Saturday, November 23, 2013

The NSA's Fatal Flaw

I’ve come up with a new coinage FUSMAL, “Fucked Up on So Many Levels” to describe the NSA follies.

I took note of the recent Washington Post poll which found that 60% of respondents believe that Edward Snowden’s revelations had “harmed U.S. security.”

This represented an 11% jump over July, when 49% thought his revelations had harmed U.S. security.
I suppose this increase, which came about equally from the minority who thought he didn’t harm U.S. security (37% in July; 32% now) and the undecided (down to 8% now, from 13%), can be attributed to the shift of the focus of releases from domestic privacy violations to espionage on foreign governments.

37% think he did “the right thing” and 55% think he did “the wrong thing”.

It is of course interesting that, as of now, Edward Snowden is doing “the nothing”.  He gave up his documents before he entered Russia and all the revelations, shocking and otherwise, are the responsibility of Glenn Greenwald, the Guardian, and, yes the Washington Post, which is perhaps anxiously waiting for some other pollster to ask the question, “Do you think the Washington Post is doing the ‘right thing’?”

I don’t believe that Edward Snowden “harmed U.S. security” in a practical sense.  
Snowden and his media collaborators have been sedulous in suppressing information that would be directly helpful to America’s enemies/competitors/China.  The revelations have, of course, created a political uproar in places like Brazil and Germany, which have some pretenses to independent foreign policies and now have to deal with domestic calls to decouple their internet communications from the U.S.

However, I have a feeling that Germany, which served as home base for a clutch of the 9/11 perpetrators and is anxious host of a lot of Muslim immigrants and guest workers, is going to find a way to maintain its surveillance and intelligence sharing regime with the United States even if it takes measures to get the NSA out of Andrea Merkel’s cell phone.

So I think that Mr. Snowden, as he tucks into his bowl of borscht with sour cream and watches his first Russian winter descend like a great icy hammer outside his window, can console himself with the confidence that he has not materially degraded the security of the citizens of the United States.
IMHO the NSA, on the other hand, has done a pretty good job of screwing up the Western world’s intelligence regime.

The root of the NSA’s problem is that it is committed to hegemony in the global information space.  Hegemony is an understandable ambition since U.S. technology, equipment, and infrastructure still dominate the global transmission of information.

I refer doubters about this objective to the homepage of IARPA.  

Readers may be familiar with DARPA—the Defense Advanced Research Project Agency.  It’s a government incubator that reaches out to the academic and private sector to develop technologies that the DoD find useful, like robotic trucks that can drive unmanned through war zones—and an idea to link computers on opposite sides of the country in order to efficiently utilize computing resources.  You may know this successful initiative as “the Internet”.

IARPA—the “Intelligence Advanced Research Project Activity”, pronounced “yarpa”—is DARPA for spooks.  It’s a research agency under the Director of National Intelligence and it pours a lot of money into things like quantum computing (the holy grail for cracking strong encryption) because…
…well, here’s the first sentence from the statement “About [IARPA]” on the IARPA website:

The Intelligence Advanced Research Projects Activity (IARPA) invests in high-risk, high-payoff research programs that have the potential to provide the United States with an overwhelming intelligence advantage over future adversaries. 

The NSA’s data greed, the desire to “have it all”, is not just a matter of organizational hubris and mission creep.  It’s built into US security policy strategy.  Leveraging US capabilities to dominate the information space is seen as the key U.S. advantage in 21st century strategic competition.

Domestically, the US government has bent and probably broken US laws and the will of the FISA court and colluded with service providers in order to collect US communications data.  And it has subverted the fundamental security and safety of the Internet in order to facilitate NSA access. 

Bad news is, the quest for “an overwhelming intelligence advantage” can’t stop at America’s borders.  Since even our closest allies shrink from openly surrendering their data sovereignty to US surveillance, the NSA has been forced to improvise a covert network of alliances and intrusions in order to get “it all”.

The most recent report on the NSA, by the NRC Handelsblad (a newspaper in the Netherlands) provided an interesting graphic showing the overseas data network penetration by the NSA.  It reported that the NSA had successfully infected 50,000 computers in non-ally jurisdictions with Computer Network Exploitation a.k.a. malware.
On the map, CNE hot spots are shown with yellow dots.  China, Russia, Central Asia, Middle East, India, Brazil, Venezuela (and Colombia!), Peru, Ecuador…lotsa dots.

I would also draw the inference that countries without yellow dots are jurisdictions that are probably knowingly cooperating with the NSA and therefore don’t need to be penetrated with malware.    

There don’t seem to be any yellow dots in the Five Eyes countries, for instance.  But there are also don’t seem to be any yellow dots in France, Germany, Spain, Italy, the Scandanavian countries, Central America, Japan, Indonesia, Argentina, or Chile.

But even our closest and most enthusiastic ally, Great Britain, was probably subjected to covert espionage in violation of the “Five Eyes” agreement that the telecommunications of the U.S., U.K., New Zealand, Australia, and Canada would be mutually respected.

No doubt the metastasizing network of yellow, red, and blue dots across the globe was regarded with joy by the NSA bigwigs.  But one could also look at the network and see each dot as an added security risk for an over-extended, undermanaged, and insecure intelligence initiative (note that this graphic was distributed to all of the "Five Eyes").

There were tens of thousands of potential Edward Snowdens with the necessary clearances inside the NSA and its subcontractor agencies.  There are probably thousands, if not tens of thousands more, in intelligence agencies and IT corporations and installations within the Five Eyes and our allies around the world.

A major breach is something not just the NSA is worrying about.  That’s undoubtedly what GCHQ and every other allied security service is worrying about.  And the risk becomes bigger as more and more dots pop up on the board and more foreign data is shoveled into the maw of the NSA.  

And I expect foreign governments are asking themselves whether the omnivorous U.S. demand for sigint is a matter of achieving joint security, or U.S. unilateral information hegemony.

So we have a covert, improvised unilateral intelligence gathering regime executed by to a significant extent by partners whose loyalty is less than absolute and whose actions we are unable to control.

On one level, the Snowden revelations were a remarkable one-off.

At a certain level US priorities will diverge from those of our willing and unwilling intelligence partners.

On another level, the emergence of Snowden may have simply been the inevitable product of a destabilizing, overextended covert operation that was teetering on the edge of collapse.

It’s a dismal situation.  It’s FUSMAL.

Graphic from the NRC Handelsblad website

1 comment:

wgj said...

The given name of the German chancellor is Angela (Angela Dorothea to be more precise), not Andrea.