Wednesday, August 20, 2014

Book Review: Lexicon (2013) by Max Barry

Executive Summary

Lexicon is an exciting story that is really about social engineering taken to the nth degree. It is not a cyber security canon candidate, however, because it does not meet the criteria established last year,[3] but it does share some connective tissue with one of my favorite canon candidates, Snow Crash, and offers some practical advice about how modern media consumers can protect themselves from media manipulation. This is not a must-read for the cyber security professional, but it is wonderful beach read if you are looking for something fun to take with you on your next vacation.

Introduction

Lexicon[1] is not a cyber security canon candidate because it really does not talk about anything specific to cyber security, but it shares its premise about the origination of human language with a candidate-favorite called Snow Crash.[2][3] It is a run-and-gun conspiracy thriller in which the evil cabal, called the Poets, has mastered the art of persuasion to such a degree that its members can manipulate individuals, groups, and the media to accomplish their goals. They do this by analyzing the target in terms of emotional, intellectual, and personality state to discover just the right “trigger words” that will completely destroy any resistance in the target’s mind. As the author, Max Barry, compels the reader to turn just one more page with this adventure, he also makes the reader think about the implications of manipulation attempts in our own society, the origins of languages in the human world and why there are so many, the more banal implications of the state collecting surveillance data on individual citizens, and the implications of our own bias as we consume information from the media.

The Story

After they receive extensive training on Poet techniques at an exclusive private school in Virginia, very similar to the Harry Potter's Hogwarts School of Witchcraft and Wizardry, newly graduated Poets receive their code names. The Poets’ leader is called W. B. Yeats. The main heroine is called Virginia Woolf, and her mentor is called T. S. Eliot.

The Poets did not start out as evil. At the beginning, they simply learned how to manipulate individuals by quickly assessing their target’s mental state and looking for weakness. One consequence of that practice is that they learned how to hide their own weaknesses from their fellow Poets to prevent manipulation from within. Because of that active suppression of sharing intimate details with their friends and loved ones, their ability to sympathize with the non-Poet population, and even their own members, eroded over the years to the point that the Poets’ leadership considered non-Poets to be nothing more than another form of cattle to be managed and experimented on in order to fulfill the Poets’ goals. 

Before she became Woolf, Emily was a prodigy. Poet recruiters plucked her off the streets at a young age because of her con-man skills and sent her to the private school in Virginia. But she is a rebel. She fights the suppression of her personality and is eventually exiled to a small and remote Australian town called Willow Creek until she becomes mature enough to handle the discipline it takes to be a full-fledged Poet.

There is the inevitable falling out between the Poets’ leadership and a group of Poets that feel the organization has gone too far. That confrontation is the catalyst to the entire story. Poet researchers discover something they call a “Bear Word”: a word so powerful that, when issued with a command, will compel any human to immediately comply. The Poets’ leader, Yeats, decides to experiment with the Bear Word at Willow Creek, which is now the home of the story’s prodigy, Emily. Yeats deploys the Bear Word with the command of “Kill” at the local hospital to see what will happen. Every person who sees the command immediately attempts to comply. The town becomes a bloodbath that is similar in scope to any modern-day zombie movie. Because of the actions taken at Willow Creek, the Poet organization fractures into two groups: supporters of Poets and disgruntled former members. Yeats begins to terminate any former colleagues who oppose him. How this manifests, and how Emily figures into the story, is the basis for the run-and-gun action.

The Tech

The tech in this book is not Internet gadgetry. There are no computer hacks in the story, but the entire Poet skill set is really social engineering on a grand scale. Although the Poets’ ability to manipulate individuals and groups is purely the result of Barry’s wonderful imagination, some of the skill sets he portrays for defending against manipulation are more practical.

One important skill in this defense is an understanding of how news organizations present information to the masses. Most news organizations try to present the facts as they currently know them. Many try to report objectively. The news consumer must remember, however, that the news people within the media are making choices about what to put into a story and what to leave out. News people also do not have to prove anything. They can imply. In most cases, the consumer will probably never hear anything more about a particular story. By choosing which facts to present and which facts to leave out, the news organization can lead consumers down the path for them to make their own conclusions about what happened without actually having to state it out loud.

This leads to the second important skill in the defense against manipulation: getting out of your comfort zone and consuming information from media outlets that you do not agree with. Especially today, when every issue is so polarizing, it is easy to tune into your media outlet of choice—Bill O’Reilly on the right and John Stewart on the left to name two—and hear spoken back to you exactly what you want to hear because you already totally agree with it. By staying within their own political media information bubble, consumers get manipulated into thinking that their side is the only reasonable way to think about any particular issue, and that is simply just not the case.

Conclusion

Lexicon is an exciting story about social engineering. It is not a cyber security canon candidate because it does not meet the criteria established last year,[3] but it does share some connective tissue with one of my favorite canon candidates, Snow Crash, and offers some practical advice about how modern media consumers can protect themselves from media manipulation. The story is really about social engineering taken to the nth degree. I personally loved the idea that an evil cabal could be run by a group of literature majors using their favorite poets’ names as code names. This is not a must-read for the cyber security professional, but it is wonderful beach read if you are looking for something fun to take with you on your next vacation.


