Thursday, June 27, 2013

The origin of evil genius

I guess I always assumed that the term "evil genius" was a Batman or James Bond kind of term, a reflection of the deranged excesses of 20th Century greed and technology.  Perhaps in the cartoon usage it is.  But I ran across a much older use of this phrase.

I am currently reading (make that slogging through) Camilla by Fanny Burney.  In it, the sweet young heroine, Camilla, in love with the wealthy, but apparently indifferent Edgar Mandelbert, is trying to fend off the advances of the wealthy and somewhat annoying Sir Sedley Clarendel, who is being egged on in his suit by their mutual friend Mrs. Arlbery.
'O, Mrs. Arlbery!' she cried, 'lend me, I beseech you, some aid, and spare me, in pity, your raillery! Sir Sedley, I fear, greatly mistakes me; set him right, I conjure you....' 
'Me, my dear? and do you think if some happy fatality is at work at this moment to force you to your good, I will come forth, like your evil genius, to counteract its operations?'
Wiktionary provides this sense as its first definition of evil genius: The spirit each person is believed to have in attendance, according to certain religious or mythological traditions, which tries to negatively influence him, and is opposed by one's good genius; loosely, someone who is a bad influence.

Tuesday, June 11, 2013

Snowden's next step?

Wanna know how the Snowden story can get more interesting than it already is?

Mr. Snowden has enumerated the vast breadth of secret intelligence data that he had access to as a systems administrator.  No surprises there.  Systems administrators are inherently the most trusted of insiders, and in general, take their trust extremely seriously.  A sysadmin is kind of like your want your GYN to check you thoroughly for the purposes of keeping your privates healthy, but you kind of have to take it on faith that they don't have hidden cameras in the examination room taking pictures of your privates to post on

But that's where the analogy ends.

Because a sysadmin also has access to a second kind of information that may be even more interesting in this case.  That would be the forensic metadata.

Yup.  Just as the NSA appears to have been collecting metadata about you (who you called, when you called, and possibly where you were physically calling from), so any system worth its salt will log information about who accessed it, what they accessed, when they accessed it and where they accessed it from.  This is an important fraud and abuse prevention feature, especially in systems that maintain highly sensitive data. For example, if your medical insurance records got posted on a public website, you'd want some way to go back to your provider and demand accountability about how your records got there.  You'd want them to be able to track down the person who accessed your records and fire them.  Along with giving you a $27 million settlement.

Normal system users aren't interested in the logging information.  They just want to get at the main information that the system manages (in Snowden's case, the actual surveillance information).  An intelligence analyst normally doesn't care what subject the guy in the next cubicle is tracking, just get me information about my subject.

Snowden, however, as part of his sysadmin job, would have been expected to assist with forensic examinations of system logs if fraud or misuse were ever suspected (or if they wanted to nail some analyst for any reason).  So he would almost certainly have had access to all sorts of log metadata (and systems for analyzing the metadata) about which analysts accessed what when.

Now if things at NSA are anything like they were at State during Bradley Manning's time, I think we can reasonably expect that WAY, WAY more people have access to more sensitive data than they should.  Which means that it's quite likely that Snowden's not the only one leaking information.  He's just the only one to come out and talk about it in the public interest.

Now, if he really wanted to muddy the waters and confuse the people who are inclined to call him a traitor, here's what he'd do.

Before he left, he would examine the log files and identify a few bad actors who had clearly accessed information they could have no work-related reason for accessing.  Things like analyst Jimmy Jones, (assigned to the Africa desk) downloading a report on the calling history of the US ambassador to Russia (which happens to include numerous calls to his Chinese mistress, who lives in Thailand).  And Jimmy's access of reports on several prominent US businessmen who have been trying to set up businesses in Russia.  And Jimmy's access of data on members of Pussy Riot.  Suddenly, it's starting to look like maybe Jimmy's helping out some Russian contacts, even though he's supposed to be focusing on the Congo.

