Black State of Surveillance

Cyril Article Summary: There has been a long history of using surveillance specifically against racial minorities including slave laws and Jim Crow, which both had significant surveillance components. However, this kind of racial surveillance has gone largely unnoticed. It was not until Edward Snowden released information that privileged classes were being surveilled that America began to take action on this issue.

Cyril Article Strategic Points:

• 
  The most obvious argument this article could be used to make is describing the racist character of surveillance programs. It can also be used as part of a racism advantage.
  
• 
  This article can also be used to argue that discussions of surveillance are too focused on privileged classes, because racialized surveillance happened for decades with largely no attention.
  

Ten years ago, on Martin Luther King Jr.’s birthday, my mother, a former Black Panther, died from complications of sickle cell anemia. Weeks before she died, the FBI came knocking at our door, demanding that my mother testify in a secret trial proceeding against other former Panthers or face arrest. My mother, unable to walk, refused. The detectives told my mother as they left that they would be watching her. They didn’t get to do that. My mother died just two weeks later. 

My mother was not the only black person to come under the watchful eye of American law enforcement for perceived and actual dissidence. Nor is dissidence always a requirement for being subject to spying. Files obtained during a break-in at an FBI office in 1971 revealed that African Americans, J. Edger Hoover’s largest target group, didn’t have to be perceived as dissident to warrant surveillance. They just had to be black. As I write this, the same philosophy is driving the increasing adoption and use of surveillance technologies by local law enforcement agencies across the United States. 

Today, media reporting on government surveillance is laser-focused on the revelations by Edward Snowden that millions of Americans were being spied on by the NSA. Yet my mother’s visit from the FBI reminds me that, from the slave pass system to laws that deputized white civilians as enforcers of Jim Crow, black people and other people of color have lived for centuries with surveillance practices aimed at maintaining a racial hierarchy. 

It’s time for journalists to tell a new story that does not start the clock when privileged classes learn they are targets of surveillance. We need to understand that data has historically been overused to repress dissidence, monitor perceived criminality, and perpetually maintain an impoverished underclass.

In an era of big data, the Internet has increased the speed and secrecy of data collection. Thanks to new surveillance technologies, law enforcement agencies are now able to collect massive amounts of indiscriminate data. Yet legal protections and policies have not caught up to this technological advance. 

Concerned advocates see mass surveillance as the problem and protecting privacy as the goal. Targeted surveillance is an obvious answer—it may be discriminatory, but it helps protect the privacy perceived as an earned privilege of the inherently innocent.

The trouble is, targeted surveillance frequently includes the indiscriminate collection of the private data of people targeted by race but not involved in any crime. 

For targeted communities, there is little to no expectation of privacy from government or corporate surveillance. 

Instead, we are watched, either as criminals or as consumers. We do not expect policies to protect us. Instead, we’ve birthed a complex and coded culture—from jazz to spoken dialects—in order to navigate a world in which spying, from AT&T and Walmart to public benefits programs and beat cops on the block, is as much a part of our built environment as the streets covered in our blood. 

In a recent address, New York City Police Commissioner Bill Bratton made it clear: “2015 will be one of the most significant years in the history of this organization. It will be the year of technology, in which we literally will give to every member of this department technology that would’ve been unheard of even a few years ago.” 

Predictive policing, also known as “Total Information Awareness,” is described as using advanced technological tools and data analysis to “preempt” crime. It utilizes trends, patterns, sequences, and affinities found in data to make determinations about when and where crimes will occur.

This model is deceptive, however, because it presumes data inputs to be neutral. They aren’t. In a racially discriminatory criminal justice system, surveillance technologies reproduce injustice. Instead of reducing discrimination, predictive policing is a face of what author Michelle Alexander calls the “New Jim Crow”—a de facto system of separate and unequal application of laws, police practices, conviction rates, sentencing terms, and conditions of confinement that operate more as a system of social control by racial hierarchy than as crime prevention or punishment. 