Sources

[1] “Lexicon,” by Max Barry, published by Penguin Press, June 2013, last visited 1 August 2014,

[2] "Book Review: Snow Crash by Neal Stephenson (1992)," by Rick Howard, Terebrate, 10 November 2013, last visited 1 August 2014,

[3] "Books You Should Have Read by Now," by Rick Howard, Terebrate, 16 February 2014, last visited 1 August 2014,

References

"'Lexicon,' a Thriller by Max Barry," by Graham Sleight, The Washington Post, 15 July 2014, last visited 1 August 2014,
http://www.washingtonpost.com/entertainment/books/lexicon-a-thriller-by-max-barry/2013/07/15/409b5988-e8a7-11e2-a301-ea5a8116d211_story.html

"Lexicon Could Be Max Barry's Smartest Dystopia Yet," by Michael Ann Dobbs, Io9, 31 July 2014, last visited 1 August 2014,

Monday, June 30, 2014

Book Review: No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State (2014) by Glenn Greenwald

Executive Summary

No Place to Hide is a strange concoction: part exposé, part autobiography, and part screed “against the man.” It is not what I would call an example of rigorous journalistic reporting. It is more like storytelling with commentary. The story part includes the details of when and where Edward Snowden stole a treasure trove of classified U.S. government documents regarding warrantless mass surveillance of U.S. citizens and released them to a select few journalists. It also includes the details of how the author, Glen Greenwald, corralled the story and how that has affected his life.

The commentary part includes what Greenwald feels about the impact of Snowden’s released documents. He discusses how the documents show just how deep the rabbit hole goes in terms of mass surveillance against U.S. citizens, U.S. allies, and potential enemies. He argues that Snowden is really a hero and not a traitor and highlights how the government’s response to the debate is to attack the messenger and not the issues. 

Governments have a lot of opportunities to present their side to this debate. Greenwald is one voice on the other side that has grabbed center stage because of his relationship with Edward Snowden. Because of that, we should pay attention to what he has to say. Despite the less-than-stellar journalistic rigor, No Place to Hide is a cyber security canon candidate, and you should have read it by now. 

Introduction

Glenn Greenwald and other journalists began releasing a seemingly endless supply of classified U.S. government documents to the public in summer 2013. Those documents describe just how deep the rabbit hole goes in terms of U.S. government surveillance of its own citizens and allies and in terms of potential threats to the U.S. government.[1][2] Ever since, politicians, military leaders, and talk show pundits alike have attempted to characterize Edward Snowden—the man who stole the documents from the NSA and released them to the journalists—in an unfavorable light. They say he is a traitor.[3] They say he is a coward.[4] They say he is a spy.[5] They say he is a hacker.[6] They say he was just a low-level analyst with no understanding of the impact of what he did.[7] They say he was an insider threat.[8] But all of these characterizations, whether they turn out to be true or not, divert the conversation away from the main issue. None of these accusations address the most pressing question that we all, as American citizens, should be asking ourselves: Should the U.S. intelligence community be allowed to spy on U.S. citizens without the benefit of a warrant and without the benefit of a checks-and-balances system managed by a trusted third party? Glenn Greenwald does not think so and wrote No Place to Hide to make the case.

The book is a strange concoction: part expose, part autobiography, and part screed “against the man.” Greenwald tries to accomplish many tasks here, and I think because of that, the important messages within it are not as clear as they should be. He tries to set the record straight on the mechanics of how Snowden was able to position himself with two U.S. government contractors—Dell and Booze Allen Hamilton—and as an employee of the NSA and the CIA in order to steal secrets that exposed the U.S. government’s surveillance programs on U.S. citizens. But Greenwald does not provide enough detail to make sense of the story. Readers must seek other sources to fill in the gaps. 

He attempts to make the case that government-sponsored, unwarranted, and secret searches of American citizens is a trespass on the U.S. Constitution and America’s notions on privacy rights, but his argument is fuzzy. Everything Greenwald says is absolutely true, but the way he says it is not convincing. If you want a concise and elegant explanation why this is an issue that everyone should be concerned about, not just U.S. citizens but all citizens from around the world, watch Stephen Fry’s short video on the subject.[9]

He also launches an attack on the Fourth Estate, claiming that journalism has completely failed in its presumed adversarial role against the government and has not monitored and checked abuse of state power. He loses his credibility because instead of writing about the story, he is writing about himself in the story. It comes across as whiny.

And I am disappointed. I was hoping for the same gladiatorial panache that Greenwald displayed in the “Munk Debate on State Surveillance” in May [10] in which he peppered former NSA Director Michael Hayden with questions, but this panache was absent in No Place to Hide.

That said, this is an important book. Without Greenwald putting constant pressure on the American political establishment in order to challenge the need for such invasive programs, we would not be talking about it now a full year after the initial revelation in the Guardian newspaper in June 2013. And I believe we all must continue to talk about it. Just because No Place to Hide is not as clear as it could or should be does not mean that it does not have value.

This debate about how intrusive the U.S. intelligence community can be on American citizens, on American allies, and on potential American threats and about what the American political leadership decides to do about it will impact the character of the country forever. We have to get this right.


