Thoughts: Expansion of US State Surveillance Powers & What’s Next

r1584180_23927270

It has been 9 months since producing my last post; that gap of time was spent thinking about and digesting the contentious US election cycle.  During this period there have been additional examples of how the US government has utilized and expanded its surveillance powers. But in the waning days of the Obama administration, the most egregious example came up and worthy of writing about thanks to AG Loretta Lynch.

N.S.A. Gets More Latitude to Share Intercepted Communications

The Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.

The implication is that all of the US intelligence and law enforcement agencies will be receiving raw surveillance data on US citizens and each agency will be responsible for minimizing the data for American citizens.  This only increases the risk of abuse by the National Security State but falls within the methods the Obama administration has used to expand the power of the state.

Methods to Maintain Legitimacy:

1) Circumvention of the traditional guarantees enshrined in the  Bill of Rights

2) Law enforcement & bureaucratic agencies supporting  the parallel paths of law

3) Private power & private/Public cooperation (Conscription of Private power)

What’s Next: Post Election Work

Almost needless to say at this point, the election of Donald Trump has drastically changed the nature of U.S. Governance.  I believe the time period between election and inauguration provided a myriad of examples of how the political, national security, and media establishment in the U.S  (The Religion of State Power) react when their legitimacy is challenged.

Now that Donald Trump is the President of the United States and has been labeled many things, the most common being an authoritarian populist, my next piece of work will be focused on finding a meaningful definition of what populism is and whether it fits the new POTUS or perhaps the previous one.  A key challenge with finding a working definition of populism to utilize as a framework is that the term “populism”is used semantically as short-hand for any political movement, but there are some key indicators for meaningful analysis.  Stay tuned.

Happy New Year! Lots to be excited about!

Advertisements
Posted in Thoughts | Leave a comment

Thoughts – Final Thoughts & What’s Next

Thinking-Man-Stock_000005908297Medium11

A potential valid criticism of my research is that it has too much a positive bias towards information or bio-technological answers to human challenges. Some may even level that criticism on me personally because of my background in information and mobile technologies. Let me dispel this quickly by making two thoughts:

Thought #1:

It is my opinion technology, in of itself, should not be able to play God either in The Game of Humans and Gods

Thought #2:

Technologies that attempt to play God, by the definition and nature of technology, would not be truly serving a human purpose

Recently a group of some of the most prestigious interdisciplinary thinkers and scientists gathered together and created the Center For The Study of Existential Risk at the University of Cambridge. The goal of this organization is to focus on the study of human extinction-level risks that may emerge from technological advances. In essence, the goal is to find a way to safely harness our rapidly-developing technological power. In my opinion, the most appropriate place to start would be to put technological and bio-technological ideas to the God test. This will be an exciting century of technological advancement but it shouldn’t come at the very high cost of human hope and faith.

What’s next?

Going forward on tactical basis I will be publishing additional examples of how the Religion of State Power (U.S. Government) continue to fight for its authoritarian legitimacy. The publishing frequency of these examples will probably be infrequent but with this being a contentious election cycle, you never know what will happen. These examples will look something like the following:

FOIA Request for 2015 FISC Court Activity Released

– In 2015 FISC Court denied zero NSA & FBI requests

– 1,457 total requests made and approved

– FBI issued 48,642 National Security Letters in 2015

– Surveillance requests require the help of Internet and Telco companies

Methods to Maintain Legitimacy:

1) Circumvention of Bill of Rights

2) Law enforcement supporting parallel paths of law

3) Private power & private power cooperation (Conscription of Private power)

Posted in Thoughts | Leave a comment

Thoughts – The Game of Humans and Gods

god-Atlas

The Game of Humans and Gods

The game of humans and gods is a very old one but played daily. Historically humans have been characterized as living in fear of god(s) or as aspiring to achieve god status as humans in this game. Since humans are emotion machines, these two characterizations make complete rational sense in historical terms but the modern technological age, in my opinion, has changed the game in two material ways.

The specific aim of this paper is to illustrate the two material changes and explain the importance of viewing both governance and religion as technologies in of themselves. I think it will be meaningful to first explain the latter component to this specific aim. Doing so helps vividly illustrate the material changes in the game.

The purpose for my exercise in evaluating whether governance and religion can be considered technologies was to highlight how they are similar, not how they are different.(1) There is no shortage of books and authors on how governance and religion are different. There are examples of authors exploring how they are the same but they lack a common taxonomy to be useful for meaningful scientific analysis. I believe some people of religious faiths will disagree with my assertion that religion is a human technology. That is fine but I do believe those same people will agree the products of the analysis are critically important because they illustrate how their freedom to practice their particular set of beliefs are more at risk in the modern version of the game. Lets now illustrate how the game of humans and gods has changed.

The first way this game has changed is humans now have a digital life that mirrors their real life.(2) Thanks to advancements in information and communication technologies, humans now emit data and data about data at all hours of the day.(3) This information is stored and shared globally and it can be argued our real lives and digital lives are treated as separate and unequal under the eyes of the law.(4) The vast majority of our data is owned by governments and corporations and not controlled by you as an individual.(5) This information is also not sufficiently secure from theft and illicit use, which can have severe negative implications for our real lives.(6) These are core-contributing factors into the second material way in which the game of humans and gods has changed.

The second way the game has changed is we have a modern understanding of what technology is and how it evolves.(7) This modern understanding enables us to create new and rational definitions of key terms in the game of gods. The terms that can be defined as human technologies in of themselves are “Governance” and “Religion”.(8) These technologies, which are designed to serve a human purpose, are core contributors to the battle of ideas in controlling human behavior. Both technologies have provided ideas that have driven humans into the darkest of emotional times and they have escorted us out of them too. Both technologies are designed to give human emotion machines hope and faith in a rapidly changing world and in the information age, with rapid advancements in new information tools and bio-technologies, the world is changing at the speed of light when compared to all other times in human history.

These two material changes in the game of humans and gods brings me to the rational conclusion humanity is speeding towards an event of emotional cardiac arrest. Any student of history will tell you moments like these almost always manifest in wars that have a true human cost. These have always been emotionally devastating to humanity and what’s lead society out of the dark are new technologies, including upgrades to the ideas generated by the technologies of governance and religion. An empirical data point of the technology of religion getting an upgrade to better serve its human purpose, is the recent changes in family doctrine by the Catholic Church lead by Pope Francis.(9) While the changes by the Catholic Church are encouraging for real human lives, its power and prestige have limits.

The governance systems that comprise modern western civilizations have also undergone upgrades thanks to aggressive foreign policies.(10) These upgrades in response to acts of terrorism can be argued to be authoritarian in nature over foreign and even their own domestic populations.(11) These upgrades are primarily focused on collecting and controlling our information.(12) These governance upgrades have evolved in secret but thanks to brave journalists and whistle blowers, we continue to learn what western governments have been doing and still planning to do with our information. Leaders always say they are doing this in the name of keeping us safe and secure, but it’s apparent this is really about trying to safely secure the modern states power over us.

There has been a shift in Constitutional legal thinking over time towards what are known as “positive rights”.(13) Those who think this way believe restrictions on the power of governance systems are overwhelmingly negative because it restricts what they believe the state through the Constitution should be providing.(14) They refer to their doctrine as “Democratic Constitutionalism” which is ironic because it corrodes democracy and is focused on rendering the Constitution meaningless.(15) Positive rights are synthetic privileges manufactured by the state in the form of laws subject to change based on ideological interpretation.(16) These interpretations have a positive bias towards what the state thinks is right for you and they believe this approach is “simpler government”. I refer to this as the religion of state power and it doesn’t like competition.

Within the U.S. Constitutional framework, the religion of state power uses three approaches to compete for its legitimacy and power. First, it attempts to create parallel tracks of preventative law enforcement that route around the traditional guarantees of the Bill of Rights. Meaningful examples of this activity have been found in the NSA Snowden revelations in how the government is collecting our information and information about our information. The government does this by conscripting the technology industry in secret and coerces them to keep quiet through what have become ruled as unconstitutional practices by courts (i.e. National Security Letters).

A second and related method the religion of state power uses to compete for its legitimacy has been the transition of traditional law enforcement and social services to increasingly resemble the new parallel tracks of laws. Once governments have access to powerful surveillance and data mining technologies, there will be enormous political pressure to utilize them in everyday law enforcement and delivery of government services. Examples of this can be found in the governments’ utilization of the IRS to investigate ideological groups it deems as threats. These efforts restricted the flow of money to support political speech that is ideologically opposed to the religion of state power. In the U.S. money has been interpreted by the Supreme Court as being tantamount to speech, so restricting money that represent beliefs you oppose is critically important.

Another potent example of this second method is U.S. attorney generals legally attacking organizations who fund research related to climate change that challenges government dogma on the matter.(17) Today it is climate change; tomorrow it will be something different. The religion of state power tries to stamp out privacy and free speech first because once it can control the narrative; it can accomplish the rest of its ideological goals; but it still needs help. Which is why the third method is important.

The third method to maintaining its legitimacy is to leverage private power in private/public cooperation. Conscripting technology companies in private to share your data has been one glaring example of this but there are more subtle examples. Utilizing administrative laws and burdensome regulations to influence industries such as energy, healthcare, insurance, banking, and manufacturing are just one way in which the religion of state power gets others to do its ideological work. These are just a few of the many examples people see and feel on a daily basis how this religion is forcing its will on us. The government will always say everyone is equal under the eyes of the law, but truth be told it believes those who serve its purposes are more equal than those who do not. So in closing, I ask the question:

In the information age who is playing god?

*A brief slideshare presentation of this paper is available here:

https://www.slideshare.net/secret/3y6rEQAR6XSuYc

Posted in Thoughts | Leave a comment

Thoughts – Emotion Machines and Politics

neural-network-consciousness-downloading-348x196

I propose to consider the question, “How has technology changed politics?” This should begin with definitions of the meaning of the terms “Technology” and “Politics.” The definitions might be framed so as to reflect, as far as possible, the normal use of the words, but this attitude is dangerous in my opinion. If the meaning of the words “technology” and “politics” are to be found by examining how they are commonly used it is difficult to escape the conclusion that the meaning and the answer to the question, “How has technology changed politics?” is to be sought in a statistical survey or poll. But this is absurd. Instead of attempting such a definition I shall replace the question by another, which is closely related to it and is expressed in relatively unambiguous words.

What is the nature of technology, governance, and religion with respect to their impacts on humans?

