24 February 2016

Sauce for the Goose

Meanwhile, back on the spook front, a couple or three developments. Maybe not all of a piece. They just bunched up on the radar around the same time.

To begin with, NSA has announced the establishment of a new Directorate of Operations, to oversee two previously separate missions - known as Signals Intelligence and Information Assurance - the first their offensive eavesdropping capacity, and the second their security firewalls. This is kind of a big deal, although it might not seem like it to an outside. The intelligence agencies prefer not to cross-pollinate.

Although inter-agency and intra-agency transparency looks good on paper, there are inherent risks, and they don't necessarily have a lot to do with jurisdiction or budget fights. Yes, you always have to live with dedicated turf warriors, but this is actually about keeping your assets secure and compartmentalized. For many years, CIA has maintained an institutional divide between Intelligence and Operations, and resisted calls to integrate. You could argue one mission is passive and the other active, but more to the point, a compromise on one side of the shop doesn't jeopardize the other. You limit your exposure. You're not giving up a roadmap to sources and methods.

So it's a trade-off. NSA may well enhance its analytical skills, of intercepted traffic and in defense against cyber attack. They may also be opening the watertight doors.

The next thing that caught my attention probably falls under the heading of Old Wine, New Bottles. Some while ago, DARPA came up with a program, or a menu of programs, called Total Information Awareness. This was shelved, for a time, and then implemented by fits and starts, not as a fully coherent approach. Then come the Snowden leaks, and data-mining is on everybody's lips. Nancy Pelosi and the House Intelligence Committee are shocked, shocked, but eventually the smoke blows away. Now a new tool has surfaced, called Information Volume and Velocity. (Don't you love these names?) This is designed to model trends on social media, among other platforms.

The most obvious application is counterterrorism. ISIS, for one, and the insurgents in the North Caucasus, for another, are more than familiar with Twitter and Facebook. They use them for recruitment, and public relations, and for command-and-control in the field - although lately the more popular vehicle has been on-line simulator games. You can see the appeal of a first-person shooter.

The problem, from NSA's point of view (or CIA, or the FBI, or Homeland Security), isn't data collection. The issue is how to process the material, and spin gold out of straw. The volume, not to mention the velocity, is impossible to keep up with. What they've got is an embarrassment of riches. The information environment is overwhelming. They need a filtering mechanism, to define the threat posture.

Last but not least, we have the recent Apple dust-up. This isn't a theoretical, or preventative policing. It's a question that came up after the San Bernadino shootings last December. Farook, one of the shooters, had an iPhone. FBI investigators would like to unlock it, and Apple says they won't provide a way to defeat the encryption. What we got here is real quicksand.

These issues are nowhere near clear-cut, although Apple CEO Tim Cook seems determined to frame it in apocalyptic terms and FBI Director James Comey is taking a predictably hard line. The law-and-order argument is uncomplicated. Comey says, we need to pursue every lead, in case other people are involved. We have a duly-issued search warrant for the digital contents of the phone, and the manufacturer has a legal and moral obligation to comply. Apple has in fact given the FBI everything it could download from the Cloud, but it refuses to write code that would reverse-engineer the encrypted data that's on the phone itself. Apple maintains that this would of necessity amount to a master key, that would unlock any iPhone. In other words, they could no longer market a secure product. They may cloak it in civil liberties, but it's a business decision.

The disingenuousness, or hypocrisy, on both sides, doesn't take away from either position. Comey's point is perfectly well taken, and so is Cook's. And for once, although I'm sure there are people who probably think I never met a surveillance program I didn't like, I'm with Apple on this one. Whether you trust U.S. federal agencies to take the high road is irrelevant. There are other countries in the world. There are more than a few that bully their own citizens, and whose management of information technology is anything but benign. We'd be handing them a loaded gun.

Is there a common thread? I dunno. There's no hard and fast. Maybe it signifies, maybe not. Stuff drifts past in my peripheral vision, and sometimes it catches the light.


  1. A quick footnote. Gen. Michael Hayden - former director, NSA - appears to be taking Apple's part, whereas Bill Gates thinks they should comply with the FBI request. Interesting, because it's the opposite of what you'd expect.

  2. When it comes to the Apple dust-up, I'm on the FBI side. In a world where almost everybody has a smart phone - including terrorists, fanatics, and basic thugs - I believe there should be a back-door to them. I know, I know - right to privacy. Sorry, I grew up in a household where the only right to privacy was between your ears, and a few decades where routine wire-taps of anyone Hoover didn't like was the norm. Plus these people (San Bernardino) are dead. Crack it open, find out who/what/when/why (if at all possible).

    And you're right, Apple's stance is really a business decision. If they win, every terrorist, fanatic, thug will make sure they have I-phones, not Androids. Huge marketing potential.

  3. I'm a big Apple supporter, but I'm with Eve, here. Crack it open.

  4. "That was intended to be done by that office is being done by that office, NOT by that office in other ways.” -Secretary of Defense Donald M. Rumsfeld, discussing the Office of Strategic Influence, 111802

  5. Maybe I'm shallow, but I'm curious about the elephant? Is that from the gaming mentioned?

  6. The elephant image came off a search for DARPA projects. Ha!

  7. David and I have been writing about these topics since the early days. In 2013, we speculated the NSA hadn’t stopped domestic spying despite a government prohibition:

    “Ten years ago our government supposedly banned the Information Awareness Office (IAO) and by extension the NSA from spying on us, yet the outsourcing contracts quietly continued. Private firms continued development. … Does a business continue a program that has only one potential customer unless they expect to turn a profit?”

    I’m not only an ardent, uncompromising civil libertarian, I appear to be a contrarian. Every bite out of our eroding civil liberties is a win for the bad guys. As a software designer, I was never threatened with legal action– indeed, my efforts were directed against the bad guys– but defending citizens against an over-reaching government is what freedom is all about.

  8. David, I think it quite interesting that you juxtaposed these three interrelated issues: particularly the Iphone legal issue and the issue of what I think of as focused targeting, which you more aptly describe as "creating a filtering mechanism". Those last two may well be more connected than we know. And, certainly, learning to "spin gold out of straw" (or separating the wheat from the chaff) is one of the most difficult elements of analysis imho.


    P.S. Love the elephant! It's dead on target, in my book.

  9. Personally, I have a strong suspicion that there never has been, never was, is not, and never will be any marketed software code, for i-phone, smartphone, or anything else, that the manufacturers thereof do not already have a backdoor so that THEY can go in whenever they like. But I was born cynical.


Welcome. Please feel free to comment.

Our corporate secretary is notoriously lax when it comes to comments trapped in the spam folder. It may take Velma a few days to notice, usually after digging in a bottom drawer for a packet of seamed hose, a .38, her flask, or a cigarette.

She’s also sarcastically flip-lipped, but where else can a P.I. find a gal who can wield a candlestick phone, a typewriter, and a gat all at the same time? So bear with us, we value your comment. Once she finishes her Fatima Long Gold.

You can format HTML codes of <b>bold</b>, <i>italics</i>, and links: <a href="https://about.me/SleuthSayers">SleuthSayers</a>