[David Strom's Web Informant] June 10, 2013: My thoughts on the NSA leaks

David Strom david at strom.com
Mon Jun 10 10:52:16 EDT 2013

Web Informant, June 10, 2013: My thoughts on the NSA leaks

Like many of you, I have been reading and watching a lot about the
latest leaks about the NSA Prism program. It has been a fascinating
weekend. I want to share with you some of my own sources if you want
to learn more about what is going on, apart from the sensational news

Coincidentally, last week I finished reading Andy Greenberg's
excellent book, This Machine Kills Secrets. Greenberg is a reporter
for Forbes and the book covers the rise and fall of Wikileaks over the
past several years. Some of this information is also presented in
another excellent work, the documentary film "We Steal Secrets" by
Alex Gibney (you can watch it on Amazon). Both the book and the movie
bring up all sorts of ironies about the conduct of Manning, Assange,
and Lamo. The movie draws heavily on AIM chat logs.

Fortunately, we have this exceptional 12 minute video interview of
Edward Snowden, the NSA leaker. It is well worth your time to watch.
He raises some interesting points about his motivations and worldview.

More coincidence: Manning's trial started last week, and the daily
transcripts are available too.

I have a small personal connection: I first began corresponding with
Lamo many years ago, and then actually met him when he crashed on my
sofa in 2004. He is a curious character (you can read my thoughts
about him in one of my Web Informant columns linked to below in this
blog entry), and obviously conflicted about his decision to turn in
Manning. This topic and other things are captured in a recorded audio
interview I did with him two years ago for ReadWrite.

So what is really possible about this NSA program? Your first stop
should be a blog post by Alex Stamos, the CTO of Artemis Internet. He
has an interesting taxonomy of the various possibilities of what Prism
can't or can do, based on the various conflicting statements from
government and computer industry principals. It is well worth reading.

Robert Graham's excellent Errata Security blog has some interesting
comments also about the various claims and counter-claims. Many years
ago he wrote a piece of software that demonstrates how the government
can listen to Internet traffic. He says, "The PRISM program isn't all
that we fear, but more than we find tolerable."

He also suggests that we ask questions of the major computer software
vendors, such as "Have you changed what user information you log at
the request of law enforcement?" I would welcome that dialog and
clarification. In another post where he talks about the
responsibilities of the NSA, Graham states, "The IRS hires people with
high-school diplomas, the NSA hires Ph.D.s with military service." He
claims that the lowly NSA staffer is very scrupulous about their

To get an idea of what is possible, you should check out a story Wired
magazine ran last year about the NSA's new and as yet incomplete data
center south of Salt Lake City.

Finally, you should also follow what Bruce Schneier is posting. He is
always a thoughtful and insightful security analyst, and in this post
he writes about the need for whistleblowers to force our governments
to be open and to keep abuses under control. He also has a long list
of questions that he'd like to have answers to, and how much we really
don't know.

Is Prism one of those abuses of power? Maybe, and maybe we will never
find out really what it does.

You'll want to go to my blog post to get the links that are mentioned
in this essay.

More information about the WebInformant mailing list