Wednesday, October 21, 2015

The enduring love affair of "Snowden deniers" with "no direct access"

Note: Feel free to call the blogster a "Snowdenista" if it makes you feel better. The blogster would see this as an incorrect label,  but it* is not easily offended.

One of the most beloved and treasured statements those who do not like Mr. Snowden, which those who hate his guts, as well as those who point to the basic legal issues of his actions, heavily rely on after over two years since it first appeared is "direct access" to company servers as part of the PRISM program.

You can find the crucial two words in this early Guardian article. These two words were so important for two reasons
1) they affected some of the world's the biggest internet companies
2) they offered the first practical "point of attack" on the leaks.

The initial leak, on the Verizon metadata collection, was clear cut. There was really nothing in the documents or the articles that could be used deny, obfuscate, or attack the paper or the leaker.

The revelation of Prism added many of the biggest Western software and internet companies to the subject of government surveillance. This obviously caused widespread panic and also added another eight (or nine) household name companies to the list of parties who faced pressure to explain what was going on. The Guardian article of 7 June 2013 was sparse on details, in that the legal narrative was largely absent and because it did not describe any aspect of the technical implementation.

Some valuable clarification was provided in articles by CNET and the New York Times, though attacking the Powerpoint presentation as "suffused with a kind of hype" has nothing to do with the subject as such, illustrating rather the difficulty of reporting on projects shrouded in secrecy. The effort to deflect and minimize the leak included a claim that the Prism software itself was unclassified -  try holding up a classified document while claiming that the wood pulp carrier (the paper) is really unclassified and see how far that gets you.

Speculation and the fight over the conceptual definition quickly focused on "direct access". This slide from 10 June by the Washington Post shows how the author(s) of the Prism slides interpreted "direct":


"Collection directly from the servers..." as opposed to upstream fishing, a simple, very clear but non-technical construct.

At that point in time, you still had a very pissed off government, more than a billion worried consumers, a bunch of big companies in panic, hundreds of thousands of techies who wanted to know the gory details down to the configuration of cable pins and any command line switches, and journalists who wanted to pick over everything and know best.

It is this potent combination of interests that moved the generic understanding of direct access away from the "upstream vs. home of data" NSA context to a very narrow technical meaning which benefited the government interests as well as the companies desperate to alleviate the hit to their image and potential financial losses.

When the Washington Post published further slides and details on 29 June, the deniers had already resolved that they won't accept anything short of "physical" access by the NSA itself as the meaning of direct access. For a more comprehensive view, see the WaPo compilation.

Making "direct access" about what seems to be "arbitrary physical access" (and we include a terminal/ssh or any comparable method under this) helped the affected companies and everybody upset about the leaks, or mad at the journalists and the leaker.

You are welcome to claim there was no "direct access", if you define your understanding as "arbitrary physical access" in order to mask "collection directly from the servers".

However, any value judgment such as "misleading" or "lie" in the discussion, will trigger filing in the "bullshit" folder.

Yes, we do have a bullshit folder.

* The blogster follows the convention set by the K-Landnews TheEditor's policy of gender neutrality.

No comments:

Post a Comment