February | 2014

It’s still Snowing… (the thread on Snowden, NSA and lack of privacy continues…)

February 10, 2014 · by parasam

Just a short follow-up here: two more articles that relate to my observations on the unending revelations of data collection, surveillance, etc. by our friendly No Secrets Anymore agency…

The first article (here) relates how NSA whistleblower Edward Snowden used a common “webcrawler” software to comb through the NSA databases and download thousands of pages of classified information. The first thing I thought when reading this was “WTF! – How was this even possible inside what should be one of the most secure networks on the planet??” Turns out that even super-secret networks have rollout delays in deploying critical network monitoring software… (Snowden ran the webcrawler from a Hawaii field office instead of NSA central in Fort Meade, MD…)

The other article (here) is an odd clarification on how much metadata the NSA has been gathering on domestic phone calls – now we are told about 20% of all landline calls made, not the close to 100% that was earlier believed. In addition, we are told that not much bulk collection of cellphone calls is currently occurring, due to a restriction on collection of location information (which is normally embedded in the cellphone call record metadata). This raises an interesting question: since I doubt that many would-be terrorists install a landline (with the requisite time and details for commissioning) in order to make clandestine calls – what is the use of any landline collection (in bulk terms)? Isn’t this just a large waste of taxpayer time and funds that really will have no useful purpose?

What one may take away from these observations is that policy often gets in the way of efficient application of a process – in some cases allowing security leaks, and in other cases seriously diluting the desired effect of a surveillance plan. Many of the same issues that confront commercial entities also plague our (and others) governmental agencies…

NSA (No Secrets Anymore), yet another Snowden treatise, practical realities…

February 6, 2014 · by parasam

I really did intend to write about a different topic today… but this article in the New York Time (here) prompted this brief comment. Of course it was inevitable that a book (the first of several) would pop out of the publishing machine to review the NSA/Snowden privacy debacle – and presumably make some coin for the author… Disclosure: I have not yet read the book, but my comments are more around the general issue – not this particular retelling of this Orwellian story…

Again, without regard to the position of Snowden (or those like him) – traitor or whistleblower – the underlying issue is vitally important. The difficult balance between a nation/state’s “need to know” about supposedly private communications of their citizens – in order to ‘protect’ them against perceived threats; and the vital human ‘freedom’ of individual privacy – the lack of unauthorized and unknown surveillance by government or other commercial entities – is a subject that we collectively must not ignore. It is all of our responsibility to be informed: lack of knowledge is not an excuse for the day when your personal details are splattered all over a billboard…

As I have written before: while one may not be able to prevent the dispersal of some of your personal information, the knowledge that using the ‘internet’ is not free, and will inevitably result in the sharing of some of your information and data, is I believe a vitally important fact. Just as knowing that the speed limit on a US highway – in absence of a posted sign – is 55-65MPH (depending on the state in which you are speeding…) will prevent surprise if you are pulled over for driving faster – you shouldn’t be surprised if your browsing history shows up in future targeted advertising – or if you perform lots of web searches for plastic explosives, instructional papers for using cellphones to activate blasting caps, etc. – you may someday get a visit from some suits…

However – and this closing observation will hopefully reduce some of the paranoia and anxiety of online activity: re-read the last line of the quoted article “…the book also manages to leave readers with an acute understanding of the serious issues involved: the N.S.A.’s surveillance activities and voluminous collection of data, and the consequences that this sifting of bigger and bigger haystacks for tiny needles has had on the public and its right to privacy.” The critical bit is something that the NSA (and the GCHQ) is dealing with right now: the vast amount of data being gathered is making ‘sifting’ really, really difficult. Finding your 100-word e-mail in literally trillions and trillions of mails, pictures, files, etc. etc. is becoming wretchedly difficult – even the massively powerful supercomputers of the NSA are choking on this task. Hidden in plain sight…

Privacy in our connected world… (almost an oxymoron)

February 4, 2014 · by parasam

Yesterday I wrote on the “ideal” of privacy in our modern world – this morning I read some further information related to this topic (acknowledgement to Robert Cringely as the jumping-off point for this post). If one wants to invest the time, money or both – there are ways to keep your data safe. Really, really safe. The first is the digital equivalent of a Swiss bank account – and yes, it’s also offered by the Swiss – deep inside a mountain bunker – away from the prying eyes of NSA, MI6 and other inquisitive types. Article is here. The other method is a new encryption method that basically offers ‘red herrings’ to would-be password hackers: let them think they have cracked your password, but feed them fake data instead of your real stuff – described here.

