Tuesday, June 18, 2013


Terms of Art

How PRISM is Being Misunderstood


I've been an active "UNIX geek" for 20 years, working professionally in that capacity for 17.  Though I'm no Richard McDougall, I have a good general knowledge of how Internet services like Facebook and Google's are put together.  While those companies reserve a lot of "secret sauce" to maintain a competitive edge, one thing an IT engineer learns early on is the same building blocks are used over and over.  Some of the key technologies we rely on -- networking, the GUI, virtualization -- trace their origins back decades.

When The Guardian and the Washington Post broke the PRISM story, they interpreted an "NSA document," leaked by IT contractor Edward Snowden, to make claims about the scope and nature of NSA spying on Americans.  Even though Snowden worked in a technical capacity and claimed to have access to troves of sensitive data, the document is a simple PowerPoint presentation.  While one might have expected Snowden to divulge something more technical, this sort of document is very familiar to those working in IT.

To summarize crudely but serviceably, in many technology jobs there are geeks and what some jokingly refer to as "the adults in the room" -- non-technical folks who wrangle the less socially adroit technologists into functioning business units.  The perennial challenge is to distill for the managers, crudely but serviceably, what the technicians do so they can direct the staff and deliver results.  This labored process of communication can sometimes resemble "explaining calculus to a chimpanzee".  A lot gets lost in translation.

Enter the PowerPoint presentation.  I can't exaggerate how many times I've seen managers, VPs, executives, vendors, speakers and the like subject captive audiences to slides littered with meaningless jargon meant to bridge the gap between technical and non-technical staff.  One of these terms of art appears in the leaked NSA PowerPoint about PRISM: "direct access".  Barring new revelations of technical details, that doesn't bode well for the importance of the document and the PRISM scoop.

"Direct access" carries a connotation of being "logged in" or otherwise "present" inside a computer system to retrieve data or use software.  The impact of the PRISM story relies upon that interpretation of the phrase.  The journalists who broke it wanted readers to believe -- and perhaps believed themselves -- that the NSA was "present" in the servers of social media giants.  There it could conduct indiscriminate and widespread surveillance of Americans.

But again, "direct access" is a term of art whose reconciliation with technical reality is highly variable.  From my experience I can detail three scenarios that "direct access" might have referred to.  They are anti-climactic and each could be described in a presentation to a non-technical audience as offering a "solution" of "direct access".  And none of the scenarios entails any of the following:

A)  Side-stepping a FISA warrant
B)  Side-stepping corporate review of government requests
C)  Government "presence" on corporate networks or servers

We know that PRISM was intended to make more efficient the transfer of data under investigation -- the NSA PowerPoint says as much.  Assume for the sake of argument that before PRISM, the NSA followed a process by which it legally requested data from a social media company, and that company's techs manually bundled the data and deposited it in a secure, mutually-agreed-upon "dropbox" for retrieval.

Each of these scenarios might speed that sort of thing up.

"Direct Access" Example 1: The SSH/SCP Relationship


Facebook and the government might negotiate to set up a Linux server on a DMZ -- a narrow-purpose network walled off by firewalls -- to act as a depository for requested data.  Facebook grants limited access to the depository via SSH -- an encrypted "secure shell" that enables the use of a file copy program, SCP, to retrieve the data.  The government makes a request; the request undergoes all the necessary review; and then Facebook furnishes the least data consistent with the law for retrieval.  The government "accesses" the DMZ depository for the sole purpose of retrieving the circumscribed data.

"Direct Access" Example 2: HTTPS/REST and Web Services


HTTP is the protocol that drives the web; HTTPS is HTTP over an encrypted channel.  REST -- Representational State Transfer -- is an architectural approach introduced by one of the inventors of HTTP.  Basically REST presents a model by which services on the web -- that is, applications provided by web servers -- can interact programmatically.  These services often interact through what is generically called an API -- Application Programming Interface.

For example, an online tax preparation service might want to import information -- say, your W2 -- from your bank, and export information - your completed tax forms -- to the government.  It might use APIs to connect its web service to those of banks and the IRS.  Using HTTPS for this is desirable because it is an extremely common protocol that is secure, easy-to-use and firewall-friendly.

The government and, say, Google could have negotiated a means by which one or more government servers, existing outside of Google's network, could use an HTTPS/REST web interface to legally request and obtain data.  Both the government and Google might ask engineers to build web interfaces to execute this process.  On the government side, engineers could build an interface in PRISM.  The request and data transactions would take place in encrypted tunnels.  General searches would not be permitted.  As in Example 1, neither FISC nor corporate review is bypassed, and the data presented is as limited as is consistent with the law.

"Direct Access" Example 3: The Mirror Server


Some of the social media giants warehouse data that can be arranged in standard formats.  The email in Google's Gmail is probably the best example.  As thoroughly commonplace data, it is easy to bundle up and transfer.  Other data the government might request, such as that contained in Facebook accounts, might be arranged in unique formats that could be difficult to move outside of the native environment of Facebook itself.

