The real problem with Big Data and ubiquitous surveillance
September 24, 2014 5:51 AM   Subscribe

The question is not so much “do you trust the CIA/NSA/MI6/etc?”. It’s “Do you trust every single sysadmin working for these organisations? Every single analyst? Every single middle manager?”
posted by MartinWisse (23 comments total) 28 users marked this as a favorite
More to the point, "Do you trust in good-faith regarding the development, training, and enforcement of effective policies?"

All the good intentions in the world are worthless if they're only written down and never actually put into practice.

See Also: Risks of lack of PCI Compliance at Target Department Stores...
posted by mikelieman at 6:05 AM on September 24, 2014 [7 favorites]

That's a good, short article making a single, good point. But I've come to believe that much like nuclear weapons, the genie is out of the bottle and singing show tunes. Maybe, after two or three real scares (although I have no idea what might be analogous to say the Cuban Missile Crisis) we can implement some sort of ... I don't know. MAD policy whereby we can access the personal lives of Important People as easily as they can ours? Maybe some kind of SALT treaty between angry consumers and the entire commercial-legsliative-military complex?
posted by digitalprimate at 6:06 AM on September 24, 2014

The first good use of "ubiquitous surveillance" is a painfully punitive wrongful death suit against Ronald Ritchie if he did, as asserted in various places, say that Mr Crawford III had pointed the realistic looking store merchandise (air rifle, sold at the store) at other shoppers and it turns out he had not.

They'll probably just fire the clerk that left it out and unboxed instead.

Pandora's Box is open, most people have been nice or content with stealing credit card data or sabotaging former employers instead or hack a printer to play Doom or steal data.
posted by Buttons Bellbottom at 6:12 AM on September 24, 2014

I get what he's saying but tbh I think he's barking up the wrong tree, fear-wise. I do in fact trust middle managers and IT guys way way more than I trust the system itself. I trust them to possibly steal my SSN and/or nude pics or something, sure, but that's way way less damaging than what a government can do with our private info, and what they (the midlevel people) can do is against the law. What scares me is that it is actually lawful for a government organization to use unconstitutionally obtained information to harass or disappear its own citizens without legal recourse in the name of fighting terror. That is scary. Not some nerd reading my love letters.

And moreover, if anything the Snowden situation should have taught us that individual human beings, even sysadmin contractors, can have powerful consciences. In the end it is people like him and our free press that reports on their whistleblowing, that will stop our government from descending into a paranoid police state. I hope.
posted by Potomac Avenue at 6:13 AM on September 24, 2014 [9 favorites]

This certainly seems like a point worth reminding us all about, because it doesn't necessarily come up that much, but it also seems like something to which we should all learn to expect to answer "no". I mean, the Wire isn't a documentary, but it presumably was drawing from David Simon's life experience when he showed cops listening to wiretap conversations that were immaterial. It's a hard lesson to remember -which is why it's worth reiterating- but once you get past that you end up asking about trade-offs instead of absolutes.

As mikelieman notes, part of the question is whether or not we can develop (& trust) the enforcement of accountability. The other part is whether the risk of abuse (mitigated by said policies) is worth it in exchange for the intelligence gains. If not, you should probably come out on the other side in this whole thing.
posted by Going To Maine at 6:15 AM on September 24, 2014

There was a great discussion on Democracy Now recently about how the NSA is physically installing tracking devices in all Cisco internet routers. Cisco is a "cooperating corporation."

I don't trust any of them. And anyone who does trust them is trading fear for false security.
posted by Flood at 6:19 AM on September 24, 2014 [10 favorites]

Data brokers secretly log an average of 1500 points of information about the average computer user, and share it with partners. The information is then used in any way possible, especially to approve or deny jobs, loans, trust, or simply as a means to target someone to commit to a purchase based on knowing them better than they know themselves.
posted by Brian B. at 6:30 AM on September 24, 2014 [2 favorites]

So, basically, The X-Files got it exactly right?
posted by octobersurprise at 6:39 AM on September 24, 2014 [1 favorite]

how the NSA is physically installing tracking devices in all Cisco internet routers

The word all is not correct. The NSA interdicts some hardware. How much, and who the customers are whose hardware is targeted this way Greenwald either doesn't know or won't tell.
posted by kiltedtaco at 7:09 AM on September 24, 2014 [2 favorites]

(although I have no idea what might be analogous to say the Cuban Missile Crisis)

Operations that show, beyond a shadow of a doubt, that the integrity of their data source has been compromised. Like, they black-bag a senator because the data 'showed' that he was about to set off a nuke, or the suspect of a bombing plot has actually been dead for ten years, even though he's been under 'surveillance' for the last four. Things like that. To be brutally honest, Snowden's leak really should fill this requirement, but apparently it did not.

