NSA Archives


This is continuation of discussion with Sunil Abraham and Steve Song. It got a little too long for a comment. The problems under discussion are difficult. So it’s good that we have an active discussion. We could have a discussion about all sorts of approaches to privacy.
Edward Snowden’s whistle-blowing about NSA’s widespread surveillance and eavesdropping is taking toll on American technology industry. A new survey, commissioned by NTT of Japan, reveals that 90% of ICT decision-makers are rethinking their attitudes to cloud computing and the global Internet. Titled, “NSA Aftershocks: How Snowden has Changed IT Decision-Makers’ Approach to the Cloud” the study is based on a survey of 1,000 ICT decision-makers from France, Germany, Hong Kong, United Kingdom, and the USA. It highlights nine after-shocks from Snowden’s revelations, which are compelling companies to rethink how they use cloud computing: Almost nine in ten (88 percent) ICT decision-makers are changing their cloud buying behaviour, with over one in three (38 percent) amending their procurement conditions for cloud providers Only 5 percent of respondents believe location does not matter when it comes to storing company data More than three in ten (31 percent) ICT decision-makers are moving data to locations where the business knows it will be safe Around six in ten (62 percent) of those not currently using cloud feel the revelations have prevented them from moving their ICT into the cloud ICT decision-makers now prefer buying a cloud service which is located in their own region, […]
President Obama’s first response to the revelations of NSA malfeasance was jarring to many, an unhappiness articulated by Pratap Bhanu Mehta. Now we have Obama’s considered response: Mr. Obama also said he was taking the “unprecedented step” of extending privacy safeguards to non-Americans, including requiring that data collected abroad be deleted after a certain period and limiting its use to specific security requirements, like counterterrorism and cybersecurity. “The bottom line,” he said, “is that people around the world — regardless of their nationality — should know that the United States is not spying on ordinary people who don’t threaten our national security.” Full report.
For too long, the field of privacy has been becalmed by religious fealty to a concept propounded by two New England aristocrats who were annoyed by paparazzi taking pictures of a party in a home. The ill-considered explosion set off by the NSA in its zeal to prevent all future acts of terror has opened up space for new thinking on the subject. An op-ed in the Washington Post is a good example: This is an anonymity problem: The NSA cannot create a dossier on you from your metadata unless it knows that you made the calls the agency is looking at. The privacy question is all about data-gathering: Should the NSA have access to nationwide metadata? The right answer to that question is yes.

Internet balkanization, courtesy of NSA

Posted on January 12, 2014  /  0 Comments

One of the reasons we opposed the ill-considered efforts by ETNO and others to impose sending-party-network-pays charging on Internet traffic was the danger of balkanization: differential access to the Internet from different countries or splinternet. We beat back that effort in a temporary alliance with the US State Department, but little did we know that another part of the US government was actively destroying the basis of the Internet. It will cause massive negative economic effects to US tech companies, as described well in a Wired article. Zuckerberg is referring to a movement to balkanize the Internet—a long-standing effort that would potentially destroy the web itself. The basic notion is that the personal data of a nation’s citizens should be stored on servers within its borders.
I once invited Bruce Schnier to speak on cryptography at a Ohio State U conference. He came and gave a good talk. But he’s now a star. He exposed the NSA inserting back doors into national cryptography standards. Here is his big picture analysis: Not only is ubiquitous surveillance ineffective, it is extraordinarily costly.
This was a central claim in the highly significant ruling made by Federal District Court in Washington DC: In a 68-page ruling, Judge Leon said the N.S.A. program that systematically gathers records of Americans’ phone calls was most likely unconstitutional, rejecting the Obama administration’s argument that a 1979 case, Smith v. Maryland, was a controlling precedent.
To me, the biggest question arising from the Snowdon affair is why everyone is acting so surprised. “Everyone was so focused on the N.S.A. secretly getting access to the front door that there was an assumption they weren’t going behind the companies’ backs and tapping data through the back door, too,” said Kevin Werbach, an associate professor at the Wharton School.
I remember tweeting several months back about the negative fallout of the drip drip of the Snowden revelations on cloud companies and even on the routing of data traffic (why is it so difficult to find something you’ve written in social media?). In my interactions with industry people across Asia, I could sense the unease of entrusting anything valuable to American companies. But now it seems to have percolated up to the top: But protests from business executives, who told Mr. Obama last week at a White House meeting that they feared the N.
The Packet Clearing House is a great repository of knowledge about the way the Internet is developing. Being a decentralized network there is no central entity that decides on things or even collects data about what is happening. So entities such as PCH play an important role. The recent UN General Assembly speech by President Rouseff was perhaps the strongest response to spying by the NSA. The commentary by Bill Woodcock of PCH provides an excellent framework to understand the issues.
We were not quite ready to start talking about the privacy issues surrounding the massive amounts of data generated by telcos in the course of making it possible for people to communicate, but recent news events are accelerating the schedule. I thought it might be useful to start with this quote from someone I used to work with in the 1990s: “American laws and American policy view the content of communications as the most private and the most valuable, but that is backwards today,” said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a Washington group. “The information associated with communications today is often more significant than the communications itself, and the people who do the data mining know that.” Full report.