietnam (sort of not drafted, it is complicated) and my father was drafted for WW II. I also have relatives serving in the armed forces. (Including, at the moment, 2 nephews.)
I have observed what I've seen commented on elsewhere. There is a certain type of person who managed to skip the draft for themselves, and then proceeded to become overly supportive of the military and military aggression. Possibly as a reaction to the guilt of having not served when given the chance. There is a certain cowboy element to their approach. Prominent examples include Dick Cheney and George Bush.
By contrast people who actually served often, like John McCain or Al Gore, are strongly supportive of the military. But they tend to treat military service and action as the serious matters that they are.
The phrase that sums this up best is "chickenhawk".
There was a democrat several years ago that wanted to put back the draft in place - e.g. mandatory military service. The idea was that since lots of republicans/democrats have kids and this would made them think again for going to war.
You are probably thinking of Rangel. But he is not the first to bring it up and hopefully he will not be the last. It really has nothing to do with democrats or republicans, the distinction is socio-economic. I think the idea is even better if you expand the definition of service to also include "civilian service" e.g. teacher, social worker, etc.
As far as the draft goes I think you nailed it with "it is complicated."
As far as the rest goes I think we should evaluate policy positions based on the merits of the arguments. My position on Iraq would not be based on whether the president more resembled Gene McCarthy or Curtis "Bombs Away" Lemay.
The "it is complicated" is a very specific situation.
My brother joined the Marines 3 days before his 18th birthday because at the time if you did that you only served 3 years and couldn't go to Vietnam. 2.5 years later he was in a horrible accident. The recruiting officer got him to re-enlist because that was the only way to pay the medical bills. The reup also would put him through college, and he couldn't go to Vietnam for 5 years - no chance it would still be going on!
The recruiting officer word was carried out perfectly. But the war was still going on and my brother earned a purple heart there.
I think Cheney's draft dodging status is fair game. He did, after all, co-architect our erroneous invasion and continued occupation of a country that did not actually attack us, so he has no problem sending others to war. Something other draft dodgers were not as directly responsible for.
I think the discussion our society is having is important. I do not think we should spend time trying to score ancillary points because something is "fair game." Are Cheney's positions on PRISM really dependent on his service record? Would you be more inclined to agree and support them if they were put forward by Bob Kerrey?
More generally should we only elect candidates who have also served so that we can avoid having a CinC who sends soldiers to battle even though they did not serve? If Cheney had a legitimate 4F during Vietnam would you be more supportive of his decision to invade Iraq?
As I mentioned in response to davidhollander, Cheney's personal background is extremely important. If Kerry came out in support of PRISM et al., that would absolutely give me some pause--he actively served in and was a vehement dissenter of the Vietnam conflict.
If Cheney were simply a chicken-hawk, then there would be no issue. If he were simply a profiteer, there would also be no issue. But his active role as both is worrisome: he stands to profit from his direct ability to shape public opinion as a once-elected representative of the population.
As our society discusses this issue, it is important to take into account not only what is said, but why it is being said. This is what is meant by assessing credibility to speak about a certain matter. The sum of a person's actions informs the listener about his or her credibility and Cheney is no exception.
I must have misread the name in your comment. The greater point I was making still stands: as far as I know, neither Kerry nor Kerrey blur the lines between public service and military industry as much as Cheney does. If Cheney had at least served and been consistent, his opinions on military actions and these recent leaks' effects on US defenses would at least have some backing.
The particular MoH recipient I would have used for anything involving domestic spying and civil rights would have been Senator Inouye; 442/100th and the Japanese internments in WW2 seem like the US's best example of valor in the face of rampant domestic discrimination. He was on Watergate and Iran-Contra, too.
It's an ad hominem which falls short of hypocrisy or contradiction because the soldiers and contractors sent to Iraq were not conscripted. Surely there are more substantive arguments to be made.
The comparison between Drake and Cheney should be based on the metric of credibility to speak on these matters. Drake has military experience and has put his career and freedom on the line for public disclosure. Cheney actively avoided putting himself in harm's way, then sent people to their deaths, directly profited from it, and will continue to profit off any future militaristic endeavors the US pursues.
