Friday, 24 January 2014

Is the NSA dragnet an unconstitutional secret success?

I have a theory that the NSA, or their data, is actually successful at stopping many crimes. Perhaps not the Boston Bombers, but many others. The trouble is they have to keep it secret.
NSA mass surveillance: a failure or just foxing?
Billions of dollars, many years, project restarts and still failure? Perhaps not. A few tech people I know concur with my thoughts that it must be really hard to fail at connecting the dots with all the data the NSA collect. How can all of those nice graphs and pools be not useful? Private companies do just fine on profiling us with less data. You'd think there would have to be a successful pre-crime unit hidden away somewhere slurping up all that good data.  I've made a living at getting signal out of noise and though their problem is large, it should not be that difficult.

Q: So why would the agency paint a picture of failure?
A: They have to.

Why? That's easy, I think.  Let me meander through.

Professor Geoffery R Stone and now the US Government's Privacy Board agree the program is unconstitutional. That makes it illegal. We all wait for the Supreme Court to make the final adjudication.

Let's say the programme is successful.  It is used by many, including the FBI, DEA, to make connections. The agencies have been caught out handing over information and requiring the case when at trial not to use that information so the source or method may remain protected. Stories abound of PIs giving their mate at the FBI a call to get information on someone. Law enforcement agencies would be tremendously excited at having such data at their finger tips.  Imagine finding all the people within a radius of a crime from their cell tower records. Now find all the people within a radius of the use of a stolen credit card. Intersect.  Call up the person's address, track them via their cell, and then get the warrant to "confirm" the cell phone records. That would be pretty useful.

So just perhaps the data is very valuable indeed.

Now the agencies have a problem.  If it is declared unconstitutional and therefore illegal then any dependent legal cases would be subject to being revisited. What a mess that would be.

The prospect of terrorists, murderers, rapists, kiddy fiddlers, kidnappers, conmen, etc all walking the streets is indeed frightening. Perhaps the government is in a bind.  You can't say it is successful otherwise those cases are endangered.

If mass surveillance by the Ministry of Truth was truly useful, as I suspect it is, then I understand the dilemma. I'm not sure I'd like to be responsible for releasing a lot of criminals onto the street. I'd be looking to solve the constitutional problem but without letting the cat out of the bag that would free the criminals.

Maybe this is why the powers that be really want to keep the programme in place and make it pass constitutional muster.

Ex-NSA staffer, William Binney of ThinThread points out that the follow on project to his did spend years and waste billions before the project was killed. Perhaps the NSA and friends are truly incompetent, but I personally doubt they are really so incompetent that they have continued to fail up to 2014.

So has the NSA wasted billions and many years on a failed project?  Is there secret value in the project that we can't be told about?

If the programme has value then perhaps Obama's speech makes more sense than we are allowed to know. Shameful indeed, but perhaps they have no choice now that they have dug their own grave.

Not committing the constitutional crime in the first place is the trite solution. The mess is perhaps a lesson in that open government rather than secret courts is the best path.

If this mess is the case, how would you fix it?

If you get linked to this story by a government official then perhaps you know the answer ;-)

Monday, 20 January 2014

Federal Court of Australia - food for thought

Honourable Justice
Michelle Gordon:
A poster child for
FCA reform?
[Newer post: Honourable Justice Michelle Gordon is a shit judge

My recent trials and and ongoing tribulations have made me think about the Federal Court of Australia quite a bit, mainly out of utter frustration. I see a system of good intentions that is quite broken. The work of many good judicial officers and staff are let down by an ambitious few or those who curry recognition via patronage to outside interests. Perhaps the people who consider reform are simply too close to the forest to see the trees? 

Let me meander along with some of my thoughts below.

1. Judges below the High Court should not have tenure or there should be a mechanism that makes it simpler than current practice for a judicial officer to be dismissed.

It may be appropriate for the Chief Justice of the Federal to have tenure but the process of appointing Federal Court judges is not sufficiently robust to support tenure.  Hon Justice Murphy, Hon Justice Davies and Hon Justice Gordon of the Victoria Registry are prime examples of judges for whom tenure was perhaps premature.

An alternate mechanism for dismissal by peers, the Chief Justice, or some other non-political approach should be available. It could be that some kind of contract or probationary role should be in place for new justices for a substantial period.

Australia is not alone here. There is recognition of this the world over. It is hard to see how appointing a solicitor without prior experience of judicial office to a tenured position at the Federal Court of Australia makes sense. This was the case is Murphy J.  It further does not strike a chord of fairness given the former working role of Murphy J & former Prime Minister Gillard and the hint of scandal around the union trust fund abuse. Our experience of justice at the hands of Murphy J was certainly not complimentary relative to the intellect shown by other good judges.

Whilst tenure allows reform without fear it may also encourage hubristic ambition as a judge may push their own agendas to promote their own political causes.  For example, Gordon J wrote a treatment of competition law and then used a novel approach against Bradken and Greiner promoting this treatment.  Gordon J wrote a treatment on fast tracking litigation then used such techniques, which may have been unwise, in Zomojo v Hurd & Others.  For any powerful entity to take ambitious action without any fear of consequence is dangerous.

2. Judges, except in the High Court of Australia, should not be the first point of call with bias or apprehended bias claims against themselves.

