ENTER: STAGE NSA
In the spring of 2013, an NSA employee downloaded a trove of top secret information to a hidden thumb drive and left the base in Hawaii. He set up a meeting with a documentarian and a journalist in Hong Kong. After that meeting, much that was secret would be made public, and the world would never see the United States the same again.
That NSA employee was Edward Snowden. For the hacker and intelligence community Edward Snowden is now a household name.
There are a lot of questions that arise out of the things Snowden revealed, not the least of which is whether he’s a hero or a villain, a patriot or a spy. But, to me that’s not really relevant. There’s a deep underlying question that so few people actually ask but that is the most important, “How much truth can the public handle?”
A PRIMER ON HACKING
Nations are hacking nations all the time. That’s the new state of international warfare. Sometimes, even powerful non-nation-state actors will jump into the game as well. It’s a dangerous game and goes from porn websites all the way to uranium enrichment facilities, from taking down a website to taking over the operations of a car with the driver still inside. I wrote a simplified case-study of one particular hack called Baidu and the Great Cannon. Some of the things I mention there will be repeated here, for context.
The key to a good hack is getting away with it. And so it’s important to leave as little trace of it having happened as possible. Doing that takes work, and may not even be possible anymore. But I’ll get into that.
IT STARTS WITH A TARGET
Let’s say the Pentagon develops a new tank, with much longer range than the much-beloved M1-A1. Let’s say the reason the new tank has such great range is because of the targeting computer within the tank. And, let’s say the Chinese want this for the day that have to shut down North Korea.
China would never attack the Pentagon directly. That would be an act of war and would lead to real tanks and real deaths. It’s the worst-case scenario in hacking. Rather than attacking the Pentagon directly, they’ll make it look like the attack came from somewhere else, usually a whole long line of other places.
LET’S GO PHISHING
Intelligence is key. Not the stuff in your head. Intelligence in this essay is defined as information about a target.
When China wants to attack the Pentagon their going to first target Maple Syrup of Canada–more specifically, the Chief Operational Officer, maybe her name is Genevieve. They’ll know just about everything there is to know about Genevieve, but most of that’s not going to be relevant. They’ll also have done their research on Don, the C.E.O., how he generally writes, what he’s interested in, what’s going on today at MSoC.
Then, with all that intel, the Chinese will send an email designed to look like it’s from Don to Genevieve. Since Genevieve gets dozens of emails just like this one, she’ll open it without thinking about it. Attached to that email will be a lovely .rtf file, exploiting the hack revealed the day I write this.
The moment Genevieve opens that file, it runs a program that takes advantage of a software vulnerability on her computer and gives the Chinese hacker control. Since Genevieve is C.O.O. her computer’s going to have very nearly complete access to MSoC’s network.
From MSoC, the Chinese hackers will then launch another attack on Florida Virtual Reality, which will then go to French Winery. From French Winery, the Chinese will then launch an attack on the Pentagon.
This will take months. Any short-term data the routers or telephone company servers may have stored will have been purged. To anyone looking with just the most recent data, it will look like the French government used a French Winery as a front. This will cause a major diplomatic problem between the U.S. and France.
There’s no way for any of three hypothetical companies to guard against the attacks. There’s always a way in. Always. The solution the NSA came up with to solve this problem, and prevent a breakdown of international relations is to watch and store all traffic, all over the world, all the time. There is no other way.
FOR THE PEOPLE
There is, among the citizens of the United States and the former leadership of Brazil, the belief that privacy is a vital component to individual liberties, primarily expressed in the enactment of democracy. The argument is, without privacy, an individual may be coerced in the direction that they vote.
Another argument is, without privacy, there is no check against tyranny because the individual will be unwilling to risk their own life to affect change, doubly so when death or indefinite torture is a near certainty.
People like Snowden definitely appear to fit into the individual liberties and privacy camp. Most hackers do. Most libertarians do too. The right to privacy is even written into the U.S. constitution.
To all their credit, historically when any individual or group of individuals get too much information about the populace it ends poorly. See: the East German Stasi as one of the worst/best examples.
It’s natural, then for the hackers, the idealists, the civil rights workers, when they see the unshielded reality of the N.S.A. watching all Internet traffic, all the time, and storing it forever, they feel a deep need to change it.
THE SNOWDEN QUESTION
And now we get to the real question.
As I mentioned above, most people think the question Snowden asks is about freedom. Others think it’s about whether he’s a hero or villain. I personally don’t see Snowden the man as a relevant factor. He was simply the vehicle through which the question came. And I’ll leave it up to more informed people to answer the above questions.
The real and powerful question Snowden asked is, are the people who don’t have top secret clearance, who don’t know how close the world is on an almost daily basis to World War III, are those people capable of handling sudden radical exposure to the true fragility of the world.
While I was researching for ALGORITHM, I met quite a few system administrators. They see just how fragile and hackable the digital world actually is. And most of them don’t sleep well.
Most governments of the world, and historically, most religions feel that the average worker needs to believe that the world is solid and safe, that the work they do will pay off in the future. That requires continuity and consistency. People need to believe that, or they won’t work. What would be the point? This is idea of social collapse through despair is brilliantly explored in the movie Children of Men, which I highly recommend.
I don’t have an answer to the Snowden Question. A part of me believes that nearly all information should be freely accessible all the time by anyone who cares to look/study. Conversely, I acknowledge that the hackers/libertarians have a good point and that the Stasi were bad and any future iteration on the Stasi should be prevented.
I don’t know that we as a society in the digital age have an answer to this question collectively. There are very entrenched groups on each side, both with valid evidence supporting both their points of view. However, I do think this issue is important and it’s a discussion we should be having. Publicly.