Time to let domestic-spy Patriot Act rules die

Last week, National Security Agency director Michael S. Rogers tried to distract attention from the upcoming expiration of key provisions of Section 215 of the USA Patriot Act by starting a discussion about an abstruse technical method that would let residents of the U.S.  give the NSA permanent access to all our encrypted information without feeling too bad about it ourselves.

It would be a brilliant effort at political misdirection, if the approach weren't quite so cynical and the assumptions weren't quite as nuts.

Rogers was actually trying a bit of jurisdictional judo designed to shift the debate to a technical discussion of how Americans should permanently surrender the right to privacy and protection from government intrusion and avoid any discussion of whether we should discuss giving up civil liberties protected very specifically in the Constitution or why we're even being asked to do so. 

The implication underlying Rogers suggestion is that  the policies of federal agencies  should take precedence over individual liberties and that the NSA has the right to decide  whether it is safe to trust us with a temporary and disposable ability to shield our own data from hackers and identity thieves.

it's a neat bit of misdirection from questions about the behavior of the NSA , FBI and other other national law-enforcement or spy agencies that have spent so much money, broken or ignored so many restrictions and built a domestic spy network that would be the envy of any dictator during the past 12 years, but has, on its own, "had no discernible impact" on the effort to prevent terrorism in the United States.

More than a decade of authorization to spy on every aspect of American life -- from the texts and calls we make to the places we drive and books we check out at the library -- has proven only two things: First: In law enforcement at least, the ability to see everything does not imply the ability to know anything at all.

Second: Omniscience doesn't make law enforcement agencies effective; it makes them crazy -- or at least reckless enough to do crazy things to expand their surveillance and say almost anything to defend their right to continue expanding it, even when it doesn't help them do their actual jobs.

Caught flat-footed by the actual plot leading up to the 9/11 attacks and empowered by the USA Patriot Act, that was supposed to allow a measure of tolerance for investigations that depended on sometimes hard-to-get digital activity records but was used as an excuse to throw away all the rules protecting private data, limiting surveillance and requiring judicial oversight for search and seizure – the FBI responded with an obsession for digital surveillance whose intention was to collect every byte it could, regardless of the source.

The FBI designed and flew drones for warrantless video surveillance, conducted wireless surveillance, intercepted emails and popularized the use of a wireless surveillance system called Stingray that works more like a man-in-the-middle attack than like surveillance equipment. It ginned up dozens of fake terrorist plots to catch potential terrorist sympathizers whose only "terrorist" contacts were the undercover FBI agents who organized the "plots," then prosecuted those they were able to talk into talking treason.

The FBI became so obsessed with the desire to surveil everyone, everywhere, all the time that -- when Apple announced it would turn encryption on by default in an upcoming iPhone to help customers keep their personal data safe from hackers, as the FBI itself recommends -- FBI Director James Comey accused Apple of helping dangerous criminals escape justice.

In reality, encryption that could not easily be broken was a factor in only four individual criminal investigations during 2012 and in nine cases during 2013. Hardly a crime wave, even apart from the idiocy of implying hundreds of thousands of iPhone users could be violent criminals or sex offenders.

"It's all bluster," security guru and Harvard Fellow Bruce Schneier wrote on CNN last November. "There's no evidence that encryption hampers criminal investigations in any serious way." Schneier's most recent book, "Data and Goliath," is the result of research into the state and future of digital surveillance "and what to do about it."

"The overall problem for U.S. counterterrorism officials is not that they need vaster amounts of information from the bulk surveillance programs, but that they don’t sufficiently understand or widely share the information they already possess that was derived from conventional law enforcement and intelligence techniques," according to a Jan. 13, 2014 analysis of the NSA's counterterrorism claims by the New America Foundation.

Even the NSA has a hard time making the case for domestic surveillance. After first claiming it had quashed 54 deadly terrorist plots, it then admitted it had been involved in most of those and that most of the 13 remaining weren't actually "plots." In 2013, then-NSA chief Keith Alexander admitted the eavesdropping program's only genuine success was the identification of a plot involving Afghan born Najibullah Zazi, whose email to an al-Qaeda email drop in Pakistan tipped investigators off to an effort to plant backpack bombs in the New York City Subway.

Surveillance-state spokespeople called Zazi the "most serious" threat uncovered in the post-9/11 America. That estimation is a "substantial overstatement" that relies more on fantasy and paranoia than facts, according to analysis from Ohio State University political scientist and terror-pronouncement skeptic John Mueller.

