Platt Perspective on Business and Technology

Learnable lessons from Manning, Snowden and inevitable others 29 – when a search for absolute security becomes the norm

Posted in business and convergent technologies, in the News by Timothy Platt on October 16, 2014

This is my 30th posting on what is becoming a series of leaks and unauthorized disclosures of classified US government documents that relate to its War on Terror (see John Peter Zenger, Henry L. Stimson, Edward J. Snowden and the challenge of free speech and the first 28 postings to this series, available at Ubiquitous Computing and Communications – everywhere all the time 2 as postings 225 and loosely following.) And by this point in this ongoing narrative, it should be fairly obvious that this is in fact a series that I will be returning to and certainly through any foreseeable future as I respond here to still developing and unfolding news and emerging history. And it is at least as much a series on governmental responses to those leaks, as it is one on the leaks themselves.

I made note at the end of Part 28, of a then still breaking news story involving the British government’s counterpart to the United States National Security Agency (NSA): their Government Communications Headquarters (GCHQ), and one of Great Britain’s most respected newspapers: The Guardian. My goal for this series installment is to begin with that news story and go from there in discussing how both the United States and her allies in the War on Terror have all come to adapt and fully believe in essentially the same overarching cyber-defense policy that I have been outlining here in this series as President Obama’s emerging cyber-doctrine (see Part 26, Part 27 and Part 28 for a more detailed discussion of this doctrine per se and its core elements.)

I begin here with that news story. The Guardian, originally published under the name The Manchester Guardian, has been in continuous publication since 1821. And it has grown into a major international news organization and online news presence. When Edward Snowden decided to go public on what he had learned concerning the US government’s open ended surveillance programs on essentially everyone – everyone who goes online or uses a phone that is, he searched out large reputable news organizations to share copies of his leaked documents with. And in this, it is most likely that he saw himself as fulfilling essentially the same role that an earlier generation leaker: Daniel Ellsberg did in outing what came to be known as the Pentagon Papers to The New York Times.

Not all news organizations that Snowden approached accepted copies of his leaked documents; some pulled away and sought to distance themselves from this news bombshell. I can only speculate in more general terms as to why those news organizations chose to opt out there. But it is likely that the complications and challenges that emerged from a still recent flood of classified documents released by Bradley/Chelsea Manning to Julian Assange and his WikiLeaks must have played a role there, and particularly as Assange came to use those leaked documents for promoting his own agenda and to boost his own ego and self-image. So not all news organizations approached by Snowden picked up on his offer to provide them with what could be seen as a major globally significant news scoop. But very importantly here, a significant number of news organizations did, and news organizations that are headquartered in different countries and that work out of different home country legal jurisdictions.

On the face of it, the news story that I raise here, coming as a response to Snowden’s disclosures, is fairly simple. Officers of the United Kingdom’s GCHQ, operating under the legal authority of a secret, closed door court hearing entered the offices of The Guardian and seized computers and external storage devices that might be holding copies of the Snowden documents. They removed those computers’ hard drive data storage media and ran them, and the external data storage devices that they took custody of through a mechanical shredder to physically destroy them and all files housed on them. Ostensibly this was to prevent further leaks of Snowden documents held but that had not been made public, at least yet. But given the nature of these documents, and the ease and portability of even vast numbers of computer files how likely is it that even The Guardian had back-up copies off-site? And even if they did not, how could this possibly prevent the release of those other documents from other holding sources? It can in fact be argued that this action could even prompt other news organizations to release more of their document copies and earlier than initially planned or intended, in case their governments where planning similar action against them too. What GCHQ agents did could actually in effect force to happen precisely what was ostensibly being prevented, at least as to intent.

And this brings me back to the notes that I wrote on this news event in July, appending them to my still then freshly-completed Part 28 posting. Reporters from The Guardian had just finished teleconference interviewing Edward Snowden on the politically and governmentally embarrassing issues of how an organization such as the National Security Agency could be so lax in letting people like Snowden, and I add people like Manning copy so many highly classified government documents, from such a wide range of sources and compartmentalized systems and simply walk out the door with all of this – and under circumstances where even after the fact the NSA and its forensic systems analysts could not tell what had been copied and taken, from any file-access or copy-permissions traces left in their overall systems.