In New York City, the predictive policing approach in use is “Broken Windows.” This approach to policing places an undue focus on quality of life crimes—like selling loose cigarettes, the kind of offense for which Eric Garner was choked to death. Without oversight, accountability, transparency, or rights, predictive policing is just high-tech racial profiling—indiscriminate data collection that drives discriminatory policing practices.

As local law enforcement agencies increasingly adopt surveillance technologies, they use them in three primary ways: to listen in on specific conversations on and offline; to observe daily movements of individuals and groups; and to observe data trends. Police departments like Bratton’s aim to use sophisticated technologies to do all three.

They will use technologies like license plate readers, which the Electronic Frontier Foundation found to be disproportionately used in communities of color and communities in the process of being gentrified. 

They will use facial recognition, biometric scanning software, which the FBI has now rolled out as a national system, to be adopted by local police departments for any criminal justice purpose.

They intend to use body and dashboard cameras, which have been touted as an effective step toward accountability based on the results of one study, yet storage and archiving procedures, among many other issues, remain unclear.

They will use Stingray cellphone interceptors. According to the ACLU, Stingray technology is an invasive cellphone surveillance device that mimics cellphone towers and sends out signals to trick cellphones in the area into transmitting their locations and identifying information. When used to track a suspect’s cellphone, they also gather information about the phones of countless bystanders who happen to be nearby.

The same is true of domestic drones, which are in increasing use by U.S. law enforcement to conduct routine aerial surveillance. While drones are currently unarmed, drone manufacturers are considering arming these remote-controlled aircraft with weapons like rubber bullets, tasers, and tear gas.

They will use fusion centers. Originally designed to increase interagency collaboration for the purposes of counterterrorism, these have instead become the local arm of the intelligence community. According to Electronic Frontier Foundation, there are currently seventy-eight on record. They are the clearinghouse for increasingly used “suspicious activity reports”—described as “official documentation of observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.” These reports and other collected data are often stored in massive databases like e-Verify and Prism. As anybody who’s ever dealt with gang databases knows, it’s almost impossible to get off a federal or state database, even when the data collected is incorrect or no longer true.

Predictive policing doesn’t just lead to racial and religious profiling—it relies on it. Just as stop and frisk legitimized an initial, unwarranted contact between police and people of color, almost 90 percent of whom turn out to be innocent of any crime, suspicious activities reporting and the dragnet approach of fusion centers target communities of color. One review of such reports collected in Los Angeles shows approximately 75 percent were of people of color.

This is the future of policing in America, and it should terrify you as much as it terrifies me. Unfortunately, it probably doesn’t, because my life is at far greater risk than the lives of white Americans, especially those reporting on the issue in the media or advocating in the halls of power.

One of the most terrifying aspects of high-tech surveillance is the invisibility of those it disproportionately impacts.

The NSA and FBI have engaged local law enforcement agencies and electronic surveillance technologies to spy on Muslims living in the United States. According to FBI training materials uncovered by Wired in 2011, the bureau taught agents to treat “mainstream” Muslims as supporters of terrorism, to view charitable donations by Muslims as “a funding mechanism for combat,” and to view Islam itself as a “Death Star” that must be destroyed if terrorism is to be contained. From New York City to Chicago and beyond, local law enforcement agencies have expanded unlawful and covert racial and religious profiling against Muslims not suspected of any crime. There is no national security reason to profile all Muslims.

At the same time, almost 450,000 migrants are in detention facilities throughout the United States, including survivors of torture, asylum seekers, families with small children, and the elderly. Undocumented migrant communities enjoy few legal protections, and are therefore subject to brutal policing practices, including illegal surveillance practices. According to the Sentencing Project, of the more than 2 million people incarcerated in the United States, more than 60 percent are racial and ethnic minorities.

