NSA, GCHQ, Declare Civil War on Their Own People
The Guardian, NYT, and ProPublica have the first of the co-reported stories we’ve been promised, reporting that after the government failed to get Congress to require back doors into encrypted communication, it just went ahead and took it.
I’ll come back to these stories, but for the moment, want to just point to the various names it has given this effort, from ProPublica.
The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.
Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”
Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.
Manassas, Bullrun, and Edgehill.
All civil war battles.
Even rhetorically, our governments have declared civil war on us and our privacy.
Update: In related news, Obama’s Insider-Independent Non-Tech Tech Review Committee is seeking public comment on the dragnet.
Go let Cass Sunstein know what you think of this.
Jesus! In some ways these code names for systems are the most telling part of the story. And the weird thing is, they’re not as classified as you would think, given the number of people (contractors?) who use them and brag about them on Linked In. I guess some of the names are more classified than others.
When looking for Hagel and Kerry voting records yesterday, I came across this article from 2004. I missed some of this, or did not know enough detail about it in the 90’s during a period when I was busy with babies and toddlers and career from dawn til midnight.
Manassas was the Confederate name for the battle the Union called Bull Run. Interesting how they did the succession of systems.
Actually, Bull Run and Manassas refer to the same battle. US Civil War battles often had two different names, the Union one and the Confederate one. The Confederates named battles after the nearest town, the Union after some natural feature (Bull Run/Manassas, Antietam/Sharpsburg, etc), and like Edgehill, Bull Run/Manassas was the first battle of the US Civil War. Its obvious now – we are the enemy.
@JTIDAHO:
Great comment. Great. Comment.
Thank you.
EW, thank you for this post.
Tarheel, JTIH, nice catch.
During this same time the NSA and Brits are slipping in through the back door there’s that End Game memo Larry Summers is supposed to have written that has Greg Palast reporting:
– “The Memo confirmed every conspiracy freak’s fantasy: that in the late 1990s, the top US Treasury officials secretly conspired with a small cabal of banker big-shots to rip apart financial regulation across the planet. When you see 26.3% unemployment in Spain, desperation and hunger in Greece, riots in Indonesia and Detroit in bankruptcy, go back to this End Game memo, the genesis of the blood and tears.”
http://www.gregpalast.com/larry-summers-and-the-secret-end-game-memo/
That popping sound is Tea Partiers heads exploding over “proof” of One World Government.
Though for me in the real world I keep in the back of my mind Chris Hedges warning that the government knows what’s coming with climate catastrophe. So this is just another bit of evidence of their paranoid need to know what 7 billion human beings are doing or could do so they can, I guess, warn the rich and privileged to raise the bridge and stop feeding the crocs? To be the last to starve must have some esoteric meaning that escapes me.
@John Casper:
IIRC, there were two battles at Manassas/Bull Run. And the Union lost both of them.
Why are you discussing NSA, GCHQ and inconsequential things like spying, privacy and the law when Obama needs us debating a lose lose situation in Syria he and his so desperately want.
Snowden doesn’t know the secret handshake but is still able to get into the files, amazing who does computer security for them Daffy Duck?
der is The Memo a fun read or what, a Cypress haircut coming to Amerika soon.
Yea, I think you’re right Marcy. I think it’s another case of hubris and and an inside joke. Kinda like Ahnold’s f*** you veto
http://www.wired.com/threatlevel/2009/10/schwarzenegger/
Only it’s no joke – they’re serious
@joanneleon:
I also just found out about Clipper Chip today when I read the ProPublica piece on this new information.
Since it mentioned the ACLU being involved in that, I looked for something, there.
Big Brother in the Wires: Wiretapping in the Digital Age; ACLU; 3/1/98 [Includes Timeline]
In World War II the Brits (and the Poles) with their Enigma cipher machines decrypted German communications and the US with their Purple or Magic cipher machines decrypted Japanese communications.
Did the US and the Brits then form the arguably suspect belief that they would have lost WW II without these decryption successes?
And has that now formed the basis for today’s belief by the NSA and GCHQ that they will have LOST if they don’t break all encryption?
“Even rhetorically, our governments have declared civil war on us and our privacy.”
It’s called hiding in plain sight; can’t say they didn’t let us know. Isn’t there an ancient tradition that contracts require public notice?
These revelations are sort of an anti-climax to me. It seemed to be a subtext to everything that’s preceded this in the Snowden revelations. If the NSA was deep inside everything they said they were in, then they had to have byapssed/cracked/stolen-the-keys-for/judicial-ordered-the-keys-for large amounts of encryption.
What’s really stunning is that Snowden had access to this stuff. Read the article and you see a passage about how this was a program that had no need to know, that it was a very carefully held secret. Heads should roll.
Thoughts.
1/So if they already have the keys, why did they have to shut Lavabit down?
2/Back during the “debate” in the 90’s over whether the government could have the encryption keys (http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/cr033098.htm), former FBI Director Louis Freeh was a proponent. And he kept at it after leaving the FBI (http://news.cnet.com/Former-FBI-chief-takes-on-encryption/2100-1028_3-961969.html). Is that significant?