Now either of these ‘methods’ requires the user to take proactive steps, and spend time/money. The unfortunate, but real, truth of today’s digital environment is that you – and only you – must take responsibility for the security and integrity of your data. The more security you desire, the more effort you must expend. No one will do it for you (for free) – and those that offer… well, you get the idea. A long time ago one could live in a village and not lock your front door… not any more.

However, before spiraling down a depressive slope of digital angst – there are some facets to consider: even though it is highly likely (as in actually positively for certain…) that far more of your private life is exposed and stored in the BigData bunkers of Walmart, Amazon, ClearChannel, Facebook or some government… so are the details of a billion other users… There is anonymity in the sheer volume of data. The important thing to remember is that if you really become a ‘person of interest’ – to some intelligence agency, a particularly zealous advertiser, etc. – almost nothing can stop the accumulation of information about you and your activities. However, most people don’t fit this profile. You’re just a drop of water in a very large digital ocean. Relax and float on the waves…

Understanding helps: nothing is free. Ever. So if come to know that the ‘price’ you pay for the ‘free’ Google search engine that solves your trivia questions, settles arguments amongst your children, or allows you to complete your next research project in a fraction of the time that would otherwise be necessary is the ‘donation’ of some information about what you search for, when, how often, etc. – then maybe you can see this as fair payment. After all, the data centers that power the Google search ‘engine’ are ginormous, hugely expensive to build and massively expensive to run – they tend to be located close to power generating sources as the amount of electricity consumed is so large. Ultimately someone has to pay the power bill…

Privacy: a delusion? a right? an ideal?

February 3, 2014 · by parasam

With all of the ‘exploits’ of the NSA and their brethren agencies concerning the “intelligence data” gathering process in the news recently, I wanted to expand on a post I wrote some time ago (here) on the “Perception of Privacy” – although that post was more narrowly focused on privacy as it relates to photography. Without regard to the legality or morality of Edward Snowden’s activities [or similar activities that have shed light on what our collective governments have been doing in terms of ‘snooping’] (I’ll reserve that for a future post) – I want to address the notion of ‘privacy’ in our changing world.

Privacy ultimately implies a separation of thought, speech, activity or other action from the larger world around one. If one reviews your Greek history, the Cynics (one of the three Schools that came from Socrates, Plato, Aristotle) were perhaps the best example of way of life in which there was no privacy. They practiced living with complete “shameless behavior” and did everything in public – not to shock, but to rather exercise indifference to the societal norms and rise above them. However, most cultures have evolved into a balance of public and private activity – although with a substantial variation on what is acceptable “public behavior.”

The issue at hand today with our beliefs around privacy of communications (whether voice or data) is around our “expectation of privacy.” If we post a public comment on Facebook or the New York Times web site, we have no reasonable expectation of privacy and therefore are not worried if this communication is shared or observed by others. However, if we send an e-mail to single recipient, or converse on the telephone with a family member, we have a reasonable expectation of privacy – and would be upset if this communication was shared with others (such as government agencies, etc.) – when there is no pre-existing reason for such a violation of privacy.

The big difference – and the root of much of the dialog currently regarding online privacy – is that various companies (mostly ad based or other big data firms), or nation-state governmental agencies have taken the position that extracting and storing virtually all possible data from communications within their reach is ethical, potentially useful, and profitable. From a governance pov the position is that if we have all this data on hand, then we can review it if we come to believe that person X has potentially violated some standard of behavior and is therefore deserving of surveillance. The commercial position (Big Data) is that the more we know about everyone, the better we can target commercial opportunities – or perhaps protect certain company’s profits [health/life insurance firms, corporate employment, financial institutions will all argue in favor of knowing everything possible about their potential customers].

There are a few problems with this philosophy: one of which is just practical and economic – the vast amount of storage capacity that unfocused data gathering requires. Eventually someone has to pay for all those hard disks… with one of the latest methodologies that has been revealed (harvesting of data from ‘leaky apps’ on mobile devices) generating terabytes of data per hour just from this type of activity – the scope of this data storage dilemma is becoming quite large. When you fill out one of those annoying forms when you sign up to WhatsApp (for example), are you aware that your e-mail address, cellphone number, and potentially your entire contact list is shared and propagated to a huge slew of firms outside of WhatsApp? Including Washington, D.C.? Everything from Angry Birds to top newspaper and television firms that use apps for mobile connectivity have been shown to basically have no safeguards whatsoever in terms of subscriber data privacy.

This is a new and relatively unknown issue for courts, philosophers, commercial firms, governments and their subject citizens to wrestle with. It will take some time for a collective rationale to emerge – and whatever balance between real privacy (almost impossible to have in a highly connected society) and public forum is achieved will vary widely from culture to culture. I’ll continue to observe and post on this topic, but comments are welcome.