Monitors Nearly Everyone's Internet Use
by Alfredo Lopez / November 3rd, 2013
What a week! Shortly after Secretary of State John Kerry admitted
that maybe our government had gone “too far” in its surveillance
programs, the
Washington Post dropped another Edward Snowden bombshell demonstrating that it is going a whole lot farther than we knew.
If Kerry’s ersatz admission — couched in a defense of National
Security Agency surveillance — provoked a collective yawn from many who
follow these developments, the latest Snowden stuff snapped us to
attention. The
Post published an article
detailing the NSA’s interception of information coming in and out of
Google and Yahoo servers over non-public, internal network fibre optic
lines. In December, 2012 alone, the program (revealingly called
“MUSCULAR”) processed 181,280,466 Google and Yahoo records that included
email, searches, videos and photos.
The NSA diagram for Google interception: note the smiley!
Up to now, the NSA has defended its actions by telling us it is
combatting terrorism through the capture of data in a public space, the
Internet, after obtaining court orders. This shows they were lying.
MUSCULAR is the theft of about 25 percent of all Internet data from two
of the most popular data handling companies with no court orders or
advisories in complete defiance of the law and our rights. It is, quite
simply, government gangsterism.
And it brings into focus the most important question: why? Because
this isn’t about counter-terrorism, not with that many records and their
surreptitious capture. This is about surveillance and analysis of the
daily communications of an entire country and much of the world.
The technology of MUSCULAR, a program jointly carried on by the NSA
and its British counterpart, isn’t hard to explain. Essentially,
technologists at the spy agency have figured out a way to intercept data
being exchanged among servers that store everything you do on Google
and Yahoo.
Here’s the difference between this and other previously revealed
spying programs. Your data travels over the Internet to get to those
servers and be stored there. For others to see what data you’ve stored,
it must travel out, again over the Internet. That’s legally protected
data and the NSA (at least theoretically) needs a court order to remove
it from those servers. The FISA court (the NSA’s blessing source) almost
always rubber stamps NSA requests so it’s pretty easy to conduct that
kind of data extraction but at least there is still a record of what the
NSA is looking for and why and some grounds for taking legal action
against it.
Muscular doesn’t go near the data as it’s travelling on the Internet
or while it’s on those servers. Instead it intercepts data that’s
already been stored and is travelling through non-public connections
between each company’s many servers as the companies synchronize stored
data or transfer it internally. Internet giants like Google transfer
data among their servers constantly in networks of servers known as
(you’ve heard it before) “clouds”. This constant transfer helps
distribute server activity so that a sudden spike in requests for data
on a particular server doesn’t crash it (called “load management”) or
for maintenance, security and other reasons. To do this they use special
fibre-optic wires that connect their various servers and are not
publicly available.
The data transferred among these servers is typically encoded so
nobody can read it without having the decoding keys. That’s a security
measure. According to these reports, the NSA has figured out a way to
de-code those formats, then captures the data being transferred by
tapping into these internal connections and then, without anyone outside
the NSA knowing it, decodes the stuff and analyses it to decide what,
if anything, they want to do with it. If they decide to store it, they
have several NSA storage centers that can easily handle it. They then
allow the data to resume its journey. It all happens in micro-seconds.
This is typically called a “man in the middle interception” and it’s
like tapping the wire between your computer and an external hard drive
you use for storage — except multiplied hundreds of millions of times.
“I knew the NSA drawing was real from the smiley-face,”
wrote Slate‘s David Auerbach,
referring to the Internet smile icon used in the leaked diagram and
replicated above. “Only an eager and myopic software engineer — seeing
the interception of Google and Yahoo’s data as a challenge and game
rather than as a security and political matter — would make such a
light-hearted and self-satisfied gesture at the prospect of hacking into
Google’s internal servers.”
Of course, it’s not a game. It is a highly sophisticated and
intentionally intrusive method of data-gathering: spycraft at its most
pernicious performed constantly on the email, photos, videos and other
data posted by the people of this country (and many others).
NSA chief Keith Alexander was immediately dispatched to issue his
predictable disclaimers: “It would be illegal for us to do that. So, I
don’t know what the report is,”
he told a cyber-security conference
last week. “But I can tell you factually we do not have access to
Google servers, Yahoo servers. We go through a court order.” Alexander
has proven himself a master of evasion in the past but this was a doozy.
This is about tapping wires not accessing servers.
Officials at both Google and Yahoo tried to put make-up on their
black eyes through statements of outrage, calls for “restraint”, and
assurance that they were not “advised” of a massive surveillance effort
they would never have approved. But the point is that it’s happening and
their PR-driven assurances to users that our data is safe mean
absolutely nothing.
What a mess! In the space of two weeks, President Obama publicly
states that he didn’t know the extent of the spying but will
aggressively “look into it”. Secretary Kerry admits it may have gone too
far but it’s all in a good cause. Alexander side-stepped comment on the
real revelation and his National Security Advisor boss James Clapper
seemed intent on avoiding the issue entirely be issuing another of his
famous non-denial statements. In fact, the non-denials were bouncing
like a bunch of ping-pong balls during an earthquake — colliding with
each other in a nonsensical frenzy. That was coupled with the flow of
rhetorical outrage emanating from many governments as Snowden
information made clear that surveillance was being conducted on
everything from Spanish citizens’ email accounts to the personal emails
(and perhaps phone calls) of German chancellor Angela Merkel.
Obviously, data gathering of this scope isn’t about catching
terrorists. That certainly could be part of the outcome but there’s no
way you analyze over 183 million pieces of data in a month to identify
crazies. Something else is going on.
Post reporter
Bart Gellman, who broke the story, told PBS
that “…on its face I don’t see any evidence that they’re flouting the
law here. They’re using it in ways that the companies and the public
didn’t expect.” But that challenges logic. Going into a company’s
internal systems to remove data without that company’s knowledge sure
seems illegal. At the very least, it reflects a disturbing cynicism on
the Administration’s part about the spirit of the law and what privacy
laws tell our government about how it should relate to its citizens.
The question, however, isn’t whether this is legal but what the Obama
Administration is trying to do with the definition of legality. The
history of this Administration demonstrates that it’s preparing for some
very troubled times and its preparations are obscenely repressive. With
an economy that simply cannot return 25 million unemployed people to
work, the massive retrenchment of people’s rights, the slashing of our
social safety nets, a society ripped apart by the frantic hysteria of
weekly domestic terrorism, an insane but growing extreme right-wing and a
Congress that has no popular support and is no longer governing anyone,
the eruption of massive protest and resistance in every corner of the
society is no surprise. Nor does it take much vision to predict that
things are going to get a whole lot hotter.
The politically powerful are involved in an intense debate about how
to govern this society while the social contract it has used to govern
in the past can’t be met. The debate rages but it’s clear that all sides
are talking about a more restrictive society. The key to such
repression is data capture. No matter how intense and widespread this
repression turns out to be, they have the data they need to make all
options possible including the crushing of protest movements. Do we
trust them not to use the data that way?
In past contributions to these web pages, I’ve written that, while we
are not in a police state, the government has constructed an apparatus
capability of turning this country into one with a flip of its legal
switch.
That’s the meaning of the MUSCULAR revelations. As far as data is concerned, everything is in place.
No comments:
Post a Comment