As details of the U.S. National Security Agency's (NSA) pervasive phone and Internet eavesdropping and surveillance operations emerged last summer, sales of George Orwell's classic novel, 1984, were reported to have risen dramatically. Orwell described an oppressive government that continually monitors the population through ever-present "telescreens." A recent newspaper article proclaimed that "NSA surveillance programs greatly exceed anything the 1984 author could have imagined."
Indeed, what we have learned so far about the wide reach of the NSA's operations has been quite astounding. First, we learned the NSA is collecting on an ongoing basis phone records of essentially all U.S. telecommunications customers. Second, we learned the NSA monitors all Internet traffic that goes through U.S. telecommunications infrastructure. Third, we learned the NSA has intentionally weakened cryptographic standards to enable it to circumvent encryption. All of this has been authorized by secret court orders. In essence, we learned the U.S. government has stretched the meaning of "reasonable" in the U.S. Constitution Bill of Right's proscription against unreasonable searches beyond reasonableness. NSA, indeed, is certainly making Orwell's surveillance technology seem rather primitive in comparison.
The unfolding scandal reminds me of another aspect of Orwell's novel. The language spoken in Oceania, the novel's fictional country, is "Newspeak," whose grammar is based on English, but whose vocabulary is tightly controlled in an effort to limit free thought. When NSA Director James Clapper was asked, following this summer's revelations, to explain his answers given in U.S. Congress testimony earlier in the spring, he replied: "I responded in what I thought was the most truthful, or least untruthful manner." I have no doubt that Orwell would have been proud to add the phrase "least untruthful manner" to the vocabulary of Newspeak. Granted, NSA is, after all, an intelligence agency, and countries do spy on each other (at their own risk!), but the NSA is not supposed to be a domestic intelligence agency and it is not supposed to lie to the U.S. Congress!
This phrase "least untruthful manner" symbolizes for me the most disturbing aspect of the NSA scandal. The U.S. government, supposedly "of the people, by the people, for the people," to quote Abraham Lincoln's Gettysburg Address, has been untruthful to its citizens for several years and has been coercing many U.S. corporations that operate phone and Internet infrastructure to be equally untruthful. An old joke asks: "How can you tell when a lawyer is lying?" Answer: "His lips are moving." There is no need anymore to pick on lawyers; we can substitute "NSA official" in the joke. Our trust in the U.S. government and U.S. corporations has been broken. It is unlikely to be repaired in the near future.
This means, I believe, we can no longer trust the U.S. government to be the "Internet hegemon." During the 1990s, when the Internet was rising while Minitel, the French phone-based online service, was declining (it was finally retired in 2012), France's President Jacques Chirac complained about rising dominance of the Internet, which he described as "the American Internet." While many of us snickered at his provinciality, Chirac was right. The National Telecommunications and Information Administration, an agency of the U.S. Department of Commerce, continues to have final approval over changes to the DNS root zone. Thus, in spite of its being a globally distributed system, the Internet is ultimately controlled by the U.S. government. This enables the U.S. government to conduct Internet surveillance operations that would have been impossible without this degree of control.
The main argument in favor of the privileged position of the U.S. government in Internet governance is that other governments, which have been clamoring for true internationalization of Internet governance, perhaps through the International Telecommunication Union, were viewed as less trustworthy than the U.S. government. With the trustworthiness of the latter in serious decline due to the NSA scandal, voices are rising again in protest of U.S. Internet hegemony. The question being raised is "Can there be a non-U.S. Internet?" In fact, Brazil has already laid out a multipoint plan to sever ties with U.S.-controlled cyberspace.
But replacing U.S. hegemony with hegemony by other governments, who may not only have their own surveillance operations but also attempt to regulate content and restrict free expression on the Internet, hardly seems an improvement to me. The real question, I believe, is whether we can have an Internet that is free, or at least freer, from government meddling than today's Internet. In view of the Internet's centrality in our information-saturated lives, this is a question of the utmost importance.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from firstname.lastname@example.org or fax (212) 869-0481.
Gen. Clapper is the Director of National Intelligence, a far different position than that held by the Director of the NSA (currently Gen. Keith Alexander). It is no wonder the American public are so mis-informed on this topic when professionals such as yourself don't take the time to understand the organizational structure you criticize. In the same way researchers working under non-disclosure agreements are compelled to moderate the "truth" they tell, intelligence professionals are constrained by the interests of national security to tell what is necessary without being complete or thorough. I believe this issue is often more a Rorschach test for how one perceives the government and its role in our lives than an informed discussion on the critical issues of national security and privacy that everyone supposes. It's unfortunate because the latter is far more useful than the former.
