Tuesday, June 18, 2013

Terms of Art

How PRISM is Being Misunderstood

I've been an active "UNIX geek" for 20 years, working professionally in that capacity for 17.  Though I'm no Richard McDougall, I have a good general knowledge of how Internet services like Facebook and Google's are put together.  While those companies reserve a lot of "secret sauce" to maintain a competitive edge, one thing an IT engineer learns early on is the same building blocks are used over and over.  Some of the key technologies we rely on -- networking, the GUI, virtualization -- trace their origins back decades.

When The Guardian and the Washington Post broke the PRISM story, they interpreted an "NSA document," leaked by IT contractor Edward Snowden, to make claims about the scope and nature of NSA spying on Americans.  Even though Snowden worked in a technical capacity and claimed to have access to troves of sensitive data, the document is a simple PowerPoint presentation.  While one might have expected Snowden to divulge something more technical, this sort of document is very familiar to those working in IT.

To summarize crudely but serviceably, in many technology jobs there are geeks and what some jokingly refer to as "the adults in the room" -- non-technical folks who wrangle the less socially adroit technologists into functioning business units.  The perennial challenge is to distill for the managers, crudely but serviceably, what the technicians do so they can direct the staff and deliver results.  This labored process of communication can sometimes resemble "explaining calculus to a chimpanzee".  A lot gets lost in translation.

Enter the PowerPoint presentation.  I can't exaggerate how many times I've seen managers, VPs, executives, vendors, speakers and the like subject captive audiences to slides littered with meaningless jargon meant to bridge the gap between technical and non-technical staff.  One of these terms of art appears in the leaked NSA PowerPoint about PRISM: "direct access".  Barring new revelations of technical details, that doesn't bode well for the importance of the document and the PRISM scoop.

"Direct access" carries a connotation of being "logged in" or otherwise "present" inside a computer system to retrieve data or use software.  The impact of the PRISM story relies upon that interpretation of the phrase.  The journalists who broke it wanted readers to believe -- and perhaps believed themselves -- that the NSA was "present" in the servers of social media giants.  There it could conduct indiscriminate and widespread surveillance of Americans.

But again, "direct access" is a term of art whose reconciliation with technical reality is highly variable.  From my experience I can detail three scenarios that "direct access" might have referred to.  They are anti-climactic and each could be described in a presentation to a non-technical audience as offering a "solution" of "direct access".  And none of the scenarios entails any of the following:

A)  Side-stepping a FISA warrant
B)  Side-stepping corporate review of government requests
C)  Government "presence" on corporate networks or servers

We know that PRISM was intended to make more efficient the transfer of data under investigation -- the NSA PowerPoint says as much.  Assume for the sake of argument that before PRISM, the NSA followed a process by which it legally requested data from a social media company, and that company's techs manually bundled the data and deposited it in a secure, mutually-agreed-upon "dropbox" for retrieval.

Each of these scenarios might speed that sort of thing up.

"Direct Access" Example 1: The SSH/SCP Relationship

Facebook and the government might negotiate to set up a Linux server on a DMZ -- a narrow-purpose network walled off by firewalls -- to act as a depository for requested data.  Facebook grants limited access to the depository via SSH -- an encrypted "secure shell" that enables the use of a file copy program, SCP, to retrieve the data.  The government makes a request; the request undergoes all the necessary review; and then Facebook furnishes the least data consistent with the law for retrieval.  The government "accesses" the DMZ depository for the sole purpose of retrieving the circumscribed data.

"Direct Access" Example 2: HTTPS/REST and Web Services

HTTP is the protocol that drives the web; HTTPS is HTTP over an encrypted channel.  REST -- Representational State Transfer -- is an architectural approach introduced by one of the inventors of HTTP.  Basically REST presents a model by which services on the web -- that is, applications provided by web servers -- can interact programmatically.  These services often interact through what is generically called an API -- Application Programming Interface.

For example, an online tax preparation service might want to import information -- say, your W2 -- from your bank, and export information - your completed tax forms -- to the government.  It might use APIs to connect its web service to those of banks and the IRS.  Using HTTPS for this is desirable because it is an extremely common protocol that is secure, easy-to-use and firewall-friendly.

The government and, say, Google could have negotiated a means by which one or more government servers, existing outside of Google's network, could use an HTTPS/REST web interface to legally request and obtain data.  Both the government and Google might ask engineers to build web interfaces to execute this process.  On the government side, engineers could build an interface in PRISM.  The request and data transactions would take place in encrypted tunnels.  General searches would not be permitted.  As in Example 1, neither FISC nor corporate review is bypassed, and the data presented is as limited as is consistent with the law.

"Direct Access" Example 3: The Mirror Server

Some of the social media giants warehouse data that can be arranged in standard formats.  The email in Google's Gmail is probably the best example.  As thoroughly commonplace data, it is easy to bundle up and transfer.  Other data the government might request, such as that contained in Facebook accounts, might be arranged in unique formats that could be difficult to move outside of the native environment of Facebook itself.

In order to surmount the difficulty of delivering proprietary data to the government, Facebook could arrange to install a "mirror server" in a DMZ that the government could access.  A "mirror server" is a replica of a main server, usually meant to expand the ability to deliver files or services.  The mirror server could be linked to the Facebook grid through a firewall and retrieve highly circumscribed data in response to lawful government requests.  The server would not be able to access the rest of the Facebook application.  It would not reside on Facebook's network.  It would not allow general searches.  It would receive only what Facebook sent it -- as little data as is consistent with the law, after legal and corporate review.

So, pretend that a mark in Pakistan is communicating with a mark in New York City.  The government obtains a FISA warrant to snoop their Facebook communications.  Facebook receives the lawful request and reviews it.  If it decides to comply, Facebook techs "replicate" the account data of the marks and all of their relevant associates into the mirror server.  The government views it as needed.  When the investigation concludes, the replication stops.


Edward Snowden's main tout, Glenn Greenwald, is threatening to publish more leaked material.  So we can't be sure where this dirigible will crash.  However, lurid claims of government infiltration of social media giants are unsupported by the documents leaked so far.  It is journalistic malpractice to sex up the PRISM revelation with the unqualified jargon "direct access".  It leaves far too much open to interpretation, not least by reporters themselves.

While there have been pieces that have questioned the technical substance of the initial PRISM reports, it is extraordinary that such a profound scoop remains unscrutinized by IT experts.  Has no one realized that a PowerPoint presentation, featuring click-and-save logos and clip art of leprechauns, might not be the strongest foundation on which to rest a major technical scoop?  Snowden worked as some kind of systems administrator, but there are a lot of poseurs in technology.  The quality of IT engineers ranges wildly.  Has no one realized that Snowden, who has warned that "they quite literally can watch your ideas form as you type," might be just the rube for whom such a PowerPoint was intended?

Powered by FeedBurner Site Meter