Cheney is defending the need for state secrets but has a proven record of benefitting from intelligence that has been obscured from the general public. Motive is extremely important here.
> sent people to their deaths, directly profited from it, and will continue to profit off any future militaristic endeavors the US pursues.
This would remain a valid example of moral hazard even if Cheney had been drafted and experienced combat in Vietnam. The draft was one of the reasons the Vietnam War was so unpopular, avoiding it could be construed as an act of civil disobedience. It's not an essential part of the argument.
So you are some sort of neo-aristotelian except instead of property ownership you think the credibility of people's opinions is based on years in uniform? Does Ellsberg get partial credit for being a policy analyst at DoD?
Please re-read my comments. It has nothing to do with military service or the number of years served. I'm making a general point about each individual's credibility and motivations for speaking out on PRISM. Drake gains nothing from his outspokenness, Cheney stands to profit quite a bit.
Thanks for your reply, dfc. Sorry if the draft deferral comment was inappropriate. I mainly wanted to contrast their experience and expertise in the field. BTW, thanks for the recommendation on your profile page to use dfcdfc as the topcolor; I stumbled onto it over a year ago and have been using it ever since.
No worries, more than anything the draft thing was distracting. It was superfluous and it took something away from the clearly reasoned point you were making.
Added:
I just saw bit about topcolor=dfcdfc. That brought some much needed levity to the discussion. You are good people miles.
There is plenty of evidence regarding the opinions of the people of Cheney's parents' generation (and earlier) about people who avoid mandatory military service, not to mention voluntary.
I feel bad for Drake, he was facing federal charges and nobody seemed to notice. 89% of federal cases are plead before trial and of those that go to trial 90%+ are found guilty, that is how much the odds were stacked against him. He got nowhere near the attention that he deserves[1[]
William Binney is an absolute hero. I have absorbed everything this guy has ever said or done[2]. He was not only employed at the NSA, but he was a director who designed the software that is being used right now to dragnet all the communications. It is difficult for anybody - congressman, president, republican voter, etc. - to argue that what the NSA is doing is fine when the guy with all the technical details and design of the program says it isn't. That he is against what is happening is a big deal and needs more attention.
This video is on the front page of USA Today, so these guys and the topic is starting to get the recognition they deserve.
[2] Search YouTube for Binney - he was the keynote speaker at the 2600 HOPE conference last year - a presentation that everybody must watch. Apparently Snowden decided to go the route he did after watching Binney in Laura Poitras' "The Program" for the NYTimes: http://www.nytimes.com/2012/08/23/opinion/the-national-secur... Potras is the same person who was the first journalist Snowden contacted.
Binney didn't design the system that's currently being used, and that's his whole point. He designed a cheap way to do what the current program does but that would protect people's privacy (in part by not storing all the data that it filters). His point is that the NSA spent billions on a dragnet system that violates privacy and isn't even able to catch terrorists as well as the privacy-respecting system he designed internally for dirt cheap.
In one of his interviews[1] he mentions that after he left and TrailBlazer was abandoned the NSA took what he built in ThinThread but removed the privacy shields he had in place that would encrypt US communications.
The rest of the platform is ThinThread (which was a lot cheaper than the failed TrailBlazer project).
Also interesting that a lot of the NSA platform is open source. OpenCloud for server management and Hadoop for distributed computing.
[1] I can't recall which one, in his keynote at HOPE he does make another reference to the crypto privacy shield being removed
The biggest impact I came away from that 2600 HOPE youtube vid was Binney's superiors told him to halt his Thinthread so they had time to wrap alot more budget around it so their revolving door out into commercial intel may more heavily wet their beaks. Being presumably professional mathematicians who should understand the egregious criminality of stealing public trust and funds, this was most particularly egregious. As all this was, and remains classified so this abuse will continue unchecked and unbounded.
I completely agree, especially about Binney. I've been following what the NSA's doing since the Room 641A scandal broke. I recently wrote a paper on the NSA versus privacy, and as usual, what I found during the course of my research pretty much blew my mind. Binney is a hero as much as Snowden is, as are Drake and Weibe. I've used every opportunity to post this short that the NYT did on Binney, and everyone who's interested in this (and especially everyone who's not) should watch it.
> Binney: Part of his job as the system administrator, he was to maintain the system. Keep the databases running. Keep the communications working. Keep the programs that were interrogating them operating. So that meant he was like a super-user. He could go on the network or go into any file or any system and change it or add to it or whatever, just to make sure — because he would be responsible to get it back up and running if, in fact, it failed.
>
> So that meant he had access to go in and put anything. That's why he said, I think, "I can even target the president or a judge." If he knew their phone numbers or attributes, he could insert them into the target list which would be distributed worldwide. And then it would be collected, yeah, that's right. As a super-user, he could do that.
I have a feeling that the NSA deals with access control just like the rest of us...very poorly. Even more egregious is that Snowden was a contractor...if we're going to leave open the possibility of the NSA targeting us at their whim, can't they at least do that in-house?
Securing data against a systems administrator however is difficult on the best of days. I have done some of this for Efficito (http://www.efficito.com). Even with the best of care there are ways an administrator can get the info no matter what you do. All you really can do is restrict it to ensure that casual access is not an issue.
For example, we store virtual machine root passwords in an encrypted database for last resort purposes (so that someone can log in using virsh console as root when nothing else is working). There are three layers of encryption and as far as casual access goes (assuming nothing is reconfigured), mere root access to the box is not enough to reveal the information. However if you can change what is logged by PostgreSQL and reconfigure PostgreSQL's authentication options you could grab enough information to effectively read this data.
People with the sort of access required to make sure things are secure can effectively get the data off the system that they want, and the alternative in designing a system is to have one with no superusers and the possibility that information is irrevokably lost when someone forgets a password. The most secure systems end up somewhere between them.
It comes down to physical access (in the sense as they can log into the box as root) - if you value security someone (single or "multiple person user") must be able to log in as root. Someone must be able to access the data hardware that contains the data, otherwise you'll might as well not store it and save the headache. Once you have admins with the ability to be root on the box, they can get the data. There is no way around it. What you can (and should do) is have access logs saved at least at one location where noone can delete anything. I suppose you could encrypt the data and save the key on a dedicated tamperproof box (are IBM still the main provider of these?), but someone must manage this box. Trust is inevitable, at best you can divide it in such a way that the combined entity is unlikely to go rogue.
It's actually more complex than that. One of the things that really gets in the way of encrypted storage, when you think about it, is the reality that key management involves tradeoffs too. For example, we could divide things up that you could get the encryption key only on a separate system and so only a public key and the public key encrypted symmetric key are stored. In this model you only get either symmetric key-encrypted data, or the public key-encrypted symmetric key.
The problem though is that someone still has to have the right to rotate keys and this process can be attacked too. For example, one could rotate keys to a known value thus giving the attacker access to the plain text. Worse, the person who can rotate the keys has to have the right to access both old and new keys in an unencrypted state.
Now, given that reality, it isn't clear to me that the fact that someone could set up the database to log all queries, and allowing passphrases for encryption to be passed in in the query poses a real added danger.
Another option is just not to allow key rotation but that allows for attacks on the key itself. You can get aroudn this by having a different key for each piece of data and thus limit the utility of cracking each piece.
However if you go that route, then you have two computers to secure instead of one, and it is vulnerable to more types of attacks than before since you are now trusting the client.....
You hint at it: There are certainly ways to spread the trust. Require a physical key to allow root logins, and keep it in a monitored safe in the data centre. Require logs of who pulls the key, and entrust access to that physical key only to a separate group of people from those with the root passwords.
Of course the problem is that methods like this takes a lot of effort, and so it is a tradeoff between safety and the cost and convenience, and in reality very little data.
Just a spur of the moment thought, but can you encrypt the master password such that you need passwords from three of four (or any N of M) people to decrypt it?