But by far, the widest net is cast over black communities. Black people alone represent 40 percent of those incarcerated. More black men are incarcerated than were held in slavery in 1850, on the eve of the Civil War. Lest some misinterpret that statistic as evidence of greater criminality, a 2012 study confirms that black defendants are at least 30 percent more likely to be imprisoned than whites for the same crime.

This is not a broken system, it is a system working perfectly as intended, to the detriment of all. The NSA could not have spied on millions of cellphones if it were not already spying on black people, Muslims, and migrants.

As surveillance technologies are increasingly adopted and integrated by law enforcement agencies today, racial disparities are being made invisible by a media environment that has failed to tell the story of surveillance in the context of structural racism.

Reporters love to tell the technology story. For some, it’s a sexier read. To me, freedom from repression and racism is far sexier than the newest gadget used to reinforce racial hierarchy. As civil rights protections catch up with the technological terrain, reporting needs to catch up, too. Many journalists still focus their reporting on the technological trends and not the racial hierarchies that these trends are enforcing. 

Martin Luther King Jr. once said, “Everything we see is a shadow cast by that which we do not see.” Journalists have an obligation to tell the stories that are hidden from view.

We are living in an incredible time, when migrant activists have blocked deportation buses, and a movement for black lives has emerged, and when women, queer, and trans experiences have been placed right at the center. The decentralized power of the Internet makes that possible.

But the Internet also makes possible the high-tech surveillance that threatens to drive structural racism in the twenty-first century. 

We can help black lives matter by ensuring that technology is not used to cement a racial hierarchy that leaves too many people like me dead or in jail. Our communities need partners, not gatekeepers.

Together, we can change the cultural terrain that makes killing black people routine. We can counter inequality by ensuring that both the technology and the police departments that use it are democratized. We can change the story on surveillance to raise the voices of those who have been left out.

There are no voiceless people, only those that ain’t been heard yet. Let’s birth a new norm in which the technological tools of the twenty-first century create equity and justice for all—so all bodies enjoy full and equal protection, and the Jim Crow surveillance state exists no more. 

• 
  This article can be used as impact evidence for dehumanization of minorities.
  
• 
  This article can be used as part of a racial profiling advantage for an affirmative case.
  
• 
  This article can make the argument that minorities, especially Black people in the context of this article, will always be the primary targets for surveillance programs.
  

Paradigmatic of this ghastly transnational predicament is public sanction of or disinterest in black’s acute vulnerabilities to mass incarceration, homicide, police brutality, HIV infection, infant mortality, and under-education, among other things.5 The killing of Trayvon Martin bears particularly eloquent witness. Martin, an unarmed 17 year old was shot dead at intermediate range by a self-appointed neighborhood watch captain and dispatched without dignity to the morgue as a John Doe where he would lay for over 24 hours. Five hours after the shooting, Martin’s assailant would be released by the Sanford police department uncharged and under no suspicion. Presumed guilty by his shooter and the police, Martin would have been added to the staggering list of forgotten victims of violent death at the hands of law enforcement or their auxiliaries were it not for the heroic discipline, political savvy, and tireless efforts of his parents Sybrina Fulton and Tracy Martin and their supporters in print and electronic media. Presumed guilt constituted Martin’s peculiar vulnerability and this presumption has a political constitution.

