NSA, FBI creep & rule of law, democracy itself (Re: [cryptography] To Protect and Infect Slides)

[Adam Back]

This is indeed an interesting and scary question:

On Sun, Jan 05, 2014 at 08:31:42PM +0300, ianG wrote:
>What is a game changer is the relationship between the NSA and the 
>other USA civilian agencies.  The breach of the civil/military line 
>is the one thing that has sent the fear level rocketing sky high, as 
>there is a widespread suspicion that the civil agencies cannot be 
>trusted to keep their fingers out of the pie.  AKA systemic 
>corruption.  If allied to national sigint capabilities, we're in a 
>world of pain.
>
>Question:  Is there anything that can put some meat&metrics on how 
>developed and advanced this relationship is, how far the poison has 
>spread?  How afraid should people in America be?

maybe the most interesting and portenteous shift in power towards
Orwellianism and totalitarianism in a century, as it affects the
effectiveness of rule of law, and already weak separation of politics from
law enforcement and justice system in the (current though slipping)
super-power with unfortunate aspirations of extra-territorialism and
international bullying.  We're still a few decades from the cross over of
financial dominance to Asia and BRICs, and most of those places are probably
worse than the US by aspiration if thats possible, though less internet
spying budget and capability.  Unless something shapes up towards democracy
in the super-power competitors we're in for a dismal century seemingly.

That the NSA, and now seemingly FBI, see this I think maybe this FBI mission
creep suggests the national security / law enforcement separation is
slipping badly:

http://news.slashdot.org/story/14/01/07/0015255/fbi-edits-mission-statement-removes-law-enforcement-as-primary-purpose

| "Following the 9/11 attacks, the FBI picked up scores of new
| responsibilities related to terrorism and counterintelligence while
| maintaining a finite amount of resources.  What's not in question is that
| government agencies tend to benefit in numerous ways when considered
| critical to national security as opposed to law enforcement.  'If you tie
| yourself to national security, you get funding and you get exemptions on
| disclosure cases,' said McClanahan.  'You get all the wonderful arguments
| about how if you don't get your way, buildings will blow up and the
| country will be less safe.'"

so if even the FBI are getting their nose into the tent of unfetter access
to historical data on everyone, plus informal channels and "tip-offs" on
dirt on politically unpopular pepople - eg say effective security
researchers like Applebaum, or effective journalists like Greenwald.  (No
"foreigners" dont feel very comforted, and the explict acknowledgment of
tip-offs, and inforation channels to US domestic and international law
enforcement, basically puts the entire planet at risk of politicaly
motivated interference.)

With retroactive search of your entire lifes electronic foot print including
every "encrypted" IM, skype voip channel, contacts, emails, attorney client
privileged and not, with no warrant or evidence presented to a judge for
subpoena, the Orwell 2.0 system can probably fabricate or concoct trouble
for 99% of the adult population of the planet.  George Orwell 30 years late.

We're pretty close to fucked as a civilization unless something pretty
radical shifts in the political thinking and authorizations.  And
realistically it not even clear the NSA can politically be controlled
anymore by the political system.  Its very hard to influence something with
that much skull-duggery built into its DNA, that many 10s of billions in
outsourced defense contractor lobbying power, that much inertia and will to
survive as an org, with military PSYOPs to turn on its own populace and
political system, and black bag covert ops ties to dirty tricks in CIA, and
judicial and law virtual immunity.  They probably realistically went full
speed ahead since the 11 Sep 2001, if not earlier on such things, and the
scrapping.  TIA wiki
http://en.wikipedia.org/wiki/Total_Information_Awareness

| Although the program was formally suspended [as of late 2003], its data
| mining software was later adopted by other government agencies, with only
| superficial changes being made.

Probably even before since we nominally won the export regulation debacle
and democractic countries were forced to admit it was inconsistent with
their self-perception as open democratic countries, to be controlling and
banning encryption software.  The 21st century equivalent of book burning.

Can we rectify this with the cypherpunks write code?  Maybe as Schneier said
in a discussion on this topic with Eben Moglen (at Moglen's respective
university) maybe we can make it more expensive by deploying more crypto
that is end to end secure, secure by default.  ie more TOFU, more cert
pinning, more certificate transparency distributed cert validation.  Even
the cert valiation maybe behind the game, perhaps NSA really do already have
a lot of actual SSL private keys via hardware, software hacking and
backdoors with manufacturer complicity or not, as well as just demanding
them with NSL orders, gag orders as Lavabit showed finally with evidence.  I
wonder what proportion of SSL certs worldwide the five eyes/Orwell 2.0
shadow orwell 2.0 government have copies of?

Adam