U.S. Government Keeping Fewer New Secrets

February 24, 2017

We have good news and bad news for fans of government transparency. In their Secrecy News blog, the Federation of American Scientists’ reports, “Number of New Secrets in 2015 Near Historic Low.” Writer Steven Aftergood explains:

The production of new national security secrets dropped precipitously in the last five years and remained at historically low levels last year, according to a new annual report released today by the Information Security Oversight Office.

There were 53,425 new secrets (‘original classification decisions’) created by executive branch agencies in FY 2015. Though this represents a 14% increase from the all-time low achieved in FY 2014, it is still the second lowest number of original classification actions ever reported. Ten years earlier (2005), by contrast, there were more than 258,000 new secrets.

The new data appear to confirm that the national security classification system is undergoing a slow-motion process of transformation, involving continuing incremental reductions in classification activity and gradually increased disclosure. …

Meanwhile, ‘derivative classification activity,’ or the incorporation of existing secrets into new forms or products, dropped by 32%. The number of pages declassified increased by 30% over the year before.

A marked decrease in government secrecy—that’s the good news. On the other hand, the report reveals some troubling findings. For one thing, costs are not going down alongside classifications; in fact, they rose by eight percent last year. Also, response times to mandatory declassification requests (MDRs) are growing, leaving over 14,000 such requests to languish for over a year each. Finally, fewer newly classified documents carry the “declassify in ten years or less” specification, which means fewer items will become declassified automatically down the line.

Such red-tape tangles notwithstanding, the reduction in secret classifications does look like a sign that the government is moving toward more transparency. Can we trust the trajectory?

Cynthia Murrell, February 24, 2017

Anonymous Transparency Project Boldly Attacks Google for Secrecy Then Dives Back Under Rug

February 23, 2017

The article on Mercury News titled Secretive Foe Attacks Google Over Government Influence reports on the Transparency Project, an ironically super-secret group devoted to exposing Google’s insane level of influence. Of course, most of us are already perfectly aware of how much power Google holds over our politicians, our privacy, and our daily functions. Across Chrome, Google search, YouTube etc., not a day goes by that we don’t engage with the Silicon Valley Monster. The group claims,

Over the past decade, Google has transformed itself from the dominant internet search engine into a global business empire that touches on almost every facet of people’s lives — often without their knowledge or consent,” the group’s first report said. Another report, based on White House guest logs, cites 427 visits by employees of Google and “associated entities” to the White House since January 2009, with 21 “small, intimate” meetings between senior Google executives and Obama.

While such information may be disturbing, it is hardly revelatory.  So just who is behind the Transparency Project? The article provides a list of companies that Google has pissed off and stomped over on its path to glory. The only company that has stepped up to claim some funding is Oracle. But following the money in this case winds a strange twisted path that actually leads the author back to Google— or at least former Google CEO Eric Schmidt. This begs the question: is there anything Google isn’t influencing?

Chelsea Kerwin, February 23, 2017

Unintended Side Effects of Technology Restrictions

February 23, 2017

Do lawmakers understand how much they do not understand about technology? An article at Roll Call tells us, “Proposed Tech-Export Rules Bashed by Companies, Researchers.”  It is perfectly understandable that human-rights organizations have pressed for limits on the spread of surveillance technology and “intrusion software”—a broad term for technology that steals data from computers and mobile devices, including some tools that can hijack hardware. Several Western governments have taken up that banner, imposing restrictions designed to keep this technology out of the hands of bad actors. In fact, 41 nations pledged their commitment to the cause when they signed on to the Wassenarr Arrangement in 2013.

While the intentions behind these restrictions are good, many critics insist that they have some serious unintended side effects for the good guys. Writer Gopal Ratnam reports:

Although such technologies can be used for malicious or offensive purposes, efforts to curb their exports suggests that the regulators didn’t understand the nature of the computer security business, critics say. Unlike embargoes and sanctions, which prohibit dealing with specific countries or individuals, the proposed restrictions would have forced even individual researchers working on computer security to obtain licenses, they say.

The technologies the Wassenaar agreement tried to restrict ‘certainly can be used for bad purposes, but cybersecurity tools used by malicious hackers are also used for good purposes by technology companies and developers,’ says John Miller, vice president for global cybersecurity and privacy policy at the Information Technology Industry Council, a Washington-based group that represents technology companies. ‘Export control law usually doesn’t get into making distinctions on what the technology is going to be used for.’ And that’s ‘one of the reasons it’s difficult to regulate this technology,’ Miller says.

Besides, say some, the bad guys are perfectly capable of getting around the restrictions. Eva Galperin, of the nonprofit Electronic Frontier Foundation, insists human rights would be better served by applying pressure generally to repressive regimes, instead of trying to stay ahead of their hackers. Ratnam goes on to discuss specific ways restrictions get in the way of legitimate business, like hampering penetration tests or impeding communication between researchers. See the article for more details.

Cynthia Murrell, February 23, 2017

Microsoft May Want to Help Make Global Policy

February 22, 2017

Denmark is ahead of the game. As we reported last week (February 14, 2017), Denmark has created an ambassador to liaise with big US high technology companies. Microsoft qualifies because it is big and has hundreds of employees in Plastic Fantastic Land and in San Francisco.