When Zimmerman saw Martin he saw criminality, understood as the commission of crime, an intension to commit crime, an escape from prior crime, or some combination of the three. Tempting as it may be to look to the War on Drugs during the Reagan era as the seedbed for state practices of racialized surveillance, interdiction, and incarceration, both the Reagan era’s escalation of these practices and the presumption of Martin’s guilt are bound up with the criminalization of blackness that emerges in the context of US slavery. This is a history of racialization in which black agency is figured as criminality. Although the US Constitution artfully evades the word slavery and refuses express enumeration of the racial attributes of citizenship, it articulates the figure of black criminality as fundamental law and affirms practices of racialized surveillance and interdiction as civic virtue. Answering to lingering Jeffersonian questions about black humanity engendered by the 3/5 clause of Article I, Section II, Article IV defines national citizenship by setting it in an antagonistic relation to the crime of black fugitivity. Opposing the “immunities and privileges” of citizenship to the culpable derelictions of treason, felony, and escape from slavery, the framers yoke blackness to crime, legislate the intelligibility of black agency in the figure of the fugitive slave, and inscribe the “immunities and privileges” of citizenship as both a freedom from the presumption of criminal alterity and a duty to interdict the fugitive. Noting the fragility of constitutions and the indispensable constitutional scaffolding provided by criminal alterity and norms of interdiction, Alexis de Tocqueville writes, “the genuine sanction of political laws is to be found in the penal laws, and if the sanction is lacking, the law sooner or later loses its force.

Therefore, the man who judges the criminal is really the master of society.”6 By expressly granting blacks entitlement to “immunities and privileges” of citizenship, the 14th Amendment (1868) sought to abolish black fugitivity and dissipate the antagonism between it and US citizenship. Grand as was the effort, such a revolution proved impossible. With commercial exchange of black bodies prohibited except as punishment for crime, Historian Kali Gross notes how Northern white newspapers invent the figure of the “Colored Amazon” to allege the growing menace of black women’s criminality and “supply a new and growing commercial trade in blackness.”7 Concurrently, white southerners rehabilitate black fugitivity in the more menacing figure of the black rapist and re-found the old antagonism upon the violent hatred patriarchal societies cultivate against sexual predators who assail the women it values. At the turn of the century, southern intellectual’s leading role in propagating selective census data which reflected repressive criminalization of southern black life helped to give birth to modern crime statistics as well as make the case that northern blacks were also unfit for citizenship. As Kalil Muhammad notes, one of the crucial legacies of “race conscious laws, discriminatory punishments, and new forms of everyday surveillance” is its contribution to a “statistical rhetoric of black criminality” that operates as “a proxy for a national discourse on black inferiority.”8 When the figures of the welfare queen and drug warlord were vibrantly recirculated in the 1980s in connection with the southern strategy of the Republican Party, they neither inaugurated the criminalization of blackness nor simply revived a disreputable national tradition of racial animus. Recovering constitutional principle that posits an antagonism between the citizen and the fugitive slave, the party refashioned black fugitivity in order to restore American citizenship in the post-civil rights Era.

• 
  This article can be used as inherency evidence for an affirmative dealing with encryption backdoors.
  
• 
  It can also be used in Politics Disadvantages to show that there is some Senate support for blocking encryption backdoors.
  

Sens. Rand Paul (R-Ky.) and Ron Wyden (D-Ore.) want to amend the Senate’s surveillance reform bill so it would forbid the government from compelling companies to install access points into their encryption.  

As the Senate moves toward a final vote Tuesday on its reform bill, the USA Freedom Act, Paul and Wyden are pushing for their colleagues to vote on a slate of amendments they say would enhance the privacy provisions in the bill.

One of the main additions they want to see is a provision barring the government from requiring so-called “backdoors” in encryption — an access point known only to law enforcement.

But it appears the upper chamber will only vote on amendments offered by Senate Majority Leader Mitch McConnell (R-Ky.). Privacy groups have alleged that McConnell’s amendments will simply water down the reform bill, which the Republican leader initially opposed.

Paul has been leading the charge against extending any of the National Security Agency’s spying powers authorized under the Patriot Act. He blocked any short-term extension of the law and has repeatedly delayed votes on the reform bill, which he believes doesn’t go far enough.

Wyden, also a vocal NSA critic, has joined Paul to press for votes on privacy-focused amendments to the USA Freedom Act.

A measure barring backdoors has been one of the most sought-after provisions among tech-savvy lawmakers and the privacy community in recent years.