This question has a distinct advantage because we can provide a definitive definition of “technology” and its nature thanks to the seminal work by Brian Arthur, “The Nature of Technology: What It Is and How it Evolves”. This definition of technology will enable us to also find definitions for “Governance” and “Religion” that serve a meaningful purpose in giving this new question a thoughtful treatment. Lets begin.

What is Technology?

The essence of technology is a phenomenon or set of phenomena captured and put to a meaningful utilization, a programming of one or more truisms of nature to serve our human purposes.(1) Technology provides a vocabulary of elements that can be put together in endlessly new ways for novel purposes.(2) Technology is self-creating; it creates new opportunity niches and new problems, which call forth still more new technology.(3) Economies are in a constant state of perpetual novelty, unsatisfied, and roiling constantly in what is generally known as “creative destruction.”(4) Technologies often group into domains based on the natural effects they exploit.(5) The main method in which technologies progress is through a change in domain.(6) (Example: A shift from analogue to digital electronics)

All technologies according to Arthur can be simply defined as:

  • Entailing a means to fulfill a human purpose
  • Involve an assembly of practices and components (both devices and methods)
  • A collection of devices and engineering practices available to a particular culture (governance system of ideological beliefs)

Arthur proposes the history of technology is one of capturing finer and finer phenomena, enabled by earlier technologies.(7) Arthur also posits that just because we have a theory for how technology evolves, it does not mean that we can accurately predict the future of technology.(8) The reason for this according to Arthur is due to too much indeterminacy.(9) His theory recognizes that the investment and publicity environments, for example, matter in determining what gets developed and adopted and at what speed.(10)

So if technology has a logic of its own, why does it proceed at a different pace on different courses in different places?

The answer to this question is that culture matters too.(11) Culture can manifest itself in many ways but in general they are our economic systems, governance systems, religious doctrines, etc.(12) Arthurs framework deliberately focuses on the process for technological development and not the people or institutions who create technologies.(13) In fact, his theory treats societal institutions, like governance and religions, as technologies in of themselves.(14) Lets now define governance and religion in the context of this reasonable definition of technology.

What is Governance?

In order to analyze governance as a technology I believe it will be meaningful if first we gain an understanding of the origin of the word and some definitions of it from familiar international institutions. The origin of the word “governance” stems from the Greek verb κυβερνάω [kubernáo] which means to steer and its original use was made in a metaphorical sense by Plato.(15) From there the word passed on to Latin and subsequently many more linguistic technologies thereafter.

There are many definitions of “governance” but for the sake of analysis I am going to provide a list of definitions without explicitly identifying its place of origin. I am presenting the material in this fashion in order to make the focus on the actual definitions without any potential for bias related to its origin to be made. If you are interested in matching the definition to the specific provider of it, you may do so at your pleasure and find the answer on the references page. The definitions for governance are:

    • The Manner in which power is exercised in the management of a country’s economic and social resources for development.(16)
    • The Traditions and institutions by which authority in a country is exercised.(17)
    • The use of institutions, structures of authority and even collaboration to allocate resources and coordinate control activity in society or the economy.(18)
    • Governance has been defined as the rules of the political system to solve conflicts between actors and adopt decision (legality). It has also been used to describe the “proper functioning of institutions and their acceptance by the public” (legitimacy). And it has been used to invoke the efficacy of government and the achievement of consensus by democratic means (participation).(19)

Examining these definitions we see many similarities, but viewing them through the lens of Brian Arthur’s framework for analyzing a technology we see all of them entail means for serving a human purpose. This clears the first requirement of Arthur’s definition. We can also see they all involve an assemblage of practices and components (both devices and methods) either explicitly or implicitly. This clears the second requirement of Arthur’s definition. To clear the last definition, we need to look a little deeper because each culture has its own nature or rules.

What’s interesting in these definitions is that only one of the definitions explicitly states the importance of the rule of law. The other three definitions appear to be engineered in a manner where the rule of law is already implied as being paramount because they use words such as “Manner”, “Traditions”, and “Structures of Authority”. No different than the varying number of definitions of governance, to the best of my knowledge no two countries have the exact same rules of law nor the same interpretations of those rules. This clears the final hurdle in Arthur’s framework for making the claim that governance is a human technology.

What Is Religion?

Below are definitions of religion I am presenting to give the reader a reasonable and meaningful understanding of what constitutes religion. I am purposefully leaving out the provider of the definition but if interested you can find the locations of each definition in the references.

Religion Definition #1: (20)

  • The belief in a god or in a group of gods
  • An organized system of beliefs, ceremonies, and rules used to worship a god or a group of gods
  • An interest, a belief, or an activity that is very important to a person or group

Religion Definition #2: (21)

  • The belief in and worship of a superhuman controlling power, especially a personal God or gods.
  • A particular system of faith and worship
  • A pursuit of interest to which someone ascribes supreme importance

Religion Definition #3: (22)

  • A religion is a system of symbols which acts to establish powerful, pervasive, and long-lasting moods and motivations in men by formulating conceptions of a general order of existence and clothing these conceptions with such an aura of factuality that the moods and motivations seem uniquely realistic.

For context and concision, I am only going to provide three definitions for this exercise. This is not intended to narrow the scope of definitions, quite the opposite in fact. It is my hope readers will seek out many definitions for religion because religion, in my personal opinion, is an important human activity that can be difficult to define. I believe it is important for humans to find a meaningful definition of religion that works for them because religion is a human activity unique to only humans. However, for the purpose of analyzing whether religion can be considered a technology, the exercise is not in how definitions are different, but in how they are similar that is important. Lets examine deeper.

Since religion is a unique human activity and no other species, to the best of my knowledge, practices what constitutes religion by any definition; I am confident that religion sufficiently clears the first threshold of Arthur’s framework. Religion by its many definitions can broadly be seen as a method & apparatus for giving humans, which are emotion machines, a method for having hope and faith to navigate a constantly changing world. Human life is difficult to understand. Religion helps us find meaning in what we never fully understand. Religion is designed to serve a human purpose, because it was designed by humans to aid us in both good and challenging times throughout life.

Each definition of religion delves into rules, laws, behaviors, and/or systems that address the unique nature of the multitude of religions.  All religions have their books, scriptures, manifestos, and or canons by which humans are expected to consider adhering to in some meaningful fashion. It can be argued these rules and practices representing religion were/are implemented with the idea that they serve a holy purpose. That is the nature of religion; they are doctrines in which humans are inspired or sometimes required to follow in order to gain more meaning from their lives. So are humans required to follow religious rules?

There are two methods a majority of humans approach religion. The first approach is based on grace and the acceptance of god’s grace. This approach is less about rules, but their texts provide laws or examples of righteous living in an effort to say that this will produce the most fruitful and rewarding life. The first approach is about god seeking man to help. The second approach to religion is humans seeking god by doing “works” to obtain entry into heaven. A religious life under this second approach is considered fruitful if one puts in the time to follow the religious rules to obtain what may look like rewards/status. The more devoted you are to the religion, the more you obtain gods favor.

The nature of these facts means religion easily meets the second and third thresholds for Arthur’s framework because each religion has an assemblage of practices and devices that give them their unique cultures. In its basic sense, religion only needs a human as a device for it to function. So is religion a technology according to the framework provided by Brian Arthur? In my humble opinion the answer is clearly and reasonably, yes.

So if Governance and Religion can both reasonably be defined as technologies, what similar purposes do they aspire to solve in their service to humanity? Lets examine this through a critique of the new question.

Critique of the New Question

Besides asking, “What is the answer to this new form of the question,” someone may ask, “Is this new question a worthy one to investigate?” This latter question we investigate without further delay, thereby cutting short an infinite regress.

If governance and religion can both be defined as technologies designed to serve human purposes that entail an assemblage of practices and devices that give them their unique character; what common human purposes do governance and religion aspire to serve? This is a debatable topic; in general, they both provide humans a sense of emotional security in the form of hope and faith in a constant and rapidly changing world. Not every human believes in a God or is particularly religious, but almost every human being participates within some semblance of a governance system as part of a larger group.  Religion is largely considered to be voluntary to participate in, but according to Gallup 86% of people in the world believe God or a universal spirit are important or very important to their life.(23)

Governance systems are, or thought to be, secular in nature. Very simply, this means that God is not involved in governance. Western governance systems are considered secular, meaning it adheres to no specific religious rules because the U.S. Constitution is grounded in what are considered the natural rights doctrine. The natural rights doctrine supporting the U.S. Constitution originated from the Magna Carta in 1215. This juxtaposition of competing technologies, religion & governance, to oversee human activity has been a challenge since humans have existed. Both technologies have been competing for our hearts and minds for a long time. Thus the main criticisms will come from human conflicts of self-interest grounded in ideological doctrine.

They will argue I don’t believe the way they do and thus seek to delegitimize myself or try to find fault in the definitions to serve their rhetorical purposes. These criticisms could be construed as bigotry but that is a shortsighted and reductionist approach. Both the technologies of religion and governance seek power and react when that power is challenged. Some followers of governments and/or religions hold on to their ideological beliefs very tightly because it gives them hope and faith to navigate a rapidly changing world. Humans in their pursuit of power over the behavior others through these competing technologies; seek progress by changing domains according to Brian Arthur’s framework. How does a governance system seek progress? By evolving into a religion. How does a religion seek progress? By evolving into a governance system. The technological aspirations are illustrative of human ambition which is why restraining their power is paramount to positive human progress. In order to serve their functions, both Governance and Religion require a certain amount of information about people. Humans emit data and data about data at all hours of the day (Our Digital Lives).(24) In the modern information age the vast majority of our digital life is not owned or controlled by us as individuals but by governments and corporations.(25) Moreover, this information is not secure from theft and illicit utilization(26), so lets now look at the contrary views on the main question of this research.

Contrary Views On the Main Question

We may now consider the ground to have been cleared and we are ready to proceed to the debate on our question, “How has technology changed politics?” and the variant of it quoted earlier. We cannot altogether abandon the original form of the problem, for opinions will differ as to the appropriateness of the substitution and we must at least listen to what has to be said in this connection.

It will simplify matters for the reader if I explain first my own beliefs on the matter. Lets first consider the more accurate form of the question. I believe there will be few, if any, people who hold the view that technology, governance, or religion doesn’t impact human beings in some way. However, someone may attempt to provide a definition of what technology is and its nature that somehow tries to remove the necessity that technology should serve a human purpose. This would be interesting because it opens the question of who/what does technology serve? If every human has a digital life that mirrors their real life but our digital lives don’t share the same rights as our real lives, then who are our digital lives truly serving?

