August 20, 2013, 11:58 AM —
Image credit: REUTERS/Ricardo Moraes
“You’ve had your debate. There’s no need to write any more.”
These chilling words were delivered by an unnamed official of Her Majesty’s Secret Service to UK Guardian editor Alan Rusbridger, shortly before he was ordered to destroy every computer and hard drive containing files given to the Guardian by Edward Snowden.
This encounter happened more than a month ago. Rusbridger only revealed it yesterday after British secret service detained David Miranda at Heathrow Airport under Schedule 7 of the UK’s Terrorism Act 2000, the British equivalent of the Patriot Act.
That law allows UK officials to detain suspected terrorists for up to 9 hours while denying them contact with anyone else. And that’s exactly what they did. The Brits also confiscated all of Miranda’s digital gear – which, presumably, contained more documents from Edward Snowden.
Miranda is the boyfriend of journalist Glenn Greenwald. (I assume you’ve heard of him.) He was apparently acting as a courier between Greenwald, based in Brazil, and his reporting partner in the Snowden Affair, film-maker Laura Poitras, who lives in Berlin.
Aside from that we know very little. But a few things have now become crystal clear.
* If there was any doubt that US and UK spooks are performing 24/7 surveillance on Greenwald, Poitras, and anyone else involved with the leaks, there isn’t now. How else would they know who Miranda was and when he would be on British soil?
* The UK is defending the seizure by claiming Miranda was “in possession of highly sensitive stolen information that would help terrorism.” The documents that were in Miranda’s possession were encrypted. So how, exactly, would UK officials know what’s inside them?
* Clearly Greenwald et al have no faith that any electronic communications can be trusted, and have resorted to face-to-face exchanges of data – a kind of global sneakernet. Following the voluntary closures of two encrypted email services last week, and Google’s declaration that Gmail users “have no legitimate expectation of privacy,” this drives yet another nail into the coffin of so-called private communications.
I think even lifelong British bureaucrats understand that destroying the Guardian’s hardware did nothing to destroy the data that lives on it. Encrypted copies abound – if not in England, then certainly in Russia, Germany, and Brazil.
No, they did it to send a message. And that message is, Your debate is inconsequential. We control the horizontal and the vertical. We’ll do what we want, and there’s nothing you can do to stop us.
As I’ve written before, there are only two things you need to worry about from wall-to-wall 24/7 surveillance: accidental mistakes and intentional ones.
Last year, the NSA made nearly 3,000 accidental mistakes in surveillance, ranging from mis-identifying Americans as foreigners to typos that allowed NSA analysts to confuse calls made from Washington DC with those made from Egypt.
To see the potential consequences of an accidental mistake, Google Brandon Mayfield or Khalid el-Masri. Due to an FBI screw-up with fingerprint matching, Mayfield almost spent the rest of his life in a maximum security prison. German citizen el-Masri was abducted by the CIA, sent off to a secret prison, tortured for five months, then dumped on the side of a road. His crime? Having a name that was a phonetic match to an actual terrorist.
For a more benign example, just ask anyone named “David Nelson” who attempted to board a flight after 9/11 and got stopped because his name was on the TSA’s Do Not Fly list.
But yanking David Miranda out of a queue at Heathrow, tossing him into an interrogation room, and sweating him for nine hours is an example of the other kind of mistake. Nobody in the UK secret service thought Miranda was really a terrorist – or, at least, how you and I would define “terrorist.” That, too, was sending a message.
It was a warning to Greenwald but also to journalists and whistleblowers in general: The gloves are coming off. Or as the kids like to say, s**t just got real.
Cooking the books
There are some sad ironies in all of this.
Ed Snowden got away with taking a trove of secret documents from the NSA because an organization whose mission is to watch everyone failed to watch him. The NSA failed IT Security 101: segregation of duties. A single individual should not have the ability to access sensitive data as well as the ability to control the audit trail.
If you own a bank, you don’t want the person you’ve hired to guard the money to be the same guy who’s keeping the books.
By the same token, though, the NSA and the UK’s GCHQ are also operating with almost no oversight, despite what Barack Obama or David Cameron might try to tell you. That’s because they’re the ones who get to say who is and isn’t a terrorist suspect, then scoop them up and lock them away.
In other words, a “terrorist” is anyone the spooks say is a terrorist. In the past, we might reasonably assume our intelligence agencies targeted people who presented a potential threat to us. With the Miranda detention, it’s clear that a “terrorist” is anyone who presents a threat to them.
Not to sound too paranoid, but: This is how totalitarianism starts.
I know some people worry about the safety of Julian Assange. (Others fantasize about him being killed in a drone strike.) Not me. Assange is not nearly as important as he likes to think he is. Assange is like a guy who goes to bed in a dark room, wakes up with the lights blazing, and thinks he invented electricity in his sleep.
No, I’m worried about the safety of Glenn Greenwald and Laura Poitras. I’m worried about the safety of the Washington Post’s Barton Gellman; and the New York Times’ Eric Lichtblau, James Risen, and Charlie Savage; and Reuters’ John Shiffman and Kristina Cooke; and all the others who’ve done such an amazing job unraveling the Gordian knots of our industrial surveillance complex, post-Snowden. I worry about their sources, too – real people with serious jobs who are taking an enormous risk in talking to them.
I worry that we will wake up to headlines that Greenwald has died in a car accident. Or from a drug overdose. Or that he got caught by a stray bullet in a convenience store robbery. Or maybe they’ll take a page out of Vladimir Putin’s book and just assassinate him in broad daylight. And all we’ll have left are a series of Internet conspiracy theories.
Because if this latest round of intimidation fails to work – and both the Guardian and Greenwald have vowed that it won’t – that’s the next logical step.
I’m not worried because I share a profession with these guys. I’m worried because when government fails to do its job or tries to assume too much control, reporters like these are the only way we’ll ever know about it. Despite its many deep flaws, the media is still our last best line of defense.
Still I think this strategy will backfire horribly on the spooks. Because here’s what is most likely to happen.
So far, I think, the Guardian and others have exercised reasonable restraint in what they have reported. They are at least attempting to understand the data before presenting it, and to maintain a balance between the public’s right to know and putting lives or even countries in danger. Reasonable people can disagree about how good a job they’re doing at that, but it’s clear they’re trying to achieve a level of responsible disclosure (unlike, say, Julian Assange did when he released 250,000 unredacted state department cables from Bradley Manning).
If you detain reporters at the airport and confiscate their thumb drives or force them to destroy computers, they will stop trying to parse the data and redact the most sensitive bits. The only safe way to handle this information in the future would be to distribute it as widely and quickly as possible.
In other words, a total Internet data free for all, open to anyone and everyone – including foreign spies and actual terrorists. Is that the world we want to live in? I don’t think so. But it’s far preferable to one in which no one dares speak at all, lest they become one more “mistake.”
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.
Now read this: