Ridiculously Misinformed Opinion Piece In WSJ Asks Apple And Google To Make Everyone Less Safe

from the who-takes-these-people-seriously? dept

Former Wall Street Journal publisher L. Gordon Crovitz still gets to publish opinion pieces in the WSJ. And while I often find them interesting, any time he touches on technology in almost any manner, he seems to fall flat on his face, often in embarrassing ways -- such as the time he insisted the internet was invented by companies without government support (yes, he really argued that). Crovitz has also been strongly pro-surveillance state for years. He's attacked Wikileaks and Chelsea Manning by blatantly taking quotes out of context, and then last year, writing a column about the Snowden leaks that showed he doesn't understand even the basic facts. Crovitz tends to see the world the way he wants to see it, rather than the way it really is.

His latest is no exception, repeating a bunch of bogus or debunked claims to argue that the tech industry should happily insert back doors into technology to aid in surveillance. He kicks it off by both repeating the false claim concerning how "subway bomber" Najibullah Zazi was caught, but also totally misunderstanding the difference between encrypting data on a device and encrypting data in transit:

It’s a good thing Najibullah Zazi didn’t have access to a modern iPhone or Android device a few years ago when he plotted to blow up New York City subway stations. He was caught because his email was tapped by intelligence agencies—a practice that Silicon Valley firms recently decided the U.S. government is no longer permitted.

Apple , Google, Facebook and others are playing with fire, or in the case of Zazi with a plot to blow up subway stations under Grand Central and Times Square on Sept. 11, 2009. An Afghanistan native living in the U.S., Zazi became a suspect when he used his unencrypted Yahoo email account to double-check with his al Qaeda handler in Pakistan about the precise chemical mix to complete his bombs. Zazi and his collaborators, identified through phone records, were arrested shortly after he sent an email announcing the imminent attacks: “The marriage is ready.”

Except, no. It wouldn't have mattered if he had a modern iPhone or Android device because whether or not email is encrypted is entirely unrelated to whether or not data on the device is encrypted. What Apple and Google are promising now is to encrypt data on the device. Even if that was turned on, if you send an unencrypted email, it's still available to be viewed. Crovitz is comparing two completely different things and doesn't seem to realize it. What kind of standards does the WSJ have when it allows such false arguments to be published uncritically?

Furthermore, the fact that Zazi sent an unencrypted email via Yahoo was a different issue. And Yahoo encrypted all its email connections a while ago, and no one freaked out at the time. Even so, that's unimportant, because law enforcement and the intelligence community can and do still read emails with a warrant. And, as was made clear by many in the analysis of the Zazi case, he had been watched by law enforcement for a while. The phone encryption that Google and Apple are discussing would have had no impact whatsoever on the Zazi case. So why even bring it up, other than pure surveillance state FUD?

But, to someone as ignorant of the basics as Crovitz, it's an opportunity to double down.

The Zazi example (he pleaded guilty to conspiracy charges and awaits sentencing) highlights the risks that Silicon Valley firms are taking with their reputations by making it impossible for intelligence agencies or law enforcement to gain access to these communications.

Except, again, that's not true. Intelligence agencies and law enforcement would still have access to communications in transit -- just not data held on his phone directly (which they wouldn't have unless they got the phone itself). Second, it still wouldn't be "impossible" to get the information. They could either crack the encryption or issue a subpoena ordering the phone's owner to unlock the data (or potentially face a potential contempt of court ruling). While there are some 5th Amendment concerns with that latter route, it's still not "impossible." And it's not about communications. Crovitz is just totally ignorant of what he's writing about.

Since then, U.S. and British officials have made numerous trips to Silicon Valley to explain the dangers. FBI Director James Comey gave a speech citing the case of a sex offender who lured a 12-year-old boy in Louisiana in 2010 using text messages, which were later obtained to get a murder conviction. “There should be no one in the U.S. above the law,” Mr. Comey said, “and also no places within the U.S. that are beyond the law.”

Again, different issue. The Louisiana case? That was debunked a day later, and it wasn't because of access to the kind of information that would now be encrypted. As noted by the Intercept:

In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.

Next thing you know, Crovitz will argue that all shoes should come pre-muddied so that law enforcement can track them. After all, how could law enforcement track down criminals who don't leave a trail of muddy footprints?

Then Crovitz shifts to his own personal worldview -- insisting that the public actually doesn't want privacy or protection from the snooping eyes of government. He insists, the truth is the public really wants to be spied on.

It looks like Silicon Valley has misread public opinion. The initial media frenzy caused by the Edward Snowden leaks has been replaced by recognition that the National Security Agency is among the most lawyered agencies in the government. Contrary to initial media reports, the NSA does not listen willy-nilly to phone and email communications.

Last week, the Senate killed a bill once considered a sure thing. The bill would have created new barriers to the NSA obtaining phone metadata to connect the dots to identify terrorists and prevent their attacks. Phone companies, not the NSA, would have retained these records. There would have been greater risks of leaks of individual records. An unconstitutional privacy advocate would have been inserted into Foreign Intelligence Surveillance Court proceedings.

First off, no, the USA Freedom Act was never "a sure thing." From the very beginning, it was considered a massive long shot. And, no it would not have "created new barriers" -- it would have merely made it clear that the NSA can't simply collect everyone's data in the hopes of magically sifting through the haystack and finding connections. Also, Crovitz is flat out wrong (again!) that this would have led to a "greater risk" because the phone companies held the data. While this was the key talking point among those who voted against it, it's simply incorrect. The telcos already retain that information. The bill made no changes to what information telcos could and would retain. It only said that they shouldn't also have to ship all that data to the NSA as well. There was no increased risk. Saying so is -- once again -- trumpeting Crovitz's ignorance.

Furthermore, the idea that the public is miraculously comfortable with the government spying on them... based on the government voting against curtailing government surveillance is simply ludicrous. It doesn't even pass a basic laugh test. The Pew Research poll that tracks this issue most closely continues to show that the vast majority of people are against NSA surveillance on American data, and the numbers who feel that way have been growing consistently since the first of the Snowden revelations.

But let me repeat the assertion Crovitz made here, just to remind everyone of how idiotic it is: he's saying that the public is now comfortable with surveillance because Congress voted down surveillance reform. And he thinks this is obvious.

The lesson of the Snowden accusations is that citizens in a democracy make reasonable trade-offs between privacy and security once they have all the facts. As people realized that the rules-bound NSA poses little to no risk to their privacy, there was no reason to hamstring its operations. Likewise, law-abiding people know that there is little to no risk to their privacy when communications companies comply with U.S. court orders.

Facts, huh? It's kind of funny that he'd argue for the facts when he seems to be lacking in many of them. And he's wrong. There is tremendous risk to privacy, as illustrated by the fact that the NSA regularly abused its powers to spy on Americans. Furthermore, he ignores (or is ignorant of the fact) that much of the data the NSA collects is also freely available to the CIA and FBI -- and that the FBI taps into it so often that it doesn't even track how many times it dips into the database.

And of course, none of this even bothers to point out that the reason why Google and Apple are increasing encryption is because it makes us all much safer from actual everyday threats -- including the very threats that the NSA and others in law enforcement keep warning us about. Making us all safer is a good thing, though, not to L. Gordon Crovitz, apparently.

Crovitz is either woefully clueless and misinformed or he's purposely misleading the American public. Neither reflects well on him or the Wall Street Journal.

Filed Under: encryption, fud, gordon crovitz, l. gordon crovitz, mobile encryption, najibullah zazi, surveillance
Companies: apple, google, wall street journal

Mike Rogers Lies About Bulk Data Collection, Insists It's Necessary, Even As He Introduces Bill He Says Will Kill It

from the say-what-now? dept

As was expected, on Tuesday morning, Rep. Mike Rogers officially introduced his new bill concerning bulk data collection by the NSA. Overnight, it appears that Rogers and his staff realized that the originally proposed name of the bill, the End Bulk Collection Act of 2014, was so bogus that they couldn't go forward with that. So the official bill is now called the FISA Transparency and Modernization Act. There are significant concerns about how the section on supposedly "ending" bulk collection might actually allow for even greater searches of data.

But the thing that seemed most ridiculous was that, at the same time Rogers gave his press conference in which he claimed he was ending the bulk data collection by the NSA, he was publishing an op-ed in USA Today claiming the program was "necessary" and "vital" and that was why he was calling for it to end. He kicks it off with an already widely debunked bullshit story about how Section 215 could have stopped 9/11:

On the morning of September 11, 2001, Khalid al-Mihdhar stepped on to American Airlines Flight 77, the flight he would later crash into the Pentagon. Al-Mihdhar might have been in prison, instead of on that flight, if the government knew he had called an al-Qaeda safehouse in Yemen from inside the U.S. seven times before the attacks. The failure to spot phone calls by al-Mihdhar and others led the Intelligence community to begin collecting large volumes of call data records, specifically the number dialed and the date and duration of the call, to determine whether suspected terrorists had contacts inside the United States.