If technology doesn’t serve a human purpose then one can only surmise technology is designed to serve a God or a higher being. This opens the question of who is this God and is it truly a spiritual being or is it a human (or group of humans) who believe their ideas are worthy of God status? It is my opinion it will be the latter, not the former in this matter, thus the politics. The original question, “How has technology changed politics?” I believe to be too meaningless to deserve more discussion. Nevertheless I believe that at some point in the future the use of the words and general educated opinion will have changed so much that one will be able to speak of how technology has changed politics without expecting to be contradicted. I also believe that no useful purpose is served by concealing these beliefs. The popular view that scientists proceed inexorably from well-established fact to well-established fact, never being influenced by any improved conjecture, is quite mistaken. Provided it is made clear which are proved facts and which are conjectures, no harm can result. Conjectures are of great importance since they suggest useful lines of research.

Lets now continue by considering opinions opposed to my own.

The Theological Objection

A historical version of the theological objection to this issue has been expressed by none other than the father of artificial intelligence, Alan Turing, in his seminal work “Computing Machinery and Intelligence.”(27) Very simply, Turing takes a dim view on religious belief and dismisses theological objections as opinions grounded in no scientific facts. I find Turing’s treatment of the theological objection rational but lacking empathy, perhaps understanding, of the true purpose of religion as a human technology. My view is that religion is an important human endeavor to help people navigate life.(28) The vast majority of humans fall into a spectrum of religious devotion and belief but some interpretations of religions are engineered to require humans to strictly adhere to doctrine.(29)

Moreover, those versions of religions think people who disagree should be forced or compelled to abide.(30) A modern example of this thinking is ISIS in the Middle East. They are authoritarian in nature and a case study of a religion seeking progress by changing domain to be more like a governance system (i.e. The Islamic State).(31) Humans can choose a religion and their level of devotion to them.(32) We are all required to live under a form of governance and our devotion to them tends to hinge on the notion that we tolerate them as long as they don’t screw things up too bad.(33)

An example of humans tolerating very poor governance can be found in the world’s most powerful democracy, the United States.(34) Despite electing new people to positions of power, the U.S. government continues to expand and exercise its power over its own citizens and the rest of the world.(35) So much so, that it can be argued the United States is an Authoritarian National Surveillance state with respect to the natural law treatment of human civil liberties.(36) Moreover, there is no data suggesting any abatement by the U.S. government of changing course regardless of the political party in power.(37) Modern U.S. governance has been corrupted and from its point of view, we should all be more accepting of its new progressive and authoritarian nature. This is a modern example of a governance system seeking progress by changing domains to a religion….The Religion of State Power.(38) It is indicative of modern western civilization governance cultures.

Since both the technologies of religion and governance require human information to serve their purposes; the theological objection to my point of view will be that your digital lives and real lives are not the same and should not be treated the same.

They will argue this will inhibit their ability to serve you and keep you safe, but the reality is it’s about their power over you and you serving them. Thus the theological objection will specifically come from authoritarian religions and authoritarian governance systems, because there is no distinction between the two.

The “Head in the Sand” Objection

The consequences of humans having a digital life that mirrors their real life would be too dreadful. Let us hope and believe people cannot have a digital life.

This argument is seldom expressed quite so openly as in the form above. But it affects most of us who think about it at all. We like to believe that man is in some subtle way superior to the rest of creation, or perhaps only some men do. It is best if he can be shown to be necessarily superior, for then there is no danger of him losing his commanding position. The popularity of the theological argument with authoritarian minds is clearly connected with this feeling. It is likely to be quite strong in intellectual people, legal scholars in particular, since they value the power of thinking more highly than others, and are more inclined to base their belief in the superiority of man on this power.

I do not think that this argument is sufficiently substantial to require refutation. Consolation would be more appropriate because they cannot defend their ideas when challenged to answer them in public.

Posted in Thoughts | Leave a comment

Thoughts – The Nature of Our Digital Lives

future-internet-wordle-640

In the information age who owns and has access to your data?

The genesis of this research project on how technology has changed politics is my original masters thesis completed at The Fletcher School of Law & Diplomacy in 2011. The question my thesis addressed was:

If This Is the Information Age, Is Our Information Sufficiently Secure From Theft and Illicit Use?

My thesis comprises Part 3 of this research project. My thesis concluded our information is not sufficiently secure from theft and illicit use. It also concluded intelligent multi-factor authentication was the answer to protecting our real and digital lives. The thesis didn’t address in depth the issue of who owns our data and has access to it. In the wake of the recent FBI v. Apple case about encryption, the specific aim of this research paper is to explore who owns our data and has access to it in the modern information age. This post is written from the point of view everyone has a real life and digital life, however the two do not share the same set of constitutional and human rights under the eyes of the law.

Background discussion will begin by revisiting how both the technologies of religion and governance seek progress and their impacts on our real and digital lives. I will then briefly revisit the research of famed Yale Constitutional scholar, Jack Balkin, on “The Constitution In the National Surveillance State”. It is also instructive to understand what the U.S. President, his NSA review panel, and the top liberal legal scholars in the U.S. think about privacy security and their own ideas. This will touch on the homogenization of the U.S. political branches of government and how they are using administrative powers to make government simpler. Background will conclude with why our information is not sufficiently secure from theft and illicit use and lead us to the main points of the research post.

The main thrust of this research post will begin by discussing who owns our data. This will lead into discussion about individual vs. corporate ownership of data and devices. It will also touch on the nature of the business model in the technology industry and how it monetizes the information it has on all of us. This will bring us to the question of what does data ownership equate to. Is data ownership really data access?

The next series of questions will focus on who or what has access to our data and why. It will explore the question of whether or not we truly have access to all the data about us that is spread across the globe. This will lead us to explore who has access to our data and why. The discussion will center on research on how the NSA is preparing the U.S. for a digital arms race and future battles. I will also discuss how not all encryption methods live up to their promises and why. This portion of the research post will close by addressing whether we as individuals have control over our data.

The final section will address who has access and control of our data and why. It will begin by exploring the role of the U.S. government in ownership and access to personal data. The conversation will then explore whether the U.S. government has sufficiently protected our data. This section will close by discussing whether the U.S. government is in the business of protecting our digital lives or primarily its own.

I will begin closing the research post by discussing the current legal battle between Apple and the FBI to unlock encrypted iPhone data. This case is destined for the Supreme Court, a court whose ideological composition suddenly changed with the untimely death of Justice Antonin Scalia. What the debate has subtly highlighted is the issue of intelligent authentication in protecting our real and digital lives.

I will close the paper with final thoughts on who owns and has access to our data and the likelihood of taking ownership of our data back in the future

Specific Aims

  • The question of who owns our data needs clarification
    1. Do we individually own our data collected by companies?
    2. Do technology companies truly own our data or just rent/sublet it?
    3. Does data ownership really mean data access?
  • The question of who or what has access to our data needs examination
    1. Do we have access to all of our data?
    2. Who has access to our data and why?
    3. Do we have control over our data?
  • Who has control of our data and why?
    1. What role does the U.S. government play in ownership and access to personal data?
    2. Has the U.S. government sufficiently protected our data through rule of law or other means?
    3. Is the U.S. government in the business of protecting our data or its own?

Background

Throughout history the technologies of governance and religion have competed for the hearts and minds of humans.(1) Humans are emotion machines and these competing technologies were designed to give humans hope and faith in a changing world.(2) These technologies, to a degree, have always relied on human information in order to serve their meaningful purposes, however the 21st century has experienced an explosion of human activity and human information that is now digitized.(3) I argued in my original masters thesis in 2011, every human has a digital twin, except that twin doesn’t share the same set of rights or liberties under the eyes of the law.(4) The concept of our digital life is now firmly understood today in popular culture.

In response to a global war on terrorism, governance systems in their pursuit to give human emotion machines hope and faith in their security have sought progress through changes in the technology of the law/governance. These changes in the law were not always public but in secret. Thanks to adversarial journalists and brave whistle blowers, we now know the extent to which the U.S. government and its allies have gone in the name of keeping us safe. A powerful lens to evaluate the exact extent to which governments have gone was to evaluate the modern U.S. national surveillance state on the spectrum between democratic and authoritarian. This was done by using the framework provided by Yale legal scholar, Jack Balkin, in his work, “The Constitution in the National Surveillance State”.

“The question is not whether we will have a surveillance state in the years to come, but what sort of surveillance state we will have.” – Jack Balkin

According Balkin, The National Surveillance State poses three major dangers for our freedoms.(5) Because the National Surveillance State emphasizes ex ante prevention rather than ex post apprehension and prosecution, the first danger is that government will create a parallel track of preventative law enforcement that routes around the traditional guarantees of the Bill of Rights.(6)

The second danger posed by the National Surveillance State is that traditional law enforcement and social services will increasingly resemble the parallel track.(7) Once governments have access to powerful surveillance and data mining technologies, there will be enormous political pressure to use them in everyday law enforcement and for delivery of government services.(8) If data mining can help us locate terrorists, why not use it to find deadbeat dads or even people who have not paid their parking tickets?(9) If surveillance technologies signal that certain people are likely threats to public order, why not create a system of preventative detention outside the ordinary criminal justice system?(10) Why not impose sanctions outside the criminal law, like denying people the right to board airplanes or use public facilities and transportation systems?(11) And if DNA analysis can identify people who will likely impose high costs on public resources, why not identify them in advance and exclude them from public programs and other opportunities?(12) The more powerful and effective our technologies of surveillance and analysis become, the more pressure the government will feel to route around warrant requirements and other procedural hurdles so that it can catch potential troublemakers more effectively and efficiently before they have a chance to cause any harm.(13)

The third major threat to our freedoms according to Balkin is private power and the public- private cooperation.(14) Because the Constitution does not reach private parties, the U.S. government has increasing incentives to rely on private enterprise to collect and generate information for it.(15) Corporate business models, in turn, lead companies to amass and analyze more and more information about people in order to target new customers and reject undesirable ones.(16) As computing power increases and storage costs decline, companies will seek to know more and more about their customers and sell this valuable information to other companies and to the government.(17)

After the initial set of NSA documents released to journalists by the whistle blower Edward Snowden, I was able to place the U.S. government on the spectrum of a democratic or authoritarian national surveillance state using Balkin’s framework.(18) Two years later, after some public debate, government policy considerations, and further NSA document releases, I revisited the same question.(19) At both instances, I found the U.S. to be deeply an authoritarian national surveillance state with respect to the natural law treatment of human civil liberties. In fact, one can easily conclude the U.S. government has no intention of reversing this trend.

