Friday, January 17, 2014

The Circus is back in town


IX. We had accepted uncritically the belief that technology is only good; that it cannot serve evil as well as good; that it cannot serve our enemies as well as ourselves; that it cannot be used to destroy what is good, including our homeland and our lives. 

Wendell Berry, In the Presence of Fear, Three Essays for a Changed World, The Orion Society, Great Barrington, MA, 2001, p. 3.


I was catching up on the PBS "Sherlock" series last night, and I realized that James Moriarty and Edward Snowden have a lot in common.

The episode was the last of the second season, "Reichenbach Falls."  Moriarty carries out three crimes at once:  he penetrates the security system of the Bank of England, enters the chamber that holds the Crown Jewels, and opens the cells of Pentonville Prison.  And he does all of this, he claims, by hacking the computer systems of each institution with "a few lines of code."

Well, not so much.  He reveals to Sherlock, at the end, that actually he pulled off those crimes because he had inside help:  people at computer terminals switching off security systems.  He invented the lie of the "lines of code" because, as he proves throughout the show, a big lie surrounded by a bit of truth is always more believable.  The very fiction of the computer code is a perfect example.  He knows Sherlock likes things to be "clever" (and don't we all think computers are somehow magic, and that one man with the right keystrokes can undo the work of  thousands, just as one man can penetrate a high security area and kill hundreds without ever being stopped, because he, too, is "clever"?).  Moriarty mocks the idea that a "few lines of code" could be a skeleton key that would unlock any computer program anywhere on earth.  The real world, he points out, simply isn't that simple, or elegant.

Remember when James Snowden was a super-genius computer hacker?  That was the cover story from the NSA itself:

Last week NSA Director Keith Alexander told the House Permanent Select Committee on Intelligence that Snowden was able to access files inside the NSA by fabricating digital keys that gave him access to areas he was not allowed to visit as a low-level contractor and systems administrator. 

How do you protect yourself from a clever super-genius?  Well, maybe that's the wrong question::

Snowden may have persuaded between 20 and 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator, a second source said.

The revelation is the latest to indicate that inadequate security measures at the NSA played a significant role in the worst breach of classified data in the super-secret eavesdropping agency's 61-year history.

Reuters reported last month that the NSA failed to install the most up-to-date, anti-leak software at the Hawaii site before Snowden went to work there and downloaded highly classified documents belonging to the agency and its British counterpart, Government Communication Headquarters.
Turns out security, or insecurity, is more a matter of the big lie wrapped in a small amount of truth.  Snowden used it to get passwords.  Moriarty used it to pose "the final problem" to Sherlock Holmes.  We have been using it to turn away from the real problem with the NSA, and with security in general:

 "In the classified world, there is a sharp distinction between insiders and outsiders. If you've been cleared and especially if you've been polygraphed, you're an insider and you are presumed to be trustworthy," said Steven Aftergood, a secrecy expert with the Federation of American Scientists.

"What agencies are having a hard time grappling with is the insider threat, the idea that the guy in the next cubicle may not be reliable," he added.
Edward Snowden was not some kind of super-genius (which always wins our respect:  after all, how do you predict a super-genius?  How do you prevent them?  And being super-geniuses, don't they always know things we don't, and deserve our respect just for being genius?)  He was a spy, plain and simple; using the tools spies use in LeCarre novels, or Graham Greene novels:  he got people to reveal their secrets, and he used those secrets to commit crimes.  There was nothing brilliant about what Snowden did:  he was just a garden variety thief.

And technology made it possible for him to steal so much.

Moriarty makes the point to Sherlock, before he has revealed that the code he supposedly has is a fiction.  Moriarty claims he has access through the "code" to everyone's secrets:  bank accounts, e-mails, everything is now his.  If it seems a plausible claim it's because our secrets are no longer on paper which must be seen with human eyes that open file cabinets and find:  it is because we have made it all available to anyone who might find the secret code that unlocks all doors; and because we can imagine such a key could exist that would unlock all cyber-doors.  And once unlocked, you would have all the treasures of Smaug, with no Smaug to stop you taking them.

But Snowden and Moriarty let us fill in the blanks with imagination, distracting us like magicians from the truth hidden in plain sight:  in any security system, the biggest problem is the insider threat:  "the idea that the guy in the next cubicle may not be reliable."  And the difference  today is, that "guy" doesn't need to surreptitiously whip out a "spy camera" and open paper folders and hope nobody turns the door knob before he's finished.  "That guy" can just push a button, and it's gone; or it's everywhere.

And that's the real issue with what Snowden did: that's what he really revealed:  that we are all more vulnerable than ever before, and the only way to change that, is to turn off all the machines.

Because you're never going to be sure the guy in the next cubicle is reliable.

No comments:

Post a Comment