It is widely recognised around the world that self-assessment for bias and the perception of unfairness perhaps should not sit with the judicial officer overseeing the case.  In our particular case we have seen Gordon J show terrible bias and on looking at some of Her Honour’s other cases, for example Bradken/Greiner, Her Honour has shown poor self-assessment.  The SMH reported on one of her cases that she was surprised that a defendant thought it improper that she should sit on a case where she had previously prosecuted the gentleman as a barrister on behalf of ASIC.  In the ANZ bank fees case, Gordon J sits on a school board chaired by an ANZ senior executive.  A higher standard needs to exist for public confidence in the court system.

3. Mediation is a good idea but flawed. It should be completely optional without recourse if shunned.  It should come with warnings regarding the abuses that may occur.

Our own experience in court mediation has been terrible. The applicants treated the process with contempt and simply used it as an abuse to fire outrageous claims to attempt to hone an argument. It also seemed that it was used as a mechanism to leak information through back channels to the court system as the relationships between the registrars and judiciary is close, perhaps too close at times. However, if a party is to resist mediation today they would be ill considered by the judiciary before even stepping into the court room. There is not an understanding of the dangers and abuses that parties may carry out in mediation.

4. The Federal Court of Australia rules disallowing self-representation by a corporate are flawed and they should be altered, at least to the equivalent of NSW Supreme Court.

Abuse by litigation is easy as litigation is expensive. More so in the Federal Court of Australia.  Millions of small businesses are potentially subject to bullying and intimidation by legal threat. Firms with money can overpower others in Federal Court as firms may be denied adequate representation or any representation at all.  If you cannot afford a lawyer you cannot even represent your own small company which means you simply get trampled on.  Even when our company had a barrister in court, we were denied representation as having a barrister in court was insufficient legal representation.  That makes no sense.  The system needs repairing.

5. Lawyers and barristers should be more accountable for their correspondence and statements to the court and opposing parties.

We and our various legal representatives have been subject to many lies, purposefully misleading statements and intimidation from the other side.  Aggressive legal behaviour when grounded in truth is much different to unwarranted threats, out right lies, feigned memory loss in the stand, and intimidation toward smaller legal offices, all of which we have witnessed first hand.  Unfortunately such actions are almost never punished which creates a popular market for such firms. Two particular Australian firms are renown for such bad behaviour. Firms that will seemingly take great personal risk by illegally stepping of the line forcefully are appreciated by clients looking for aggressive legal action.  However, it turns out there is virtually no risk resulting from such behaviour as almost nothing is ever and far from being a risk to those firms it is just a great marketing benefit which attracts more clients and perpetuates the court condoned behaviour.

Part of the reasoning for the FCA not allowing self-representation of corporates is that legal representatives are meant to be held to higher account, as it is their profession they are supposedly risking if they were to be inappropriate.  Our experience of lies and deceit from the opposing legal representatives make a mockery of this. The system is broken. 

Our first complaint is before the Legal Services Commissioner in Victoria but I would note the Commissioner’s own words that larger firms are almost never before the commissioner as they behave properly. I don’t think our experience is particularly exceptional so I believe this perception from the Legal Services Commissioner to be a distortion simply due to the power and influence of such firms allowing avoidance of consequence.

6. Procedural fairness and natural justice claims to be heard during a trial, not after.

When a judge makes gross errors in procedural fairness and natural justice it is wrong that a party must wait an inordinate amount of time to have that heard especially when a participant goes to great lengths to delay the possibility of review. In our case it will be years before we may be heard. Also, due to a terribly wrong decision by the Davies J to put solvent companies into insolvency by a party with no proper standing, the claims of the corporates will now never be heard.

It is wrong that a judge can change the allegations and the case after the trial has been run as Gordon J did. A person has a right to know what the case is that they are actually answering otherwise how can they present evidence and a defence?  It is wrong that a judge can ignore submissions from a defendant and quote irrelevant submissions from the other side.  It is wrong that a judge can throw out evidence wholesale without proper consideration. It is wrong that a judge can complain of evidence not being presented in a written judgment when the transcripts show they themselves denied it being presented. It is wrong that a judge may declare evidence is not to be heard until a second part of the trial then rule on that part of the case before the evidence is heard and then dismiss a stay or appeal. It is wrong that a judge can selectively ignore evidence in judgment when it does suit their purpose in a judgment.

When a judge, such as Gordon J, goes off the rails so outrageously, it is wrong that years can pass before any recourse is possible. It is wrong that other legal mechanisms can be further used to delay and derail having an avenue to appeal. The system is broken.

7. Officers of the court should be held to a higher account with respect to apprehended bias from outside employment or directorships.

Davies J and Gordon J both work in the same tax faculty at Melbourne University Law School.  An applicant’s wife also worked at Melbourne University as a Professor.  The applicant and his wife had donated at least $200,000 over several years to the University of Melbourne.  That year of the trial, 2012, a relative of the applicant was awarded an academic prize in the Masters of Law and there are many other relationships between the applicants and the judicial officers, including at least one of the registrars. 

Gordon J is deciding an important ANZ bank fee class action case.  Gordon J’s boss on a school board Her Honour sits on is an ANZ executive.

Such relationships bring into the question whether a reasonable lay person may perceive that a judge may or may not be impartial in such circumstances.  There should be more stringent guidelines to what is acceptable and when a judicial officer may not sit on a case.


