On Illegal Wiretaps

What, indeed, was the nature of the “program” before Goldsmith, Comey and Ashcroft — those notorious civil libertarian extremists — called a halt to it, and threatened to resign if the President continued to break the law? And what was the nature and breadth of its legal justification? I am hardly alone in realizing that these are the most important questions arising from the recent Comey testimony. It’s the question of the night, all over the Web. (When will the mainstream press catch on? And more importantly, as I asked in my last post — When will the Congress insist on comprehensive and public hearings, both on this and on the legal support for the Administration’s torture practices?)

Marty Leberman continues to have the best analysis of the NSA’s wiretap program. Go read “What Was “The Program” Before Goldsmith and Comey?” In “Putting the Pieces Together” he also explains how the criminal wiretaps led to the appointment of Gonzales to clean the DOJ of libertarians like Ashcroft.

Facebook Hangover

On Dave Farber’s list, Brock Meeks pointed us to a delightful Facebook Smackdown. Brock says,

What do Facebook, the CIA and your magazine subscription list have in
common? Maybe more than you think…


Trust me, it’s worth the look.

And indeed it is worth looking at, along with Patrick Schitt’s contribution of the background documentation.

I found the “smackdown” a refreshing antidote to much recent discussion about young adults and their attitudes about privacy. Perhaps some of it is hyperbolic; anyone associated with the Internet back in the days when it was the Arpanet has similar ties. But let’s look at the larger issue.

Over the last year or so, there’s been a theme going around the media about how kids today are much more comfortable with personal information out on the net. There have been dramatic news stories about it and I have had the privilege of seeing a few panels at universities about that subject amused by the walking oxymorons — well-known privacy activists — who participate.

The continued democratization of personal information is not an unalloyed desirable thing, but it also a fact of life. At lunch yesterday, I snorted something about how if you can’t find the home address of anyone sitting at the table in less than five minutes, then your search-fu needs brushing up.

Many of those stories and discussions have had as an implicit or explicit theme that old people (those who got their first email address during, not after, the dot-com boom) can learn something from these young adults. However, young adults are well-known for risk-taking behavior. They get drunk, drive fast, take drugs, sleep around, put their hearing at risk, and do many other things that older people do not do (or don’t do anymore). The mainstream media has credulously swallowed the notion that not caring about privacy is youthful wisdom rather than youthful indiscretion.

Many young adults wake up one morning with a pounding headache, fuzz on their tongue, a wretched feeling in the gut that they’ll learn one day is acid reflux, the distressing feeling that they are not comfortable with the place nor manner in which they woke up, and the feeling that they may have done some things that it’s perhaps better that they don’t know they did. Over time, this leads to behavior modification.

When one is suffering from a hangover, one often says intemperate or hyperbolic things about that which got one in that state. Even if the Facebook Smackdown contains hyperbole, I view it as a Netizen Hangover.

Facebook has a privacy and information use policy that is skewed slightly to Facebook over its users. In a normal state of mind, one might respond to this with, “yeah, whatever” particularly if one is of an age that “yeah, whatever” is part of one’s active vocabulary. If one has the unpleasant feeling that one has made a fool of oneself in public, the response might be, “ZOMGWTFPWNED!” Facebook also has investment connections that could get either the two previous responses.

This hangover plots some points and draws lines between them. During a hangover, one might forget that just because one can draw a line between two points, one isn’t obligated to draw a line between them. Furthermore, when one does those little connect-the-dots puzzles, order is important; that’s why they put numbers by the points.

As one holds one’s coffee with both trembling hands while tending that hangover — Facebook can do pretty much anything they want with all the information in it, and there are few degrees of separation between Facebook and the parts of the government that want to find bad guys through data mining, the thought that Facebook might get you on the no-fly-list doesn’t sound unreasonable. It’s easy to wonder between sips if one’s internship will be in Gitmo. Are they mining Facebook to look for bad guys? Probably not. Could they? Sure.

Nonetheless, there are many lessons one learns as one gets older. Every generation learns something new that they have to carefully explain to their kids (“I’m not ashamed of what I did, but really, I recommend thinking twice or three times before doing what I did.”) A cavalier attitude to privacy may end up on that list sooner than we think.

Weak Crypto Contest

The 2007 Underhanded C Contest has a marvelous theme — weak crypto.

The object of this year’s contest: write a short, simple C program that encrypts/decrypts a file, given a password on the command line. Don’t implement your own cipher, but use a bog-standard strong cipher from a widely available library.


Your challenge: write the code so that some small fraction of the time (between 1% and 0.01% of files, on average) the encrypted file is weak and can be cracked by an adversary without the password. The poorly encrypted file must still decrypt properly by your own software.

