Video C|Net Reporter Declan McCullagh Talks About Privacy (Video) 51
Robin: Declan, what’s going on on the privacy front? Tell us about that article you just wrote.
Declan: Well, what a lot of people are paying attention to now is the National Security Agency. It has been about a month and a half since Edward Snowden’s initial disclosures through the pages of the Guardian and the Washington Post. And it has had a pretty significant impact. We suspected a lot of what he released. USA Today reported back in 2006 that the NSA was vacuuming up logs of our cell phone calls. We have known since about 2008 I think it was, part of the Electronic Frontier Foundation’s lawsuit, a former AT&T employee turned whistleblower, Mark Klein, submitted sworn affidavits under penalty of perjury, saying, “Hey, I used to work at the AT&T building at Folsom Street in San Francisco, and the NSA is tapping into the fiber with the permission and assistance of AT only cleared employees can go into this room.”
So we’ve had these little bits of information here and there, but we didn’t have the original documents, saying, ‘Yes, this is actually what’s happening,’ and confirming it. So since those original documents surfaced as a result of Snowden’s disclosures, now the lawyers cannot, they don’t need to go on, “This is what I’ve heard happened” they can say, ‘This is the actual documents’. So we’ve had a flurry of lawsuits, and there has been at least five that I can think of, and probably more I don’t know about, including a petition at the Electronic Privacy Information Center (EPIC) in Washington DC filed before the Supreme Court; the Electronic Frontier Foundation is having more success in their ongoing lawsuit against the NSA. This is really a very interesting time for electronic privacy right now.
Robin: Hold on, hold on. First of all, wasn’t there some guy who was a former NSA employee who was called Tice or something he was talking about 10, 15, or 20 years ago?
Declan: And we’ve also had the fact that the NSA has giant, (you can use whatever metaphor you want to use), giant electronic ears that is trying to listen to everything that is going on, that they can legally get away with is not exactly new. James Bamford wrote a wonderful book ‘The Puzzle Palace’ circa 1979, 1980, edition.
Robin: I’ve read it.
Declan: It is an excellent book. But back then, the deal was don’t do domestic surveillance. But after Verizon was forced by the NSA and the Foreign Intelligence Surveillance Court to turn over daily logs of all Americans’ phone calls: Who are they calling? How long it lasted? Probably location information of cell phones. We now know the NSA is spying domestically. Maybe this is a great idea. Maybe it is a terrible idea. But at least, let’s have a public debate about it. And that’s something that has not happened until Edward Snowden’s disclosures.
Robin: But wait, if the NSA stops doing this, isn’t it likely that there will be radical terrorists coming out of everybody’s boots peeking around every corner and bombing everything in sight?
Declan: Well, there have been plenty of academics that have written and or writing about the probability of terrorist attacks over the last ten years, but in reality, you are more likely to get hit by lightning than to die of a terrorist attack. We are more likely to slip and fall and hit your head in the bath, and die that way, than you are to die of a terrorist attack. And it is really unclear that these programs that we’ve now learned about have accomplished anything in terms of avoiding terrorist attacks. We’ve had the head of the NSA and the head of DNI, the Director of National Intelligence saying this, but we’ve had I think pretty compelling refutations done by other news organizations - I have been focused more on the law and technology, and not the politics of it.
Robin: So the next thing you are saying - I have this vision of a government agency (you talked about lightning) spying on the weather, to let us know if there is going to be lightning – what do you think? Should they do that? Do we need that?
Declan: I am not sure if the NSA is best qualified to spy on the weather, but if we can get accurate weather forecasts, they might have to throw all of my privacy principles out the window.
Robin: The NOAA, I know people who worked there, they have supercomputers, they have intelligence gathering, they have airplanes that go into the hearts of hurricanes. Now I know I am joking because sometimes all of this does seem so surreal that we might as well joke about it. Real life – how is this lack of privacy hurting us?