In order to surmount the difficulty of delivering proprietary data to the government, Facebook could arrange to install a "mirror server" in a DMZ that the government could access.  A "mirror server" is a replica of a main server, usually meant to expand the ability to deliver files or services.  The mirror server could be linked to the Facebook grid through a firewall and retrieve highly circumscribed data in response to lawful government requests.  The server would not be able to access the rest of the Facebook application.  It would not reside on Facebook's network.  It would not allow general searches.  It would receive only what Facebook sent it -- as little data as is consistent with the law, after legal and corporate review.

So, pretend that a mark in Pakistan is communicating with a mark in New York City.  The government obtains a FISA warrant to snoop their Facebook communications.  Facebook receives the lawful request and reviews it.  If it decides to comply, Facebook techs "replicate" the account data of the marks and all of their relevant associates into the mirror server.  The government views it as needed.  When the investigation concludes, the replication stops.

...


Edward Snowden's main tout, Glenn Greenwald, is threatening to publish more leaked material.  So we can't be sure where this dirigible will crash.  However, lurid claims of government infiltration of social media giants are unsupported by the documents leaked so far.  It is journalistic malpractice to sex up the PRISM revelation with the unqualified jargon "direct access".  It leaves far too much open to interpretation, not least by reporters themselves.

While there have been pieces that have questioned the technical substance of the initial PRISM reports, it is extraordinary that such a profound scoop remains unscrutinized by IT experts.  Has no one realized that a PowerPoint presentation, featuring click-and-save logos and clip art of leprechauns, might not be the strongest foundation on which to rest a major technical scoop?  Snowden worked as some kind of systems administrator, but there are a lot of poseurs in technology.  The quality of IT engineers ranges wildly.  Has no one realized that Snowden, who has warned that "they quite literally can watch your ideas form as you type," might be just the rube for whom such a PowerPoint was intended?



Saturday, December 15, 2012


On Sandy Hook

My response to all the soulful outrage and calls for change in the wake of Sandy Hook-like incidents is to urge the recognition that our American exceptionalism -- our embodiment of what Seymour Martin Lipset termed "liberty, egalitarianism, individualism, populism and laissez-faire capitalism" -- produces both our historic greatness as well as our particular, sometimes horrifying, flaws. Among those flaws are alarming levels of violent crime and incarceration, as well as occasional but all-too-common mass murders. While I agree with common-sense proposals like banning civilian ownership of assault rifles and doing much, much better by the mentally ill, gun ownership is an intrinsic element -- both a producer and a product -- of the American way of life. National self-incrimination -- see James Fallows here -- misses the point that you can't make us like Canada, Norway and Britain in regard to violence without making us into Canada, Norway or Britain. Simply put, and maybe it's callous to say right now, but I'd rather live here with mass murder than in those places without it.



Wednesday, May 30, 2012


Updating Tocqueville

If there is a naked man dead on a highway with a liver full of bath salts and a jaw full of face, there is a 95% probability he is in Florida.



Sunday, September 11, 2011


Memorial (10)

[]



Friday, June 17, 2011


Current Events

Casey Anthony makes OJ look like Captain Dreyfus.



Friday, January 28, 2011


The Audacity of Shlock

When a congresswoman is shot in the head in the very act of democracy, we should all pause.

Poseur alert! -- this pronouncement must be the choicest pseudo-profundity to emerge from the shooting in Tucson of Gabrielle Giffords and 18 others. For many, Andrew Sullivan is The Blogfather. If the "MSM" -- how pompous is that invidious classification -- is superseded, it won't be for reasons of quality.

Reading a book like Daniel Boorstin's The Image (1961) will tell you more about blogs and Internet media than the whole middlebrow masturbatory mandala spun by Sullivan, Clay Shirky and TED. The more information there is, the greater becomes the need to digest it. Perhaps it began with law. First the Roman ("Digests" of the Corpus Juris Civilis, 529), then later the English (1700-1900) and American (1823), codes were summarized for interested specialists. Literature followed suit in the 19th Century. Cheapening the production of printed matter brought great works to a wider and less rarefied audience, which led to bowdlerization and abridgment. Then came mass-produced encyclopedias, journals and magazines. Review of Reviews and The Literary Digest (1890) arose to suggest interesting articles so people could find their way to what they cared about. As with literature the enterprise of being informed became more middlebrow. Reader's Digest (1922) condensed primary material and surpassed it in popularity. In a sense, motion pictures (~1900, 1927) began to digest historical works and novels. Radio news (1920) summarized newspapers, and then television news (1940-50) emancipated the reader from having to reassemble the data in his head.

Blogs are just a contemporary part of this process; they mostly digest printed news. In ten short years blogs have proliferated to the point of opacity, which is why "microblogging" platforms such as Twitter -- mostly a digest of blogs -- have achieved prominence.

This relentless drive to abbreviate is a mixed blessing. On one hand, we have not so much democratic as demotic access to more information than ever. On the other, such atomization reduces the scope of our knowledge -- it shortens our perspective. That's why Sullivan and company can fool you into thinking they are some sort of information vanguard, when at best they are surfing today's minute of a centuries-long process. Contextualizing the information players casts the meagerness of much of their output in stark and sensible relief.

Footnote: This post, fittingly, is based on a digest of Chapter 4 of The Image, "From Shapes to Shadows: Dissolving Forms", especially pp. 118-149.

Labels: , , ,




Saturday, September 11, 2010


Memorial

[]



Powered by FeedBurner