In addition, I gathered qualitative data directly from some of the leading legal scholars in the U.S. on these authoritarian findings. Some of these legal scholars ended up on President Obama’s NSA review panel. This data collection enabled me to answer some critical questions, which you can read in depth at the following links:

What does Obama and his NSA Review Panel really think about privacy/security and why?

What do America’s top liberal legal scholars think about surveillance, governance, and their own ideas?           

The net result of these research projects is the U.S. president, his NSA review panel, and some of the top legal scholars on these issues have no real interest in respecting your privacy or security for that matter. Why is this the case? This group of powerful people is devout to the religion of state power through the administrative functions of the modern state. The aim of these administrative functions is to make government “simpler” in the words of Cass Sunstein. Simple in this context equates to authoritarianism. Another method for understanding how these government policies that favor expansions of government power persist, regardless of the political party in power, can be explained by The Fletcher School’s Michael Glennon and his work on “National Security and Double Government”. Very simply double government can be explained as the distinction of policy power between U.S. elected officials and the unelected officials (bureaucrats) of the vast administrative institutions of national security. You can read in more detail on National Security and Double Government here:

National Security and Double Government (Madisonians vs. Trumanites)

These unlawful/unconstitutional administrative functions manifest in a way that has homogenized the three branches of U.S. government. All three branches act in the interests of the government first, any downstream positive implications for everyday people are simply unintended byproducts. For further reading on the homogenization of the U.S. Political class, you can read in more depth at the following links:

The homogenization of the U.S. Political Class – Legislative Branch

The homogenization of the U.S. Political Class – Executive Branch

The homogenization of the U.S. Political Class – Judicial Branch

These findings provide a reasonable platform to understand how the traditional principles in U.S. governance have been tortured, in order to serve the needs of the state, not the people it is intended to serve.(20) The tortured principles of governance also help explain why our information is not sufficiently secure from theft and illicit use.(21)

A reasonable person would think the free press in the U.S. would step up and act as the 4th estate to serve the public interest in these matters, however the same group of legal scholars and government officials have labored to weaken the notion of free press and freedom of speech over time.(22) For further understanding on how the U.S government can restrict your First Amendment rights you can read more here:

How can the U.S. government restrict our first amendment rights?

Lets now begin to examine who owns your data.

Who Owns Your Data?

Your data is rarely, if ever, actually owned by you. Thanks to a proliferation of wireless devices, cloud computing, and Internet of things; humans emit data during all hours of the day. Our digital lives and real lives are one in the same, however there is a further bifurcation. Both our digital lives and real lives have dual personas that are important to distinguish, personal and professional.

Our personal personas have intrinsic human and Constitutional rights. If you own your devices personally and subscribe (pay money) for online services such as email, etc. there is a legal contract to your data ownership. The nature of the services you subscribe to, even if you pay money, may still be able to monetize your data by selling it to aggregators, but that is usually disclosed. If you are using “free” services you are just paying for them with a different currency. That currency is the right to your data and data about you. There is no such thing as a free lunch. So how does this play out in our professional lives?

Our professional persona data operates under different rules than personal data. If your employer provides you computers, phones, cell services, etc. the data emitted from those machines and services is not your own but the property of your employer, even if they are also allowed for some limited personal use. Where your employer stores this data also has implications.

Internal corporate IT at major corporations was traditionally managed internally with servers, software, and storage managed on the corporate premise. This is generally known as “Private Cloud”. Due to advancements in software-as-a-service (SaaS), high speed data, and increased ownership and complexity of end user devices, corporate IT has migrated from internal IT manager to one where they subscribe to “public cloud” based services customized to their unique needs. Great examples of this are Amazon Web Services, Dropbox, Google Business, Microsoft 365, IBM Watson, etc. etc. The core drivers to this trend are cost and operational efficiency.

There are also data aggregators for both our personal and professional lives. Data aggregators are in the business of collecting and managing digital profiles on us collected and shared through partnerships with web based companies/services. Some companies refer to this as open source intelligence because they are just collecting data that is in theory already publicly available. Just like stocks and bonds are an asset class, to the data aggregation industry our data is an asset class.

Currently the Federal Communications Commission is proposing new rules in principle will tighten and close some of these issues.(23) Privacy advocates are in support of the proposed rules but the delta differences between the proposed rules and the rules that go into effect through administrative law, will certainly be different.

The clear issue at hand is that data about our dual persona roles is everywhere and nowhere. We rarely know where it is at, what country it is stored in, have access to it, let alone about what those systems instruct those who have access to them about us. So if data about us is both everywhere and nowhere and we don’t have access and the ability to control it, who actually owns the data? Lets now explore the nuances of access to data.

Who or What Has Access To Your Data?

If you don’t have access to your data do you really own it? Probably not. Do the companies and institutions that do have access and utilize the data own it? It depends. Depending on where data is stored and the rule of law of where that data is physically domiciled usually dictates the answer to this question. If interested in going deeper into this question I recommend consuming recent testimony to the U.S. Congress by Brad Smith, the President and Chief Legal Officer at Microsoft. Smith goes into excruciating detail about the nuances of international conflicts of law and their implications for cross border data requests.

So what else may have access to your data? Groups of hackers in the business of infiltrating systems for the purposes of disruption or destruction will gain access. National surveillance systems in the business of collecting intelligence information also have access. Due to the murky nature of the Internet and the issue of “attribution” it can be very difficult to distinguish between nefarious groups of hackers and national security institutions. The core issue for those managing digital systems is to try and understand the correlation between fraudulent accounts and fraudulent activities. To further highlight how this access issue is being exploited, lets quickly look at how the NSA is preparing the U.S. for a digital arms race and future battles. These findings come directly from the source documents provided to journalists by NSA whistle blower, Edward Snowden

The NSA and U.S. are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.(24)

From a military perspective, surveillance of the Internet is merely “Phase 0” in the U.S. digital war strategy.(25) Internal NSA documents indicate that it is the prerequisite for everything that follows.(26) They show that the aim of the surveillance is to detect vulnerabilities in enemy systems.(27) Once “stealthy implants” have been placed to infiltrate enemy systems, thus allowing “permanent access,” then Phase Three has been achieved – a phase headed by the word “dominate” in the documents.(28) This enables them to “control/destroy critical systems & networks at will through pre-positioned accesses. (laid in Phase 0).”(29) Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation.(30) The internal documents state that the ultimate goal is “real time controlled escalation”.(31)

Attribution in the digital world is difficult and requires considerable forensic effort.(32) The NSA utilizes a wide array of tools known as malware and implants to exfiltrate systems.(32) They even do this to read over the shoulders of other National Surveillance organizations to take advantage of their access.(33) The NSA refers to this tactic as “Fourth Party Access”.(34) So it is very difficult to distinguish the activities of government hackers and loosely affiliated hacker organizations, but there is an important strategic difference.(35) The NSA plans on using what they call cyber defense as a platform for cyber attacks.(36)

A core method for covering their tracks is the utilization of what the NSA documents refer to as “Unwitting Data Mules”.(37) What this means is the NSA can control your hardware on your behalf to access and/or steal others information.(38) They can even do this via your mobile devices.(39) The net effect of this is we do not have control of our information or hardware because NSA and other national surveillance institutions can utilize your digital life and thus your real life to serve their purposes.(40) They do this via automated systems utilizing artificial intelligence.(41) 

Moreover, the NSA also works very hard to weaken and break encryption standards, even standards it supports through its work with the National Institute of Standards and Technology (NIST). So if you are curious why not all methods of encryption live up to their promises and why, you can read in more detail here how the NSA contributes to making our information less secure.

Not All Encryption Methods Live Up To Their Promises

If your digital life and real life are effectively one in the same, can illicit actions taken by your digital life that are truly not your own, incriminate your real life? Perhaps if someone wanted that to be the case, which is why I argue our digital lives and real lives need to be treated as equals under the eyes of the law. Your digital life should not be able to incriminate your real life under the Constitutions 5th Amendment. Lets now explore why we don’t have complete access and control over our data.

Do We Have Control Over Our Data?

We do not have control over the vast majority of our data. This is due in no small part because the U.S. government does not believe it to be in its interests in real terms. Politicians and Bureaucrats will of course rhetorically say they care in public discussion, but real policies and previous top-secret documents prove the complete opposite.(42) If the Obama administration is the most transparent administration in U.S. history as the President often says, he must be implying the most transparently dishonest and corrupt in history.(43) Further evidence of this is the Obama Administrations efforts to hide and delay information from the vast majority of U.S. Inspector Generals who exercise oversight of our government institutions.(44)

Moreover, not only is the U.S. government not truly interested in protecting our data and privacy, it cannot even protect its own information from access & disruption attacks.(45) The Office Of Personnel Management retains all government employee information, including top-secret access applications, finger print database, etc.(46) The majority of this highly sensitive information about all U.S. government employees was stolen including the fingerprint database.(47) Why this critical information was not protected with encryption and intelligent authentication methods is beyond comprehension, however given Edward Snowden in 2013 was able to walk out of the NSA with the single largest trove of top-secret documents undetected, helps clarify the picture. If U.S. Governance is in the business of providing security and safety of our real and digital lives, it has failed by any standard. I attribute the blame to the people who lead our country and operate our institutions, not the system itself. Both political parties are utilizing the U.S. governance system in a corrupt manner because a system is only as good as the people administrating it. Voting in new people in the “hope” things will “change” for the better will not be enough though. I recommend a more direct form of democracy here utilizing the system we currently have to aid in verifying positive change.

The whistle blower Edward Snowden gave the information to responsible journalists to inform the public exactly what the U.S. government has been secretly doing in our names. Snowden has been called a traitor among many other things by those devout to the religion of state power. It is my educated opinion he has served the public in the pursuit of safety and security more than the U.S. government has. It was a more direct form of democracy, and a potent one.