The policy idea appeared in “’Digital Geneva Convention’ Needed to Deter Nation-State Hacking: Microsoft President.” Sounds like a great idea. How do those “conventions” for use of certain types of weapons or building an arsenal work? How does one know if a party to the convention is playing by the rules? How does one determine if a clever 16 year old in Moldova is goofing off or working for a government entity or a cut out or a plain old bad guy?

Hey, annoying details, right?

The write up said:

Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

I noted this passage:

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Yeah, about those nuclear weapons.

Perhaps Microsoft will become the head of US cyber policy. Nice work if one can get it. Then Microsoft can use its Windows 10 upgrade expertise to convince people to do what the “policy” in the “convention” says. Microsoft may want to talk with IBM Watson about cybersecurity, or step back and think about the people compromising systems and the non US companies in this game.

Better yet, Microsoft could buy Gamma Group, Hacking Team, and five or six other companies and dig into their customer list, the tasks these outfits perform, and the ideological orientation of the companies’ employees.

Ah, Microsoft. Thinking big. Perhaps a trip to Denmark is next.

Stephen E Arnold, February 22, 2017

Kasperski Discovers Firmware-Level Spyware Linked to NSA

February 20, 2017

It looks like the NSA is hacking computers around the world by accessing hard-drive firmware, reports Sott in their article, “Russian Researchers Discover NSA Spying and Sabotage Software Hidden in Hard Drives.” We learn that Russian security firm Kaspersky Lab found the sneaky software lurking on hard drives in 30 countries, mostly at government institutions, telecom and energy companies, nuclear research facilities, media outlets, and Islamic activist organizations. Apparently, the vast majority of hard drive brands are vulnerable to the technique. Writer Joseph Menn reports:

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on. Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up. ‘The hardware will be able to infect the computer over and over,’ lead Kaspersky researcher Costin Raiu said in an interview.

Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.

Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.”

Kaspersky did not come right out and name the NSA as the source of the spyware, but did connect it to Stuxnet, a known NSA tool. We also learn that a “former NSA employee” confirmed Kaspersky’s analysis, stating these tools are as valuable as Stuxnet.

Menn notes that this news could increase existing resistance to Western technology overseas due to security concerns. Researcher Raiu specifies that whoever created the spyware must have had access to the proprietary source code for the drives’ firmware. While Western Digital, Seagate, and Micron deny knowledge, Toshiba, Samsung, and IBM remain mum on the subject. Navigate to the article to read more details, or to view the four-minute video (scroll down a bit for that.)

Cynthia Murrell, February 20, 2017

Canada: Right to Be Forgotten

February 15, 2017

I found this interesting. According to “Did a Canadian Court Just Establish a New Right to Be Forgotten Online?

the Federal Court of Canada issued a landmark ruling that paves the way for a Canadian version of the right to be forgotten that would allow courts to issue orders with the removal of Google search results on a global basis very much in mind. The case – A.T. v. Globe24H.com – involves a Romanian-based website that downloaded thousands of Canadian judicial and tribunal decisions, posted them online and demanded fees for their swift removal. The decisions are all public documents and available through the Canadian Legal Information Institute (CanLII), a website maintained by the legal profession in support of open access to legal materials

I find the logic interesting. I believe that Thomson Reuters processes public legal documents and charges a fee to access them and the “value add” that WestLaw and its sister outfits impose. Maybe I am addled like the goose in Harrod’s Creek, but it seems that what’s good for one gander is not so good for the Google.

Poor Romanian entrepreneur! Come up with an original idea and learn that a country wants the data removed. No word on the views of Reed Elsevier which operates LexisNexis. Thomson Reuters, anything to add?

The removal of links is a hassle at best and a real pain at the worst for the Google. For researchers, hey, find the information another way.

Stephen E Arnold, February 15, 2017

Denmark: Companies May Be Countries

February 14, 2017

For years I have mentioned that some companies conduct themselves as if they were companies. If not countries, other outfits operate like the Sforzas in Milan or the Medici family in Florence. In college, one of my French language professors was “related” to the Medicis. I learned that one should not forget the rights that accrue thereto.

I read “Denmark to Appoint a ‘Silicon Valley Ambassador’ As If Tech Was Its Own Country.” Denmark is definitely getting with the program. I did a small project in Denmark before I kicked back to enjoy the sweet life in rural Kentucky. One insurance company was surprised to learn that 98 percent of its Web traffic came from the world’s greatest online advertising outfit, the Google. Does Google trumpet its dominance of European search? Nah, Google is fearful of Qwant and maybe when fatigued Exalead search.

According to the write up:

Denmark recently said that it would appoint a new digital ambassador to work with some of the world’s biggest tech companies, like Microsoft, Apple, and Google. The Scandinavian country said at the time that these companies have just as much of an influence and impact on the nation as other countries..

My thought is that the tech companies viewed as a country will want to add to their corporate air fleet some fighter jets. Why not set up a border control operation? A taxing authority is a possibility.