A bipartisan group of lawmakers is fighting with the Obama administration over the concept.

Government officials argue that investigators need some way to legitimately access encrypted data on devices and social media platforms. Technologists and numerous lawmakers counter that any form of guaranteed access makes encryption inherently vulnerable.

Wyden and others have several times introduced the Secure Data Act, a stand-alone bill that would prohibit the government from mandating backdoors.

But the measure hasn’t seen any movement, causing lawmakers to try and tack it on to other surveillance and cyber bills.

• 
  This article can be used as inherency evidence for an affirmative dealing with NSA hacking.
  
• 
  This article can be used to demonstrate the extent the NSA hacking.
  
• 
  This article can be used as part of a privacy advantage in an affirmative case.
  

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s broad reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by Qaeda leaders about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”

Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.

“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.

“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”

A Vital Capability

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A.

Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.

The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.

“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.

When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, with the rise of the Internet, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen.

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping.

By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.

Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Executives who refuse to comply with secret court orders can face fines or jail time.

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.

That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.

By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.

“Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says.

Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.

A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned.

Corporate Pushback

Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.

Google, Yahoo and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency’s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands.

In effect, facing the N.S.A.’s relentless advance, the companies surrendered.

Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

Update (9/6): Statement from the Office of the Director of National Intelligence:

It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.

While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

• 
  This article can be used to answer arguments like the Crime Disadvantage and Terrorism Disadvantage, because allowing backdoors to remain open means they can be exploited by criminals and terrorist organizations.
  
• 
  This article can be used as part of an affirmative advantage that says curbing surveillance may actually curb crime as well.
  

Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.

From now on, all the phone's data is protected. It can no longer be accessed by criminals, governments, or rogue employees. Access to it can no longer be demanded by totalitarian governments. A user's iPhone data is now more secure .

To hear U.S. law enforcement respond, you'd think Apple's move heralded an unstoppable crime wave. See, the FBI had been using that vulnerability to get into peoples' iPhones. In the words of cyberlaw professor Orin Kerr, "How is the public interest served by a policy that only thwarts lawful search warrants?"

Ah, but that's the thing: You can't build a "back door" that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You're either vulnerable to eavesdropping by any of them, or you're secure from eavesdropping from all of them.

Back-door access built for the good guys is routinely used by the bad guys. In 2005, some unknown group surreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The same thing happened in Italy in 2006.

In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with U.S. government surveillance requests. Back doors in our cell phone system are currently being exploited by the FBI and unknown others.

This doesn't stop the FBI and Justice Department from pumping up the fear. Attorney General Eric Holder threatened us with kidnappers and sexual predators .

The former head of the FBI's criminal investigative division went even further, conjuring up kidnappers who are also sexual predators. And, of course, terrorists.

FBI Director James Comey claimed that Apple's move allows people to "place themselves beyond the law" and also invoked that now overworked "child kidnapper." John J. Escalante, chief of detectives for the Chicago police department now holds the title of most hysterical: "Apple will become the phone of choice for the pedophile."

It's all bluster. Of the 3,576 major offenses for which warrants were granted for communications interception in 2013, exactly one involved kidnapping. And, more importantly, there's no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012—and the investigations proceeded in some other way.

This is why the FBI's scare stories tend to wither after public scrutiny. A former FBI assistant director wrote about a kidnapped man who would never have been found without the ability of the FBI to decrypt an iPhone, only to retract the point hours later because it wasn't true.

We've seen this game before. During the crypto wars of the 1990s, FBI Director Louis Freeh and others would repeatedly use the example of mobster John Gotti to illustrate why the ability to tap telephones was so vital. But the Gotti evidence was collected using a room bug, not a telephone tap. And those same scary criminal tropes were trotted out then, too. Back then we called them the Four Horsemen of the Infocalypse : pedophiles, kidnappers, drug dealers, and terrorists. Nothing has changed.