8. Back channels and informal communication prejudicial to or with the potential to pervert a proceeding need to be eliminated.

Over the last few years of this case running it has become clear that there are back channels of communication between lawyers, registrars, judges, judges chambers and applicants.  We have overheard inappropriate murmurings in the registry whist standing at the registry counter.  We have been subject to onerous behaviour from a registrar time and time again only for that registrar to later recuse himself when he would have had to make a decision in our favour as he then declared a friendship with the applicant. We received a response to an application before it had even been served. Certainly not all our experience has been this way but there as been enough to be very disconcerting.  There needs to be higher standard and also, if we are aware of it in our occasional flirtations with the court process it indicates a larger problem as our reference points are few and far between.  The majority of the iceberg would be underwater.

This rampant communication and back channel gossip seems particularly endemic to Victoria.  Legal representatives we have spoken to in other states, particularly those that occasionally practice in the Federal Court in Victoria, shake their head in disbelief at the general closeness of legal community to Victorian Judges, Federal or otherwise, and remark that such behaviour would never be tolerated in their state, whether it be Qld, NSW or SA.

Perhaps in Victoria there should be a review of policies and procedures and retraining, where appropriate, of courts with respect to professional policies in this regard. There needs to be a higher standard.

9. Defamation by the media during a trial happens too easily without recourse.

During our case, Fairfax have published defamatory articles in The Age, SMH, AFR and BRW without regard to the truth. It seems there are one or more relationships between our adversary and parties within Fairfax. Fairfax has only been too willing to abuse their position and yet the current defamation laws only offer a long and torturous path with little hope of getting any recompense on winning such obvious defamation. As has been explained to us, defamation is only for rich people. There is much to fault with Fairfax’s behaviour, but equally the regulations and laws of the land are to blame for allowing such abusive patronage in the media.


10. Defamation by the judiciary is too common.

A judge is protected from being sued for defamation. A judge is expected to make reasonable conclusions. A judge may interpret the demeanour of a witness on the stand and make conclusions regarding their character, as this is part of the job.

However, we have seen outrageous character assassination in judgments that seem solely to serve a purpose of allowing the judge in question to support the conclusion they wish to make. Gordon J is particularly adept at writing fanciful story lines in judgments where Her Honour has to exclude facts that do no support the prosecution Her Honour makes.  We have also seen such assassination of character where corroborating evidence from other witnesses is ignored as it would be perhaps inconvenient to assassinate multiple witnesses’ character over the same factual contention.

With great power comes great responsibility.  Judges should be required to show much more care in their pronouncements on character. Witnesses should have some recourse to claim damage or seek correction or apology from the court rather than be published eternally as people of poor character. The collateral damage of judges, whether rogue or not, is unforgiving and everlasting. A person may spend a life in charitable works and be a pillar of the community only to be casually destroyed by a judge without regard to proper merit. There needs to be a higher standard and recourse for such parties especially when the parties are not direct participants but witnesses, employees or otherwise connected to the case.

For some judges it seems to be part of their standard toolkit.  Gordon J was harsh in our case on numerous people from our side.  Davies J was unacceptably and outrageously hard on one particular witness who is a pillar of his community.  Then you look at other Gordon J cases and you see a pattern of behaviour, for example, Bradken and the character assassination of former Premier of NSW, Nick Greiner AC.

11. Expert reports should be able to be challenged on entry rather than waiting for their use.

A tainted and deeply flawed expert report, where the expert Associate Professor Leong from the University of Sydney prior to writing the report had raised a $200,000 grant in conjunction with the applicant, was entered unchallenged into the court records. As the companies have, wrongly in our view, fallen into the hands of a liquidator, that flawed expert report will live in the public court records unchallenged.  This does not seem appropriate. There should be some minimal review before an expert report can be accepted into the court files to handle such obvious objections.

Also it begs the question of whether or not a provocative and flawed report from someone such as Assoc. Professor Leong should be able to be put forward without review from the University of Sydney as he basks in the aura of their good name and likewise does damage with his ill-conceived patronage.


12. The appointment process for Judges needs to be reconsidered.

In Victoria, at least, politics, hereditary relationships and friendships seem to have too great of an influence in the appointment of judges.  The appointment of Gordon J with her husband Hayne J sitting on the High Court of Australia has created an environment where legal professionals fear criticising her actions.  The appointment of a solicitor with no previous judicial experience, Murphy J, to the Federal Court of Australia, was curious especially with respect to the former relationships to Prime Minister Gillard. The appointment of Davies J to the Federal Court of Australia is curious due to her unremarkable Supreme Court experience and her relationship to existing FCA judges, especially Gordon J, and the status of her father, all of which paint a picture of cronyism.

It would appear that, at least in Victoria, better minds and diversity in court appointments should be considered as there seems to be too much patronage in the appointment of some of the judiciary in recent times which in turn taints those meritorious judges who deserve their commissions and serve the community well.

Conclusion

The unfortunate circumstances of my recent experience have confirmed that getting too close to the sausage factory and seeing how the sausages are made is never a good thing.  My experience, the experience of an outsider with limited previous experience of the court processes, may offer some fresh insights.  The problems I have seen seem to be more than just a squeaky wheel.  

Real reform is needed.











Friday, 17 January 2014

January 17th - Will today be memorable?

President Obama has curiously decided that 17 Jan 2014 was to be the day he would make a speech regarding justice, liberty and the role of the intelligence communities, including the NSA.