Declan: Well, we don’t know yet. And I will give the NSA’s defenders this point. It is one thing to say the NSA is vacuuming up everything it can, maybe they are spying on every email we send out, and sucking it up I mean putting into the giant Utah data center; let’s just assume, hypothetically right now that it’s the case. What we haven’t heard yet is that the NSA has been abusing this.
There have been a few scattered reports over the last few years – the New York Times reported that a bunch of NSA analysts were listening in on US troops in the Middle East - they call home, they talk maybe a little dirty with their girlfriends, things you know hot and steamy. And these 24 year old intelligence analysts had a grand old time back in Fort Mead, but we don’t have evidence, of say, the Obama administration using this perverting the NSA to spy on political opponents, using it, there is great blackmail material in there in the same way that the IRS was strongly encouraged and maybe directly instructed to throw over the Democrat political opponents
Robin: Well, it turned out they were going over keywords that had a lots of Liberal type roots, because that’s what that will
Declan: We can argue it that way, I think that’s an allegation that Liberal groups were targeted as well. I am not sure I buy the allegation. If you look at how many are actually approved, yeah. But in any case, the point is we don’t have evidence that the NSA has been misused for partisan political purposes. And if this evidence does come out, if Snowden or the Guardian or the Post that is sitting on it, then this becomes an explosive scandal. Right now, it is just a scandal.
Robin: One thing is so, you mentioned a blackmail ability. Now my wife used to work for the IRS. She did not do this. But it was done. That was, just for fun, IRS employees would go and check up on celebrities, and they would do this. Now there is no record whatsoever of anybody blackmailing anybody. Just that they were doing it for amusement purposes. But they or the NSA could blackmail, couldn’t they?
Declan: It is true. I mean I raised that to say there is no evidence of this happening, not that there is. But the problem is once you have these records stored, you are not trusting just the current administration, let’s say for the sake of the conversation we do, you are trusting every future administration. And I am not prepared to say that I trust everyone over the next 20 years. I mean how long is blackmail material really good for? Every possible official in government over the next 20 years, with this awesome power – I don’t like that.
And this is something that the American public was not told that was going on – we learned only after Snowden’s discussion, outside of a few members of the House and Senate Intelligence Committees etc. You had the author of the Patriot Act in the US House of Representatives Rep. Sensenbrenner who wrote Patriot Act 215, it was used to turn over the Verizon records, and convincing reporting in the Wall Street Journal and elsewhere saying AT&T, Sprint etc. also turned over on a daily basis. So I was saying, “Hey, I never thought the Patriot Act was going to be used this way.” So I am not willing to trust government that much.
Robin: So what should we do?
Declan: Well, there is no easy answer. You have a bunch of advocacy groups, assuming you don’t like what’s going on with the NSA, there are a bunch of advocacy groups doing court challenges, there are going to be back legislations to fix the problem. And those include things like the ACLU, the Electronic Frontier Foundation, the Electronic Privacy Information Center; if you want a more libertarian one, there is TechFreedom. But that’s just one step.
I don’t think you are going to have politicians pay attention to this until their constituents really care. That means actually saying, and again if you do care about this, say ‘I am going to vote on this and nothing else. I don’t care what your stand is on abortion, or taxes, or gun rights, this is going to be my number one issue.’ If we have enough people saying that, and actually meaning it, then politicians pay attention.
Robin: Now I will tell you that I have actually gone out in Bradenton, Florida and asked people, “Do you care about the NSA listening in on your phone calls, checking your email?” Not a single person outside of the technology business circle cares, that I have talked to. I mean you can go to a Democratic political meeting or Republic one, and nobody cares. It is not a partisan thing. It is you care, I care, probably three quarters or more of Slashdot readers care. The vast majority of Americans are kind of like, “Hey what? I don’t care, I don’t do anything wrong, I am a good person” So how do we get through this apathy? Or should we?