If Snowden is smart (and he seems to be a bright young man, capable of thinking more than one move ahead), he will have assembled a certain number of cases like this.  He will hand the documentation about these cases (log files, analysis of them, etc.) to Glenn Greenwald & Co. The journalists will then publish a sanitized version of them (removing names of targets, etc.), clearly demonstrating that this data is being actively used to harm American interests, while not showing any demonstrable benefit in hunting terrorists.  They will also send the unsanitized analysis to trusted members of the NSA/intelligence community, so they can take action on the rogue elements.  If there is anyone un-corrupt enough to do so.

If it's potentially so easy for random analysts to access stuff they shouldn't, you might wonder what is to stop any analyst from accessing the records of Kim Kardashian or Sergey Brin or Obama or the annoying neighbor next door.  Since I am not privy to the technical details of the NSA systems, I cannot answer that with any certainty, but I can guess at some of the controls.

First of all, even though the analysts are not interested in viewing the log metadata, they are almost certainly aware of its existence.  They know, better than anyone, that Big Brother is watching, and if they are caught with their hands in the cookie jar, they will get in trouble, possibly to the extent of jail time.  There may even be the equivalent of a burglar alarm built in to the systems, such that if an analyst does something naughty, an alarm goes off somewhere, and somebody investigates what's going on and fires/prosecutes the analyst who's peeking at stuff they shouldn't be.

HOWEVER, there are a couple of problems with relying on this.  Think about getting an alarm system installed in your house.  ADT charges a fair amount for their alarm monitoring services.  And they don't respond to every alarm.  If your alarm goes off and it looks like you opened your door without turning off the system, they don't bother.  An alarm system has two choices:  make sure to react to all the naughty accesses, but in the process also react to many, many things that look like they might be naughty but are actually legitimate OR don't bother unless you're fairly sure that the access is naughty, but potentially miss a bunch that look like they might be legitimate but are actually naughty.  Similarly, in NSA's system, the vast majority of accesses would be legitimate.  Sometimes an analyst may raise an alert as they legitimately access data for an unusual connection to their case.  Less often (we hope) they may raise an alert as they access data about their annoying neighbor.  The question is...who's going to respond to all the alerts (mostly false alarms) generated by hundreds or thousands of analysts working for the NSA?  System logs work much better AFTER an abuse has been discovered, and you need to track down/document whodunit.  They don't prevent the abuse (except by fear), and they don't work at all if nobody looks at them much.  Which a rogue analyst would also know.

This country is frankly not in the mood to address this issue.  Americans want to catch all the bad guys (terrorists and people abusing the intelligence systems), but don't want to pay for the effort.

We are told there are more bombshells to come.  I predict that revelations of data misuse or that sort of thing will be included.

Friday, June 7, 2013

The first person to march to a different drummer

I've always been a fan of Frost's poem "The Road Not Taken."  It suggests an approach to life that I aspire to:

Two roads diverged in a wood, and I,
I took the one less traveled by,
And that has made all the difference.
A traveler down that road would undoubtedly be marching to her own drumbeat.  And as I recently discovered, that image comes to us, courtesy of the Transcendentalist Henry David Thoreau.  I'm no authority on Thoreau, but from what I know of him, I'd have to guess that this quote from Walden probably expresses his quintessence:
"If a man does not keep pace with his companions, perhaps it is because he hears a different drummer. Let him step to the music which he hears, however measured or far away."
So Sidharta!  I like an extended version of that passage, as well:
"Why should we be in such desperate haste to succeed and in such desperate enterprises? If a man does not keep pace with his companions, perhaps it is because he hears a different drummer. Let him step to the music which he hears, however measured or far away. It is not important that he should mature as soon as an apple tree or an oak. Shall he turn his spring into summer? If the condition of things which we were made for is not yet, what were any reality which we can substitute?"
Food for thought in our Race to Nowhere culture.