Strong encryption has been around for years. Both Apple's FileVault and Microsoft's BitLocker encrypt the data on computer hard drives. PGP encrypts email. Off-the-Record encrypts chat sessions. HTTPS Everywhere encrypts your browsing. Android phones already come with encryption built-in. There are literally thousands of encryption products without back doors for sale, and some have been around for decades. Even if the U.S. bans the stuff, foreign companies will corner the market because many of us have legitimate needs for security.

Law enforcement has been complaining about "going dark" for decades now. In the 1990s, they convinced Congress to pass a law requiring phone companies to ensure that phone calls would remain tappable even as they became digital. They tried and failed to ban strong encryption and mandate back doors for their use. The FBI tried and failed again to ban strong encryption in 2010. Now, in the post-Snowden era, they're about to try again.

We need to fight this. Strong encryption protects us from a panoply of threats. It protects us from hackers and criminals. It protects our businesses from competitors and foreign spies. It protects people in totalitarian governments from arrest and detention. This isn't just me talking: The FBI also recommends you encrypt your data for security.

As for law enforcement? The recent decades have given them an unprecedented ability to put us under surveillance and access our data. Our cell phones provide them with a detailed history of our movements. Our call records, email history, buddy lists, and Facebook pages tell them who we associate with. The hundreds of companies that track us on the Internet tell them what we're thinking about. Ubiquitous cameras capture our faces everywhere. And most of us back up our iPhone data on iCloud, which the FBI can still get a warrant for. It truly is the golden age of surveillance.

After considering the issue, Orin Kerr rethought his position, looking at this in terms of a technological-legal trade-off. I think he's right.

Given everything that has made it easier for governments and others to intrude on our private lives, we need both technological security and legal restrictions to restore the traditional balance between government access and our security/privacy. More companies should follow Apple's lead and make encryption the easy-to-use default. And let's wait for some actual evidence of harm before we acquiesce to police demands for reduced security.
Major Cyber Attack Will Cause Significant Loss of Life by 2025

Citation: Tucker, Patrick. (2014). Major Cyber Attack Will Cause Significant Loss of Life by 2025, Experts Predict. Defense One. Retrieved 12/29/15. http://www.defenseone.com/threats/2014/10/cyber-attack-will-cause-significant-loss-life-2025-experts-predict/97688/

Tucker Article Summary: Threats of cyber-attacks on the United States are often overly hyped. However, we do have very real vulnerabilities in our electronic infrastructure such as sewage, electricity, and city street lights. Attacks on our infrastructure can cause significant property damage. Some of our biggest issues is the growing number of cyber vulnerabilities not being fixed, and the fact that the country lacks a coordinated comprehensive cyber security policy. Nonetheless the threat of cyber-attacks may be larger than the actual risk.

Tucker Article Strategic Points:

• 
  This article is interesting in that in can be used as both impact evidence because of our cyber vulnerabilities, but also an answer to impact arguments because threat of cyber-attacks are overhyped.
  
• 
  This article can be used as part of an affirmative solvency to show how better and more coordinated policies are needed for safety.
  

A major cyber attack will happen between now and 2025 and it will be large enough to cause “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars,” according to more than 60 percent of technology experts interviewed by the Pew Internet and American Life Project.

But other experts interviewed for the project “Digital Life in 2015,” released Wednesday, said the current preoccupation with cyber conflict is product of software merchants looking to hype public anxiety against an eternally unconquerable threat.

It’s the old phantom of the “cyber Pearl Harbor,” a concept commonly credited to former Defense Secretary Leon Panetta but that is actually as old as the world wide web. It dates back to security expert Winn Schwartau’s testimony to Congress in 1991, when he warned of an “electronic Pearl Harbor” and said it was “waiting to occur.” More than two decades later, we’re still waiting. The Pew report offers, if nothing else, an opportunity to look at how the cyber landscape has changed and how it will continue to evolve between now and 2025.