Zazi did go to Pakistan and did apparently take a bomb-making class from al-Qaeda, Mueller wrote, but spent more than a year struggling to build anything that would explode, sent a series of panicky requests for technical help to various questionable sources and left a clear and suspicious paper trail that made him easy to catch. It also made clear that Zazi was working on his own, Mueller wrote. He was not part of the vast al-Qaeda "support infrastructure" that presented "the greatest threat" of terrorist attacks with significant casualties within the U.S., which then-FBI Director Robert Mueller described in testimony to Congress despite never having identified a single member or cell of al-Qaeda sympathizers.

Zazi may have wanted to be a terrorist, but was realistically incapable of launching that attack, Mueller wrote. That doesn’t mean catching him was an insignificant achievement or that it's easy to know ahead of time who is capable of setting off a bomb and who isn't. The Chechen brothers blamed for the April, 2013 Boston Marathon bombings had raised enough red flags to be registered in Department of Homeland Security facial-recognition database, but hadn't done anything to identify them as an immediate threat until after the bombing.

Zazi, the Tsarnaev brothers and most other real or would-be domestic terrorists are isolated, uncoordinated and largely incapable of large-scale, coordinated action, Mueller writes.

They don't look anything like the "relentless, patient, opportunistic and flexible" network of strategic-thinking terrorists hiding behind every suburban soccer mom and frat boy that the Department of Homeland Security and a parade of law enforcement- and intelligence-agency directors keep warning us about. That shadowy -- literally invisible -- network exists only as a litany of bogeymen used to justify just one more extension to their budgets or authorization to expand surveillance or add backdoors to encryption that undermine the digital security of the people they're supposed to protect.

"We’re talking about massive, massive, massive collection" of data, Senate Judiciary Committee Chairman Patrick Leahy, (D-Vt) complained to Alexander, during the hearing. "This bulk-collection program has massive privacy implications. The phone records of all of us in this room -- all of us in this room -- reside in an NSA database…. If this program is not effective, it has to end."

It you still believed the unsupported horror stories used as evidence, you'd have to think the surveillance state was pretty effective in keeping invisible enemies from rising, the republic from falling and all life on Earth from coming to an end, as several generations of  NSA, FBI and CIA have implied would be the case had they not been there to valiantly eavesdrop certain of this nation's enemies into never having existed.

They sound convinced, but my dog is convinced that his willingness to leap up on the couch and bark at the window like an attack doofus every single day is the only thing that keeps the mailman from breaking to eat the family and steal all the chew toys.

It makes him feel good, so I don't dissuade him. I also don't base a lot of  important decisions about money or security based on his assessment. It is demonstrably true, however, that not one member of the family has been eaten by an employee of the U.S. Postal Service during the entire time the Hound of Doof has been barking at the window, which makes his trail of evidence a lot more solid and specific than the stories the NSA and FBI use to justify billions in spending requests.

So why do we still trust Rogers and Comey and Alexander and the rest of the surveillance state oligarchy to assure us of anything at all? How much weight can you put in warnings from one guy who writes a long analysis explaining why an iPhone is the terrorist's weapon or another who claims a hole in your firewall will make it stronger?

Why do we listen to a guy who should be explaining how the NSA is going to fix its violations of the Patriot Act and get back to its mission of spying on people other than Americans, but who tries to come off as considerate for offering a more convenient way to let him violate our privacy?

It's obvious by now that Section 215 gave way too much power and way too great a sense of entitlement to people with a strong inclination to abuse both. Scary stories that turn out not to be true and foolish theories about massed ranks of enemies no one has seen aren't enough to justify allowing pretty much anyone in law enforcement ignore all the rules -- including three of the top 10 Amendments -- designed to limit the ability of the government to abuse the innocent while appearing to pursue the guilty.

It's time to give our intelligence and law enforcement people a little more coherent guidance than a "legal framework" that looks more like a fabulist totalitarian's sexual fantasy plus the assumption it's possible to conquer the world with malware, a webcam and an manic lack of restraint.

Section 215 has to go. Period.

The NSA, the FBI and every other three-letter-agency have to drop the idea that the United States will somehow be more secure if they're able to drill holes in every encryption or security scheme available. That weakens one security product and gives permission for every other country to do the same to tech produced in their country, and tech produced here but shipped everywhere. That's why the Obama administration got so mad at China's plan to demand backdoors into foreign security products to help it fight terrorism. It's not that the NSA or FBI object to the technique, they'd just like  to preserve that privilege for themselves.Sorry; nothing works that way.

"Our choice isn't between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping," Schneier wrote in January, 2014. "[Our choice] is between a digital world that is vulnerable to all attackers, and one that is secure for all users."

Copyright © 2015 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon