Thursday, May 12, 2016

Twitter Denies Access to Intelligence Agencies

As reported in the Wall Street Journal this week, Twitter barred the US intelligence community from using a Twitter-centric analytics service. The WSJ article is here. In essence, Twitter is trying to put distance between itself as an surrogate agent of the US government, and the public's perception of privacy.

A friend, KM, on Facebook asked me for my thoughts on this. Here is that dialogue:

KM: "Dale, as a former government analytics high security guru, what are your thoughts on this? I'm pulled in both directions."

Me: "I can see their concern, but Twitter is naive in their attempts to deny access to the intelligence community. This is not like tapping a private phone line. There is no semblance of privacy in the use of Twitter, other than the privacy settings in your personal preferences. If NSA were going behind these privacy configurations with a hack, that would be a different story, but they aren't. NSA will just write their own analytics service instead of using third parties... or they will buy the third party. Twitter can't control or govern all the analytics that takes place on their publicly available data streams-- they can't keep up with it... and where do they draw the boundary about what's appropriate analytics and what's not? In the end, Twitter is gullible and this is a foolish gesture on their part. They've never been particularly smart with their business or operating models, and this is just another example. The genie is out of the bottle. They can't control what people or government agencies do with the Twitter data that is publicly accessible."

KM: "Makes complete sense. What about examples of actual privacy issues like with the iPhone unlocking and all? What are your thoughts on those?"

Me: "Conceptually, I feel that vendors like Apple should have the ability to unlock devices and decrypt data when a court order justifies it. There are all sorts of procedural and technical means that would allow that to be done safely and without it violating privacy or other rights. We already do that sort of thing with wire taps and other surveillance when approved by the court. But, technically, it's hard to hold a vendor like Apple accountable for that because very sophisticated encryption has become a public commodity now. I can encrypt data in ways that no one, including Apple, can crack, except me, so forcing Apple to comply is a short term victory and Apple's resistance to the government is a lame argument-- this is not about government intrusion. That precedence already exists. This is about the futility of trying to keep up with publicly available technology, which neither Apple nor the government can do anymore. At NSA, we would spend all sorts of time evaluating what are known as "National Technical Means." In essence, we would dream up scenarios or build technology then ask ourselves, "What other countries have the national technical means to pull this off?" If the country was Britain, we wouldn't worry. If it was Iran, we would worry. But, the knowledge that's available on the internet and through distributed computing has placed what was formerly National Technical Means into the hands of the public, which is what makes ISIS so capable. It's not about nations anymore, it's about software, knowledge, and ideologies with no boundaries. Technology makes nations matter less and less."







The Death of Risk, Adventure, and Accountability in Our Lives

This article , entitled, "23 Dangerous Things You Should Let Your Kids Do", prompted me to pause and think. Here are the 23 things...