In response to the arguably unconstitutional government policies Edward Snowden’s documents revealed, in 2013 President Obama convened a panel of homogenous political insiders to evaluate the government’s activities and provide recommendations.(47) Based on my research efforts, this panel is devoted to he religion of state power.(48) One of the recommendations in their report, was the U.S. government needs to rapidly institute encryption in all of its digital systems and further protect them with intelligent multi-factor authentication technology. Encryption is intuitively obvious. Intelligent multi-factor authentication helps administrators of digital systems understand the correlations between fraudulent accounts and fraudulent activity. This understanding helps them protect access to the system by answering three key questions all based on a level of confidence and trust the people/institutions are who they say they are:

  • Are you who your say you are?
  • Where do you want to go?
  • What do you want to do?

Intelligent-Multi-factor authentication is the most cost effective and secure approach to authentication and has become the unofficial default standard in many technology systems. A core issue with this unofficial standard status is each company/institution implements the process in a non standard way with varying results/implications. One example high in the public’s mind at this time is the FBI v. Apple case about circumventing Apples iPhone encryption.(49)

The Apple iPhone has a method of multi-factor authentication supporting its passcode sequence. The FBI cannot route around this because after 10 failed attempts, the device automatically erases the data. Credible people and institutions refer and validate this process to be dubbed “Event Driven Security Architecture.”

So if the U.S. government already knows the combination of strong encryption of data in motion and data at rest, when coupled with intelligent multi-factor authentication is the most secure approach to securing systems. Why is it truly asking Apple to circumvent its encryption by using the law to force it to write a version of it operating system to remove its event drive security authentication system?

In my humble opinion, it is because the U.S. government is no longer truly in the business of protecting the privacy and security of its citizens, but in the business of expanding and protecting is own power over U.S. citizens, and arguably the rest of the world. This dangerous legal precedent would have tremendous foreign policy implications because it would mean other authoritarian countries, who the U.S. government is publicly critical of to make itself look better, would be able to leverage the same precedent for their own authoritarian purposes. This would further put U.S. citizens and arguably all people leveraging similar technological tools at risk of their real and digital lives being compromised.

According to the Snowden documents, the government doesn’t need probable cause to investigate people it believes are affiliated with terrorism, it needs a much lower standard called “reasonable articulable suspicion”. Reasonable Articulable Suspicion is tantamount the government needing a conspiracy theory about someone to investigate.(50) The government interprets “terrorism” as basically any behavior it doesn’t like.(51) So in the future, if the government doesn’t like what you are doing, it may consider you a terrorist and concoct a reasonably sounding theory you are conspiring to engage in a behaviors it simply doesn’t like. For Example: It may not like how you exercise your first amendment rights.

So why would the U.S. government put humans at increased risk through a very poor domestic and foreign policy stance in these matters? Noam Chomsky at MIT gives a credible and authoritative answer to this question.

Lets now dig deeper into the FBI v. Apple case for more context.

FBI vs. Apple – A debate about Intelligent Authentication

The FBI v Apple case is about circumvention of authentication technologies in order to set a legal precedent the U.S. government can use in hundreds of more cases. This is not a case about one phone. A person who committed a terrible domestic terror act used the iPhone in question. What they used this specific phone for as it relates to this event is unknown. The phone was not owned by the individual, but by his employer. That employer has been cooperating with the FBI since the event occurred. At the FBI’s instruction, the employer reset the users pass code.(52) The implication of this password change rendered the data resident on the phone inaccessible.(53)

Apple has been cooperating with the FBI in the case and provided data the device backed up to Apple’s iCloud system. However, there is approximately 6 weeks of data on the device that was not backed up to iCloud. Because the government asked the employer to reset the pass code, the device cannot auto-backup resident data to the iCloud where Apple could then easily provide it to the FBI. An important point to understand, not all the data on a device is backed up. So was the password reset the FBI instructed the employer to do an accident? In my opinion; probably not.

My opinion on this matter rests on the fact the head attorney for the U.S. national security apparatus, Robert Litt, says anti-encryption legislation and legal precedents associated to terrorist activities may help turn the tide in the government’s favor in these matters.(54) In essence, he said the government should keep its options open for pro-government security and surveillance opportunities to publicly legitimize policies that have previously been kept secret. Terrorism and fear are always positive motivators for expansions of government power. Apple is fighting the FBI on this matter and Tim Cook, the CEO of Apple, has strong opinions.

Tim Cook says this legal fight is about the future.(55) The future of privacy, our relationship to technology tools, and relationship to government.(56) In essence, Tim Cook makes the case that our digital lives and real lives are effectively one in the same and are not being treated equally under the eyes of the law.(57)

The FBI’s point of view according to Director James Comey is different. Comey put this predicament in a congressional hearing on the San Bernadino case in February.(58) “Law Enforcement, which I’m part of, really does save people’s lives, rescue kids, rescue neighborhoods from terrorists,” he said. “And we do that a whole lot through search warrants of mobile devices. So we’re gonna move to a world where that is not possible anymore? The world will not end, but it will be a different world than where we are today and where we were in 2014.”(59)

Comey has framed this conflict as a choice between privacy and security, a zero-sum trade-off.(60) But Cook flatly rejects this view as a red herring. (61) “I think it’s very simplistic and incorrect,” he says. “Because the reality is, let’s say you just pulled encryption. Let’s you and I ban it tomorrow. And so we sit in Congress and we say, Thou shalt not have encryption.(62)What happens then? Well, I would argue that the bad guys will use encryption from non-American companies, because they’re pretty smart, and Apple doesn’t own encryption.”(63)

Cook equates encryption to air, water, and sunlight.(64) He understands encryption also protects terrorists as well as the good guys.(65) “We get that,” Cook says.(66) “But you don’t take away the good for that sliver of bad.(67) We’ve never been about that as a country.(68) We make that decision every day, right?(69) There are some times that freedom of speech, we might cringe a little when we hear that person saying this and wish they wouldn’t.(70) This, to us, is like that. It’s at the core of who we are as a country.”(71) Encryption is one of those technological realities that are so ubiquitous and powerful that they alter political realities–it has a whiff of revolution about it.(72) It changes the balance of power between government and governed.(73)

So given the points of view of Apple and the Government. How can Intelligent multi-factor authentication help alleviate the risks concerned by both parties? If event-driven security architecture attributed to authentication systems was standardized, this would enable explicit rules of governance to be written. Explicit rules are excellent governance. Permission based authentication systems can keep users privacy safe, further secure critical infrastructure systems by not allowing our digital lives to be taken over by nefarious actors, and enable technology companies to give law enforcement permission based access when legally supported. Intelligent authentication is the answer. This is why it needs to become a default standard for authenticating and protecting your life, because nobody is quite like you.

Conclusion

Our real lives and digital lives are one in the same and at serious risk. The U.S. government and the people who administrate our governance are not sincerely interested in our privacy or security. In response to the legal battle between the FBI & Apple, the tech industry and many other people and institutions have written Amicus briefs and letters of support for Apple’s point of view. This is terrific momentum, but the bigger problem of poor and authoritarian U.S. governance will remain persistent. The U.S. government already knows encryption coupled with intelligent multi-factor authentication is the most secure method for permission-based access for its own systems. We also need a resurgence of public virtue to seek the change we obviously need to make in the technology of government for it to recognize and protect our rights. It starts with intelligent authentication & encryption because privacy matters to human progress.

What’s Next – Supreme Court Ideological Composition

On March 16th 2016 President Obama nominated Federal Circuit Judge Merrick Garland to fill the vacancy on the Supreme Court created by the untimely death of conservative justice Antonin Scalia.(74) Putting aside the partisan rancor between the Senate republicans and the White House over whether it’s appropriate for a president in his final year of office to nominate a Supreme Court judge.(75) Lets look at Merrick Garland through the prism of Michael Glennon’s work on “National Security and Double Government”, specifically his focus on how Supreme Court Judges are chosen for nomination. For detailed reading on how the Supreme Court has homogenized in favor of expansions of state power you can do so here:

The homogenization of the U.S. Political Class – Judicial Branch

Glennon writes the courts, which Alexander Hamilton called the “least dangerous” branch; pose the least danger to the silent transfer of power from the nation’s Madisonian institutions to the more efficient Trumanite national security bureaucracies. (76) Federal judicial appointees are selected, and vetted along the way, by those whose cases they will later hear: the Trumanites and their associates in the White House and Justice Department. (77) Before an individual is named to the federal bench, a careful investigation takes place to ensure that that individual is dependable. (78) What this means, in practice, is that appointees end up as trusted friends of the Trumanites in matters touching upon national security and other issues.(79) Presidents do not appoint individuals who are hostile to the Trumanites, nor does the Senate confirm them.(80) The deck is stacked from the start against challenges to Trumanite policies.(81)

Judicial nominees often come from the ranks of prosecutors, law enforcement, and national security officials, and they have often participated in the same sorts of activities the lawfulness of which they will later be asked to adjudicate. Merrick Garland as a SCOTUS nominee fits this exact mold. In fact, one can make the argument modern supreme court justices are manufactured, not chosen.

Merrick Garland was a Federal Prosecutor just like Justices Sotomayor, Breyer, Souter, Alito, and Chief Justice Roberts.(82) He attended Harvard Law School as the majority of U.S. SCOTUS judges have. The risk is low nominees to the Supreme Court will meaningfully challenge executive powers or restrain national security institutions, else they won’t be even nominated. What does Garland’s judicial decisions say about his tendencies?

The former prosecutor has a relatively conservative record on criminal justice according to legal scholars.(83) A 2010 examination of his decisions by SCOTUSBlog’s Tom Goldstein determined that “Judge Garland rarely votes in favor of criminal defendants’ appeals of their convictions.” With the nomination of Garland, Obama will not likely get an overly progressive judge, but he will get a judge who will side more often than not with the liberal justices with occasional votes with the conservatives if nominated.

It is my opinion Merrick Garland will eventually be confirmed driven by political necessity of the Republican Senate in a Presidential Election year. Given Donald Trump and Ted Cruz are the leaders in race for the republican nomination; Donald Trump may support Merrick’s nomination. Trumps support would put pressure on the Senate republicans to act, thus leaving little to no political maneuverability for Ted Cruz and his exceptionally conservative views as a Harvard educated legal scholar himself. This type of political move also gives the aura conservatives actually chose and approved Garland.

How would a SCOTUS rule on Apple v. FBI with Merrick Garland in a few years? It is difficult to say, but it would appear chances are in favor of the Government and not Apple or our privacy, with or without Garland on the court. I would also say our Second Amendment rights are more at risk with Garland too.

What Can Your Physical Life Do To Help Protect Your Digital Self?

New technology and tools always present a two edge sword. They can be used for good and bad behaviors.  On Balance and in the long run there is more benefit to having them than not. Humans, like tools and technology, evolve and change too and its always helpful to have a defined meaningful utilization for our usage of tools.