The Law

In order to understand the significance of the situation, we have to start with the Founding Fathers. According to Greenwald, they passed the Fourth Amendment because of their experience with the British before and during the American Revolution.[1] The Founders agreed that it was acceptable for a government to search individual citizens if it had probable cause of wrongdoing and produced a warrant approved by a judge attesting to the fact, but they viewed the practice of a government using a general warrant to make the entire citizenry subject to indiscriminate searches as inherently unacceptable.[1] The language in the Fourth Amendment to the U.S. Constitution is simple, elegant and clear. It is part of our Bill of Rights, and we fought a revolution to get it: 

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”[1]

According to Greenwald, 

“It was intended, above all, to abolish forever in America the power of the government to subject its citizens to generalized, suspicionless surveillance.”[1] 

Greenwald quotes U.S. Supreme Court Justice Louis Brandeis, in the seminal 1890 Harvard Law Review article “The Right to Privacy,” to make his point: 

“[R]obbing someone of their privacy was a crime of a deeply different nature than the theft of a material belonging.”[1]

After 9/11, Americans were afraid and rightfully so. More than 3,200 citizens died in a scant two hours due to the results of a well-executed, surprise, terrorist attack the likes of which had never been seen before on American soil. 

The US’s reaction was immediate. Not even a month later, President Bush signed a Presidential Directive called the Presidential Surveillance Program that granted an unprecedented amount of surveillance powers to the NSA, in pursuit of terrorist activities, that allowed bulk collection of metadata from U.S. citizens.[11][12] Shortly after, the U.S. Congress passed the Patriot Act that essentially made President Bush’s Directive the law of the land.[12][13] Section 215 of this act was the first legislation that authorized metadata collection.[12][14] The Patriot Act also authorized the FBI to compel Internet service providers, credit card companies, and phone companies via a national security letter (NSL) to provide information relevant to a counterterrorism or counterintelligence investigation. They could also impose gag orders to prohibit NSL recipients from disclosing that they received the NSL.[15] This change eliminated the former law enforcement restriction of collecting intelligence on only a foreign power without a warrant.[16]

According to Greenwald,

“What made the Patriot Act so controversial when it was enacted in the wake of the 9/11 attack was that Section 215 lowered the standard the government needed to meet in order to obtain “business records,” from “probable cause” to “relevance.” This meant that the Federal Bureau of Investigation, in order to obtain highly sensitive and invasive documents—such as medical histories, banking transactions, or phone records—needed to demonstrate only that those documents were “relevant” to a pending investigation.”[1]

In the mid-1970s, America clamped down on the intelligence community after scandals regarding CIA assassination plots and other abuses emerged in the public. As these things normally do over time though, the Patriot Act caused the pendulum to swing in the opposite direction in regard to how much leeway America wanted to give its intelligence community. We had taken almost all of the safeguards off of the intelligence community and told them to never let another 9/11 happen again. 

What We Learned from the Leaks

According to Greenwald,

“Snowden’s files indisputably laid bare a complex web of surveillance aimed at Americans (who are explicitly beyond the NSA’s mission) and non-Americans alike. …Taken in its entirety, the Snowden archive led to an ultimately simple conclusion: the US government had built a system that has as its goal the complete elimination of electronic privacy worldwide.”[1]

I think the biggest revelation about the Snowden leaks was not that the NSA was spying on U.S. Citizens, although that was a big one, but that our assumed liberal minded Internet start-ups were in on the deception. [1] According to classified documents that Snowden stole, the NSA had deals with most of our favorite Internet companies to collect information directly from their servers pertaining to U.S. citizens, companies like the following:

  • Apple Inc.
  • AOL Inc.
  • Facebook
  • Google Inc.
  • Microsoft Corp.
  • Yahoo! Inc.

According to the documents, Microsoft vigorously cooperated with the NSA to allow access to several of its most-used online services: SkyDrive, Skype, and Outlook.com.[1] Facebook and Google claim that they gave data only when the NSA presented a warrant. On the other hand, it is public record that Yahoo! fought the NSA in court against participating, but the company lost the case. Twitter declined to make it easier for the government to access Twitter data.[1]

The next biggest revelation was that the NSA indiscriminately collects millions of phone records every day from Verizon without a warrant and from both within the United States and from other countries. [1] This is the so-called metadata collection process that has been in the news from the start.

One revelation that the Fourth Estate has not talked about much is that President Obama signed a Presidential Directive in November 2012 authorizing the Pentagon to start planning for aggressive cyber attacks. He directed the military to draw-up potential overseas cyber targets.[1]

The biggest hypocritical revelation came from the documents that showed that the NSA is involved in economic espionage. The NSA targeted the Brazilian oil giant Petrobras, as well as other companies from Venezuela, Mexico, Canada, Norway, and Sweden for economic purposes, not terrorism.[1] In light of the recent U.S. Department of Justice (DOJ) indictments against five military Chinese hackers for conducting cyber economic espionage against the US,[17] this seems to be a little two-faced.

The Pro-surveillance Response: Discredit the Messenger

One thing that comes out loud and clear in this book is that Greenwald is acutely aware of the way the pro-surveillance side attempts to redirect the attention from the issue at hand. Instead of debating the merits of the American intelligence community spying on its own citizens, it first wants to flog Edward Snowden for breaking the law. It wants to criticize Greenwald for not being a great journalist. It accuses Snowden of running off to Taiwan and then to Russia to avoid incarceration as if that motive somehow weakens the revelation that the NSA collects all electronic communication, or at least as much as possible, from within the United States without a warrant. The pro-surveillance side says that if Snowden’s whistleblower attentions were so honorable, he would come back to the states to face the authorities. None of that matters, or if it did, it is at least secondary and causes confusion within the citizenry when we debate the topic: Should we sacrifice the tenants of the Fourth Amendment for the sake of a little more security?