President Obama has preempted the final report from his privacy board, so the date appears carefully chosen, but why?

If you meander around the 17th of January in history a few topical items pop up.

In 1964 on the 17th of January, the President's wife, Michelle Obama was born. Happy 50th to the First Lady. In a few years my wife will also be 50 and I know I'd better have a damn good reason, and something my wife would be proud of, if I was to do something else that wasn't focusing on her big day.  Will the President make his wife proud and stop the spying on all citizens, all citizens' children and Michelle Obama's children?

In 1961 on the 17th of January, President Eisenhower, a general, a Republican, gave his farewell address which presciently warned of the vigilance required to keep the Military Industrial Complex in check to avoid freedoms being crushed. Will Obama now reward Edward Snowden who at great personal risk served the people by being the vigilant citizen that Eisenhower prayed for?

If Eisenhower's timeless speech was day 1, then President Obama was born on day 200 in Hawaii.

In 1893 on the 17th of January, the monarchy of Hawaii was overturned in a coup d'√©tat by the Citizen's Committee of Public Safety.  This paved the way for President Obama to be born into a state that had joined just the Union not quite two years prior.

Painted by William Ranney in 1845, this depiction of the Battle of Cowpens shows an unnamed black soldier (left) firing his pistol and saving the life of Colonel William Washington (on white horse in center). {Source Wikipedia}
In 1781 on the 17th of January, a fledgling nation had a decisive victory over a tyrannical oppressor at the Battle of Cowpens as part of the American Revolutionary War. Two US Navy ships have carried the title of USS Cowpens in honour of this feat.

During the Battle of Cowpens, a heroic unnamed black soldier was depicted in Ranney's painting of the battle to have saved the life of Colonel Washington, George Washington's second cousin.  Will President Obama be as heroic as the unnamed soldier on the 17th of January 2014?

Will President Obama heed the warnings of President Eisenhower from the 17th of January 1961?

Will the President honour his wife's 50th birthday on this January 17th by doing what is right and showing respect to Mr Edward Snowden who risked it all to answer the historic clarion call of President Eisenhower for all citizens to be vigilant and protect freedom from oppression by the military industrial complex?

Let's hope President Obama's speech echoes through history with sufficient pride for future generations to venerate the date of 17th of January 2014.



Wednesday, 15 January 2014

Russian Constitution - Articles 23 & 24 - Plus Some Other Countries

Article 23

  1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
  2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.

Article 24

  1. The collection, keeping, use and dissemination of information about the private life of a person shall not be allowed without his or her consent.
  2. The bodies of state authority and local self-government, their officials shall ensure for everyone the possibility of acquainting with the documents and materials directly affecting his or her rights and freedoms, unless otherwise provided for by law.
I think that beats the rights in the five eyes? The judicial processes and enforcement of such may be another issue. I don't know if the promises of the constitution are kept but the Russian Federation seems quite an unjust place for fair trials from afar. So, add a grain of salt.  Interesting nonetheless in the context of the current NSA affair.
____________________________________________________
Source thanks to the pipes and tubes of the Internet [1] & [2]


Now for any colour as long as it is black: here are the pertinent articles from the Chinese Constitution which carve out juicy exceptions for State security and censorship that enshrine Orwellian (or NSA-like) capabilities:

Article 39 


The residences of citizens of the People’s Republic of China are inviolable. Unlawful search of, or intrusion into, a citizen’s residence is prohibited.

Article 40


Freedom and privacy of correspondence of citizens of the People’s Republic of China are protected by law. No organization or individual may, on any ground, infringe upon citizens’ freedom and privacy of correspondence, except in cases where, to meet the needs of State security or of criminal investigation, public security or procuratorial organs are permitted to censor correspondence in accordance with the procedures prescribed by law.
____________________________________________________

In Australia there is no constitutional right to privacy nor improper search and just a limited form of freedom of political communication.  The privacy laws vary across the states and privacy law is complex as described by the Australian Law Reform Commission with particular considerations in place for intelligence gathering.  Gigamon, Endace, Splunk, etc are used by the Australian agencies to trawl.
____________________________________________________


The Egyptian Constitution candidate currently being voted on is also interesting in the context of the Arab Spring:

Article 57 Private life

Private life is inviolable, safeguarded and may not be infringed upon.

Telegraph, postal, and electronic correspondence, telephone calls, and other forms of communication are inviolable, their confidentiality is guaranteed and they may only be confiscated, examined or monitored by causal judicial order, for a limited period of time, and in cases specified by the law. 


The state shall protect the rights of citizens to use all forms of public means of communication, which may not be arbitrarily disrupted, stopped or withheld from citizens, as regulated by the law.

Article 58 Inviolability of homes

Homes are inviolable. Except in cases of danger, or if a call for help is made, they may not be entered, searched, monitored or wiretapped except by causal judicial warrant specifying the place, time and purpose thereof. All of the above is to be conducted in cases specified by the law, and in the manner prescribed. Upon entering or searching homes, those inside shall be notified and informed of the warrant issued in this regard. 


Article 92 Limitations clause 

Rights and freedoms of individual citizens may not be suspended or reduced. No law that regulates the exercise of rights and freedoms may restrict them in such a way as infringes upon their essence and foundation.
____________________________________________________

And Brazil?  I'm not sure I understand "anonymity is forbidden" in IV as it reads strangely. Nor is "the confidentiality of the source shall be safeguarded" in XIV below clear to me.  Brazil likes its paperwork and at 435 pages the English version of their Constitution is not short.