As humans one of our most precious assets in life is time. Putting parameters around the amount of time spent on digital devices and limiting the amount of information we share, in all respects, would go a long way to protecting and enhancing our real and digital lives.

Posted in Thoughts | Leave a comment

Thoughts – What Is The Nature of Technology & Religion?

ReligionWordleWhiteRound

“How do you reconcile the idea of faith being really important to you and you caring a lot about taking faith seriously with the fact that, at least in our democracy and our civic discourse, it seems as if folks who take religion the most seriously sometimes are also those who are suspicious of those not like them?

Barack Obama, September 2015

Introduction

Throughout the course of human history governance and religion have competed for the hearts and minds of humans. These competitions have been peaceful and violent, perpetrating some of humanities worst atrocities. In a previous research paper on the nature of technology and governance, I concluded that governance is a human technology by using Brian Arthur’s framework for understanding the nature of technology. The specific aim of this research post is to address the nature of technology and religion with respect to their impacts on U.S. governance. The discussion will start by evaluating the analytical framework provided by Brian Arthur in his work that explores what the nature of technology is. Next we will explore religion through the prism of this analytical framework to see if religion meets the conditions to be considered a technology.

The discussion will then explore the common purposes of governance and religion in their pursuit in serving humanity. The purpose of this exercise is to address two paradoxical questions through the prism where both governance and religion are considered technologies. To address the first paradoxical question I will leverage the Gallup organization’s data set on religion and religious sentiment in the U.S. To address the second paradoxical question I will explore U.S. Governance through the Gallup data set on the degree to which U.S. citizens are devoted to the form of U.S. governance where they are required to place some of their hope and faith in its ability to solve problems. This will lead to a discussion on state power and how technology has changed politics in the modern digital context. As previously argued, our digital lives and real lives are effectively one in the same, however treated as separate and unequal under the eyes of the law. 

The discussion will then focus on the level of tolerance U.S. governance has of religions. In closing, my final analysis will be done by discussing how both the technologies of religion and governance seek progress and their impacts on our real and digital lives.

Specific Aims

  • The nature of technology & religion need to be more completely understood
    1. What is technology and how does it change over time?
    2. What is religion and how do religions work?
    3. Can religion be considered a technology in of itself?
  • Common purposes of religion and governance need examination
    1. Can a person believe in god and not be religious?
    2. Can a person who does not believe in god be religious?
    3. How much hope & faith do U.S. citizens have in U.S. governance?
  • The tolerance of religion by U.S. Governance needs analyzed
    1. How tolerant of religion is the religion of state power?
    2. How do the technologies of religion and governance progress?
    3. What is the nature of their progress in the modern digital age?

What is The Nature of Technology?

“Technology provides a vocabulary of elements that can be put together in endlessly new ways for novel purposes.“

Brian Arthur, “The Nature of Technology: What it is and how it evolves”

In Brian Arthur’s seminal work, “The Nature of Technology: What it is and how it evolves”, he states the essence of technology is a phenomenon or set of phenomena captured and put to a meaningful use, a programming of one or more truisms of nature to serve our human purposes.(1) Technology provides a vocabulary of elements that can be put together in endlessly new ways for novel purposes.(2) Technology is self- creating; it creates new opportunity niches and new problems, which call forth still more new technology.(3) Economies are in a constant state of perpetual novelty, unsatisfied, and roiling constantly in what is generally known as “creative destruction.”(4) Technologies often group into domains based on the natural effects they exploit.(5) Arthur believes a change in domain is the main way in which technology progresses.(6) (Example: A shift from analogue to digital electronics)

All technologies according to Arthur can be defined simply as:(7)

  • Entailing a means to fulfill a human purpose
  • Involve an assemblage of practices and components (both devices and methods)
  • A collection of devices and engineering practices available to a particular culture (A system of ideological beliefs).(8)

Arthur proposes the history of technology is one of capturing finer and finer phenomena, enabled by earlier technologies.(9) Arthur also posits that just because we have a theory for how technology evolves, it does not mean that we can accurately predict the future of technology.(10) The reason for this according to Arthur is due to too much indeterminacy.(11) His theory recognizes that the investment and publicity environments, for example, matter in determining what gets developed and adopted and at what speed.(12)

So if technology has logic of its own, why does it proceed at a different pace on different courses in different places?

The answer to this question is that culture matters too.(13) Culture can manifest itself in many ways but in general they are our economic systems, governance systems, religious beliefs, etc.(14) Arthur’s framework deliberately focuses on the process for technological development and not the people or institutions who create new technologies.(15) In fact, his theory treats societal institutions, like governance, as technologies in of themselves.(16) So can religion be considered a technology in of itself through the prism of Arthur’s framework? Let’s first look at some definitions of religion to get a sense of their nature.

A Definition: What is Religion?

Below are definitions of religion I am presenting to give the reader a reasonable and meaningful understanding of what constitutes religion. I am purposefully leaving out the provider of the definition but if interested you can find the locations of each definition in the references.

Religion Definition #1: (17)

  • The belief in a god or in a group of gods
  • An organized system of beliefs, ceremonies, and rules used to worship a god or a group of gods
  • An interest, a belief, or an activity that is very important to a person or group

Religion Definition #2: (18)

  • The belief in and worship of a superhuman controlling power, especially a personal God or gods.
  • A particular system of faith and worship
  • A pursuit of interest to which someone ascribes supreme importance

Religion Definition #3: (19)

  • A religion is a system of symbols which acts to establish powerful, pervasive, and long-lasting moods and motivations in men by formulating conceptions of a general order of existence and clothing these conceptions with such an aura of factuality that the moods and motivations seem uniquely realistic.

For context and concision, I am only going to provide three definitions for this exercise. This is not intended to narrow the scope of definitions, quite the opposite in fact. It is my hope readers will seek out many definitions for religion because religion, in my personal opinion, is an important human activity that can be difficult to define. I believe it is important for humans to find a meaningful definition of religion that works for them because religion is a unique human activity. However, for the purpose of analyzing whether religion can be considered a technology, the exercise is not in how definitions are different, but in how they are similar that is important. Lets examine deeper.

How Can Religion Be Considered a Technology?

Since religion is a unique human activity and no other species, to the best of my knowledge, practices what constitutes religion by any definition; I am confident that religion sufficiently clears the first threshold of Arthur’s framework. Religion by its many definitions can broadly be seen as a method & apparatus for giving humans, which are emotion machines, a method for having hope and faith to navigate a constantly changing world. Human life is difficult to understand. Religion helps us all find meaning in what we never fully understand. Religion is designed to serve a human purpose, because it was designed by humans to aid us in both good and challenging times throughout life.

Each definition of religion delves into rules, laws, behaviors, and/or systems that address the unique nature of the multitude of religions.  All religions have their books, scriptures, manifestos, and or canons by which humans are expected to consider adhering to in some meaningful fashion. It can be argued these rules and practices representing religion were/are implemented with the idea that they serve a holy purpose. That is the nature of religion; they are doctrines in which humans are inspired or sometimes required to follow in order to gain more meaning from their lives. So are humans required to follow religious rules?

There are two methods a majority of humans approach religion. The first approach is based on grace and the acceptance of god’s grace. This approach is less about rules, but their texts provide laws or examples of righteous living in an effort to say that this will produce the most fruitful and rewarding life. The first approach is about god seeking man to help. The second approach to religion is humans seeking god by doing “works” to obtain entry into heaven. A religious life under this second approach is considered fruitful if one puts in the time to follow the religious rules to obtain what may look like rewards/status. The more devoted you are to the religion, the more you obtain gods favor.

The nature of these facts means religion easily meets the second and third thresholds for Arthur’s framework because each religion has an assemblage of practices and devices that give them their unique cultures. In its basic sense, religion only needs a human as a device for it to function. So is religion a technology according to the framework provided by Brian Arthur? In my humble opinion the answer is clearly and reasonably, yes. I have previously argued that Governance is a technology too. So if Governance and Religion can both reasonably be considered technologies, what similar purposes do they aspire to solve in their service to humanity? Lets examine further.

What Common Purposes Do Governance & Religion Serve?

If governance and religion can both be considered technologies designed to serve human purposes that entail an assemblage of practices and devices that give them their unique character; what common human purposes do governance and religion aspire to serve? While this is a debatable topic, in general, they both provide humans a sense emotional security in the form of hope and faith in a constant and rapidly changing world. Not every human believes in a God or is particularly religious, but almost every human being participates within some semblance of a governance system as part of a larger group.  Religion is largely considered to be voluntary to participate in, but according to Gallup 86% of people in the U.S. believe in god or a universal spirit.(20)

Gallup Religion Data - Graph 0

Governance systems are, or thought to be, secular in nature. Very simply, this means that God is not involved in governance. The U.S. government is considered secular, meaning it adheres to no specific religious doctrine because the U.S. Constitution is grounded in what are considered the natural rights doctrine. The natural rights doctrine supporting the U.S. Constitution originated from the Magna Carta in 1215. This juxtaposition of competing technologies, religion & governance, to oversee human activity has been a challenge since humans have existed. Both technologies have been competing for our hearts and minds for a longtime. This brings up two paradoxical questions that I will attempt to thoughtfully unravel through a rich set of data.

Paradox Question #1: Can a Person Who Believes in God(s) Not Be Religious?

Given that religion is a technology designed to serve a human purpose. The purpose religion plays in each human’s individual life is a matter of personal choice and to what degree they operate within its doctrines & practices; if they do at all, is a personal choice too. Because nobody is quite like you in your real life and digital life, every human has a different threshold for needing hope and faith in a rapidly changing world. This suggests a person can believe in god or many gods, but does not necessarily mean they are particularly religious. It also suggests they believe in something bigger than themselves, but unsure of whether religious doctrine as a technology is meaningful to their human existence. There may be something else in their life that gives them hope and faith when facing a rapidly changing world.

Another person can believe in god or gods, be religious and follow many but not all of the religion’s doctrines & practices that make it unique, but not be fanatical about it. An intellectually honest person will rarely say they agree and follow everything a particular mainstream religion prescribes for human conduct. According to Gallup, the polling organization, approximately 56% of U.S. citizens say religion is “very important” to their own life.

Gallup Religion Data - graph 1

For approximately 56% of the people to say religion is “Very Important” in their lives is significant. However looking deeper in the data we find that 22% of people believe religion is “Fairly Important” and another 22% of people think religion is “Not Very important”.