The Pro-surveillance Response: If You Have Nothing to Hide, Then You Have Nothing to Worry about

Personally, I hate this argument. It is another misdirection by the pro-surveillance side and does not address the issue. What the pro-surveillance side wants you to think is that if you are a law-abiding citizen, then the only people who will be negatively impacted by mass surveillance are the criminals and the terrorists and all the rest of the bad people. According to Greenwald, 

“Governments have long convinced populations to turn a blind eye to oppressive conduct by leading citizens to believe, rightly or wrongly, that only certain marginalized people are targeted, and everyone else can acquiesce to or even support that oppression without fear that it will be applied to them.”[1]

In other words, this argument really implies that if a U.S. citizen completely conforms to the way the U.S. government wants you to think, then you are not at risk. The danger though is when an individual citizen starts to think that the U.S. government may not be doing the right thing and decides that he or she may want to speak out against it. There are plenty of examples of the U.S. government collecting intelligence on its citizens when leadership felt threatened by a dissenting voice: The FBI’s surveillance on Martin Luther King Jr.[18] and President Nixon’s Watergate operation[19] are just two famous examples. There are so many divisive issues in our culture today—gun control, abortion, universal healthcare, etc.—that there is no way that an individual citizen won’t be on the wrong end of an argument depending on who wins the next election. If your side loses, then you are no longer in conformance. In today’s technology terms, it is so easy to collect intelligence and discover dissenting voices that entire swatches of the population could be affected. This “if you have nothing to hide” argument is really not an argument about protecting us from the criminals; it is about suppressing dissenting voices, and that is scary.

The Pro-surveillance Response: Terrorism Is Scary

Greenwald makes the point that the U.S. government’s answer as to why it needs a mass surveillance program is that terrorism is scary.[1] I have worked for security vendors for the past decade, and I recognize this tactic. In the security space, we all recognize this as the fear, uncertainty, and doubt pitch. The idea is that we try to scare the hell out of you so that you buy our product. This is exactly what the U.S. government is doing here. When Greenwald asserts that the mass surveillance program has not stopped a single terrorist plot, the U.S. government has no answer other than that terrorism is scary.[1]

U.S. Hypocrisy

On 19 May 2014, the U.S. DOJ indicted five Chinese nationals for the crimes of “computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.”[20][21] I attended a dinner of government officials in Washington, DC, just after the DOJ made this announcement, and of course the subject came up for discussion. I was struck by the hypocrisy of the announcement in light of the Snowden revelations and said so, but the government officials present drew the distinction between national security espionage and economic espionage claiming that the United States engages in only national security espionage while China engages in both. According to Fred Kaplan at Slate magazine, President Obama pushed this negotiating point with Chinese President Xi Jinping at a Summit in Palm Springs in 2013.[20] According to Greenwald, NSA spokespeople claim that the agency

“does engage in computer network exploitation but does ***not*** engage in economic espionage in any domain, including ‘cyber.’”[emphatic asterisks in the original][1]

I was stunned that American officials would draw that very thin line there, but Greenwald points out that there really is no line at all and uses more Snowden documents to prove it. In No Place to Hide, Greenwald says that the NSA intercepted communications on the Brazilian oil giant Petrobras and routinely collected information from various economic summits.[1][22]

James Lewis, famous analyst for the Center for Strategic and International Studies, says there is a distinction between collecting intelligence regarding international economic questions and sharing that intelligence with U.S. companies to improve their bottom line.[23] He says there are many reasons why the state may want to know about the economic situation regarding a certain country, but that does not mean that the government collects it with any eye toward giving American companies an advantage.[23] He says that the U.S. law called the Economic Espionage Act specifically gives the United States permission to collect on bribery and non-proliferation issues but nothing else.[23]

However, as Glyn Moody from TechDirt opines regarding the Petrobras revelations,

“Or, you know, it could provide US companies with insights about which were the best lots in the forthcoming auction of seabed areas for oil exploration, or about highly-specialized deep-sea oil extraction technology, in which Petrobas is a world leader. After all, why wouldn't the NSA drop some useful hints about such things to US companies as a way of justifying its huge budget?”[32]

I am not a foreign policy expert by any means, but I don’t see how pushing an obvious double standard in negotiations with the Chinese can bear any fruit. It is one thing to agree on what is out of bounds and what is in bounds in terms of acceptable cyber espionage on the world stage, but to formally indict five Chinese citizens for a crime that you are also perpetrating seems disingenuous at best and absolute hubris at worst.

The Argument against Mass Surveillance for Anti-terrorism

Greenwald cites five reasons why mass surveillance is a bad idea:

  1. The practice of mass surveillance is likely unconstitutional.[1][24]
  2. President Obama’s own review panel said that the metadata program was not essential to preventing terrorist attacks.[1][25]
  3. Mass surveillance collection, as opposed to targeted collection, makes finding terrorists more difficult.[1]
  4. Mass surveillance is a draconian reaction when you consider the statistically small chances that you will die from a terrorist attack.[1][26][27][28]
  5. Even if mass surveillance were necessary, allowing the government to do it without transparency is counter to the Founding Fathers’ design of the country.[1]

Unconstitutional

On 16 December 2013, U.S. District Judge Richard J. Leon ruled that the government did not make its case concerning the need for mass surveillance in order to protect against terrorism in a timely manner. According to Leon, 