Title II - Chapter 1 - Article 5

IV – the expression of thought is free, and anonymity is forbidden;
...
X – the privacy, private life, honour and image of persons are inviolable, and the right to compensation for property or moral damages resulting from their violation is ensured;

XI – the home is the inviolable refuge of the individual, and no one may enter therein without the consent of the dweller, except in the event of flagrante delicto or disaster, or to give help, or, during the day, by court order;

XII – the secrecy of correspondence and of telegraphic, data and telephone communications is inviolable, except, in the latter case, by court order, in the cases and in the manner prescribed by law for the purposes of criminal investigation or criminal procedural finding of facts;
...
XIV – access to information is ensured to everyone and the confidentiality of the source shall be safeguarded, whenever necessary to the professional activity;

Perhaps the following could be interpreted to allow your private property (email?) to be used by the state to stop terrorism?  Seems a bit of a stretch though.

XXV – in case of imminent public danger, the competent authority may make use of private property, provided that, in case of damage, subsequent compensation is ensured to the owner;

If that was the case then perhaps you'd be justified in calling on this next right to prevent the "use" of your communications ;-)

XXVII – the exclusive right of use, publication or reproduction of works rests upon their authors and is transmissible to their heirs for the time the law shall establish;

Tuesday, 14 January 2014

Professor Geoffrey R Stone concludes NSA activity illegal

Professor Geoffrey R Stone is an important person.
Professor Geoffrey R Stone: Edward H. Levi Distinguished Service Professor of Law
The University of Chicago - The Law School

Professor Stone has at least Top Secret clearance. He hired President Barrack Obama in 1992 to teach Constitutional Law at the University of Chicago. Professor Stone is one of the five trusted wise men to be part of the President's Review Group on Intelligence and Communication Technologies. The recent public report, Liberty and Security in a Changing World, recommends sweeping changes though it does not stop the data collection but rather seeks to improve controls.

During an interview and debate on DemocracyNow, Prof Stone said [about 8:40 into the you-tube clip] words to the effect that there was "absolutely nothing illegal or criminal" about what had been revealed about the NSA programs. He said the claim that they are "unconstitutional and illegal" was "wildly premature."

At the Huffington Post, Prof Stone has concluded a series of articles with the headline and conclusion that, "The NSA's Telephone Metadata Program Is Unconstitutional."

It shows, to me at least, how far legal thinking can get from reality. It would seem obvious to the average Joe that collecting and storing hundreds of millions, if not billions, of meta-data records on citizens every day is obviously against what the founders had in mind when they wrote the Fourth Amendment. Whilst Prof Stone's series of articles leading to the same conclusion are interesting, well reasoned and insightful, it is, to me, a tortured indictment of bottom-up legal reasoning for something so obvious. What is wrong with top-down reasoning starting at the Fourth Amendment itself?

Prof Stone's article's final paragraph fires a warning at those claiming obviousness:
"There are those who maintain that this program is obviously constitutional and those who maintain that it is obviously unconstitutional. They are both wrong. There is nothing "obvious" about this. If this ever gets to the Supreme Court, it will be interesting."
And herein lies the fundamental problem. That which is obviously wrong to a citizen is not obviously wrong to those with smart and strong legal minds such as Professor Stone. It is the world of court-facts versus real-world-facts.

It is nice to see Professor Stone conclude the existing program is unconstitutional:
"In conclusion, then, in my judgment the existing program is unconstitutional. As currently structured, it violates the Fourth Amendment's requirement of "reasonableness." On the other hand, it should be possible for the government to correct the deficiencies in the program in a manner that both preserves its legitimate value and substantially mitigates the risks to privacy that it currently poses."
I guess he is saying that from his perspective an unconstitutional verdict is now less "wildly premature."

Professor Stone is one of the saner voices in the debate and his new "considered" view is a welcome evolution. The US Supreme Court ruling he points to regarding wholesale collection of GPS data is particularly enlightening. The intricate arguments I just can't buy as there should be no need and such arguments smack of post justification and integration with existing laws from an activity that is an obvious abhorrence. Professor Stone's claims that there is nothing obvious about this may be true in the sense of a bottom up legal post-justification but surely not in a principled adherence to the US constitution where the Fourth Amendment rights are fairly succinct and clear.

There is another larger story here pointing to the introspective nature of the legal system, its growing distance from reality and its perversion of purpose where it is becoming more polarised into a system of contract resolution and further away from being a justice system. As a recent victim of court injustice, I'm keenly aware of the lack of justice present in the modern legal system where dollars, patronage and hubris rule over a contract resolution system without proper justice. President Obama needs to consider the equitable course of action here, borrow from the purpose of the Court of Chancery, and thank Mr Edward Snowden properly by giving him the relief of a homecoming without persecution.

--Matt.




