Matt Gemmell has written his take on the NSA scandal. Gemmell is someone who I normally agree with, but in this case I am in disagreement. There is a chance that cultural differences (however slight) are at play here, but I still would like to respond to a couple statements he makes:
If you didn’t already assume that all this was happening, I really have to wonder why not. It’s inevitable, and entirely in keeping with the goals and modus operandi of state-operated secret signals intelligence-gathering institutions. That’s what they do. That’s what they’ve always done, and what they’re designed to do.
I think there’s a few issues at play in this paragraph, but the only one I want to tackle right now is the notion that people should have assumed this was occurring. I’ll point you to cryptographer Matthew Green, talking about an interview he did with ProPublica (wherein he didn’t know about what was to be released):
I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.
All of this is a long way of saying that I was totally unprepared for today’s bombshell revelations describing the NSA’s efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough.
Gemmell thinks we should have all assumed this was going on, but even very smart cryptographers couldn’t imagine the scale of this. That’s what I take issue with. It’s fine to say that we perhaps should have thought more was going on than meets the eye, but to assume that this level of subversion was at play was something that only the most paranoid assumed.1
Back to Gemmell:
This current flap is about privacy from the state. Notionally, we’re protected by legislation, due process, reasonable cause, and so forth. More realistically, we must assume that the state knows (or at least can know, should it choose to) everything about our online lives, which in turn reveals probably almost everything about our offline lives.
I don’t know anything about laws outside of the U.S., so I will only comment on those that I know. But it is widely believe here in the U.S. that such programs violate our constitutional rights. It is with that in mind that Americans (at least) assumed that any spying done at this level was done in direct protection of the country and never on American citizens — this is looking to be a false assumption.
This is a big deal. It’s not just a matter of secret laws, it’s a matter of violating some fundamental truths that Americans hold near and dear. Namely being, as Gemmell so accurately notes, privacy.
There’s a lot of points I don’t like, but that doesn’t make them invalid. Gemmell has presented a very good argument, just one that I very much disagree with. Especially this point:
So what do we do about it? Probably not a lot, if we don’t want to sacrifice effective national security, international relations, and global communications.
Say what now? That’s a weak sentiment — that nothing can be done so why bother — and anything that is done makes “us” woefully insecure. I couldn’t disagree with that more.
Terrorism is not as rife as news media and politicians make it sound, and while we certainly don’t know how much these programs have prevented, reining these programs in certainly wouldn’t lead to daily 9/11 attacks.
Lastly, international relations (from the US side at least), are already on thin ice. The U.S. makes a ton of the software the world runs on, and some of that software has most certainly been compromised in the name of U.S. interests — how does stopping that do anything but bolster international relations?
“All that is necessary for the triumph of evil is that good men do nothing.” –Edmund Burke
And I am pretty damned paranoid. ↩