26 June 2013

Through a Glass, Darkly

by David Edgerley Gates

The exposure of PRISM, the clandestine NSA data-mining operation, has raised a lot of hackles, both inside and outside the national security structure, and on both sides of the privacy debate. I'd like to assess three of the issues I think are involved. This is of course by no means exhaustive. I'm just putting my oar in the water.

First of all, what is it? The system, or systems, is based on pattern-recognition technology. A crude analogy might be a chessboard. Bobby Fischer was a genius at chess because he could read the entire game, not just six or eight or a dozen moves ahead, but every possible outcome of every available move. Consider the sixty-four squares and the fact that each piece, rook, knight, bishop, pawn, or queen, has a specific capacity, for attack or defense, all of them in relation to the others. 'Position' is the sum of these parts. Imagine, then, if you stacked eight chessboards on top of one another, a cube, sixty-four squares to the eighth power, making it a three-dimensional game. Not even a Bobby Fischer could calculate all the possible coordinates and relationships. Multiply this model by a few billion, and you'd have some idea of PRISM's brute strength.

Metadata, so-called, isn't about content. PRISM doesn't filter for keywords, or labels, or names. It looks for contours, and reconstructs their shape. A recent piece by Jane Mayer in The New Yorker explains this in some detail,

 Nor is this is a new development. DARPA, the Pentagon research facility also known as the Skunk Works, began work ten years ago or more on a set of programs they called Total Information Awareness. The first practical application was CARNIVORE, which analyzed electronic communications, encrypted and cleartext, but CARNIVORE was never fully deployed because of---wait for it---privacy concerns. PRISM has a narrower search parameter. Think of it this way. It's an axiom in the spy trade that a given message, by itself, is meaningless without context. What's important is who sent it, and who it was addressed to. In other words, the link is incriminating, and what might actually have been said in the message is secondary. PRISM ignores the message, and concentrates on the messenger. How is this effective? Your circle of contacts, immediate or one step removed, defines your profile, but 'profile,' in this sense, having nothing to do with your Facebook page. Everybody leaves a footprint, a migratory pattern, a set of lazy habits. I can stalk you through your friends.

The second point I'd like to take up is the role of private contractors in the defense and intelligence communities. GI's, for example, don't pull KP anymore. Food service is jobbed out. More at issue, hired guns like Blackwater have taken over physical security for diplomatic personnel in high-risk areas, and their lack of accountability got them thrown out of Iraq. Two of the guys killed in Benghazi, on the security detail, weren't CIA, but outside hires. This isn't just anecdotal. DoD employs 700,000 contractors, 22% of its workforce. 70% of the intelligence budget, by some estimates, goes to outsourcing, but this is difficult to pin down, because the specifics of the intelligence budget are of course classified. In the case of NSA, nobody knows exactly---nobody knows anything about NSA, exactly, since its culture of secrecy gives it the nickname No Such Agency---but an educated guess is that they have half a million private contract employees on their payroll, with high-end security clearances. These aren't insignificant numbers, and it's worth noting that they don't represent any kind of savings, either. Edward Snowden was knocking down 200K, twice what a GS-15 would make, or any military enlisted or officer rank. Booz Allen, Snowden's employer, had 5.9 billion dollars in revenue last year, almost all of it from U.S. government contracts.

The question being raised now, though, is whether private security contractors are stakeholders in national security. This isn't to tar them all with Snowden's brush, or to suggest dereliction of duty, but career military or civil service people tend to serve a purpose larger than themselves. Working for Booz Allen is a job, like any other. If you get a better offer, you move on. Oversized cubicle farms don't inspire brand loyalty. You're not in the Marines. It may be unfair to make these assertions, and the last thing we need is a witch-hunt, which would do nothing to undo the damage already done, and the lack of confidence the leaks have created, but it's long past time to re-examine the hermetic culture of the intelligence community. A good starting point might be the influence of corporate, marketplace economics.

Which brings us to the third and last question.  Who are these guys? Whistleblowers. Leakers. The terminology is suspect. It implies high moral standards, or at least moral relativism. Bradley Manning was obviously a square peg in a round hole. He may have been bullied, because he was gay, or just an odd duck. Almost certainly, he was isolated and unhappy, and his supervisors in the chain of command should have picked up on it. He was an accident waiting to happen. The court-martial proceedings against him have the flavor of retribution, not so much for his actions, but for the inaction of his immediate superiors. They should have suspended his clearance and sent him to a psychiatrist. Instead, they left him to sink or swim. The fact that Manning was treated with such indifference might go some way toward explaining him. He was at the bottom of the food chain. Perhaps, as a reflex, or in an effort to regain his self-respect, he came to feel he was better than they were, a sort of prince in exile, a secret agent, and in the end, he cast off his disguise. Sadly, no prince was revealed.

Snowden is a different case. He had a successful career, and the material trappings to show for it. He was, by his own account, quite the ladies' man. He was outgoing and personable. He had a social life. The other side of the coin from Manning. Snowden was dealt better cards. He turned for unaccountable reasons. He claims the high moral ground, but there's an odor of sanctity I mistrust. I'd give him more credit if he'd stuck around to face the music, but the prospect of doing thirty to life in a federal supermax would give anybody pause. What bothers me is the itinerary he's chosen. He's now left Hong Kong for Moscow, with the stated intention of flying to Cuba, en route to seeking asylum in Ecuador. The net effect of his stay in China has been to give support to Beijing's control and censorship of the Internet, e.g., they can claim that U.S. accusations of Chinese hacking are the pot calling the kettle black. Not to put too fine a point on it, Snowden is giving aid and comfort to the enemy. These are not the actions of an honorable man impelled by outrage. These are the acts of a defector.


Janice Law said...

our passion for outsourcing has some very big downsides, including divorcing much of the citizenry from defense, making it easier to employ the military and turning much of security into a profit making enterprise.

Leigh Lundin said...

David, my intended comment has grown so long, I think I've another article! If you forgive me, I'll write about TIA, PAM, and Poindexter Sunday after next.

Eve Fisher said...

Snowden makes me think he's really in it for the publicity, to become an international man of pseudo-mystery which he will then parlay into a career. If he can stay out of prison. And alive.

I am not particularly worried about the privacy issue in all of this - I am well aware that governments of any kind keep tabs on its people since the Persian empire, and with the US gov't - well, hasn't anyone heard of J. Edgar Hoover and his amazing files? What does worry me is the outsourcing. When it is just a job, without any loyalties to country, ideology, etc. - it's just the money, the career, who cares. And that's what we have, everywhere, today. Corporations are multi-national, without loyalty to anything but profit - and as multi-national entities, are very hard to influence, much less control.

Anyway, enough, or I, too, will have a whole blog post!

Louis A. Willis said...

Like Eve, what I'm worried about is the outsourcing. With so many people handling secrets some will leak, intentionally or unintentionally.

As for Snowden, he's had his 15 minutes of fame. I hope he'll soon face years of punishment.

R.T. Lawton said...

David, it will be interesting to see if Putin (former KGB) can keep his hands off of Snowden. Putin has already showed that if you shake Putin's hand, you'd better check to see if you still have all your jewelry, especially your rings because once he walks off surrounded by his bodyguards, you are out of luck.

Anonymous said...

This might interest you:


Anonymous said...