_____________

PS: Without much thought, I think the controlled collection and warrant-based search procedures may be a good advance but I'm not sure I understand how something that is illegal due to unconstitutionality becomes legal, but the good Professor's articles hint at that reasoning via meandering thoughts on what is "reasonable" and what constitutes a "search." A state sanctioned protected passive collector of data, the Data Guardian, that only lets targeted court warranted searches or algorithms to run without the agency having their own ability to examine or investigate is perhaps possible with careful cryptographic means. Perhaps this is where encrypted local government CCTV footage should also be stored? How can such mass surveillance ever be made safe from not just abuse but future abuse? Collecting mass data just seems wrong. Whilst the ability to hunt down terrorists and criminals retrospectively via their metadata is noble, the debate on balancing security, privacy, anonymity and freedom needs more work. Mass surveillance and storage of data on children is gut wrenchingly evil. Unwitting mass surveillance is a gross violation of the Fourth Amendment. Humanity needs boundaries to protect itself against its own behavioural boundaries.

Thursday, 9 January 2014

Good people from the NSA come forward

An article from former NSA staffers that is worth reading.

It reads a little bitter, but as you read it you understand why.  The Fourth Amendment violations of the NSA were well understood by some of the NSA staff, such as the authors of the above article.

It is also a good reminder of why Mr Snowden has taken the course of action he has. The expose is a reminder that there was no chance of being able to sanely blow the whistle from within as others had already failed.  Pardon Snowden and bring him home.

--Matt.

Sunday, 5 January 2014

NSA solution - learning from HFT

It is kind of interesting to think about about potential solutions for the NSA and the other participants in the five eyes.

You have gotta feel some sympathy for many good engineers and developers at the NSA and elsewhere. They have built a very impressive global spying network as part of the five eyes that provides amazing capabilities with some very cool technology. However, those staff that have completed their mission well, that have a moral conscience, will be shifting somewhat uncomfortably in their chairs. It is easy to get caught up in the mission and creep into doing the wrong thing. You find yourself all-in on the grey zone which makes it darker and darker until it turns black but looking around it all looks the same and you don't recognise where you have found yourself. The pendulum needs to swing back.

It is wrong to collect all such data on your citizens. It should be obviously wrong. In the US it is no doubt illegal. Eisenhower was right to worry. Hopefully the US Supreme Court will do its duty properly and say such when the cases in motion percolate up the system. The situation is less clear with respect to legality in the other countries participating in the five eyes that don't have the equivalent of a Fourth Amendment. However, the moral imputation is clear. Pressure from the people outside the US may make illegal such mass oversight on their own citizenry. I personally doubt it. Most people I ask don't seem to care. I put it down to the apathy you find in the comfortable lifestyles of modern society. However, vocal minorities can and do swing elections. The agencies should care as they may need a new plan if their government finds self-interest supports appearing to care about their voters.

Much of the NSA collection is pretty obvious.  Tap comms lines everywhere, use deep packet inspection, etc.  One of the surprising things is that much of this seems to have happened much later than you would have thought. The NSA and others were sucking on satellites since satellites existed. The stories about firm's financial trading in Japan suddenly improving when switching from faxes to other means abounded in the early 1990s. The Japanese have been good at satellite interception and disseminating economic information for many years. You would have thought the NSA would have been a bit better prepared for the tubes of the internet and slurping up the data earlier than Snowden's leaked documents showed.
Source: Guardian: PRISM starts 14 years after the release of the Mosaic web browser in 1993
Perhaps the NSA was more competent and PRISM was just a newer program replacing an earlier slurper.  We'll never know. Also, the use of Hadoop for analysis is surprising as you would have thought they would have been better prepared with their own tools. Just goes to prove that government's are not efficient, just good at getting there eventually. As I pointed out earlier, the NSA's system latencies are not great, being a couple of generations behind best practice in finance at a similar point in time. The thin film transparent resonant RF tags remain secret ;-)

These things point to some potential strategic thinking deficits at the five eyes. They should have been aware that collecting all of the data was not a sustainable position and thus have plans for when their taps are turned off. It also potentially points to a lack of foresight in system design and architecture to end up relying on tools such as Hadoop. Hadoop is a good tool, not tremendously efficient, but really, they should have been at the forefront, not playing catch-up. Full credit for using open source to cover your deficits though.

Perhaps the five eyes are great strategic thinkers and already have plans for losing their citizens' data but you suspect not. They have certainly created a rod for their back as the world will start demanding much better physical, policy and cryptographic security. Vulnerabilities to so called tailored access operations will always be there but they will become less easy over time. Spies are a great alternative to war. Intelligence gathering is not about to go out of fashion.

There is the Hail Mary option of each eye simply getting one of the other four eyes to collect in their country on a quid pro quo basis. This already happens to some extent. The full extent we don't know. Such transitive interposing of responsibility may be illegal and if not, certainly legally unsustainable due to its simple ethical and moral repugnance. The eyes need to plan on not being able to store mass data from their own citizens.

There is perhaps a solution.  Just as the financial world has provided a treasure trove of domestic spying opportunities via Sars-Ox data retention policies, the financial community could help again. Finance could provide some lessons to the five eyes in how to make the hunting of bad guys palatable and possible without the NSA collecting massive amounts of metadata. Finance, via scripts written down in the evolutionary war dictated by capitalism's policy of creative destruction, is ahead of the NSA on latency, so it is not unreasonable there may be more lessons to learn.

That solution is algos.

