Friday, 1 November 2013

From Bank to Bude

This week's Snowden news, that the NSA and GCHQ have been copying Google and Yahoo data en masse, may prove to be more significant that the earlier PRISM and TEMPORA revelations, though the latter pointed to the likelihood of a programme targeting specific data types (i.e. Gmail or Yahoo Mail). While some appear more interested in the post-it note network schematic, complete with smiley face, the IT security maven Bruce Schneier gets to the point: "In light of this, PRISM is really just insurance: a way for the NSA to get legal cover for information it already has. My guess is that the NSA collects the vast majority of its data surreptitiously, using programs such as these. Then, when it has to share the information with the FBI or other organizations, it gets it again through a more public program like PRISM".

The wording of the slides implies that the NSA geeks are familiar with Yahoo's internal technology, notably the Narchive data format, but are not involved in discussions about operational use. They were unclear whether Narchive transfers were triggered by user relocation between data centres, backups from non-US to US sites, or "some other reason". Though this is potentially rich data (email content and attachments), the amount of it, and its age (over 6 months old), means "the relatively small intelligence value it contains does not justify the sheer volume of collection at MUSCULAR (1/4th of the total daily collect)", according to the NSA's own analysts. In essence, the NSA are leveraging Yahoo's housekeeping. Like an industrial-scale Benjamin Pell, they are rifling through the bins.

The schematic led to some initial speculation that the NSA might have hacked Google and Yahoo's front-end servers, or even compromised the SSL (aka TLS) cryptographic protocol, but the obvious interpretation is that they are simply harvesting clear-text packets within the companies' private networks. The best way to overcome security is to circumvent it, and the NSA and GCHQ had a method already in place because of their long-standing relationship with the telcos and cable providers for tapping. It's not clear where the quoted access point DS200B is, but a strong contender would be Bude in Cornwall, where many of the transatlantic cables land and GCHQ has a facility. A look at the global network of undersea cables highlights the importance of the peninusla. (Incidentally, it also indicates the importance of Australia in providing access to the cables that service South Asia, which in turn explains why the apparently nostalgic "Five Eyes" club remains so important to the US.)

Some see this revelation as a watershed moment for the technology companies. Though they were obviously aware of PRISM, because they were served with specific orders through the front door, this back door approach will only have needed cooperation by the telcos (and a willing foreign host, i.e. the UK), giving the Internet companies the grounds to claim ignorance and express outrage at the NSA's behaviour. In reality, it is improbable that the Silicon Valley firms did not know this was going on.

The schematic shows the Google front-end server as the gateway between the public Internet and the Google cloud, with the explanation "SSL added and removed here". Assuming this bears some relation to the truth, it implies that Google routinely decrypts data on arrival in the cloud, which is logical if your business model depends on analysing it for exploitation. The company's decision earlier this year to encrypt all of its traffic between data centres was probably not coincidental, but it is also somewhat misleading as encryption over the fibre backbone stills allows it to decrypt and leverage the data while resident on its cloud servers. Gmail has been encrypted since 2010, but that just means the "local loop" between the SMTP mail server and your device. It's been held in clear-text at Google's end all the time.

One point this highlights is that the operational reality of data storage, which means replicating it across the globe, makes the whole "on US territory" distinction re the legality of surveillance irrelevant. Regardless of where the data originates or is used, a copy can probably be accessed in a benign legislative environment. In effect, countries like the UK are replicating in the cloud (which has a physical reality) their traditional role as offshore havens (or "secrecy jurisdictions"), where domestic legal constraints and regulatory oversight can be circumvented. Conceptually, Bude in Cornwall is a lot like the City of London.

It would be naive to believe that this would solely be of benefit to state agencies, just as it is naive to believe that offshore tax havens are used exclusively by corrupt politicians and criminals. Fig leaves, like the recently announced register of beneficial owners for UK companies, ignore the reality that tax dodging is carried out quite openly. The problem is not covert evasion but shameless avoidance, and the irony is that companies like Google and Yahoo, otherwise outraged at the exploitation of their transparency, are practiced and determined avoiders..

In the realm of ideology, the revelation prompted neoliberal calls to reform the state to the advantage of personal liberty. Martin Kettle even went so far as to quote Spinoza: "the true purpose of the state is in fact freedom ... Its aim is to free everyone from fear so that they may live in security so far as is possible, that is, so that they may retain, to the highest possible degree, their right to live and to act without harm to themselves and others". According to Kettle, "On both the left and the right, many reflexively see the state as overly powerful in various ways. The internet age has undoubtedly intensified this view. It says: there's the state over there, with all its powers and controls. And there's us over here, answerable to it but not part of it." This false dichotomy ignores the central role of business, even though the evidence that the state and favoured corporations are engaged in a stitch-up across almost every area of public life is now overwhelming.

In the political realm, the debate over the NSA has already moved on from civil liberties and commercial exploitation to the struggles of great powers internationally (e.g. the current Merkel-Obama face-off) and the "oversight of surveillance" domestically (a serious debate in the US, comic opera in the UK). While neoliberals fear the balkanisation of the Internet, and the threats this poses to "online freedom", the reality is that the Internet has always been US "home advantage". The gradual erosion of this dominant position will continue, even if the NSA is reined in and Silicon Valley pays more tax in the countries where it trades.

The struggle is a two-dimensional matrix: the neoliberal dialectic of state and corporations; and the power bloc tussle of national and regional advantage (accentuated, rather than dissolved, by globalisation). The driver behind this is technology and the temptation for capitalism to monetise (and commoditise) a previously worthless asset, our private opinions.

No comments:

Post a Comment