Please don't use a fictional novel as your main source of information. You should consult an expert on the intelligence business and its history. Since ancient times the intelligence business has operated similar to the National Security Agency (NSA) and it is intrinsic in international relations. From following the history of intelligence and current U.S. government regulation I do not see that you cover any other aspect besides your self-contained view of the world, Your article picks, as an amateur, on one imaginary aspect of the NSA and in the long run, you make me wonder why I have belonged to Association for Computer Machinery (ACM) since the early 1980's and participated in local chapters. Since you fail to think about why the NSA has monitored telephone metadata, etc., and how that is related to international terrorism and conflict I can only imagine that you are not qualified to discuss these issues. Please either consult serious experts in these areas or refrain from imagining, similar to the NSA Leaker Edward Snowden, that you understand much of anything about international behaviors and the related intelligence necessary for a country's survival.. Otherwise, I must view you as an arrogant technologist who imagines that ignorant intelligence compensates for factual and historical expertise. Thank you for raising these issues and my apologies for being harsh but I do not know how to communicate my issues with your article in other than a rather unpleasant and direct manner. Best Wishes for future articles and hoping they are more balanced in presenting various views of an important topic.
I agree with your basic assessments of the likely commercial implications with respect to non-US countries - a review/redesign of the internet's structure, and the use of US companies as a store of information and provider of services. It is a difficult matter to predict where this ends up. The US market is very large, and the desire to sell-into or buy out-of is strong - so there may be a tendency for the status quo to prevail. However, as a US business, it seems unwise to put ourselves in a position where this question is even considered by other market participants.
The basic matter of governance and transparency of the intelligence gathering process by citizens requires answering a couple of simple philosophical questions. Do you trust a small number of people (let's say 150-200) to have access to information that defines and individual's relationships, contacts and location history (minimally) - and be governed by another group (let's say 150-200 people) on the use of that information? And for knowledge of the information and judgement to remain within the confines (largely) of the two groups?
Our current intelligence process structure answers "yes" to these questions.
It seems naive to consider the current intelligence gathering framework to be a straight-forward extension of the intelligence gathering processes of the past. In the past there was a limit to the monitoring that could be done by an organization - it was some linear function of the number of people employed. As a practical matter, the average citizen had a very small probability of having his personal information collected, never mind used in an analysis. With the current technologies and toolset, the average citizen has a high probability of at least having his information gathered - and high probability of having it (at least by a program) filtered or reviewed. Therefore the average citizen's exposure to any downside from the collection and usage of his information by the government has gone up dramatically.
So a review of the new regime is certainly in order. Thanks for jumping in!
I think Therese Myers hit upon a central problem in the discussion of the information Edward Snowden revealed about the NSA: outside the NSA, we are all amateurs who "are not qualified to discuss these issues." Because there is some essential amount of secrecy necessary to the intellingence business, I suppose that the only people who are "serious experts" are those who already have close connections with the NSA. Therefore, we amateurs either have to trust that the government is doing the right thing or we have to make the best decisions we can based on whatever information we can glean.
However, I do not believe that the conclusion Moshe Vardi draws depends on expert information about the NSA; rather, it is based on what people think about the NSA and the U.S. government. If people in other countries believe that the NSA is taking advantage of U.S. government control of the Internet to more easily spy on them, then they have a reason to push for an Internet that is controlled by their own government or by no government. If that perception is wrong, then the experts need to convince the rest of us that the NSA is not abusing its power and that having the U.S. government control the Internet is still better than the alternatives.
Fakrudeen Ali Ahmed
"Our trust in the U.S. government and U.S. corporations has been broken. It is unlikely to be repaired in the near future."
Yes - it pretty much summarizes the situation. Thanks a lot for writing such a timely and honest editorial.
It is a refreshing contrast to beating around the bush I saw in last month's magazine. As professionals who built these technologies we have to take a stand and some responsibility.
Some of the replies to Vardi's courageous editorial are treating a topic of global interest as if ACM were the "American Association for Computing Machinery". ACM, however, is a worldwide association of computer professionals and computer scientists with a large international membership. From the scarce facts that we know it is evident that the global IT infrastructure is relying on business and security assumptions which have been compromised on an unprecedented scale. Where else, if not on the pages of CACM, should we have an educated discussion on technology, organization, security and legal surveillance principles for a truly global internet?
The analogy to international trade and diplomacy is obvious. We will need a global set of regulations and treaties for the internet which meets our professional standards - both technically and ethically. I am therefore hoping to see more opinions and technical articles on these important questions in CACM. Obvious topics include cryptography, email, private clouds, forensics, crime enforcement, social networks, legal frameworks, and the role of international organizations, to name a few.
Now it is time, that every country has its own internet, email providers, and domains, just like citizenship. When you have have passport to go to other countries, and along with visa you become a citizen of other countries for some time. In the absence of that you are citizen of your homeland. The future Internet should be just like that.