Leave the data where it is.  Require it to be stored, like Sars-Ox. Use distributed algorithms where you search across the data in the vendors' own data storage.  Send the code to the data. If you used a "warrant-id," or some other authority token, then accountability could also be baked into the system in an auditable way. It has similarities to the way high frequency trading applications may use algorithms to distribute trading responsibilities to various venues or market places.  Some exchanges and brokers are allowing or beginning to allow the embedding of algorithms into their systems, such as through FIX Algorithmic Trading Definition Language (FIXatdl) [Wikipedia]. You wouldn't want to do something quite so clumsy, but the point is that such an approach is feasible.

It's not quite as easy as all of that.  Many NSA algos, such as the CO-TRAVELER system, require correlations across systems. These would be slower due to the there-and-back-again nature, but the broad outcomes would still be achievable.  Ignoring the future potential of homomorphic encryption for the time being, you can imagine various mechanisms where vendors' systems could anonymously co-operate by cryptographic methods to improve the efficiency of what may be achieved in a complex query. The vendors keep the metadata for billing and analysis anyway. The state could pay for extra resources, such as systems, data centres and energy as required. However, the use of the data would become much more accountable.

It does also make you think that vendors, such as an AT&T or Verizon, should be restricted in the ways they can make use of their data so they are not mini-spy agencies, but that is a separate curiosity. Hopefully a political lobbyist for such a telco does not have unlimited powers of omniscience. Yes, you should be worried.

You could even imagine a world of co-analysis protocols where like minded countries co-operate on crime and terrorism by opening up all the vendors' data in their own countries to such "warranted" algorithms or "search agents" to nationally approved algos originating from approved agencies. This could be done quite quickly you'd imagine. It is not technically hard. There is certainly a lot that could go wrong. It could even get ridiculously out of control. I don't think I'd like a mandated algo entry point for warrant approved searches for my cell and all my equipment at my home. It is a matter of balance. The pendulum needs to swing back to the citizen. Distributed algorithms are one way that freedom and privacy could be improved with the fight against crime and terrorism also being improved.

It does remind me of a kind of strange perversion in the finance world. I was once told it was required for a US bank to collect information on account holders so you could prove that your institution did not discriminate. In Europe it was required that a bank didn't collect such information so you couldn't discriminate. I'm not sure if that is a bad joke hanging around in my memory or if it was the real situation, but the point is clear. It is obviously better if the information is not collected. For that data that is indeed collected, it is better not being centralised. Subject the data to properly authorised search in situ.

Eventually life for the intelligence community will become more difficult. Encryption and anonymity will improve. The immorality of the mass surveillance of your own citizens will be more clearly recognised and policed without a rubber stamp. Perhaps a global legal framework or treaty for such mass surveillance disdain, regardless of nationality, will one day make the planet a better place.

At my geek level, I like the idea of more extensive hardware, firmware and software integrity checks. RF analysis and tempest security should become more widespread. I also like the idea of new kind of virtual mobile network operator where phones not only have improved encryption on traffic but they shuffle their identities in the system to improve protections against some types of data extraction and tracking attacks. Imagine an integrity check that maps a binary executable to software source or behavioural description to ensure Ken Thompson has not influenced your system. Simpler servers, network gear, operating systems and software are all required so we can have more certainty about their operations.

There is a lot to be done.

Perhaps the intelligence communities shooting themselves in the foot by over reaching and being too effective could indeed make the world a better place. Thank you Mr Snowden for making us take our security, privacy, identity and, most importantly, freedom, more seriously.

--Matt.
A pessimistic optimist


___________________
[Bring Snowden home]

Saturday, 4 January 2014

Obama's children are being spied on by the NSA

Malia Obama and Sasha Obama have every piece of their text and phone call metadata recorded. Every new phone call and text will likewise be recorded.

When Sasha and Malia text from their bedroom in The White House their information is carefully being logged for the benefit of future governments.  Their internet history is probably being recorded even when they are in their bedroom.


Source: Wikipedia


Sensationalist?  Well, duh. But really, what does it take? These simple facts stem from Snowden's very first revelations. Virtually all phone and much internet metadata is being recorded and stored.

George Bush, Hillary Clinton, Senator Sanders, Newt Gingrich, Nancy Pelosi, all your childrens' metadata is being recorded.

No news here except some really can't see the danger or understand truth of the mass violation of rights.

Source: The White House

It is time for the President of the United States of America to act. A constitutional lawyer should not be confused. The NSA is recording the data emanating from every child's bedroom. Even Sasha's and Malia's bedrooms in The White House.

Senator Bernie Sanders is asking a question (reported in Politico) to which he already knows the answer.  Is Congress being spied on?

Well, of course.  The NSA are very good at their job.  They do their mission well.  They follow orders, but need a few good men.

The NSA are equal opportunity spies and don't discriminate against Congressmen, Senators nor their children or grandchildren.  They take all call metadata from everyone, all of the time. If only there was something in the Constitution to stop this outrage. 1,2,3, what's next?

Metadata is not a problem to you?  Which is more significant, the content, "Hello, meet you at 10" or the metadata, "Senator RealityCheck to HIV Clinic, 1st April 2013, 9am, Washington, Federal Building"?  The NSA has it all.  Wiener's texts after midnight.  Calls to abortion clinics, HIV clinics, Alcoholics Anonymous, Narcotics Anonymous, Baloney Escorts, 1-800-Suicide-Help-Me, 1-800-Bet-Poker, NRA donation line, ACLU donation line.  It is all recorded.  Perhaps only some of the content, perhaps a lot. All the metadata is all there. The NSA is good at their job. The data will be there for years. Your's and your children's.