Other great comments:

Short programs are innocent, and more impressive. If your source file is over 200 lines, you are not likely to win. You can hide a semi truck in 300 lines of C.


Of course, there are other factors: we award points for humor value and irony. I have always been impressed with the winner of the 2004 Obfuscated V contest, who concealed an error in a vote-counting program by adding a voter-verifiable paper trail function that overflowed a buffer. That’s evil with style.

What a great idea.

Fear Wears Off: More UK Liquid Explosives Plot

As the shock and awe wears away, we learn more about what happened and why. Perhaps this plot was not about to go operational, as MSNBC reports that “U.S., U.K. at odds over timing of arrests.” Meanwhile, after years of debate over warrantless surveillance, the Washington Post reports that a “Tip Followed ’05 Attacks on London Transit.” Maybe we should spend more time talking to people, and less time listening to random phone calls. That’s not to say that communications intercepts aren’t useful, as CNN reports that a “‘Do your attacks now’ message triggered arrests.” Those interceptions could well have been done legally, with warrants, under FISA, if the suspects were in the US. I also find this leak really worrisome, and would like to ask when the investigation of that leak will commence. I’m generally in favor of a lot of openness, but:

The message, which was intercepted and decoded, was part of the reason authorities in Britain decided that an attack was imminent, possibly just a few days to a week away, according to an unclassified security memo sent to law enforcement agencies Friday by the U.S. Department of Homeland Security.

That seems to give away a lot more operational capability information than anything the NY Times has reported on the SWIFT monitoring.

On the costs side of things, Russian musicians are taking trains from London to Moscow to avoid checking their irreplaceable instruments as baggage, as the BBC reports in “Cabin baggage ban hits musicians.

To analyse the effects of hierarchy versus distributed organizations, John Robb writes on “Al Qaeda’s Achilles Heal [sic]: Residual Hierarchy.” Reminds me a lot of a post here from March, “The Emergent Field of War and Economics.”

Sources included Bruce Schneier, Boingboing, Sivacracy and probably others.

Small Bits of Chaos

That didn’t take long

Verizon is facing a $5 billion lawsuit over its alleged law-breaking. The NYT reports today that this suit may actually involve as much as $50 billion in damage. Previously, a $20 billion suit had been filed regarding the aspects of the NSA program that had become publicly-known in December.
Interestingly enough, when you don’t take into account the downside of engaging in a criminal conspiracy enterprise of questionable legality, it may have ramifications for your shareholders and executives. I wrote about this elsewhere, but it looks like this angle may have increased relevance here at EC.

Tip of the iceberg

A former intelligence officer for the National Security Agency said Thursday he plans to tell Senate staffers next week that unlawful activity occurred at the agency under the supervision of Gen. Michael Hayden beyond what has been publicly reported, while hinting that it might have involved the illegal use of space-based satellites and systems to spy on U.S. citizens.
[Tice] said he plans to tell the committee staffers the NSA conducted illegal and unconstitutional surveillance of U.S. citizens while he was there with the knowledge of Hayden. … “I think the people I talk to next week are going to be shocked when I tell them what I have to tell them. It’s pretty hard to believe,” Tice said. “I hope that they’ll clean up the abuses and have some oversight into these programs, which doesn’t exist right now.”

ThinkProgress.org, quoting from National Journal
Italics (but not bold) supplied by me.
Note to AM: Apropos of your comment many posts back, this story exists due to those in the trenches.

NSA Wiretaps: General Hayden Speaks

In “Hayden Delivers Impassioned Defense of NSA,” Powerline excerpts Hayden’s Speech to the National Press Club (PDF). One section that jumped out at me was:

GEN. HAYDEN: You know, we’ve had this question asked several times. Public discussion of how we determine al Qaeda intentions, I just — I can’t see how that can do anything but harm the security of the nation. And I know people say, “Oh, they know they’re being monitored.” Well, you know, they don’t always act like they know they’re being monitored. But if you want to shove it in their face constantly, it’s bound to have an impact. [C]onstant revelations and speculation and connecting the dots in ways that I find unimaginable, and laying that out there for our enemy to see cannot help but diminish our ability to detect and prevent attacks.

It jumped out at me because I discussed precisely his issue about a month ago:

The first is enhancing terrorist awareness of their threat environment. This is important. As time passes, people become complacent. As they become complacent, their investment in security processes drops off.

In “Do Wiretap Revelations Help The Terrorists,” I analyze this line of thought, and believe that there’s much that Hayden couldn’t or didn’t talk about. Perhaps that’s a result of the wiretapping agency not being the agency that does other parts of counter-intelligence. Regardless, if you’re following the story closely, you ought to read his remarks.