Nice observation. The staff that think up these code names are usually very keyed in to what their superiors have in mind, but may publicly deny. To paraphrase one of Helen Mirren’s characters, knowing what one’s masters want even before they do is part of being not just a good bureaucrat, but the best. Secret Service wags can be equally prescient about their protectees’ defining characteristics when they assign them code names.
@P J Evans:
Precisely. Not merely a Civil War battle, though that’s pretty bad on its own: two Confederate victories.
Between stuff like this and Buffett’s low tide* baring stuff like the ol’ clipper chip, it’s getting easier to see why these folks have been so frantic lately.
*After all, you only find out who is swimming naked when the tide goes out.
@cymack: And you have to assume these military types would know their War Between the States history, especially as many of them are from the South.
@Saul Tannenbaum: Yes, isn’t it divine that Snowden outfoxed all of them? I suspected from the first time I listened to Snowden on video that he was one of these Aaron Swartz computer whiz-kid types. They barely finish high school and never finish college because they’re bored out of their minds. At the time, I was furious with the arrogance of my used-to-be-decent Senator, Dick Durbin, publicly trying to humiliate Snowden by saying that he hadn’t even attended college. Unfortunately, it’s people like Durbin, who aren’t the brightest bulbs in the chandelier, who feel some desperate need to try and make themselves look superior for having attained advanced degrees–even if attained from mediocre schools. If the NSA weren’t such a criminal organization, it could have had people like Snowden protecting its programs instead of exposing its bureaucratic corruption.
Will there be any 3rd party consequences of a US strike on Syria? Read this from the Wall Street Journal – Iran Plots Revenge, U.S. Says – http://online.wsj.com/article/SB10001424127887323893004579057271019210230.html
It’s behind the WSJ paywall, so go to Google News and search for this phrase “Iran Plots Revenge, U.S. Says”, and then click on the link that Google News provides and you’ll be able to bypass the paywall and read the story.
@Snoopdido: @13 The Germans had better generals, better equipment and generally better soldiers. So yeah, there’s a pretty damn good argument that we’d have lost that war if we had not been reading their mail.
The Germans could not believe that we were bright enough to break Enigma. They especially did not know about the Bombe, and other tools that automated the process.
We copied their radio traffic, re-encrypted it in our systems, transmitted it to the D.C. area where it was decrypted, re-encrypted and re-transmitted to the war zone. Often our commanders had plain text before the Germans had decrypted it for themselves.
The proof is in the Bulge, late in the war when the Germans were on the ropes. The took their traffic off radio and put it on land lines we could not intercept. They damn close to broke out and broke us when we did not know their order of battle and plans.
Almost Eisenhower’s first stop when he came to D.C. after Normandy was to Arlington Hall where the Army Enigma decryption was done. His message was that they could not have succeeded without that cryptanalysis.
NSA, GCHQ et al have a solid historical basis for valuing the ability to decrypt communications. Whether that means there should be no domestic privacy today is a different question. Many of the same people who helped bring us victory in WWII also believed that if NSA’s tools were turned inward they enabled tyranny. Current management apparently does not see that as a problem.
@lefty665: It was important to me to include the word “arguably” in my comment because it could indeed be argued that the US and the Brits might have lost without their decryption of German and Japanese communications.
I accept that you have made a reasonable case for that view. Personally, I’m in the other camp. Stalin and the Soviet Union was eventually going to crush the Germans because the Germans had run out of steam (and gas). The US was, of course, of some importance to the war in Europe, but it was dwarfed by the Soviet’s effort.
Germany may have had better generals, soldiers and initially equipment, but they had an idiot for a leader who continually and constantly overruled his generals. Attacking the Soviet Union instead of taking Britain was only one of that idiot’s memorable strategic blunders.
As for the Japanese, in my view they were fighting way above their class in taking on the US. They based their strategy on a short term quick strike success to get a deal from the US. They knew full well that if they didn’t get that deal, the overwhelming industrial superiority of the US would crush them in time.
But as I said, the point about the value of the decryption of German and Japanese communications could be seriously argued.
@Saul Tannenbaum: “Heads should roll.” Don’t you think some have?
Tough question isn’t it? Somebody’s got to keep it all running, and that requires access by really bright folks. If you’ve done a good job recruiting, some of them are going to be bright enough to figure out how to see what’s out there, and curious.
I believe you remarked in another post that there were likely some folks at NSA who had been warning about sys adm access. Maybe they’re in the driver’s seat now.
@Snoopdido: What I’m doing is repeating what that generation of folks told me. They were there and they were convinced, but that is hearsay to you.
Some of their other opinions were that we were for the most part ineptly led, with second rate equipment, and poorly trained soldiers. They were convinced that the difference between victory and defeat often was knowing what forces the other guys had and what they planned to do with them. There’s a good argument that at least for the leadership and maybe training not much has changed.
I certainly agree with your take on Hitler, and Gen. Yamamoto shared many of your views. It is worth noting that decrypts enabled taking his skills out of the battle and shortened the war in the Pacific.
Your conclusion does not not parse. Would we have had no Iron Curtain in eastern Europe, but the USSR all the way to the Atlantic? Would it have taken a dozen atomic bombs to defeat Japan? Would the Germans have had time to develop their own atomic weapons?
Decrypts unquestionably made a profound tactical difference throughout the war, That was in the end strategic by shortening the duration by years. As Churchill remarked, it was the “Wizard War”.
Domestic surveillance today enables tyranny, every bit as much as it did decades ago when those long dead NSAers voiced their fears about having their tools turned inward. They swore that would never happen on their watch, and for the most part it did not.
@lefty665: I mean that Keith Alexander should be fired.
Assume, for a minute, that I’m one of those people who think this stuff was all legal and proper, and that Snowden’s leaks were aiding and abetting the enemy.
At this point, you have public, incontrovertable proof that the NSA was managed in a way that put serious secrets at risk. Not classification to hide contracting fiascos, things that were so closely held that there was no “need to know”. And some contractor walked off with them.
In what world isn’t the right response to fire the head of the NSA for negligently aiding and abetting the enemy?
It makes me want to look for a way to become Harvard staff for a day to go to this and ask impolite questions: http://belfercenter.hks.harvard.edu/events/6097/talk_with_general_michael_hayden.html
A proponent of govenrment spying once said to me:
By which logic all rules must be broken by them “for our own good” even rules designed to keep them in check. By that logic of course we should also just kill everyone before they kill us. Comforting to know that our government is run by a generation of people that believe that shit.
@Saul Tannenbaum: “In what world isn’t the right response to fire the head of the NSA for negligently aiding and abetting the enemy?”
Apparently ours, but yes you are right, it is the only rational action. It happened on his watch. He’s been there far too long anyway. Past time to go.
You would have a good time:) How hard did they have to photoshop that pic of Hayden to suppress the jowls? Makes him look more like Poindexter.
In case you missed it, the Guardian released 2 documents related to their latest report on back doors into and breaking encrypted communication. The documents are:
1. NSA: classification guide for cryptanalysis – http://www.theguardian.com/world/interactive/2013/sep/05/nsa-classification-guide-cryptanalysis
2. Project Bullrun – classification guide to the NSA’s decryption program – http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide
In reading them, there are a couple of unexplained acronyms. As far as I can tell, these are their definitions:
ECI – Extremely Compartmentalized Information
PIQ – I don’t know but one of Google terms that comes back is Platform In Question
CES – Cryptanalysis and Exploitation Services
CAO – Classification Advisory Officer
Chief S31 – Chief of Cryptologic Exploitation Services
Bruce Schneier has two Guardian articles relating to this matter which are well worth reading:
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
@Snoopdido: If these documents are the source of the NY Times article, the irony is that is metadata.
It’s a description not of the programs themselves or the technologies or of the “sources and methods” but a guide to the classification of the various layers of facts involved.
But since its metadata, surely the NSA can’t be complaining, because it’s not as if we’re reading about the details, just how the details we don’t know about are classified. Right?
@Stephen:
thanks for posting these together. i had read the “betrayal of internet” piece, but missed the “remain secure” piece.
this latter is extremely informative and very specfic, more so in some important ways than the pieces by the guardian’s reporters.
i encourage all to read thru schneir’s “remain secure” article.
the nsa is not all-powerful. it cannot break all encryption, and in fact depends as much on human moral weakness leading to co-optation and co-operation, e.g., from microsoft, than from computing power or mathematical insight.
I’m late to this party, but has the security of electronic voting machines crossed anyone’s mind? Of course, the importance having of vote presupposes that there is a real choice to be made between candidates.
I guess this explains stories such as these::
http://theconversation.com/worlds-toughest-encryption-scheme-is-vulnerable-so-what-about-you-2958
http://www.tgdaily.com/security-features/48722-severe-vulnerability-found-in-rsa-encryption
There is an Australian Financial Review article relating to the subject-matter of this thread which ends with a quote from Dan Kaminsky which is worth repeating:
http://www.afr.com/p/technology/internet_experts_want_security_revamp_aHMy2hm1xHd1qoW80DrJgP
The article is titled “Internet experts want security revamp after NSA revelations” and ends with the article noting that “overnments around the world, including democracies, are asserting more authority over the Internet, in some cases forbidding the use of virtual private networks.”
It then gives us this Kaminsky quote: “[I]f the nation states decide security isn’t something we’re allowed to have, then we’re in trouble…. If security is outlawed, only outlaws will have security.”
@Joanne: While I am not an expert, it seems they are not secure. The use of voting machines in elections in Germany was effectively banned by the German Federal Constitutional Court after the Chaos Computer Club proved that they are susceptible to manipulation, see here. There is no reason to believe that voting machines elsewhere are more secure.
Oh, the page I linked to above doesn’t actually talk about how the voting machines were proved susceptible to manipulation. See here. You can find the report given by the CCC to the German Federal Constitutional Court here. Unfortunately both pages are in German.