It makes you wonder how you can get the point across.

Think about your child's computer in their bedroom. The metadata on that is being recorded. Perhaps your child uses their phone in their bedroom? Think about it. The NSA is in your child's bedroom. Do you care? Are you happy to have their embarrassing slips; their pushing on barriers; their web browsing history, recorded and rehashed at the behest of an arbitrary future government? Do you want your children feeling the Orwellian oversight to an extent where their potential may never be reached because they could not explore as is their childish right?

You may not care about your Fourth Amendment rights, but perhaps you should care about the rights of your child, your niece, your nephew, your partner, your unborn, a little more.

Wake up.

Snowdon committed a crime. As a citizen, he had no choice. He is one of a few good men. The greater good is served. Snowden is trying to protect you, the strong, and the weak. Snowden is not perfect, but you should be proud of this marvellously flawed hero.

Pardon him and bring him home.

--Matt.

NSA is not an HFT - latencies

Here is the slide on latencies from De Spiegel:

Whilst some the latencies perhaps reflect time of flight, the system latencies seem poor. Some latencies may be beholden to slow third party platforms, such as a compromised home router, but the column is headed "Minimum Latency," not median nor average.  It is not clear the significance of the October 2010 workshop note to the latency conditions.  Being such round numbers perhaps they are just lazy estimates or planning expectations.

If you worked at a trading firm and you had latencies like this you'd be reallocated.  The NSA may have cool gadgets, but their performance or expectations could do with a little boost.

Interesting.  Plenty of room for improvement.

--Matt.

Friday, 3 January 2014

NSA quantum compute efforts

The Washington Post published an article and references regarding some NSA sourced Quantum cryptography efforts.

This is both reassuring and disturbing.

Looking at planet Earth, there are only three types of public key encryption used:  RSA, Diffie-Hellman & Elliptic curve. That's it. Just three. We have no other tricks in the toolbox yet for public key cryptography. A quantum cryptographic breakthrough by a true quantum computer, via Shor's algorithm, would break them all.

The NSA revelation is unsurprising but also a bit disturbing as they were working on the matter obviously industriously. One of the Washington Post papers was dated 21 September 2011. Schr√∂dinger's cat is probably still in the bag, or box, but you'd think they would have made at least a bit of progress over two years, especially considering the good progress D-wave has made in that time with a much more limited budget.  D-wave's system is quantum-like, subject to much debate, and incapable of yet doing anything approximating Shor's algorithm.

It's not clear what the effect on symmetric ciphers may be but Grover's algorithm is the best hope there which, to date, means that symmetric ciphers are safe with perhaps modest key size improvements. Early daze, so who knows for sure. The NSA outpoints the rest of the world combined on crypto brain power and we are already a bit scared they might have some fancy secret algebraic attack on AES, so who knows indeed. We shouldn't rely on what we can't mathematically prove.

So whilst the quantum computing aspect is disturbing as it will break all public key crypto, I find the NSA revelations reassuring as:
  • it is unlikely, indeed very unlikely, they would have a functioning system by now; 
  • they have surveyed the state of the art with their omniscience and no one else seems to be there either; and,
  • perhaps most importantly, they want to do it to break hard public key crypto which means they haven't broken public cryptography and they still rely on weak systems and key theft.
So good news. Good public cryptography still works. It may be broken once quantum compute functions with enough qubits, but for some version of now since 2011, we're OK. When quantum qubits break public key crypto then perhaps it will only be for targeted attacks as quantum computers are unlikely to be cheap for a while.  Breaking all of google via their public key may be bad but smaller players would not be caught in a dragnet as they are now.

We should be reassured that governments and their apparatus are incompetent in the short term, but disturbed by the fact that their hierarchy and command-control organisation makes them asymptotically competent in the medium to long term.  That is, if they don't do the Roman thing and ebb away to a failed state, they will inefficiently grind it out and get there eventually if it is possible.

The only provably secure way to send data is via a one time pad. That's it. Nothing else is provably secure. You should pause and think about that for a moment.

Perhaps it is time to adopt the widespread use of one-time pads with enveloped PKI message exchanges (with optional obfuscation and entry-point protection via on-ramps such as TOR) to reduce the key distribution problem to a tractable issue. Simplifying the problem and reducing crypto cost and angst to simple physical key delivery or deliveries, with optional read once mechanisms, would let many sleep at night better and perhaps reduce overall crypto system cost. Then the focus may become the physical aspects, traffic analysis and legal protections, such as deflecting the Tailored Access Operations of your favourite adversary.  These things already matter, but by using one-time pads we may perhaps stop being mesmerised by the crypto distraction and focus on the real world.

Swift, as an NSA hackee, certainly needs to think about the economics of a one-time-pad infrastructure. Swift needs to plan for PKI breaking and there is only a couple of thousand transaction partners. Their financial transactions are the obvious high-valued transaction space to explore for such a change. Perhaps the economics of read once key distribution will stack up best for Swift or the next bank sponsored transaction network that replaces a Swift that refused to change.

It's time to go back to the future. One-time pads for all.

--Matt.


___________
PS: Lattice based methods and Multivariate cryptographic methods may save us in a post-quantum cryptography world and these public-key methods seem the best candidates so far from the Post-Quantum Cryptography conference series.