Yikes, wait. Many Sillycon Valley tech companies already have these things. Big companies are indeed countries. Political evolution is alive and well. Why not search for that? What country’s system should I use?

Stephen E Arnold, February  14, 2017

Why Do We Care More About Smaller Concerns? How Quantitative Numbing Impacts Emotional Response

February 14, 2017

The affecting article on Visual Business Intelligence titled When More is Less: Quantitative Numbing explains the phenomenon that many of us have probably witnessed on the news, in our friends and family, and even personally experienced in ourselves. A local news story about the death of an individual might provoke a stronger emotional response than news of a mass tragedy involving hundreds or thousands of deaths. Scott Slovic and Paul Slovic explore this in their book Numbers and Nerves. According to the article, this response is “built into our brains.” Another example explains the Donald Trump effect,

Because he exhibits so many examples of bad behavior, those behaviors are having relatively little impact on us. The sheer number of incidents creates a numbing effect. Any one of Trump’s greedy, racist, sexist, vulgar, discriminatory, anti-intellectual, and dishonest acts, if considered alone, would concern us more than the huge number of examples that now confront us. The larger the number, the lesser the impact…This tendency… is automatic, immediate, and unconscious.

The article suggests that the only reason to overcome this tendency is to engage with large quantities in a slower, more thoughtful way. An Abel Hertzberg quote helps convey this approach when considering the large-scale tragedy of the Holocaust: “There were not six million Jews murdered: there was one murder, six million times.” The difference between that consideration of individual murders vs. the total number is stark, and it needs to enter into the way we process daily events that are happening all over the world if we want to hold on to any semblance of compassion and humanity.

Chelsea Kerwin, February 14, 2017

Search, Intelligence, and the Nobel Prize

February 6, 2017

For me, intelligence requires search. Professional operatives rely on search and retrieval technology. The name of the function is changed because keywords are no longer capable of making one’s heart beat more rapidly. Call search text analytics, cognitive insight, or something similar, and search generates excitement.

I thought about the link between finding information and intelligence. My context is not that of a person looking for a pizza joint using Cortana. The application is the use of tools to make sense of flows of digital information.

I read “Intelligence & the Nobel Peace Prize.” My recommendation is that you read the article as well. The main point is that recognition for those making important contributions has ossified. I would agree.

The most interesting facet of the write up is a recommendation that the Nobel Committee award the Nobel Peace Prize to a former intelligence operative and officer. The write up explains:

the Committee would do well to consider information-era criteria for its nomination this year and going forward into the future. An examination of all Nobel Peace Prizes awarded to date finds that none have been awarded for local to global scale information and intelligence endeavors – for information peacekeeping or peacekeeping intelligence that empowers the peace-loving public while constraining war-mongering banks and governments. It was this final realization that compelled me to recommend one of our authors, Robert David Steele, for nomination by one of our Norwegian Ministers, for the Nobel Peace Prize. We do not expect him to be selected – or even placed on the short list – but in our view as editors, he is qualified both for helping to prevent World War III this past year, publicly confronting the lies being told by his own national intelligence community with respect to the Russians hacking the US election,[5] and for his body of work in the preceding year and over time…

My view is that this is an excellent idea for three reasons:

Robert Steele has been one of the intelligence professionals with whom I have worked who appreciates the value of objective search and retrieval technology. This is unusual in my experience.

Second, Steele’s writings provide a continuing series of insights generated by the blend of experience, thought, and research. Where there is serious reading and research, there is information retrieval.

Third, Steele is a high energy thinker. His ideas cluster around themes which provide thought provoking insights to stabilizing some of the more fractious aspects of an uncertain world.

If you want to get a sense of Steele’s thinking, begin with this link or begin reading his “Public Intelligence Blog” at www.phibetaiota.net. (In the interest of keeping you informed, Steele wrote the preface to my monograph CyberOSINT: Next Generation Information Access.)

Stephen E Arnold, February 6, 2017

Declassified CIA Data Makes History Fun

January 26, 2017

One thing I have always heard to make kids more interested in learning about the past is “making it come alive.”  Textbooks suck at “making anything come alive” other than naps.  What really makes history a reality and more interesting are documentaries, eyewitnesses, and actual artifacts.  The CIA has a wealth of history and History Tech shares with us some rare finds: “Tip Of The Week: 8 Decades Of Super Cool Declassified CIA Maps.”  While the CIA Factbook is one of the best history and geography tools on the Web, the CIA Flickr account is chock full of declassified goodies, such as spy tools, maps, and more.

The article’s author shared that:

The best part of the Flickr account for me is the eight decades of CIA maps starting back in the 1940s prepared for the president and various government agencies. These are perfect for helping provide supplementary and corroborative materials for all sorts of historical thinking activities. You’ll find a wide variety of map types that could also easily work as stand-alone primary source.

These declassified maps were actually used by CIA personnel, political advisors, and presidents to make decisions that continue to impact our lives today.  The CIA flickr account is only one example of how the Internet is a wonderful tool for making history come to life.  Although you need to be cautious about where the information comes from since these are official CIA records they are primary sources.

Whitney Grace, January 26, 2017

Next Page »