Yeah, everything I've been seeing seems to be that they seriously threw out everything about being competent in the 1990s, and then blew up into something huge (and incompetent) in the post-9/11. Hayden does not seem to have been a good director at all, at either NSA or CIA, and was responsible for the big push toward contractors as well.
Probably in the 1990s when they moved operational systems from timeshare/unix/etc. multiuser to a bunch of networked Windows desktops for all use, not just office automation (which is how they brought them in originally).
Sure, and SELinux itself can be poorly configured. Security measures in general need to be thought through in the context of the actual deployment. I just meant that mandatory access control of the general sort needed here has obviously been historically on the NSA's radar (moreso than the rest of the world, even) and here they are failing at it, and that's a little bit sad and a little bit funny in addition to everything else that's going on.
Does the fact that they're contractors and not employees absolve the contractee of some/any liability/culpability? Perhaps, further, even recursively as the contractors themselves wouldn't be able to discuss the contractee's business to the extent a direct employee could?
It does seem absurd if there isn't politico-judicial rationale.
I couldn't stop watching this video. It is the most riveting thing I've seen since the Snowden interview itself. It's a pity they broke it up; you have to scroll down the page to get all the pieces. But I highly recommend watching the entire thing if you're interested in this story. It packs a wallop and it's... pretty damn convincing. Every one of the four interviewees is deeply impressive, each in a distinct way. It is hard to believe that they don't know what they're talking about. More striking than that, though, is what good people they all seem to be.
I'm surprised that USA Today put this out and I hope they do more like it. The contrast with typical news pap could not be stronger.
Interesting that he now calls Snowden a traitor for the China-specific intel turned over, while supporting him broadly otherwise. Pretty much the same line I'd draw (although I think he should have gone to IG/Congress rather than the media, but with the threat of going to media if no action taken. It's possible he went to IG/Congress already, but I don't think so.)
Giving up British intelligence for the G20 surveillance is also probably crossing the line.
If developed countries can't trust each other not to spy on their diplomats where does that leave us?
I guess they should all assume they are being spied on at all times while on foreign soil, but airing that in public is likely to worsen his chance of avoiding jail time—or worse.
If developed countries can't trust each other not to spy on their diplomats where does that leave us?
It leaves us precisely where we are - developed countries have been spying on each others' diplomats and using their diplomats for spying for, well, just about ever.
US Secretary of State Henry Simpson famously said "Gentlemen don't read each other's mail" some 80 odd years ago. A quaint attitude, even back then.
There's a difference in knowing how the sausage is made. I'm certainly not naive enough to think that governments aren't always spying on each other's diplomats, however the appearance that the UK and US went to pretty crazy lengths to keylog and tricks G20 diplomats into giving up intel out in the public could have some pretty negative implications for diplomatic discourse down the road.
Oh, agreed that it's quite unhelpful and Snowden revealing details about such activities is a pretty terrible idea. On the other hand, such revelations in general aren't all that new or rare - the most recent one probably being about US spying on UN diplomats just a couple of years ago. Beside light spattering of egg on some faces and a bit of ritualized indignant posturing, though, this sort of thing doesn't seem to cause much lasting damage to the global system of international diplomacy, probably because everyone knows everyone is doing it.
First, I suspect that Snowden revealing these details is not that harmful. The fact is, I think everyone would expect that everyone keeps track of everyone's diplomats. That's just the way the world works. Additionally, hacking into network backbones in China? Is there anybody out there that was aware of the NSA's activities over the last few decades that doesn't immediately assume that they do? Or is this news to those who didn't read about the NSA tapping into undersea cables back in the 1990's?
In other words, the details Snowden has given are largely harmless affirmations of what everyone probably knows already. They don't cause significant harm to our diplomatic relations. They don't cause significant harm to our intelligence.
I suspect given his moves so far, he agrees with my assessment above, so the question is, what is he doing with them? I don't think that is a hard question to answer. He's making public what those in power have assumed is the case for a long time in order to send signals to all sides that he knows a lot more than he is saying. In essence he's upping the ante regarding any indictment and extradition request.