Gallup Religion Data - Graph 2

A fair interpretation of “not very important” may be that category of people who have other tools and technologies in their life that help them keep faith and hope alive. Many people talk about their relationship with religion and how in different periods of time people have needed religion and not in others. The data strongly suggests religious devotion falls into a spectrum. The data also suggests the overwhelming majority of humans feel religion, as a technology designed to provide faith and hope in a rapidly changing world, is important. So what about those people who are at the extremes of the spectrum?

What About Religious and Atheist Fanatics?

Capturing data on these groups is difficult because they operate at the extreme ends of the spectrum of belief. But they do have some unique properties that can help us understand their nature a little clearer. Example, religious fanatics seem to narrowly care whether people agree with their point of view or not. Nuance is not really there forte for obvious reasons. However, if you want to understand the detailed nuances and differences between religions, I recommend asking the fanatical atheists because they seem uniquely devoted to understanding what they don’t bother believing in; god or religion. Fanatical atheists appear to strictly adhere to a unique level of faith in their knowledge in these areas, nor are they generally shy about their knowledge either. Nevertheless, both sets of fanatics demonstrate closed mindedness, just in different but important and meaningful ways to understand.

A positive data point this suggests is people who are not fanatical are for the most part reasonably tolerant of other religions. People seem content in finding the religion that best serves their interests and probably assume everyone else is doing the same. Religious tolerance in my opinion significantly contributes to the durability and importance to religion as a meaningful technology serving humanity.

Religious fanatics though cannot be reasonably interpreted as those people who only take a literal interpretation of religion. For that matter people who choose not to believe in a god or religion at all cannot be considered fanatics. These groups operate in black & white as it relates to their relationship with religion as a technology, while obviously the majority of people operate in shades of gray when it comes to religion. The following Gallup data on people’s interpretation of the bible reinforces these points. The overwhelming majority of people believe the bible is God’s inspired words or consists of fables & legends intended to be instructive and help people better understand their own life.

Gallup Religion Data - Graph 3

The people who believe religious scripture, as God’s actual word are 28%; but that doesn’t necessarily make them religious fanatics. It just means for them, religion as a technology intended to give them hope and faith in a life with constant change is most meaningfully interpreted as his actual word.

So what makes someone a religious fanatic or fanatical about not believing in god or religion?

In my opinion, what makes someone fanatical about religion or atheism is when he or she transitions their beliefs to action by attempting to force others to adhere to their worldview/religion. By way of force I mean they utilize the power of governance (rule of law) to dictate (Implicitly or Explicitly) beliefs and/or use military/physical violence or coercion to accomplish the same objective.  It is forced without consent. My opinion is the same when it comes to governance, because they are both technologies designed to serve a human purpose and steer human behavior. Reminder, I have previously argued the U.S. is an Authoritarian National Surveillance state with respect to our natural and human rights. This story gets more interesting though; lets now unravel the second paradoxical question.

Paradox Question #2: Can a Person Who Doesn’t Believe in God(s) Be Religious?

To unravel the mysteries of this question we first need a meaningfully useful definition of what religion is in the context of a person who doesn’t believe in God.  Humans can be very devoted to activities whereby someone could consider them religious about the activity. Ex. people devoted to health & fitness, the environment, science, sports, etc. etc.  While I am pleased people devote themselves to these and many other activities, an overwhelming majority of people do not participate in them like they do religion in the traditional sense; thus these definitions don’t work for a very simple reason. None of them sufficiently meet the conditions for being a religion as articulated in the sample definitions earlier in this paper. But there is a definition that does sufficiently work.

The requirement of believing in a god is negated in this question, so what is a secular technology almost all people are required to have hope and faith in to help them get through life?  A meaningful working definition of religion in the context of this question, which sufficiently meets the definitions of a religion as a technology to give people hope and faith, is governance. Remember, governance is generally thought of as secular (No god involved). Thus we are going to explore this question with what I am going to call “The Religion of State Power”.

To a degree, every human has to place hope and faith in governance to solve humanities problems. Nobody is quite like you, but everyone has to believe in something. Remember, since humans have existed there has been a technological competition for what gives humans hope and faith to persevere. However in the 15th Century there was a material technological development for nation state governance after the 30 years war. That development was an international agreement that produced “Westphallian Sovereignty”. Today, humans very much live in a Westphallian nation state international system.

Very simply, Westphallian Sovereignty is a principle that states each nation state has sovereignty over its territory and domestic affairs to the exclusion of non-interference in the affairs of another country, and that each state regardless of their size is equal under in the eyes of international law.

Thus it is in this context, I will be defining religion as governance to unravel this paradoxical question. A quick reminder about Brian Arthur’s framework for understanding the nature of technology; Arthur proposes the history of technology is one of capturing finer and finer phenomena, enabled by earlier technologies. Arthur also states that technologies often group into domains based on the natural effects they exploit.(21) Arthur also believes a change in domain is the main way in which technology progresses.(22) Lets now explore the Gallup data to see how much hope and faith U.S. Citizens have in the religion of state power known as U.S. Governance.

How Much Hope and Faith Do U.S. Citizens have in U.S. Governance?

The U.S. Government is comprised of three equal branches of government; they are the executive, judicial, and legislative branches. For context and concision I am going to assume the reader is minimally aware of each branch and won’t spend time explaining the details of each but focus on the data about what people think about each branch.

According the Gallup data, U.S. citizens have a very low opinion of the ethical and honesty of our elected Senators & Members of Congress. And the data suggests U.S. citizens have thought this for a very long time.

Government data Graph 1

When U.S. citizens are asked whether they are satisfied or dissatisfied with the way the nation is being governed, the majority of the time the data suggests we are very dissatisfied. Moreover, that dissatisfaction has been at an all time high since 2008, with the data going all the way back to 1971.

Government Data Graph2

So we (U.S. Citizens) have very low opinions of the honesty and ethical standards of our elected members of the legislative branch and consistently appear dissatisfied with the way our government is operated. In short, dissatisfaction has never been higher over the last few years and the ratings of honesty and ethical standards of our elected officials in the legislative branch have never been lower. Given the dichotomy of our high dissatisfaction and low opinions of the people operating the government, what are our (U.S. Citizens) opinions on how much or little the government should be doing to solve our problems?

The data suggests the majority of the time U.S. Citizens think the government is trying to do too much and should leave some problems to be solved by businesses and/or individuals. However, the data also suggests U.S. citizens think government should be doing more.

Government Data Gralph3

Thinking in terms of the religion of state power, whereby governance is something we are all required to place our hope and faith in to solve problems. The data is showing we have low opinions of the people we elect and dissatisfied with how our country is being governed. The majority of the time we also think the government is consistently doing too much to try to govern our lives, but we also think the government should be doing more too. Since we are all required to live under a governance system, it is natural for us all to think the government should be doing more but doing more in ways that are consistent with our values. So what are our values?

Government Data Graph4

Approximately half the time we think the government should be promoting traditional values and the other half of the time the government shouldn’t be favoring any specific set of values at all. The data consistently suggests U.S. Citizens don’t really know what they want, but if we incorporate the data from the previous graphs; it appears we really value dishonest and unethical leaders and appear content being consistently dissatisfied with our government. All the while we think the government is trying to do too much in our lives but at the same token think it isn’t doing enough of.

The rule of law & regulations are core components to governance. So if we feel the government is doing too much in our lives while also not doing enough, what do we think it should be doing as it specifically relates to regulating businesses and industries?

Government Data Graph5

The long-term trend in the data suggests U.S. Citizens approximately 30% of the time think the government regulating businesses and industry too much. The data also shows 30% of time we think it isn’t regulating enough and 30% it is doing just the right amount. But that is the long-term trend.

From 2008 to 2015, approximately 50% of U.S. Citizens think the government is regulating our businesses and industries too much and climbing. For the same time period, approximately 23% of people think the government isn’t doing enough and approximately 25% of people think the government is doing just the right amount. So what does the data across all the graphs to this point, tell us about the nature of the religion of state power?

The data tends to be suggesting the religion of state power could truly care less what we think about it. Even though we think the people we elect are mostly dishonest and unethical, those we elect seem to think we need more of what they are doing because U.S. citizens are apparently not dissatisfied enough yet to do anything meaningful about it. This suggests there is a severe lack of true civic virtue in America.

U.S. citizens will complain but we don’t seem to meaningfully do anything about our complaints but elect new people to office, who we generally, over the long term, widely believe are unethical and dishonest and continue to be dissatisfied with how things are going. The nature of our hope and faith looks like we are hoping and praying the people we elect will at best do a modestly poor job at representing our interests in foreign and domestic affairs. At worst we are hoping and praying when we elect people, their mistakes, won’t impact us too badly. The government over the long term seems to be incrementally increasing its power to exert its will over us. There is only one way to find out if this picture gets darker or rosier. Lets look at more data.

From here lets look at U.S. citizen opinions of whether the U.S. Federal Government today has too much power, has about the right amount of power, or has too little power.

Government Data Graph6

The data set on this question is thought provoking because it doesn’t start until September 2002, 1 year after the terrorist events of 9/11. In 2002, right at the beginning of the U.S. wars in Iraq & Afghanistan and post the creation of the very controversial U.S.A Patriot Act, approximately 39% of people thought the U.S. federal government had too much power, while 52% of people thought it had about the right amount. The people who believe the federal government has too little power (7%) or have no opinion (1%) are essentially unchanged from 2002 to 2015.

In September 2015, the data says that 60% of people believe the federal government has too much power and the people who believe it has the right amount of power is 32%. This material reversal in the sentiment may have a number of contributing factors. Thanks to terrific investigative journalism and brave whistleblowers, we have learned a lot about what our federal government has been doing under the cloak of secrecy in fighting wars and managing domestic affairs in our name. Most of which has been done in secrecy. From blanket domestic spying on the phone calls and emails of American citizens, dubious FBI terrorist investigations, probable war crimes (torture, extra judicial killings), the excessive use of drone strikes in non-combat areas of the world, rendition, etc. The U.S. is a war weary nation today that also experienced a major financial meltdown in 2008 where major banks and auto companies were bailed out with taxpayer funds. President Obama was elected to change the direction and pull us out of wars, yet despite rhetoric that we are no longer at war, we are dropping more bombs in foreign countries than ever before. Perhaps we should call our bombs, freedom munitions. Another method for understanding how bureaucratic inertia dictates U.S. foreign Policy, regardless of who is elected, can be explored by reading Michael Glennon’s seminal work on “National Security and Double Government”.