• Were these Guardian reporters’ interview files and notes high priority targets for this GCHQ damage control exercise too? It is hard not to at least consider that possibility.
• And along with seeing this as a reactive response to the ongoing presence of still unrevealed classified documents, it is hard not to see this as a proactive response to, and as I worded that in Part 28 an act of intimidation to keep The Guardian and its reporters from doing more.

And this brings me back to the starting point for this posting and to my reason for adding it to this series. The Obama cyber-doctrine might have had its origins in the United States and its national security systems, and President Obama might be the principle architect behind this doctrine as a system of overarching policy and perspective. But this has been picked up upon with full force by the British and I add by others – including by the Germans and their NSA counterpart: their Bundesnachrichtendienst (BND) and even as the US and Germany have found themselves on a collision course due to the revelations of how the US has conducted ongoing surveillance in Germany against their Chancellor and their government agencies (see Part 28 for a brief outline of that news story.)

And I return to the four principle points that I have laid out as representing at least the publically visible face to the Obama cyber-doctrine, at least since the Snowden disclosures (here repeated from Part 28:

1. The United States government has both a right, and even a fundamental obligation to conduct surveillance on any group or individual who might conceivably be involved in, or in any way communicating with a War on Terror threat – and even unwittingly and unknowingly.
2. The United States government has a fundamental right and even obligation to pursue its online cyber-defense across any and all borders and boundaries in its pursuit of national security and as it conducts its side of the War on Terror.
3. The fundamental and unchallengeable goal in this has to be the achievement of absolute, perfect national security and reduction of any War on Terror threat to zero.
4. And while the US national government has a right and even an obligation to conduct open ended surveillance on anyone and everyone in pursuit of this goal, private sector businesses and organizations have very circumscribed rights as to what types of personal data they can gather, how and how long they can store it, and how they can use and share it. Open ended data collection and surveillance are a national governmental prerogative.

And I focus on Point 4 here, as the GCHQ-led action against The Guardian as a news organization as briefly discussed here, highlights how in keeping with the principles of Points 1 and 2, a national government can have essentially unbridled license to take action in the name of national security. But any private sector participant, a supposedly free and independent press included, can be tightly reined in and even by direct assault on their capacity to gain and hold news information. So I wrote in Point 4 about personal information. But I find myself thinking back to Daniel Ellsberg and his release of the Pentagon Papers.

He faced legal action in a standard court of law and under all of the rules and safeguards in place in that setting for protecting his rights. That was then. In today’s climate it is more likely that Ellsberg would have faced a very different if also legally permitted process and system. He would in all likelihood not have faced a Department of Justice-organized court hearing or trial. He would not have had a right to select a legal defense of his choosing and any defense assigned to him could at best be seen as serving two masters: their client and those who appointed them as defense council and who were bringing action against their client. Ellsberg would not be afforded a right to habeas corpus or opportunity to see and contest evidence brought against him and it is likely he would not be fully informed as to the nature of that presumed evidence either. He might be detained long-term without ever being formally charged, as has been done for War on Terror enemy combatants and those judged to fit that description who have been held at Guantanamo and its prison facility for years now. This is a perhaps less than fully believable alternative reality scenario for Daniel Ellsberg when considering his case but it is exactly what Edward Snowden would face if he were brought into US custody. So I return to Point 4, above, as a final thought here for this posting: it applies to individuals who might take action in accordance with their sense of conscience and moral duty, as much as it does for businesses as they do or do not use consumer and other personal data. A government can have essentially unlimited rights and authority to exercise them while any other actor in this arena can be very limited in what they can do and how.

You can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time 2 and in my first Ubiquitous Computing and Communications directory page. I am also listing this under my In the News posting category. And I note here that I actually write and upload this posting to my blog server on August 11, 2014 so I might add a follow-up, update note to it before it goes live.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: