Keys, Immunity, And Valuation

-Submitted by David Drumm (Nal), Guest Blogger

keysThe U.S. government has demanded that internet companies turn over their master encryption keys that are used to secure Web communication. Web encryption is active when an HTTPS appears on the URL. The technique is called SSL, or Secure Sockets Layer. For example, HTTPS encrypts communications only between the browser and Gmail’s servers. With the master keys, decryption of the contents of the intercepted communication is possible. “Strongly encrypted data are virtually unreadable,” according to NSA director Keith Alexander. The internet is fast becoming an encrypted model as more internet companies adopt SSL.

The internet companies are refusing to say if the government has requested their master keys. A Google spokesperson said that Google has “never handed over keys” to the government. A more impressive response came from Richard Lovejoy, a director of the subsidiary FastMail, who said “Our interpretation is that we are prohibited by law from releasing our SSL key. In the event that we received such a request, we would refuse, for both legal and ethical reasons.”

Meanwhile, NSA director Keith Alexander has been working Congress to get them to provide blanket immunity to any internet service that helps the government fight cyberattackers. The concern for civil libertarians is that the immunity would be used to cover the companies violating privacy laws when giving the NSA data. A previous telecom immunity bill, supported in an about-face by then candidate Barack Obama, has left a bad taste in the mouths of many. One source has characterized Alexander’s requests for bill language that’s “as ill-defined as possible.”

Leading the Obama Administration’s charm offensive to convince us to love the surveillance state is John C. Inglis, the deputy director of the NSA. He had grand stories to impress on us that the billions spent spying on Americans are merited. Inglis picked two episodes to highlight the “contributions” provided by NSA programs. In the first case, several men in San Diego were sending money to a Somali terrorist group. In the second case, the NSA discovered that a suspect in a subway bomb plot, who was already under scrutiny, was using a different phone.

In the words of Jed Clampett: “Pitiful … just pitiful.”

A suspect under scrutiny means a suspect under surveillance. There are cheaper ways that spoof a cell phone into thinking it’s talking to a cell tower and collect the phone’s metadata.

Claims regarding the thwarting of 54 terrorist events and the capture of 300 terrorists are often cited to justify the effectiveness of NSA programs. However, these figures are from programs that target noncitizens abroad and have apparently been quite valuable. The success of foreign operations is often conflated with domestic surveillance programs to make it appear that domestic programs provide a valuable contribution. When the domestic program is isolated, as above, its real merit is expectedly dismal.

H/T: Charlie Savage and David E. Sanger,  Declan McCullagh, Kevin Drum, Tony Romm, Mano Singham, Steve M.

48 thoughts on “Keys, Immunity, And Valuation”

  1. OS: “When somebody gets one of those security letters and is forbidden from even discussing it with their own attorney or congresscritter, there is something seriously wrong.”
    ***
    Right, a secret court signs off on a secret warrant to investigate the possible violation of secret laws and if you have the temerity to even think about talking about it- don’t, it’s secret. Srsly, (and for the umteenth time) can we just call it fascism now? Srsly, this differs from the worst aspects of a fascist, totalitarian regime in what deep way. We still get overpriced cable service, credit cards, 59 flavors of ice cream? Srsly.

  2. LottaKatz,
    About this lack of necessity for immunity unless the immunized conduct is illegal—That is just beautiful.

    By the way, has anybody heard how Eric Holder’s investigation of James Clapper’s perjury to Congress is going. Can we expect that charges are imminent. I am still waiting for those CEO’s of the tobacco industry to be charged for their under oath declarations that they knew of no link between smoking and cancer. Really this is just my way of saying that you are probably correct in your observation that we may very likely end up with a class system where the non 47%ers have the benefit of privacy, but the rest of us are just sh*t out of luck.

  3. Everything else is conjecture presented to us by liars who are stripping out the rule of law. -Jill

    Agreed. And they’re continuing to cover up… (There’s more to come, as some know.) Maybe one of these days these liars will be unmasked and shown for the traitors they are.

  4. Ignore last comment. Should be:

    “We are far more unsafe under a lawless govt. than as potential victims of an attack. ” -Jill

    Some of us are living proof…

    And what lottakatz said, and Blouise echoed:

    “Pretty obviously, if it wasn’t against the law companies wouldn’t have to be immunized.” (lottakatz)

  5. To add–there is no reason to believe claims about foreign threats. These are people who lie over and over. We have no idea what they have and haven’t thwarted. We do know they have been caught lying, that this govt. has resumed double taps, that they are arming the very terrorists whose plots they claim they are stopping. That’s what we know. Everything else is conjecturer presented to us by liars who are stripping out the rule of law.

  6. “We are far more unsafe under a lawless govt. than as potential victims of an attack. ” -Jill

    Don’t some of us are living proof…

    And what lottakatz said, and Blouise echoed:

    “Pretty obviously, if it wasn’t against the law companies wouldn’t have to be immunized.” (lottakatz)

  7. The hallmark of this govt. has been making the illegal, “legal”. That’s all this is.

    Further, we need to stop accepting the stopping of a terrorist attack as a trade off for giving up our rights. We are far more unsafe under a lawless govt. than as potential victims of an attack. After 9/11 people were willing to make that trade off and we see the consequences clearly. It has been a disaster.

