Plausible Deniability

I’m generally sceptical about grand conspiracy theories due to one main flaw most of them involve: They don’t account for what’s known about human behaviour. People don’t conspire very well. There’s quite a lot of speculation about what the purpose of the NSA’s mass surveillance programs, for example, which is good. Because it also provides us with a great example of how something isn’t a conspiracy, and how there are far worse things than conspiracies in the world. Incompetence, outsourcing to save costs, efficiency targets, mindless bureaucratic processes can all create something that looks like a grand plan. And it’s not.

We’ve seen in countless examples that elected government officials don’t understand the technology they’ve supported the NSA using for mass surveillance. What been left off from the list of I-don’t-get-its (until just recently) are agency technocrats themselves. Here’s a statement from a 2009 Foreign Intelligence Surveillance (FISA) Court order about how people using this spying  tech in ways “not authorized” because they didn’t really get what it was they were switching on.  You may choose not to believe this to be possible. Watch enough people using technology, and you’ll see that it is. How many know where the data they’re using actually is? How many know where it’s stored and how it’s archived?

“It appears that the NSA, or at least those persons within the NSA with knowledge of the governing minimization procedures, are still in the process of determining how the NSA’s own systems work. No one inside or outside of the NSA can represent with adequate certainty whether the NSA is complying with those procedures.”  FISA Court Judge Reggie Walton

Mass surveillance across multiple digital, analogue, radio, CCTV, and all the rest is an exercise  in immense and exponentially increasing complexity. Think about all the simple things we hear about people screwing up on a daily basis.

This isn’t a cop-out, or accepting some sort of plea of ignorance, but recognising something else: There’s no way that mass surveillance cannot violate U.S. law or basic human rights (or many other countries’ laws, but they don’t care about that).

You don’t know how Google runs, and yet you use it and it works. There’s a case officer in some random American government building running a search query that’s been handed down by someone higher up who claims to have done all the right paperwork to ask for it. She or he logs into a system and runs a report and sends it off. There’s probably more to it then that, but I’d bet those are the main headlines of the process. Knowing anything about how the data is actually being culled is probably something above their pay grade.

The wonderful world wide internet is a complicated system, and the result of several complex processes happening all the time.  Each process was developed by someone or some group of people, but no one knows how every one of these work. So we end up with bulk data package collection methods, and contractors like Edward Snowden, hired to sift through it on demand. There’s no reason to think this will either stop happening or get any easier.

So what we get are attempts to change or circumvent laws to accommodate what the technology does.  When James Clapper says spies used “legal authority to search for data related to US persons” to monitor foreigners” he’s telling us that there’s no way technology could weed out Americans from others, so Americans need to lose those privacy rights as a matter of process. Legal rights are subservient to technical capabilities.

It’s a chilling state of affairs because technical requirements can have horrible knock on effects for the humans. Consider the one above. James is telling us that, if you talk to foreigners, you stand a greater chance of being spied on. The implicit suggestion to Americans is that to maintain privacy in light of this, they should be wary of non-Americans. More xenophobia is not exactly what the U.S. needs these days if we want to look at things it already has in surplus.

Earlier this month,  two leaders of the House Intelligence Committee, introduced HR 4291 (PDF doc), the FISA Transparency and Modernization Act. As EFF points out, the bill could have stopped mass phone surveillance in as little as 17 lines.  ”But it weighs in at more than 40 pages. Why? Because the “reform” bill tries to create an entirely new government ‘authority’ to collect other electronic data.”

the House Intelligence Committee was created to monitor the American government’s spying programs, but in the end, it serves to deliver agency requests to Congress to vote into law, sort of like how a client signs off a web developer’s functional specification. This isn’t as nefarious as it is expedient, but the end result is probably worse than anything a grand plot could devise.

Grand secret plots don’t produce too much in comparison. The Reagan administration was working around the clock simply to send a bit laundered cash to some anti-communist thugs in Central America. That was work. What we have now is auto-pilot, and it’s pretty freaking awful. Until people figure that out, things aren’t going to improve.

The phrase “plausibly deniable” was coined by a CIA director. It’s a process whereby withholding information helps protect various officials from being held responsible for things they’re supposed to be in charge of. It helped get Reagan off the hook for selling his weapons to Iran or sending the cash to the Contra rebels.

It’s also a concept used in privacy technology speak. Computer networks that don’t maintain logs or track users, software that keeps personal information from being recorded on other systems, hidden volumes of data in an encrypted file and other sorts of things qualify here. If you did want to pose a challenge to the mass surveillance thing, these have some promise when used right.

Mostly, it’s not how people use the web. You may think you’re beating the NSA by not banking online without realising that you actually are banking online every time you visit and ATM. Whether you shop at Amazon or go into a shop doesn’t matter (from a government monitoring perspective) if you’re paying with your card, use point cards, rebates, etc.; because that’s all still shopping online.

Finally There’s the government’s new plausible deniability: ‘We didn’t really get what we were doing with all this technology.’ It all comes down to bad tech support, in the end. But these people do now, of course. This one’s good though, because it’s really plausible. We know they don’t know how a lot of the stuff works or even how to use it very well. But they know what it does, and what the result is. That should be enough.

Experiments in modern living