“The Government does not cite a single instance in which analysis of the NSA’s bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time sensitive in nature… Thus, plaintiffs have a substantial likelihood of showing their privacy interests outweigh the Government’s interest in collecting and analyzing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed unreasonable search under the Fourth Amendment.”[24]

Review Panel Conclusions

In the wake of the Snowden revelations, President Obama directed a review of the entire program on 27 August 2013. On 18 December 2013, the panel published its findings. [25] Panel members acknowledged that 

“In addressing these issues, the United States must pursue multiple and often competing goals at home and abroad.”[25]

The following are those goals:

  • Protecting the nation against threats to its national security. [25]
  • Promoting other national security and foreign policy interests. [25]
  • Protecting the right to privacy. [25]
  • Protecting democracy, civil liberties, and the rule of law. [25]
  • Promoting prosperity, security, and openness in a networked world. [25]
  • Protecting strategic alliances. [25]

With that said, the panel could not find any pressing need for the metadata collection program:

“Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.”[1][25]

Mass Surveillance Collection Makes Finding Terrorists More Difficult

Greenwald points to the NSA’s less-than-stellar record at preventing any number of terrorist plots in recent history:

  • The 2012 Boston Marathon bombing. [1]
  • The attempted Christmas Day bombing of a jetliner over Detroit. [1]
  • The plan to blow up Times Square. [1]
  • The plot to attack the New York City subway system. [1]
  • The string of mass shootings from Aurora to Newtown. [1]
  • Major international attacks from London to Mumbai to Madrid. [1]

He believes that the reason the record is so poor is that the actual collection of all of that data makes it harder to find and prevent terrorism activities compared to other more traditional law enforcement activities driven by warrants. 

Is Mass Surveillance Necessary to Solve a Statistically Small Risk

This is the classic risk equation that all security people are used to evaluating. Anybody can come up with a terrorism scenario that would be devastating to the country. As security professionals, our job is to evaluate these scenarios across a two-dimensional risk matrix. On the x-axis, we plot how likely is it that this scenario will actually happen from “not very likely” on the left to “will absolutely happen” on the right. On the y-axis, we plot how impactful the scenario is if it were to happen from “no impact” on the bottom to “will materially impact the country” on the top. None of us has unlimited resources. Because of that, we focus on the risks that end up in the up-and-to-the-right section on our risk matrix. These are the scenarios that are likely to happen and that will have a meaningful impact if they do. The fact is that for most terrorism scenarios, they tend to sit in the up-and-to-the-left section on the risk matrix. The chances of them happening are not too likely, but if they do, they will have a medium to large impact. 

These terrorism scenarios are outliers because they are not that likely to happen. According to Greenwald, 

“The number of people worldwide who are killed by Muslim-type terrorists, Al Qaeda wannabes, is maybe a few hundred outside of war zones. It’s basically the same number of people who die drowning in the bathtub each year.”[1]

Greenwald’s point is that we should seriously consider if we want to deconstruct the Fourth Amendment to protect ourselves from such an event, an event that is scary for sure, but an event that is not likely to happen.

Mass Surveillance without Transparency Is Counter to the Founding Fathers’ Design of the Country

There has always been a tension between national security and government transparency. James Madison -- one of the Founding Fathers and a primary contributor to the American Constitution -- believed that 

Transparency was an essential cornerstone of democratic governance. [29]

And Patrick Henry’s said that 

The liberties of a people never were, nor ever will be, secure when the transactions of their rulers may be concealed from them.[30]

Greenwald points out,

“Democracy requires accountability and consent of the governed, which is only possible if citizens know what is being done in their name. The presumption is that, with rare exception, they will know everything their political officials are doing, which is why they are called public servants, working in the public sector, in public service, for public agencies.”[1] 

The point is that whatever we as a nation decide is the legitimate use of the U.S. intelligence apparatus, we must also insist that the mechanical process of that apparatus be completely transparent to the American citizen.

Why the Leaks Were Good

Putting aside the issue of whether Edward Snowden is a hero or a criminal, Greenwald contends that his release of the Snowden documents to the public has far more positive impact to the United States and to the world at large than any negative consequences that may have occurred to the U.S. intelligence apparatus because of it. Greenwald lists the following positive outcomes from the Snowden leaks:

  • The entire world is debating the merits of the ubiquitous state surveillance, pervasive government secrecy, and the value of individual privacy.[1] 
  • The world is challenging America’s hegemonic control over the Internet.[1]
  • Journalists are reconsidering the proper role of journalism in relation to government power.[1]

Thoughts on Snowden

Throughout No Place to Hide, Greenwald presents a personality picture of Edward Snowden. Compared to Chelsey Manning,[31] the other notorious whistleblower in recent U.S. history, Snowden thought long and hard about what he was doing. He may have been naïve and uninformed, but Greenwald’s picture of him is of a person who has seen an egregious wrong, thought about what to do about it, considered the consequences for him and the nation, and executed a plan to try to create change. Greenwald quotes Snowden, 

“My sole motive is to inform the public as to that which is done in their name and that which is done against them. The U.S. government, in conspiracy with client states, chiefest among them the Five Eyes—the United Kingdom, Canada, Australia, and New Zealand—have inflicted upon the world a system of secret, pervasive surveillance from which there is no refuge. They protect their domestic systems from the oversight of citizenry through classification and lies, and shield themselves from outrage in the event of leaks by overemphasizing limited protections they choose to grant the governed.”[1]

“I’m not afraid of what will happen to me. I’ve accepted that my life will likely be over from my doing this. I’m at peace with that. I know it’s the right thing to do.”[1]

For all of the things he may be—traitor,[3] coward,[4] spy,[5] hacker, [6] low-level analyst,[7] insider threat[8]—Snowden is definitely a man of his own conviction. You may not agree with what he did, and you can point to his naiveté about the impact of what he did to the intelligence establishment, but he stood up for what he thought was right and decided to do something about it regardless of how that affected his own personal life.

