A Bodyguard of Lies Can Be a Good Thing: The Guardian of Lies, Not So Much
I am reading Richard Franks’ magisterial history of the Guadalcanal Campaign. One recurring theme is the vital role played by cryptology. Our military effectiveness was substantially greater when we could read the Japanese JN25 naval codes than when we couldn’t. When the Japanese changed codes, we were reduced to relying on traffic analysis, a sort of prot0-data mining, analogous to and as about effective as our relying on terrorist chatter to attempt to discern enemy plans.
Even casual WWII students know that Joseph Rochefort’s cryptology unit made victory at Midway possible. Although it is somewhat conventional to believe that American victory was inevitable after Midway, the story of the Guadalcanal Campaign gives the lie to that belief. It was a close run thing, and the prospect of defeat-including surrender of the Marines on the ‘Canal-hung heavy on every mind in October and November of 1942. Our intermittent ability to read Japanese codes was quite plausibly the (very narrow) margin of victory.
And of course the victory over the U-boats in the Atlantic, and the war against Germany generally, depended in a crucial way on breaking the Enigma cipher.
Note the name given to the Allied code breaking efforts: Ultra. Note further the lengths to which the Allies went to protecting the fact that they had broken Enigma: as Churchill said, these efforts were surrounded with a bodyguard of lies. Distribution of Ultra intelligence was extremely limited. There were numerous occasions when Eisenhower and other high commanders decided not to respond to German moves that they had divined from Ultra to protect that secret. People were died-were sacrificed-to protect that secret, because its revelation would have cost the lives of many more.
Moral of the story: cryptology is a vital military activity. Corollary to the moral: maintaining secrecy about cryptological capacity is a matter of the highest military and national security importance.
Fast forward 70-71 years from Guadalcanal to the present. Yesterday the New York Times (along with the Guardian and ProPublica) made massive disclosures about NSA efforts to decrypt internet traffic. This is indisputably an egregious blow to US national security, if one accepts that there is a legitimate purpose for the NSA at all.
Yet the even more egregious Glenn Greenwald and Laura Poitras and Edward Snowden assert that they have released nothing that would jeopardize US national security.
Firstly, that is an obvious lie.
Second, who the hell (and I cleaned that up) delegated to such flagrant and admitted foes of the United States government the authority to judge what is, and what is not, in the vital national security interest? For them to arrogate to themselves such an awesome responsibility is profoundly undemocratic, and unrepublican. They are unelected, unappointed, and unaccountable.
And who the hell at the New York Times thinks this is acceptable? (Aside: why is the NYT undertaking actions that are deeply damaging to the Obama administration? Interesting question to ponder: I don’t know the answer. Relatedly: how are Obama and others in the administration responding to this ideological betrayal?)
There is a capabilities vs. intent issue here. Yes, the decryption capabilities are awesome, and can be used for nefarious purposes that violate the rights of individuals in the US. (Spare me about spying on foreign governments.) But these capabilities are also vital to prosecuting wars on terrorists, and state actors that are enemies or potential enemies of the United States. Pace Guadalcanal: to deny the US military and intelligence services the ability to decrypt is to condemn us to fighting blind. Information-intelligence-is power, and time and again has proved the difference between victory and defeat. That we need this capability is manifestly obvious, and it is equally obvious that this capability is profoundly less effective, the more that is known about it.
The issue is how to limit the use of these capabilities to legitimate national security purposes. Although Greenwald, Poitras, the Guardian, Der Spiegel, and now the New York Times have insinuated that these capabilities are routinely abused, they have produced no credible evidence to support these insinuations. They elide from “can” to “do”, and do so in purple prose. Every one of their stories elicits pushback that discredits these broad claims about abuse, but by then the narrative is cemented and the damage is done, and to be Glenn Greenwald et al means never having to say you’re sorry. Because they aren’t. This is lawfare, directed against the US, and to them, all is fair. Greenwald et al are walking, talking, and unfortunately writing and leaking illustrations of the adage that truth is the first casualty in war.
Vital defense capabilities-especially cryptological ones-need to be protected, and sometimes protected with a bodyguard of lies. These lies save lives-and liberties. This is one of the hard truths that statesmen in the real world must accept and grapple with. The Guardian of Lies, with its new collaborators, flaunting their moral superiority when revealing vital secrets, are jeopardizing lives and liberties, and are doing so when there is no effective means of holding them to account for the damage they are doing. Indeed, they wrap themselves in the banner of journalism to claim that they cannot be and should not be held accountable. This mismatch between consequences and accountability for them is a recipe for disaster.
In Neal Stephenson’s “Cryptonomicon” one of the main themes is how to act so your acts do not reveal your knowledge of information you’re not supposed to have (e.g. Ultra). Worth reading.
Comment by Marcos Carreira — September 6, 2013 @ 2:46 pm
I was especially disappointed to see Bruce Schneier, who I much respect, jumping onto the Guardian bandwagon. The man is a very serious cryptography researcher, and yet he was “warning” people that the NSA can now read their on-line financial transactions. As if the NSA can gain anything by knowing that yesterday I sold 500 of some dud coal stock I have finally given up on, and also paid my mortgage.