Now it is the case of only one country or agency who dugged up into internet, and through millions of emails, provided through the gmail and yahoo. Accordingly, many VIPs, who communicate using these services, shared their emails with parties, who are not athorized otherwise.
The IT forms are untimately the business firms with profit motto. Who knows that in future their emails will not be mined by an organization like, al-kaida, or some other terrorists!!
It is therefore, high time, that nations of the world have their own free email system, so that communication via email becomes more like Inland letters and overseas letters. The over seas letters may fbe ilered at the national boundaries for securities reasons, and a log of all those must be maintained for records and security purposes.
I want to ask a more fundamental question. Why did DOD let loose the Internet? To set up for the types of entrapment that have ensued (don't even succumb, for a second, to denigrate this question with the conspiracy wonk label)?
I was baffled when the deed was done; still am. And, I'm technologically fluent enough to know my way around many spaces (concept once loved in the recruiter world). The issue is not that those who spawned the net had complete foresight (who would have foreseen Zuck? Or, Google, for that matter? in other words, how many of these billionaires are we going to have to suffer?). But, given what we know of cloaking (my experience is both within the government and its beltway bandits - DC, of course), will there ever be a time when we can go back and follow this thing from that time (let's say, 1990, arbitrarily - by the way, I've been at this game since the 60s) to now (or whenever there is access - by the way, people who cloak are not angels, never were)?
Well, back to the question. Was the loosening due to the after glow of Reagan's defeat of communism (which we have seen raise its head, again)? That is, some illusion of possible world peace was part of the motivation was running rampant in DC and the Pentagon. Or, one might say, Boomers coming into their own.
Not being facetious. My interest is truth and its engineering. Sounds like Gen. Clapper knows about this need, to boot.
Computability, at its core, will have to handle the notions of truth engineering, and it's more than the accumulation of the prowess to date (to wit, sensor handling, error correction, and the whole slew known to ACM folk). In fact, it's more than mathematically based (ah, how we have entangled ourselves); the key is the human/computer interface (to be discussed, as required).
For the most part, Moshe's musings have struck a chord with me. I like this one especially as it's a topic of utmost importance, yet easily overlooked.
The following letter was published in the Letters to the Editor in the January 2014 CACM (http://cacm.acm.org/magazines/2014/1/170857).
-- CACM Administrator
In his editor's letter "The End of The American Network" (Nov. 2013), Moshe Y. Vardi made this startling statement: "Thus, in spite of its being a globally distributed system, the Internet is ultimately controlled by the U.S. government. This enables the U.S. government to conduct Internet surveillance operations that would have been impossible without this degree of control." This is untrue on several levels: First, so-called U.S. control of the Internet is limited to approval of root-zone changes of the Domain Name System, though the U.S. has never exercised that authority against any top-level delegation or re-delegation proposed by the Internet Corporation for Assigned Names and Numbers (http://www.icann.org), the not-for-profit organization that oversees the Internet's naming and numbering system. In addition, root-zone servers exist outside the U.S., and any heavy-handed attempt by the U.S. government to exercise unwarranted control over the contents of the zone would be international political suicide and likely cause a near immediate takeover by operators in other countries. Second, this administrative function has nothing to do with the routing of information on the Internet and does not provide any agency of the U.S. government any advantage for surveillance of Internet traffic.
Although the topology of the early Internet was such that much of the world's traffic flowed through the U.S., it was a historical artifact of the Internet's early development. More recently, the pattern changed radically, with Internet topology evolving into a more comprehensive global mesh structure.
Vardi's repetition of spurious and incorrect claims, often made for political reasons by other countries, gives credence to ignorance while illustrating the extent to which a knee-jerk reaction generated by Edward Snowden's recent disclosures concerning the National Security Agency's surveillance of personal communications worldwide has been unthinkingly adopted by otherwise presumably sensible individuals. A retraction of Vardi's statement is essential to confirm ACM is a professional organization, not a thoughtless echo chamber for uninformed sentiment.
(The author is a member of the ICANN Board of Directors)
I am not an Internet expert and am happy to be educated by Internet insiders like Sadowsky. But the revelations that have poured out for the past many months resulted in a massive loss of public trust in insiders. It behooves Internet insiders like Sadowsky to speak up and explain precisely what role the U.S. government plays in Internet governance and what has enabled the massive Internet surveillance operations run by the National Security Agency. Only more transparency, rather than vehement denials, may begin the process of rebuilding the public's trust in insiders.
Moshe Y. Vardi
If you are an ACM member, Communications subscriber, Digital Library subscriber, or use your institution's subscription, please set up a web account to access premium content and site
features. If you are a SIG member or member of the general public, you may set up a web account to comment on free articles and sign up for email alerts.