The Solution

In No Place to Hide, Greenwald would prefer not letting the U.S. government spy at all, but he recognizes that is probably a bridge too far. In the meantime, he offers these four intermediate solutions that are not that unreasonable:

  • Enact legislation that will provide oversight, accountability and transparency for the entire intelligence community. [1]
  • Convert the FISA court into a transparent judicial system so that there is an adversarial relationship to both sides of the argument. [1]
  • Encourage international efforts to build new infrastructure so that all traffic does not go through the US. [1]
  • Encourage individuals to adopt COMSEC tools and demand that vendors make them easy to use. [1]

Conclusion

No Place to Hide is not what I would call rigorous reporting. Greenwald conveys what happened to him as he followed this story and thus became part of the story himself. As I sought to corroborate the details presented within, I found I had to go to other sources to fill in the gaps. 

That said, his telling of the story is important enough to the security community, the United States and to the world at large that I think it is required reading. He discusses everything from the Fourth Amendment and why it should be anathema to all American citizens to allow the government to spy on its communications without a warrant, to NSA programs and their scope, to the government’s justification of mass surveillance by attempting to discredit Snowden. He then lays out the arguments against mass surveillance without a warrant, describes why the world is better off today because of the Snowden leaks, and describes the detailed timeline from when Snowden initially contacted Greenwald to their meetings in Taiwan to Snowden’s eventual escape to Moscow. Finally, Greenwald describes his reasonable solution for the problem: better legislation to provide oversight, accountability and transparency for the entire intelligence community, convert the FISA court into a, adversarial judicial system, encourage international efforts to build new infrastructure so that all traffic does not go through the United States and finally, encourage individuals to adopt COMSEC tools so that all intelligence agencies have trouble intercepting communications.

Greenwald tries to present a lot of complicated material in No Place to Hide. He was not completely successful at doing so, but he is writing about the fundamental principles of how we want the United States to behave in the digital world. Governments have a lot of capability to present their side to this debate. Greenwald is one voice on the other side that has grabbed center stage because of his relationship with Edward Snowden. Because of that, we should pay attention to what he has to say. Despite the less–than-stellar prose, No Place to Hide is a cyber security canon candidate, and you should have read it by now. 

Sources

[1] “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State,” by Glenn Greenwald, Published by Metropolitan Books, 13 May 2014, last visited 6 June 2014,

[2] “NSA collecting phone records of millions of Verizon customers daily,” by Glenn Greenwald, The Guardian, 6 June 2013, Last Visited 30 June 2014,

[3] “Congress Flips Out About 'Snowden The Traitor' As They Try To Pass Legislation To Stop The Program He Revealed,” by Mike Masnick, TechDirt, 5 Aug 2013, Last Visited 30 June 2014, 

[4] “INSIDE THE MIND OF EDWARD SNOWDEN,” by Tracy Connor, NBC News, 28 May 2014, Last Visited 14 June 2014,

[5] “Snowden: 'no relationship' with Russian government,” by Peter Cooney and Warren Strobel, Reuters, 29 May 2014, last visited 14 June 2014,

[6] “Edward Snowden's interview: 10 things we learned,” by Catherine E. Shoichet, CNN, 29 May 29 2014, last visited 14 June 2014,

[7] “Defending His Actions, Snowden Says He’s a Patriot,” by Elena Schneider and Steve Kenny, The New York Times, 28 May 2014, last visited 14 June 2014,

[8] “Federal agencies embrace new technology and strategies to find the enemy within,” by Christian Davenport, The Washington Post, 7 March 2014, last visited 14 June 2014,

[9] “Stephen Fry on surveillance: there is something squalid and rancid about being spied on - video,” by Stephen Fry, The Guardian, 7 June 2014, last visited 14 June 2014,

[10] “Munk Debate on State Surveillance: Greenwald/Ohanian vs Hayden/Dershowitz,” Munk Debates, Moderated by Rudyard Griffiths, 3 May 2014, last visited 14 June 2014,

[11] "The Taming of the Spook," by William Saletan, Slate, 1 July 2013, last visited 20 August 2013,

[12] “General Alexander at Black Hat 2013: Privacy vs. Security vs. Transparency,” by Rick Howard, Terebrate, 20 August 2013, last visited 11 June 2014,

[13] “Timeline of NSA Domestic Spying,” by the Electronic Frontier Foundation, last visited 20 August 2013,

[14] "Transcript: Newseum Special Program - NSA Surveillance Leaks: Facts and Fiction," by Harvey Rishik, Robert Litt, M.E (Spike) Bowman, Kate Martin, Gene Policinski, Ellen Shearer, Joel Brenner, and Stewart Baker, 26 June 2013, last visited 20 August 2013,