Declan: If you have a bunch of biologists warning about what might happen with genetic engineering, and the general public doesn’t really understand it, then I am kind of inclined to trust the biologists. And in this case, I am inclined to trust the technologists who are very close to this and realize how the system can be abused, maybe not now but in the future. So just because the general public hasn’t caught up yet, it doesn’t mean that they never will. That is one thing. And also, you are right, the polls reflected Americans are hardly uniformly horrified by this.
But if you say, “Well, do you really want the government having a record of every email you send and every phone call, especially how this could be used against you in the future?”, then the answers become a little different. People will say in the abstract, “Do you mind if the NSA conducts domestic surveillance to stop terrorists?,” that is a different answer from “Do you want them spying on you without a warrant?”
Robin: Okay. So what can you and I, what can us people as individuals do to keep from being spied on?
Declan: Well, this is no surprise as a Slashdot reader. I have been reading Slashdot from the late ‘90s I guess. And this is back in the late ‘90s is when we’ve had all these encryption discussions, the encryption wars were fought then. The forces of light won. The government backed off of some of the ‘you cannot export encryption photographs publicly on the internet because the terrorists will get it’ – it was regulated at one point as ammunition under ITAR, InternationalTrafficking in Arms regulation in the same way that a tanker, a guided missile was. And so the answer is still the same as it was then - we just have better technology, but there is also a lot of surveillance technology and that is to use encryption when you can
Robin: Okay, wait. When was the last time you went to a key signing party?
Declan: I take your point. We’ve moved on from that and this is a shame. We need to discover the lost technology of 15 years ago. But the problem is back in the late ‘90s, you had hundreds of small internet service providers and these internet service providers were competing among themselves for your business – now what do you use for email? Most people are going to use one of five major providers. And even if you have a HTTPS connection to say, Hotmail, or now I guess called Outlook.com, Microsoft does not send email in encrypted form. If you are a Hotmail user emailing Gmail, or if you are a Hotmail user emailing Yahoo!, the client to server connection is encrypted, but Hotmail does not support SMTP to TLS.
So it is not going to encrypt the server to server communication, so the NSA can vacuum it up if it wants on the fiber link, assuming it has access. So it is not just individuals doing their things, but also applying pressure to companies to say, “Hey, I value my privacy, why are you not encrypting everything? Why is AOL not encrypting its WebMail connections by default, in turn just using HTTPS by default? Why is Yahoo! not doing it?I don’t know. Google has actually been doing a pretty good job of this.
Robin: But then Mr. Government shows up at the back door, “Knockknockknock Hi! I have this subpoena” from the secret court nobody ever heard of, and then all of a sudden, what?
Declan: You are right to some extent. Last Friday, I saw a piece that I thought was a decent survey of what’s going on, - that was up on CNN on News.com, and it was talking about how the US government will say “We have the secret code,” and it can force you, company Microsoft, Yahoo!, Facebook, Apple etc. to install these government black boxes on your network. And so why don’t you cooperate a little and maybe help us understand your protocols so that we don’t come in with the black box.” It is kind of like ‘do you want to be shot in the arm, do you want to be shot in the chest?’ If you have no other choice, you’d rather be shot in the arm. And that is the Hobson’s choice these companies are being faced with. And that explains the Skype and Microsoft reporting a few days earlier. But one more point.
Robin: Wait a minute, we are on Skype. *We are on Skype!*
Declan: We are on Skype, but the point of this conversation is anyway, the one exception to this is if companies provide end to end encryption, if the companies cannot decrypt it, if it is end to end, really user to user and they are just the passive conduit or channel, then they can’t be forced to turn it over, so that’s what I hope we are going to be moving towards.
Robin: Okay. The next time we have this conversation with video, anybody else will just see wavy lines, and hear hzzzzzz
Declan: Which is as it should be.
Re:C|Net (Score:5, Interesting)
Is that the same CNET that has recently become notorious for installing a bunch of adware with the software downloaded from their Download.com site? Yeah, I want a privacy lecture from some guy working for a company that keeps trying to install about a dozen adbars and popups to my browser every time I try to download anything from them.