He's sending a threat to the US: Try to extradite me and maybe I will spill your secrets, real ones, not the ones hidden in plain view I have been talking about so far.
He's also sending a message to China: I know enough to be valuable.
Time will tell what happens. However this follows on "I chose Hong Kong because of their tradition of free speech and rule of law."
This totally follows his strategy of pitting the US against China, and Hong Kong against both.
Well, I think I already agreed in the post you're replying to that these sort of revelations are not particularly harmful to any of the state actors involved.
They are, though, tremendously harmful to him and his purported cause - to the point that I have a very difficult time seeing this as some part of an intelligent, well-considered strategy. Should he ever end up in a US court, any hope of lenient treatment or something like an eventual presidential commutation or pardon is well out the window - you can't be both a principled defender of civil liberties and a low-grade spy. Worse is the damage to his credibility as a person acting out of conscience - he's handing his detractors a complete gimme and even giving his potential supporters serious pause. In the interview linked, William Binney straight up calls him a traitor and it's pretty tough to portray William Binney as some pliant NSA stooge.
I have ~no problem with gov on gov spying. I actually have more problem with China's spying on US companies for commercial reasons than China's spying on the USG. USG spying on private individuals might be worse than China spying on USG from an abstract moral perspective.
I'd argue that US v USSR spying during the Cold War, particularly PHOTOINT and SIGINT and other forms of technical intelligence, largely averted a global thermonuclear war. Gov v Gov spying is just another form of transparency. (obviously as a US citizen I'd prefer the US to have an edge there, but generally for something like Brazil v Argentina I don't particularly care)
HN loves wikipedia pages lately. If anyone is interested in a fascinating example of this blurry line between spying and transparency that rdl brings up check out:
This has long been recognised, and sometimes even codified. For example there is the Treaty on Open Skies, under which member states allow each other unarmed surveillance flights over their territories.
It's worth noting that, with "gov on gov spying", identifying enemy agents isn't all that easy and effectively requires well... a surveillance state spying on its own citizens.
FWell, there was Total Information Awareness, which was "shut down" after public objection, where "shut down" meant moving the functions to various other places.
| Perhaps even more important to note
| "before 9/11."
To me, at least, that's basically how I read "before the PATRIOT Act." I looked it up and the PATRIOT Act was signed into law on 2001-10-26; for some reason I thought that it was quickly pushed through a day or two after 9/11.
I read it similarly, but not everyone may recall the ins and outs of the Patriot Act's passage—it was nearly a dozen years ago now. Many of the folks on HN were in grade school.
I was trying to draw attention to the line that government keeps giving us about how "they are trying to prevent another 9/11" with the secret laws and secrets courts that enable warrantless wiretaps and constant surveillance.
This is documented in several books including "The shadow factory", it's been going on for decades. The Telco's basically get absolved of any legal responsibility directly from the oval office. How exactly that works in terms of law, I have no idea, but I would assume it's locked inside a safe.
ps. Do not use satellite phones unless you want everything listened too:)
Hobbes would be saying "No, no, I meant about the size of a very large whale,. Big enough to keep random individuals from running amok and spoiling things... This is more like Cthulu."
Agreed. I mostly consider USA Today as "that newspaper dumb people read" so never checked out their website. The design is pleasing and the linked roundtable discussion was quite good. No controversy, no professional talking heads, just some folks having a chat on camera. I am impressed.
I wouldn't know. It kept crashing my iPad safari browser. I will have to check it out later on my laptop, as judging from the comments here it looks like an interesting story.
I actually salute him. I will say it right here. I actually salute him, given my experience over many, many years both inside and outside the system. Remember, I saw what he saw. I want to re-emphasize that. What he did was a magnificent act of civil disobedience. He's exposing the inner workings of the surveillance state. And it's in the public interest. It truly is.
[1] http://en.wikipedia.org/wiki/Thomas_Andrews_Drake
[2] http://www.csmonitor.com/USA/DC-Decoder/2013/0616/Dick-Chene...
[3] http://www.nytimes.com/2004/05/01/politics/campaign/01CHEN.h...