Which leads me to another kinda disturbing question - when all you have is a hammer and everything looks like a nail, how do you function when they take away your hammer? Let's look twenty years in the future when the head of the NSA has to tell the president that yes, the US has a total panopticon, but we can't trust the information given to us by this powerful, but actually quite brittle, tool. At that point we'll have a twenty year gap in intelligence skills because we've blown our budget on what amounts to carefully-crafted regular expressions. A skills-gap that we'll have to close, probably by learning some expensive and painful lessons.
posted by eclectist at 7:13 AM on September 24, 2014 [4 favorites]

This comment crushes it:

Speaking as a professional sysadmin, you should totally trust me and my peers, and we have absolutely never been known to do just as stupid things with far less sensitive data purely out of boredom or alcohol-fueled poor judgment. If you can’t trust a cohort comprised almost entirely out of young single men notorious for social adjustment problems, who indeed can you trust?

Government is people. Corporations are people. That is, these things are composed of people. In every flavor of people.

Loyal, venal, trustworthy, evil, passionate, bored, kind, distracted, hungry, sleep-deprived...
posted by Cool Papa Bell at 7:23 AM on September 24, 2014 [5 favorites]

posted by cjorgensen at 7:28 AM on September 24, 2014 [6 favorites]

I feel, now, like that was the point of Das Leben der Anderen. The system in place doesn't magically wrong people. The flawed, untrustworthy, skeevy, criminal, and evil people within the system at positions of power that can offload the grunt work of abuse onto those too compartmentalized to know better are what wrongs people. Or people that make a shitty decisions once at a time when various events have compromised their integrity or values.

I'm still confused as to what the NSA keeps from happening, by the way. If its the small scale stuff then this seems like a terrible trade off to keep that from happening. If there is something that can threaten a nuclear power in an existential sense in the present? I can't think of it.
posted by Slackermagee at 7:32 AM on September 24, 2014 [3 favorites]

I'm still confused as to what the NSA keeps from happening, by the way.

Defense contractors from being poor ☑
Inertia of system decreasing, Power slipping away from those that have it ☑
Availability of taxpayer money for worthwhile enterprises ☑
posted by lalochezia at 7:39 AM on September 24, 2014 [10 favorites]

“I’m surprised by how quickly the Internet became huge, and the amount of personal trivia people share with each other comes as a total surprise.”
Most of us leave scads of digital traces behind us almost every second of our lives. If your phone has a GPS connected to a single downloaded app, then your presence on earth can be perpetually recorded.
posted by Buttons Bellbottom at 7:45 AM on September 24, 2014

how the NSA is physically installing tracking devices in all Cisco internet routers

Secret legislation that requires certain manufactures to insert a small bit of binary code into every release?

Could that happen? How would anyone, well most of us, ever know?
posted by sammyo at 8:15 AM on September 24, 2014

If I were a security consultant for these companies I'd consider programming the system to insert bogons into people's data -- harmless, real-looking records that contain serial numbers or other data that constitutes a watermark to identify where the data came from and even -- if the data density permits -- even the internal account workstation and time it was retrieved on.

Admittedly this is hard and fraught with potential gotchas: you'd have to be very careful to do it in a way that doesn't backfire and create red herrings that negatively impact the subject or utility of the data, and keep the key to identifying the bogons obscure enough that a savvy employee or unauthorized receiver can't learn how to strip them.
posted by George_Spiggott at 8:16 AM on September 24, 2014

(But of course given that this sort of data has a life of its own, you could get into a situation where bogons multiply as data is exchanged to the point where it is appreciably polluted or degraded, and of little utility or damaging to the subject.)
posted by George_Spiggott at 8:21 AM on September 24, 2014

Secret legislation that requires certain manufactures to insert a small bit of binary code into every release?

Could that happen? How would anyone, well most of us, ever know?

Rather than "secret legislation," what you would have are agencies operating under interpretations of ambiguously worded legislation. There's no "secret legislation" where Congress closes the door and writes stuff down and goes "shhhh, you can't hear about this."

Instead, the "business-records provision" of the Patriot Act is right there in black and white, but with holes big enough to drive a boat through.
posted by Cool Papa Bell at 8:53 AM on September 24, 2014 [1 favorite]

The NSA almost had to know that someday some knowledge of their doings would get loose, though they may not have envisioned the vast scale of the Snowden leak. If so, they must have made the very safe bet that the average citizen would neither understand nor care about the violations of their rights. That they could easily tar and feather the leaker. That the press would quickly get bored with the subject. That those of us who do understand and care and who choose to speak out would be yelling into the ether while at the same time marking ourselves as targets of interest for closer scrutiny.
posted by double block and bleed at 1:12 PM on September 24, 2014 [2 favorites]

Assange spent years learning to maximize a leaks impact through WikiLeaks' efforts, knowledge he shared publicly and that visibly impacted Greenwald and Poitras dissemination of Snowden's leaks.
posted by jeffburdges at 9:48 AM on September 25, 2014 [1 favorite]

Julian Assange interview
posted by jeffburdges at 1:30 PM on September 29, 2014

« Older You are either a God or a Fool. You can’t be both.   |   The Holy Grail of Guitars? Newer »

This thread has been archived and is closed to new comments