game, game. repeat.

Open (Source) the NSA

Mon 30 January 2017 #politics

Democracy and government secrets are at odds with each other. Keeping secrets and accessing the secrets of others is a way to gain power. And while we want our government to gain power over people that seek to harm us, we do not want them to have power over the innocent citizen they answer to.

The solution is transparency. The NSA must make a monthly copy of all the data and software from their systems and make it available to the public 2 years later. 2 years gives the NSA and our government time to take advantage of their secrets. And then it gives the people a chance to scrutinize the NSA’s choices.

Q: Won’t this reveal everyone’s deepest, darkest secrets? I don’t want my emails to be made public!

A: I suggest a one-time purge be allowed when we implement this policy for the first time. After that, if the information shouldn’t be made public in 2 years, the NSA shouldn’t collect it.

Q: Won’t this greatly reduce the NSA efficacy? The terrorists will know all of our techniques and be able to protect themselves against them!

A: Most people and organizations, even knowing everything the NSA can and does do to monitor their communication, would still find it difficult and uneconomic to protect themselves against NSA monitoring. These days, even after serious software security bugs are found, fixed, and discussed publicly, many computers remain unpatched and vulnerable to the bugs years later.

Q: Ok, so maybe your average terrorist won’t be able to hide from the NSA, but what about China, Russia, industrial spies, and other sophisticated adversaries?

A: This will make it harder to succeed against sophisticated adversaries. Let’s say, for the sake of argument, that the NSA will be 75% less effective against them. We’ll have the choice to increase the NSA’s budget to compensate or accept a reduced capability. That said, I suspect that the NSA would eventually get better at operating within the new constraints and the performance gap would lessen over time.

Q: I have a better idea, why not make them 75% more effective by leaving them alone?

A: Our greatest innovation and asset is the liberty our founders and soldiers fought and died to protect. The NSA’s mission is to help protect us through signals intelligence, not only our physical persons but also our liberty–some would say liberty comes first. Just as we increase the cost of criminal justice by treating the accused as innocent until proven guilty and enforcing rules of evidence, our liberty will be better protected by limiting our government’s ability to abuse secrecy.

Q: Won’t China, etc. use the NSA techniques against us, our government and our companies?

A: Yes. Authoritarian and criminal organizations operate with some advantages because they are less constrained by laws, cultures, and institutions designed to protect their citizens’ freedom. Others will use the NSAs tools in industrial and state espionage. But, operating under these new constraints, I suspect the NSA will become a big source and advocate of fixes for security bugs, and many security-minded software makers will take advantage of the NSA’s knowledge to fix their bugs and improve security, limiting the utility of the NSA’s 2-year-old exploits. Those software makers and users that aren’t security-minded won’t patch their bugs, but they already don’t.

Q: Why not just reveal the techniques used and not the data? Why not allow redactions to protect our spies?

A: The more complicated we make the maintenance and enforcement of the policy, the less likely it is to work. Complexity can easily become an excuse to drag our feet and it makes it too easy to hide information and avoid compliance.

Q: Won’t this put our sources in (mortal) danger?

A: This will make it harder to use sources, human or technical, for any length of time against a sophisticated adversary. When we do use human sources, we’ll have to move them out of harm’s way before their identity becomes public, which will be harder on them and us. I expect we’ll want to purge most of the existing evidence when this policy is first rolled out, so as to start with sources after we’re properly prepared to explain and manage the new risks we’re taking on.

Q: Why 2 years of secrecy? Why not longer? Why not shorter?

A: 2 years is long enough to take some advantage of the secrets we gather while being short enough for a motivated president to enforce the transparency policy and for them to be held to account for it by the public.

Q: Sounds expensive. Doesn’t the NSA have a massive amount of data?

A: Yes and yes. I imagine Google or another interested contractor would be able to figure out how to host the public data if the NSA didn’t want to do so itself, at a reasonable price given the volume of data to be published.

Q: You are not qualified to talk about this, you don’t know what the NSA and the President knows, if you did you might change your mind.

A: As a citizen its my right and duty to engage with the difficult topics that impact our democracy. With the information available to me, its clear that we are putting our democracy in great danger by concentrating more and more power, with less and less meaningful oversight, with fewer and fewer people in our government. Blind trust in our leaders is not how democracy works, its how authoritarian regimes work. The main idea of this policy is to make meaningful oversight possible while preserving as much of intelligence capability as possible as the 2nd priority rather than the 1st.

Q: What about objections X, Y, and Z that you didn’t talk about?

A: Let’s talk about them. I have no doubt this idea can be improved upon. The fundamental question I’m posing is this: if you treat liberty as the #1 priority and intelligence capability as #2, what kind of NSA do you get? I suspect ‘a great one’ that, instead of undermining our values, becomes a poster child for them while also accomplishing their important intelligence gathering mission.

Q: Won’t the NSA say they are complying with this policy and then, give a wink to the President, and then, you know, not?

A: They could. The President and Congress need to be onboard. Not just onboard for optics while they secretly do something else, but onboard onboard.

Q: The President and Congress don’t agree with you. They like their secrets. They believe they can be trusted with them and the power it gives them. They won’t get onboard. Now what?

A: The People need to talk about this and decide its what they want. When we are united, we get our way, we live in a democracy after all.