The whole story is being told in a way that gives the “little guy” the vicarious thrill of feeling he is somehow involved, while the real damage is being done in areas vital to National security.
I never thought much of the Guardian, but now loathing is not too strong a word.
Comment by jon livesey — September 6, 2013 @ 9:53 pm
It was called “The Red Guardian” for a long time, so no surprises at it’s current behavior.
SWP, you are quite right about the western allies having to make hard choices about what information to act on. A good example was the German assault on Crete. The orders for the assault were decrypted, but General Freyburg was ordered not to move troops to ambush the drop zones in order to preserve the secret of Ultra.
Comment by Andrew — September 7, 2013 @ 1:06 am
Thanks @Marcos, @Jon and @Andrew. Good comments.
@Jon-I was also stunned at Schneier. You are completely right that there is an element of grandiosity and narcissism in the outrage. People who are of no interest to the NSA (the IRS is another matter) flattering themselves that they are, and that the NSA would be willing to devote valuable and scarce resources to their pedestrian transactions. Your email and my email and pretty much everybody’s email is little more than the hay that NSA has to sift through to find the needles. It is the noise hiding the signal.
@Marcos-I’ll check out Stephenson.
@Andrew-No surprises re the Guardian. But the NYT is something of a surprise, Yes, the NYT has disclosed highly sensitive material in the past, but this is on a whole different level, and somewhat surprising because it creates huge problems for Obama, whom you would expect it to protect, and whom it has protected on many other matters.
Re Crete/Ultra-yes. And many other examples.
From the libertarian angle, the criticism of the NSA is mainly due to the fact that once certain infrastructure is in place – identity cards, DNA databases, CCTV with facial recognition software, and now the snooping into communications – that all that is stopping it from being used for seriously evil purposes is the benevolence of any future government. We know how reliable that is – just read the outpourings of even supposedly middle class lefties and it’s not difficult to see who would happily man the trains that took away the enemies of the people in cattle trucks – so the best way to prevent any future government from acting in such a manner is to deny them the tools to do so.
Libertarians are a bit split on this one – and I’m talking about the more reasonable British libertarians rather than the swivel-eyed Americans – and they do recognize the need for a government to conduct these sort of programs. The problem is, time and again, successive governments have abused powers which were originally granted for use in exceptional cases only. In the UK, anti-terror legislation is leveled at anyone who the police find a bit awkward, including a guy who was walking down the wrong path. Spying powers brought in to catch terrorists has been used to snoop on how often people put their bins out. We’ve seen the IRS target right-wingers, do we really want these deeply mediocre, egotistical children to have more tools and more power? There is a balance, and I think various governments have demonstrated that they have been utterly irresponsible thus far with the powers they have.
And one of the worst aspects of the NSA case is not that the government is spying on its own people, it’s that their reaction to it was “Yeah, and? So what?” The guys who have brought this to the public light are dickheads for sure, but I’d rather terrorists were allowed to communicate more freely than have these programs developed even further and in the hands of the current batch of politicians.
Comment by Tim Newman — September 7, 2013 @ 5:02 pm
Streetwise Prof,
Thank you for being a lone sane voice crying in the wilderness of stupidity
re the difference between capabilty & intent.
1. the Admin’s defense of the most important component of the Intel Community
has been truly inept ….can they be this stupid? Or are they intentionally tearing down our
institutions? They have abandonded the info battlefield and the grandiose narcissists
completely control the narrative.
2. did you see that NJ Rep Rush Holt has proposed legislation to neuter our
successful cryppies? Isn’t it a little early to do that? Literally 2 days after the
NYT story? Rush to judgement Holt is a HPSCI member, too! Where the hell
were this weathervane’s objections before Snowden?
Comment by mudak mudakych — September 7, 2013 @ 8:03 pm
@Tim-I agree with much of your post (excluding the “swivel eyed” description :)). Also I find it hard to believe that any serious international terrorist would not assume telephone and email were being intercepted by the NSA. As usual these programs may catch the insane or the inexperienced but not much more. Hell they did’t even catch very inexperienced bombers in the case of Boston. It is like all the other new security measures largely just a fiancial and psychological burden on US citizens.
Comment by pahoben — September 7, 2013 @ 9:30 pm
The gold standard of on line encryption has been PGP for probably 25 years or so but 20 years ago the word in cmputer science circles was that PGP was compromised. The developers (this is all from memory so maybe some mistakes in detail) had federal charges filed against them that wre dropped when they agreed to install a back door in their software. Anyone good or pretty good or somewhat good at spycraft would have had to assume a long long time ago that these kinds of communication were not secure. I remember reading in a popular science magazine many years ago about a type of attack on public key encryption schemes that reduced the detcrypt time dramatically. I am not impressed with the quality of this latest release.
Comment by pahoben — September 7, 2013 @ 10:16 pm
Considering these stories it would appear there are three possibilities when considering Silk Road and Dread Pirate Roberts1
1) The stories are false and TOR and PGP are secure
2) the stories are true (TOR and pgp are not secure) but the operation is allowed to run since the NSA doesn’t want to confirm they are not secure.
3)Dread Pirate Roberts is A US citizen and so the iintercept information has questionable legal use and furthermoe the trial would be quite embarrasing
Comment by pahoben — September 7, 2013 @ 11:12 pm