Bruce Schneier’s Bat Signal Alarms Internet Engineers

by Pixeleen Mistral on 14/09/13 at 6:14 pm

Pixeleen Mistral interviews Mark McCahill to calm Herald technical staff

I realized something was terribly wrong when The Herald's electronic press fell *out of sync* with the soothing retro-euro-disco thump of Daft Punk's Random Access Memories playing in the editorial offices.

Normally the technical staff are careful to avoid harshing the mellow of the writers, but now the clatter of the press was fighting a winning battle against the sound of a Moog module synced to the click track in "Giorgio by Moroder". I didn't even want to think about what might happen by the time "Get Lucky" rolled around.

A familiar voice could be heard yelling "THIS SHIT WILL NOT STAND!" from the machine room as a mob of enraged engineers chanted

WTF? NSA?
WTF!! NSA!!
GIMPED ELLIPTIC CURVE CYPTO?
NO FUCKING WAY!!!

The chaotic cacophony of enraged engineers completely overwhelmed Daft Punk when the door opened and the mob spilled into the offices brandishing cross-compilers, git repos, malformed packets, Macbook Pros, and carpal tunnel wrist braces - the tools of their trade.

I put down the copy of Vanity Fair I had been reading. A tall black-clad figure marched across the newsroom and slammed an iPad on my desk, nearly upsetting my glass of coconut water. "Did you see this shit, Pix?"

Smiling sweetly, I asked, "Is there something wrong, Mark?", then glanced at the iPad and frowned. Mark McCahill - one the the Herald's technical staff - had been reading The Guardian again.

I was eventually able to shoo the other engineers back to work with the promise that I would talk to McCahill and see if there might be a coherent story for Herald readers - but I had my doubts.

We'd been through this scene before. Over the summer, as whistleblower Edward Snowden's leaks corroded what little remaining credibility the Obama regime might have, the engineers grew increasingly angry. Strangely enough, most engineers want to build systems that benefit society, believe in the rule of law, and even take constitutional privacy protections seriously. Who knew?

The best approach calm the situation seemed to be an interview, so I invited the ponytailed binary boy to have a seat.

Pixeleen Mistral: So what is it this time?
Mark McCahill: The NSA and GCHQ have been intentionally gimping the crypto standards for the Internet, strong arming IT vendors into releasing products with security-defeating backdoors, and running man-in-the middle attacks. This sort of thing destroys the foundations of trust and commerce on the Internet. It is so bad that Bruce Schneier - one of the gods of cryptography - sent out the bat signal last week. Bruce is calling for the November IETF internet standards meeting to hold an emergency session to figure out how to fix what the NSA has broken. It's time to take the Internet back.

Pixeleen Mistral: Well everybody knows that the NSA spies.
Mark McCahill: Sure, but we now know unethical engineers and out of control government agencies have been doing what we had suspected - intentionally weakening the security systems the internet uses. And they did this so they can spy on everyone, everywhere via the sort of dragnet surveillance that requires building enormous data centers at great expense. The only people that benefit from this are power freaks in the government, their contractors, and corrupt politicians that approve NSA overreach and are rewarded with campaign contributions from the contractors. This is the sort of positive feedback loop of corruption that Lawrence Lessig has been warning about for years.

Pixeleen Mistral: Why do you think they are doing that?
Mark McCahill: Arrogance combined with stupidity. The NSA assumed that nobody would find the backdoors they introduced - a very dangerous assumption given how poorly they protect their secrets. I'd like to see the risk analysis the NSA did when they started down this path - if they even bothered. Based on what I have read about NSA leader 'Cowboy' Keith Alexander, cost/benefit analysis is just not how he rolls. I can't even begin to guess what this will cost the USA's I.T. industry in lost sales. So chalk it up to delusional leadership. Take a look at Tom Englehardt's "And Then There Was One" piece - it explains a lot about the political dementia of the USA.

Pixeleen Mistral: Ok I can see the arrogance part, but where is the stupidity?
Mark McCahill: The NSA doesn't even know exactly which documents Snowden took, which is obvious because each time the NSA denies something, the denial is shown to be a lie by the next leak. Seems like the NSA have weak internal security, doesn't it? Aren't they supposed to be good at this sort of thing?

The head of the NSA - General Keith Alexander - says he is going to use automation to get rid of 90% of the 1000 system administrators the NSA has to prevent another Edward Snowden-style leak. If they can really automate systems that much, why haven't they done so already? Was cowboy Keith worried about upsetting the gravy train for NSA contractors like Booz Allen Hamilton? Sounds to me like the NSA has way too much money to throw around. This looks like a bad case of outsourcing and consultants run wild.

Pixeleen Mistral: How so?
Mark McCahill: A classic failure mode for I.T. projects occurs when you bring in "visionary" consultants who then expand the scope of the project to build a bigger empire and run up more billable hours.