This is simply not true. The NSA was already intercepting calls to that very safehouse starting at least two years earlier. The CIA had been following al-Mihdhar for years earlier. The FBI was aware of him as well. The problem was that the CIA failed to alert anyone that Mihdhar had a US visa and came to the US. So the problem was never that they didn't have the information. It was that the NSA, the FBI and the CIA simply didn't cooperate and share the necessary information. This has nothing to do with the Section 215 bulk data collection.

Since last summer, a great deal has been written about the program's scope, capabilities and legality —much of it wrong. The fact is that the program is legal. It was authorized by Congress and found constitutional many times over. No review of the program revealed an intentional misuse of its authority.

This is not actually accurate. It is not a "fact" that the program is legal. At least one court has said that it is not legal as has the Privacy and Civil Liberties Oversight Board (PCLOB), who found the program to be clearly both illegal and unconstitutional. As for the claims that it was "authorized" by Congress and found "constitutional" many times over, neither is particularly accurate. Mike Rogers himself hid the details of the program from Congressional reps who voted on it, and the FISA court never actually explored the constitutionality of the bulk phone records collection until after the Snowden revelations, at which point it had to cover its ass for all the approvals of the program it had given based on a totally different authority.

We recognize that the Intelligence community must have the confidence of the American people to do its life-saving work. Over the past nine months, we have studied ways to reform the program while maintaining its effectiveness.

WHAT EFFECTIVENESS? Everyone who has explored the program has admitted that they were somewhat shocked to learn that there is no evidence anywhere that the program has done anything useful, ever. To argue that we need to "maintain its effectiveness" is a joke.

Most of the rest of the piece is trying to explain why his new bill is a good idea, even after he opened it with a series of outright lies. Then, apparently because he can't resist, he closes on a misrepresentation as well:

Without NSA counterterrorism tools, Najibullah Zazi might have set off bombs during rush hour in the New York City subway in September 2009.

Except the Zazi case is another one that's been debunked as well. But that doesn't stop Rogers from doubling down on his argument:

Some people may say that's "not enough" when compared to the amount of information the NSA obtains, but we would be shocked if anyone on September 12, 2001, wouldn't have done everything possible to find hijackers like al-Mihdhar and prevent just one terrorist attack.

Yeah, that's a great closer. The argument that anything goes because of September 11th should, frankly, disqualify Rep. Rogers from holding office. Doing "everything possible" would mean abandoning the Constitution that Rogers is supposed to be upholding. We're a nation built on the principle that we don't abridge basic freedoms to "do everything possible" to stop one crime. Yet, Rogers still doesn't seem to recognize this.

Filed Under: 9/11, bulk data collection, ed snowden, khalid al-mihdhar, mike rogers, najibullah zazi, nsa, surveillance

NSA Defenders Claim PRISM Helped Stop NYC Subway Bombing; Actual Evidence Suggests It Didn't

from the so-much-for-that dept

You knew this was coming. In the wake of the revelations about the NSA surveillance program, defenders of the system are now trying to claim that PRISM was responsible for stopping a plot to bomb the NYC subways by Najibullah Zazi. However, as people looked into the details, they pointed out that this didn't make much sense and, further, that detailed public reports already make it clear that traditional police work had uncovered Zazi's plot, not PRISM.

The details of terror investigations are not always laid out this clearly in public; but they appear to belie the notion, advanced by anonymous government officials Friday, that sweeping access to millions of email accounts played an important roil in foiling the subway attack. Instead, this is the sort investigation made possible by ordinary warrants under the Foreign Intelligence Surveillance Act; authorities appear simply to have been monitoring the Pakistani email account that had been linked to terrorists earlier that year.

That report, by Buzzfeed's Ben Smith has a lot more details.

Of course, there's a separate point in all of this: even if PRISM had been used to stop this plot, that says nothing about whether or not the program is appropriate. I'm sure that we could stop all sorts of terrorist plots and activity if the US government was able to send soldiers door to door searching every house in the country and installing cameras inside our homes. But, most everyone would agree that's a blatant violation of our rights.

Filed Under: fisa, mike rogers, najibullah zazi, nsa, nsa surveillance, prism