    While I think it is also good to point out how useless all this spying has been, one day coming up, they will thwart an attack on the “homeland”. We should be prepared for that and be willing to stick up for the rule of law, no matter what.

  8. lottakatz

    Pretty obviously, if it wasn’t against the law companies wouldn’t have to be immunized.

    —————————————————-

    Yep

  9. A few weeks ago, I wrote a blog post about illegal aircraft ramp searches by the Border Patrol as far inland as Iowa City.

    http://jonathanturley.org/2013/06/09/the-security-state-its-getting-worse-for-ordinary-citizens-general-aviation-is-now-targeted/

    To follow up, the Aircraft Owners and Pilot’s Association (AOPA) filed multiple FOIA requests with the CPB asking for some explanation. They got a reply. Sort of. Short version of the government response: “Kiss off!”

    This is the AOPA weekly video news report for July 11. The non-response to the FOIA requests is the lead story. There may be a short ad at the beginning.

  10. Paul is right. Less brandy-snifting, more activism, please.

    The NSA is out of control. Now is the time to agitate against this pointless invasion. It is NOT the “new way” shoved upon us my changing technology. There is no excuse for it. Privacy did not end with the digital age.

    Let us now discuss what we are going to *do* about it.

  11. Great article David.
    OS,
    You bring up a good point about the liability issues down the line for any professional that has a duty to keep his or her client’s information confidential. Unfortunately, the only immunity given in this country is to large corporations. Sad.

  12. OS, Orwell never saw 1984 as fiction, just futuristic nonfiction. I was happy to see the NSA chief heckled @ the hacker’s convention. He had big balls showing up there. I would love to see some hacker worm the NSA monolith.

  13. LK,
    The problem arises from the secrecy firewall. When somebody gets one of those security letters and is forbidden from even discussing it with their own attorney or congresscritter, there is something seriously wrong. Why is such secrecy needed, when the threat of being killed or injured in a terrorist attack miniscule. Yet we squander enormous treasure, time and precious freedoms to protect us from what? A shoe bomber too dumb to set his own shoelace on fire.

    At the same time, all that security has not protected us from domestic terrorism by anti-abortionists, school shooters, and people who can make explosive devices from stuff you can find in your own kitchen or garden supply store. I see in the news a couple got a visit from agents after the husband did an internet lookup for backpacks, and the wife was shopping online for a new pressure cooker. Hello! It is almost time for school, and kids carry backpacks. Also, as canning season approaches, some people do preserve food to save money. How is that worth a search warrant and home search by unsmiling gentlemen in dark suits?

    When I first read Orwell’s 1984, I saw it as fiction. Who would have thought the US government would view it as a how-to manual.

  14. Great post. But, and this is a big BUT, nothing will change if we all read this and go “Oh how disgusting”. Nothing will change if we sit on our laurels and read. If you oppose this sort of crap, write to your Senators and Congress person. They and they alone can change this state. And when the next election comes around, remember the response you get (or did not get in my case) and vote accordingly.

    Remember, reading and reporting this is nice but unless we act, this is only the tip of the iceberg.

  15. A very similar fight occurred under Clinton with the whole Clipper chip controversy. The govt wanted the backdoor keys to the castle, with pinkie promises that they would never use them unless they had a court court order.
    That didn’t fly very well, with either industry, the public and consequently the politicians.

    Now they are working on Clipper Chip 2.0, different circumstances but virtually the same deja vu all over again.

    When it is out in the open, these things don’t fly very well; the NSA’s success in vacuuming all our information is a product of intense secrecy and lying to the public.

  16. Perhaps OS, there will be a class division arise whereby certain classes of people have more secure information than others, it will be a status thing like the designations of information clearances (Secret, Top Secret, TS w/access) is now. Maybe the new information age will see two classes of people, those with access/secure accounts and those without.

  17. Pretty obviously, if it wasn’t against the law companies wouldn’t have to be immunized.

  18. One thing about the so-called immunity. I am wondering how these immunity laws for ISPs will protect those of us who have licenses to practice a profession. If there is a licensing action by a state board, those immunity laws do not keep the board from jerking your license. Under professional canons of ethics, all patient and client files are protected. If thousands of (formerly) encrypted patient or client files are swept up because they are looking for one person, it could cost professionals their license to practice.

    Here is an example: Suppose the analyst scanning a lawyer or doctor’s confidential file sees a familiar name. Perhaps that of his wife. And the file contains information that she is in an intimate relationship with the next door neighbor? She had given that information to her doctor or lawyer expecting it be kept in confidence. Every professional person who visits this blog has files full of that kind of stuff. Think on that.

  19. I find the recent trend in legislation providing immunity to service providers for telecommunications to be a very disturbing trend. So now the government is “fixing” the legal issue by saying: “You may be breaking the law by cooperating with us, but you can’t be charged or sued.” Very comforting for the rest of us, I’m sure.

Comments are closed.