aNewDomain.net — Facebook chief Mark Zuckerberg says he wants to build a privacy-friendly Internet. His recent phone call and open letter to U.S. President Barack Obama made headlines. But it’s empty rhetoric until Zuck backs up his complaints with cash, writes our Ted Rall in this exclusive to aNewDomain. Here’s why.
He was probably just blowing smoke to cover Facebook’s pre-Snowden cooperation with the NSA, but Facebook CEO Mark Zuckerberg’s recent phone call and open post to U.S. President Barack Obama were nevertheless noteworthy.
“The Internet is our shared space,” Zuckerberg wrote. “It helps us connect. It spreads opportunity. This is why I’ve been so confused and frustrated by the repeated reports of the behavior of the U.S. government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”
Given that Facebook worked with the NSA to create “the tech equivalent of a safety deposit box that only the NSA and the corresponding tech company can access… (the equivalent of) … a locked briefcase full of intel left in a digital garbage can with the NSA swinging in to pick it up at a prescribed time,” Zuckerberg’s confusion is — what else? — confusing.
It’s as if he is shocked — shocked! — to find that crazy dystopian data-vacuuming of everything about everyone all the time is going on at his own company. Yet he engineered it, in part.
But here’s the part of Zuck’s doth-protest-buckets post I found especially intriguing. He writes:
So it’s up to us — all of us — to build the Internet we want. Together, we can build a space that is greater and a more important part of the world than anything we have today, but is also safe and secure.”
Can we? Can we really?
Despite the very important crack in the political class’ previously-unified front that anything done under the aegis of fighting terror is automatically a-okay — that was Senate Intelligence Committee chair Dianne Feinstein’s public scolding of the CIA for hacking into her underlings’ computers to cover up torture — there isn’t much interest in reform on the part of the Beltway establishment.
Though a solid majority of Americans oppose NSA spying on Americans, even as part of the war on terror, public disapproval hasn’t boiled over into the high level of sustained rage that forces policymakers to pull a 180.
Aside from online slacktivism, there haven’t been any big street demonstrations against the surveillance state. So there’s no reason for the pols to care.
In this respect, NSA programs like PRISM are similar to free trade agreements like NAFTA and TPP — unpopular with the American people, yet consistently supported by their supposed representatives.
So don’t look to the government to restore online privacy.
But if not the government, who then?
Zuckerberg’s “us” isn’t us. It’s them — the dozen Silicon Valley companies that control 90 percent of Internet traffic.
It’s a bit of an intellectual exercise at this point, but let’s say they decided to build a “safe and secure” Internet — one that the NSA couldn’t penetrate.
Could they? Is it technically possible?
Some say yes. “End-to-end encryption makes bulk surveillance impossible,” Edward Snowden told a packed hall at SXSW via a Skype conference organized and moderated by the ACLU. “Encryption does work,” he said, adding his Harry Potter-like call to bring on tools like TOR as “the defense against the dark arts for the digital realm.”
As Amir Aczel wrote in Discover magazine last year:
The essentials of these techniques are far from new … the foundations of a program to create codes so powerful that they could not be broken even if an eavesdropper were to use the entire available worldwide computing power were laid more than 35 years ago.”
Encryption does work.
But it can’t always keep data safe.
Rather than use brute force to break encryption, bad actors like the NSA go around encryption protocols, creating “back doors” (such as malware surreptitiously installed on an Apple iPhone) to grab the data. This is done either at the initiating end, before it’s encrypted, or on the receiving end — after a “key” is used to unscramble it so it can be read.
Here’s an old-world analogy: Let’s say you write a letter using invisible ink. Let’s assume that only you and the person to whom your letter is addressed possess the potion that makes the ink visible. While it’s in transit, an evil mailman can intercept it — but he can’t read it. The content of the letter remains private.
But what if someone peeks over your shoulder while you’re writing the letter in the first place, or someone watches as the recipient applies the revealing chemical? That’s what the NSA does. They wait for you to open, then they nab the decrypted information.
Moving back to the virtual world, it is possible to use programs like PGP (Pretty Good Privacy) to move data through the Internet. An encrypted file can be safely downloaded to a device, which is then disconnected from the Internet. Then the recipient uses his decryption key to read it. The challenge is, what next? Computers and smartphones are expensive. They’re not disposable. At some point, odds are, you’ll want to get back online. Which is when the NSA’s nasty malware, which saved the data offline, sends it back to Fort Meade.
Such companies as Lavabit (which was pressured out of business by the government) and TextSecure have attempted to solve the end-to-end puzzle.
So far, no go.
William Binney, an NSA whistleblower who was Snowden before there was Snowden, advises:
The safest way is to do everything offline, encryption offline, then go online and send it. Then do decryption offline. But you have to have an air gap there. If you don’t have that air gap, you’re not safe…You’ve got back doors. No online system is safe. Or, they’re [the company is] required by law to put a back door into the system so that the FBI can listen to it.”
If the Iranians had paid attention to Binney, the StuxNet virus never would have screwed up their nuclear centrifuges because facilities wouldn’t have been connected to the Internet.
Typical Internet users carry out hundreds of interactions per day online. For them — and for you and me — what Binney describes is too time-consuming to be practical.
Most encryption programs require both you and the person you’re communicating with to install them. That’s a pain. Is it the necessary price of freedom? Perhaps not.
I agree with the Danish open source and encryption expert Poul-Henning Kamp, who says:
Attempting to add more encryption is just likely to have more broken encryption on the Internet. This is not a technical problem; this is a political problem. It must be solved by political means. That means, find politicians in your country who can understand this and make sure they understand it. If you cannot find these politicians, get some.”
Bottom line: If Mark Zuckerberg really wants to help build a safe, secure Internet, the most-effective way to begin would be to fund a Super PAC that backs pro-privacy politicians.
For aNewDomain.net, I’m Ted Rall.
Based in New York, Ted Rall is a nationally-syndicated columnist, editorial cartoonist and war correspondent who specializes in Afghanistan and Central Asia. The author of 17 books, most-recently published The Book of Obama: How We Went From Hope and Change to the Age of Revolt, Rall is twice the winner of the Robert F. Kennedy Journalism Award and is a Pulitzer Prize finalist. Follow him @TedRall, check out his Facebook fan page and definitely follow his Google+ stream here. Ted’s upcoming book After We Kill You, We Will Welcome You As Honored Guests: Unembedded in Afghanistan is due out in 2014.
We need better informed and more principled politicians if there’s to be any hope of reining in the NSA, so it is partly a political problem indeed.
But it’s also a technical problem because we do need better technical solutions (cryptography etc) against the many different types of attacks against our computers and data – not only by government agencies like the NSA but also against “ordinary” scammers, identity thieves, etc. E.g. the recent thefts of millions of people’s credit card information in database penetrations at Target and other large retailers.