Foreign Policy has a great story about how Alexander rose to power and built his empire. Foreign Policy says Alexander hired a Hollywood set designer to make his Fort Belvoir "Information Dominance Center" look like the bridge of the starship Enterprise from Star Trek to impress members of congress when they came through on tours. Sound familiar?

Pixeleen Mistral: Sounds like those Justice League Unlimited guys who were spying their way through Second Life a few years ago. I've got a picture here somewhere...

JLU command center
Would Keith Alexander would approve of the JLU command center? yes.


Mark McCahill: They wanted to connect the dots too, didn't they? That Foreign Policy article has a great passage that raises questions about how effective Alexander's dragnet surveillance fetish really is in 'fighting terrorism':

When he ran INSCOM and was horning in on the NSA's turf, Alexander was fond of building charts that showed how a suspected terrorist was connected to a much broader network of people via his communications or the contacts in his phone or email account.

"He had all these diagrams showing how this guy was connected to that guy and to that guy," says a former NSA official who heard Alexander give briefings on the floor of the Information Dominance Center. "Some of my colleagues and I were skeptical. Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops."

A retired military officer who worked with Alexander also describes a "massive network chart" that was purportedly about al Qaeda and its connections in Afghanistan. Upon closer examination, the retired officer says, "We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan."

Pixeleen Mistral: i c
Mark McCahill: Are Keith Alexander and his boss James Clapper competent at anything other than empire building? You really should read that Foreign Policy profile of Alexander. Check out the money quotes about Alexander and Heath - his semi-tame techie sidekick:

"Heath was at Alexander's side for the expansion of Internet surveillance under the PRISM program. Colleagues say it fell largely to him to design technologies that tried to make sense of all the new information the NSA was gobbling up. But Heath had developed a reputation for building expensive systems that never really work as promised and then leaving them half-baked in order to follow Alexander on to some new mission.

"He moved fairly fast and loose with money and spent a lot of it," the retired officer says. "He doubled the size of the Information Dominance Center and then built another facility right next door to it. They didn't need it. It's just what Heath and Alexander wanted to do." The Information Operations Center, as it was called, was underused and spent too much money, says the retired officer. "It's a center in search of a customer."

...

"There's two ways of looking at these guys," the retired military officer says. "Two visionaries who took risks and pushed the intelligence community forward. Or as two guys who blew a monumental amount of money."

Pixeleen Mistral: So what is next?
Mark McCahill: Well, the NSA will have a hard time offering any advice to standards committees - who would trust them now? A lot of effort will go into re-doing the security and privacy underpinnings of the Internet, now that we know the spy agencies are completely out of control. 

In terms of technical strategy, since the NSA is treating the public as an adversary, look for serious work on privacy and anonymity-preserving standards designed for anyone to use. I'd love to see robust IPSec and TOR built into everyone's home WIFI router.

Pixeleen Mistral: what do you say to readers who are skeptical that the NSA and spy communities are a problem?
Mark McCahill: The best response is something Glenn Greenwald said a while ago. Google 'the Church committee, FBI, and Martin Luther King" and tell me what you find. 

Pixeleen Mistral: what have I missed? Is there anything else you want to share with the Herald readers?
Mark McCahill: It's been real Pix, and now I see what Urizenus meant about being 'self-identical'.

Pixeleen Mistral: I know what you mean - now can you get back to the machine room and get that press back in sync? Get Lucky is going to start playing any minute, and I have stories to write.
 

8 Responses to “Bruce Schneier’s Bat Signal Alarms Internet Engineers”

  1. Alyx Stoklitsky

    Sep 16th, 2013

    Couldn’t resist mentioning the JLU, could you?

  2. Shava Nerad/Shava Suntzu in Sl

    Sep 24th, 2013

    <3

  3. Jumpman Lane

    Sep 24th, 2013

    geez… interview thyself lmao

  4. Jimbo Quality

    Sep 24th, 2013

    Sounds like you need my technical techniques again.

    I always unclogged the intertubes using some melted bacon fat and a squeegee thing I made. It’s probably still in the back room of the old offices, unless goddamn bird did something with it.

    Let me know, I could use the work.

  5. Myrrh Massiel

    Oct 4th, 2013

    …wonderful to read you cracking the bytes again, pixie…

  6. bubblesort

    Oct 12th, 2013

    Looks like McCahill and his engineer buddies are making some headway!

    http://www.internetgovernance.org/2013/10/11/the-core-internet-institutions-abandon-the-us-government/

  7. [...] know that sounds hyperbolic, so don’t take my word for it.  Here is an ‘interview’ with Mark McCahill, where he explains the [...]

  8. [...] the virtual world of Second Life in its reporting and seems more interested in hackers, the NSA and the rather bizarre spectacle of Pixeleen Mistral interviewing Mark McCahill, actually that’s a really good read. The Herald has always had a bit of an unfair rap because [...]

Leave a Reply