[15] "National Security Letters: A Little Less Secret?" by Alex Abdo (Staff Attorney, ACLU National Security Project) and Hannah Mercuris, Free Future: Protecting Civil Liberties in the Digital Age, 9 May 2012, last visited 20 August 2013,

[16] "A Review of the Federal Bureau of Investigation’s Use of National Security Letters," by the U.S. Department of Justice, Office of the Inspector General, March 2007, last visited 20 August 2013,

[17] “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” the Department of Justice, 19 May 2014, last visited 18 June 2014,

[18] “FBI tracked King's every move,” by Jen Christensen, CNN, 29 December 2008, last visited 16 June 2014,

[19] “The Watergate Story,” by The Washington Post, last visited 16 June 2014,

[20] “Why Did the Justice Department Indict Five Chinese Military Officers?” by Fred Kaplan, Slate magazine, 21 May 2014, last visited 16 June 2014,

[21] “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” by the Office of Public Affairs, the United States Department of Justice, 19 May 2014, last visited 16 June 2014,

[22] “NSA accused of spying on Brazilian oil company Petrobras,” by Jonathan Watts, The Guardian, 9 September 2013, last visited 16 June 2014,

[23] “U.S. Policy on Economic Espionage,” by James Andrew Lewis, Center for Strategic and International Studies, 7 December 2011, last visited 18 June 2014,

[24] “Civil Action No. 13-0851,” by U.S. District Judge Richard J. Leon, U.S. District Court for the District of Colombia, 16 December 2013, last visited 17 June 2014,

[25] “LIBERTY AND SECURITY IN A CHANGING WORLD: Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies,” by Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass R. Sunstein, and Peter Swire, the White House, 12 December 2013, last visited 17 June 2014,

[26] “The Black Swan: The Impact of the Highly Improbable,” by Nassim Nicholas Taleb, Random House, 22 April 2007, last visited 17 June 2014, 

[27] “Terrorism Deaths, Injuries, Kidnappings of Private U.S. Citizens, 2011,” by the U.S. Department of State, 31 July 2012, last visited 17 June 2012,

[28] “You’re More Likely to be Killed by a Toddler than a Terrorist,” by Washington’s Blog, 12 June 2013, last visited 17 June 2014,

[29] “Government Transparency and Secrecy: An Examination of Meaning and Its Use in the Executive Branch,” by Wendy Ginsberg, Maeve P. Carey, L. Elaine Halchin, and Natalie Keegan, Congressional Research Service, 14 November 2012, last visited 18 June 2014,

[30] “Government transparency directly related to our liberty,” by James Zachary, transparency project of georgia, 16 April 2014, last visited 18 June 2014,

[31] “Bradley Manning Uncovered U.S. Torture, Abuse, Soldiers Laughing As They Killed Innocent Civilians,” by Matt Sledge, The Huffington Post, 21 August 2013, last visited 18 June 2014,

[32] “Latest Leak Shows NSA Engaging In Economic Espionage -- Not Fighting Terrorism,” by Glyn Moody, TechDirt, 9 September 2013, last visited 18 June 2014,

References

“A Guide To The Career Of Edward Snowden,” by Eric Lach, TPM, 20 June 2013, last visited 14 June 2014,

“Cryptocat,” by Arlo Breault, Dmitry Chestnykh, David Dahl, Daniel "koolfy" Faucon, Andreas "Gordin" Guth, Frederic Jacobs, Nadim Kobeissi, last visited 18 June 2014,

“Edward Snowden: A Timeline,” by Matthew Cole And Mike Brunker, NBC News, May 2014, last visited 14 June 2014,

“Edward Snowden timeline of events,” by the Associated Press, Politico, 1 August 2013, last visited 14 June 2014,

“Espionage and Covert Operations: A Global History” (24 lectures recorded course), Chantilly, VA: The Great Courses, 2011. 

“NSA collecting phone records of millions of Verizon customers daily,” by Glenn Greenwald, The Guardian, 5 June 2013, last visited 14 June 2014,

“Officials’ defenses of NSA phone program may be unraveling,” by Greg Miller and Ellen Nakashima, The Washington Post, 19 December 2013, last visited 16 June 2014,

“Off-the-Record Messaging,” by Ian Goldberg, OTR Development Team, Last Updated 28 September 2013, last visited 18 June 2014,

“September 11 Anniversary Fast Facts,” by CNN Library, CNN, 11 September 2013, last visited 11 June 2014,

“Snowden's Army record: short,” by Tom Vanden Brook, USA TODAY, 10 June 2013, last visited 14 June 2014,

“Snowden's Instruction PGP video to GGreenwald,” by TheDigitalfolklore, YouTube, 14 May 2014, last visited 18 June 2014,

“The Newsroom finale 1x10 - The Greater Fool speech,” by Sloan Sabbath (Olivia Munn), written by Aaron Sorkin, HBO, 26 August 2012, last visited 7 June 2014,

“Timeline of Edward Snowden's revelations,” by Joshua Eaton, Aljazeera America, last visited 14 June 2014,

Thursday, May 22, 2014

Memorial Day

Memorial Day this year is on 26 May and is observed in the United States on the last Monday of May. I wrote this essay back in 2000 when I was stationed at the Pentagon; before the madness of 9/11 kicked in and long before our country committed its military to over a decade of war. I like to re-read it every Memorial Day to remind myself of the staggering number of US soldiers (over 6,650) and US civilians (over 3000) [2] that have died since then in Iraq and Afghanistan, that we still have soldiers and civilians in harms way there, and that they will be there for days to come [3][4].

As these courageous men and women have come back home, I fear the country cannot fathom the sacrifices these people, and their families, have made for us and the troubles they yet face as they try to re-integrate back into society. 

That would be worry enough. 

But when I consider the latest revelations [5] about how the United States Department of Veteran’s Affairs has been breaking our country’s sacred promise to these damaged souls – the best of all of us really– I cannot hold back the tears of shame and sorrow and rage. 

Please keep them in your thoughts. Write to your senators and congressmen to express your disapproval. More importantly, give these brave soldiers (military and civilians) and their loved ones a hand if you get the opportunity.

Reborn at Arlington

1500 US Army soldiers stood on the misty parade field at Fort Meyer waiting for the sun to rise. The leadership had scheduled another morale building yet mandated "fun run" wherein once a quarter, the entire unit comes together to do PT (Physical Training) in a show of Esprit de Corp and cohesion. Since we were all stationed at the Pentagon, many of us were fairly senior, a little broken down in the body department, and had seen our fair share of these types of events. Still, there we were, at the twilight of our careers huddled in small groups during the dawn of one more PT morning. 

Of course, there was the usual grumbling between the older soldiers; asking one another if we were motivated yet and if we had a cup of Esprit De Corps to spare. But there was a sprinkling of young soldiers among us too and their shiny new faces kept us old timers from getting too cynical and fussy.

As the sun poked up above the horizon, the Army's Command Sergeant Major called the gaggle to attention and the formation began to run. The Non-Commissioned Officers (NCOs) led the assemblage in rousing voice and extolled the virtues of Granny[6], My Girl [7] and the C-130 [8]. Below the roar of the singing, just in the background, you could hear the footsteps of the 1500 strong pounding the pavement in syncopated rhythm.

The formation crested the hill overlooking Arlington Cemetery and the vista of Washington DC opened up to us. The Army Colors, at the front of the formation, started their decent towards the cemetery just as the sun had risen to about the same height as the Washington Monument several miles distant. And still the singing and the pounding drove the formation as it snaked down the hill towards the gates of the National Cemetery.

The colors passed into the cemetery and, like a line of dominoes falling, the singing faded away. One platoon after the other fell silent in mute honor of our fallen comrades-in-arms laid to rest in Arlington. As the voices died down, the only sound you could hear was the constant beat, beat, beat of the run and the Army colors whipping in the slight breeze. Nobody spoke except for the occasional NCO keeping everybody in step with a solid, but not too loud, 1 - 2 - 3 - 4, 1 -2 - 3 - 4. It was serene. It was sublime.

Midway through the run, the Sergeant Major called the formation to a halt and commanded us to right-face towards the middle of the cemetery. The rising sun burned off the last vestiges of mist from the manicured lawns. The breeze trickled through the formation’s silence and the Army Colors at the front. And then we all heard it; that mournful sound of a single bugler playing Taps. [9] It has been my experience that all military buglers start low at first; almost whispering the sound through the horn. Then they crescendo the tune to wrap the listener into a cocoon of sadness, memory and a sense about lives that could have been. On that misty morning, many soldiers young and old could not stop the tears from falling onto their cheeks.

A chill went down my back as it occurred to me that we were not merely taking a morning jog anymore. We were actually passing in review. These fallen soldiers who performed the ultimate sacrifice for their country were watching us and sizing us up. I hoped that we could pass muster. I had this great desire to let them know that we had the guide-on now and it was in good hands. We would not let them down. I stood a little taller then and the burden of running was a little lighter.

As the 1500 boarded the buses to head back to the Pentagon, I realized that this old soldier was less cynical today; less worn for wear. Although I may not have the shiny face of one of those new soldiers, I was reborn this morning. Together, both old and young, we will carry on.

Sources:

[1] “2013 in photos: the year in news,” PHOTO BY MANUEL BALCE CENETA, ASSOCIATED PRESS, Last Visited 22 May 2014

[2] “US and Allied Killed,” Neta C. Crawford and Catherine Lutz, Costs of War Project, Watson Institute, Brown University, March 2013, Last Visited 22 May 2014,

[3] “US Assisting Iraq in Fight Against Al Qaeda 2 Years After Troops Withdraw,” by Martha Raddatz and Luis Martinez, ABC News, 23 January 2014, Last Visited 22 May 2014, 

[4] “How many U.S. troops are still in Afghanistan?” CBS News, 9 January 2014, Last Visited 22 May 2014, 

[5] “Shinseki in Line of Fire, From the Chief: V.A. Secretary Criticized on Hospital Scandal,” by SHERYL GAY STOLBERG and MICHAEL D. SHEAR, NYTs, 21 May 2014, Last Visited 22 May 2014,

[6] "Army Cadence - My Old Granny, She's 91," 19 September 2008, Last Visited 22 May 2014,
http://www.youtube.com/watch?v=upw7zz0UiqE

[7] "C-130 Rollin' Down The Strip," 20 May 2007, Last Visited 22 May 2014

[8] "U.S. Army Cadence My Girls A Pretty Girl," 14 July 2008, Last Visited 22 May 2014

[9] “Montgomery clift trumpet,” From Here to Eternity, Posted 12 March 2007, Last Visited 22 May 2014,