Other contributing factors that may help explain this data set is the expansion of the regulatory state under the Obama administration and the enactment of landmark and unpopular healthcare legislation. The healthcare legislation has had the effect of changing the nature of one of the single largest industries in the U.S. that is chartered with managing and caring for our biology. There is more I am sure that I am leaving out but the main thrust is the nature of our government has changed drastically in a relatively short amount of time in real terms. These changes have encouraged serious legal scholars to ask, is administrative law unlawful by exploring the history and danger of administrative law. So given all of these changes, do Americans think the federal government poses an immediate threat to the rights and freedoms of ordinary citizens or not?

Government Data Graph7

Again, the data set is thought provoking because it doesn’t start until 2003, after 9/11 but right as the country was entering two wars in the fight against terrorism. In 2003 the people who said yes, the federal government was an immediate threat was approximately 30% and those that said no, it was not an immediate threat stood at approximately 68%. The people who expressed no opinion (2%) have not changed throughout the existence of the data set.

In September 2015, 49% of people said yes, the federal government posed an immediate threat to their rights and freedoms. The people who said no, it did not pose an immediate threat were 49%, but the again this metric is on “immediate threats”. Many people in the no group may believe the government poses more of a long-term threat to our freedoms, but we don’t have that data. So if more people are viewing the government as an immediate threat to their rights and freedoms, what specific rights and freedoms are people concerned about?

Government Data Graph8

The most recent data for this graph was collected in September 2015. The top areas where people believe the government poses the most immediate threat to their lives garnered 56% of the sentiment. Those areas can be generally understood as too much expansion and exercise of state power. Violations of constitutional freedoms and civil liberties and a general sense that government was becoming too involved in our private lives were significant contributors too. So if a majority of U.S. citizens believe the government possesses too much power and is a threat to their freedom in some meaningful way, what purpose do we think the government should be focused on?

Government Data Graph9

Gallup asked people to rate themselves on a scale of 1 to 5, where 1 means you think the government should do only those things necessary to provide the most basic government functions, and 5 means you think the government should take active steps in every area it can to try and improve the lives of its citizens? Gallup started collecting this data in 2010 and every year since, 2/3 of all respondents consistently respond somewhere between the extreme ends of the spectrum. What does this mean? It could mean the majority of people believe that government, in some way touches all facets of our lives, however in some important instances it oversteps.

Taking into account the prior data sets regarding sentiment on state power and threats to our freedoms, it appears the sentiment of U.S. citizens is the U.S. government is overstepping its powers in a wider spectrum of areas in our life that abridge our freedoms. Fear is a powerful motivator. Politicians know this and use it to their advantage when discussing public policy. The religion of state power wants us to believe everything they do is to mitigate risk to ensure our security, however reality tends to be the opposite. The religion of state power does everything to mitigate risk its power will diminish regardless of whether a policy increases of decreases the risk to its citizens. This situation is the same in foreign and domestic affairs. The trends on confidence in U.S. government institutions also support these assertions for confidences in all three branches of government are at multi-decade lows according to Gallup.

Government Data Graph11

These numbers should not be very surprising given our very low level of confidence in the ethical nature and trustworthiness of the people we elect to administrate our system of governance. When Gallup began asking respondents in 2011 how much they personally worried about the size and power of the federal government. The combined groups of people who responded they were worried about the size and power of the government a “great deal” and “fair amount” average 70%.

Government Data Graph12

So the question now becomes, how satisfied are U.S. citizens with the structure of their government and how well it works? The 15-year trend demonstrates that we are increasingly dissatisfied with how well our government works, with it currently being at one of its lowest points on record. The complaints about our structure of government however may be more emblematic of the quality of the people we elect to office and how they have perverted the nature of how each branch of government operates.

The U.S. Constitution is designed to restrict the power of government so that our natural rights are protected. So why are we so upset with the system? This is because the U.S. system of government has changed over time despite on the surface looking like its traditional self. As I have previously argued about the nature of technology and governance, governance itself is a technology that derives its power from the rule of law. Our laws are so vague and complex this enables them to be interpreted by those in power to suit the policies and reputations of those we elect. I have previously argued how our traditional principles of governance have been tortured. How our laws are interpreted has also materially changed to not resemble generally accepted methods throughout U.S. history. So how dissatisfied are U.S. Citizens about the size and power of the federal government?

Government Data Graph14

The data suggests we have never been more dissatisfied. It also looks like that trend will continue well into the future unless something changes within ourselves to seek changes in our government besides electing more people we think are dishonest and unethical. The question to address now is one of tolerance. As previously discussed, when it comes to religious tolerance, U.S. citizens overwhelmingly believe there is a god and are pretty tolerant of religions except in their extreme forms. There are exceptions of course and those exceptions tend to get most of the news headlines about fanatic elements of religious groups. But how tolerant are U.S. citizens of the religion of state power when that religion, and those we elect to administrate it, appear to be fanatical about exercising and expanding its power despite our Constitutional structure?

U.S. Citizens seem to be very tolerant of our Government’s disrespect for our rights, our constitutional structure, and general ambivalence to risks that threaten our security. If the purpose of governance is to provide hope, faith, and general emotional security, the U.S. government appears to be failing at all three and proud of it.

The U.S. government just extended the war in Afghanistan to an undetermined time in the future.(24) The major factors in U.S. foreign and domestic policy for over a decade have been addressing terrorist threats. The U.S. has been fighting against what our government calls radical believers in the Islamic faith, but it’s not exactly clear what the government’s interpretation of radical/fanatical Islam is. In fact, it appears the U.S. government is fanatical in its exercise of its power in both domestic and foreign affairs. Noam Chomsky at MIT wrote an article outlaying how since World War II, U.S. foreign policy has done more to increase risks/threats to the U.S. population than decreased it.(25)

U.S. government officials and proxies suggest the reason other religions and cultures engage in terrorism against the U.S. and its allies is because of our way of life. I am not certain this is true. It appears to be more of a response to an intolerant U.S. government with an overly aggressive foreign policy that hasn’t truly defined what a radical Islamist is. The technology of religion is designed to give people hope and faith in a rapidly changing world and does so through one of the two methods discussed prior. The religion of Islam, as a technology, serves this purpose but lets look at the data available from Pew research on the levels of devotion to it by the followers of Islam and try to discern more about how the religion works.

How Tolerant of Religion is The Religion of State Power?

The U.S. government is generally tolerant of religion, however that tolerance has limits and caveats. Religions that operate within the spectrum of non-fanaticism are accepted but Since September 11th, 2001 one particular religion has received extra attention by the U.S. government. That religion is Islam. From profiling, surveillance, to no-fly lists, rendition, Guantanamo, etc.

Even the FBI is engaging in dubious terrorism investigations that use sources to help encourage people, who probably never had the means or ability, to commit a terrorist act to transition to fanatics. Of course the FBI always stops these situations before anything happens by making very public arrests, but it’s the FBI that manufactured the situation in the first place. The targets are typically young, Islamic, have mental health issues, and of lower socioeconomic status. This makes them ripe targets for manipulation to serve political ends. This is due to the overreaction by the U.S. national security apparatus post 9/11 attacks, but is there more to it than that?

Lets explore the Islamic religion through the April 2015 future of world religions demographic study on Islam completed by the Pew Research Forum. I will also leverage Pew Research Forum’s report on Religion, Policy, and Society as it relates to Islamic sentiment to Sharia law as well. This exploration into the nature of Islam as a religion may help us answer this tolerance question when we discuss how the technologies of governance and religion progress.

What is The Nature of The Religion of Islam and Sharia Law?

According to the 2015 Pew Research Forum’s report, by 2050 the number of Muslims will nearly equal the number of Christians around the world.(26) In Europe, Muslims will make up 10% of the overall population by this same time frame according to Pew Research.(27) Below are the Pew Research graphs as it pertains to changes in global population with respect to religious affiliation. With the exception of Buddhists, all of the major religious groups are expected to increase in number by 2050, however Islam is growing the fastest.(28)

PF_15.04.02_ProjectionsOverview_projectedChange640px

Outside of the events of 9/11 and the increased attention the U.S. national security apparatus has given Islamic terrorists in response; Is there another reason the U.S. government is particularly interested in Islam as one of the worlds fastest growing religions? Looking at governance and religion as technologies that compete for the hearts and minds of humans, the answer may be in the nature of how followers of Islam practice their faith. Lets now explore the Pew Research Data regarding Muslim beliefs of sharia.

According to the Pew Research findings, most Muslims believe sharia is the revealed word of god rather than a body of law developed by men based on the word of god.(29) Muslims also tend to believe sharia has only one, true understanding, but this opinion is far from universal; in some countries, substantial minorities of Muslims believe sharia should be open to multiple interpretations.(30) Religious commitment is closely linked to views about sharia: Muslims who pray several times a day are more likely to say sharia is the revealed word of god, to say that it has only one interpretation and to support the implementation of Islamic law in their country.(31)

Although many Muslims around the world say sharia should be the law of the land in their country, the survey reveals divergent opinions about the precise application of Islamic law.(32) Generally, supporters of sharia are most comfortable with its application in cases of family or property disputes.(33) In most regions, fewer favor other specific aspects of sharia, such as cutting off the hands of thieves and executing people who convert from Islam to another faith.(33)

Sharia as Divine Revelation

In 17 of the 23 countries where the question was asked, at least half of Muslims say sharia is the revealed word of god.(34) In no country are Muslims significantly more likely to say sharia was developed by men than to say it is the revealed word of god.(35)

gsi2-chp1-1

Acceptance of sharia as the revealed word of god is high across South Asia and most of the Middle East and North Africa.(36) For example, roughly eight-in-ten Muslims (81%) in Pakistan and Jordan say sharia is the revealed word of god, as do clear majorities in most other countries surveyed by Pew in these two regions.(37) Only in Lebanon is opinion more closely divided: 49% of Muslims say sharia is the divine word of god, while 38% say men have developed sharia from god’s word.(38)

Muslims in Southeast Asia and Central Asia are somewhat less likely to say sharia comes directly from god.(39) Only in Kyrgyzstan (69%) do more than two-thirds say Islamic law is the revealed word of God.(40) Elsewhere in these regions, the percentage of Muslims who say it is the revealed word of god ranges from roughly four-in-ten in Malaysia (41%) to six-in-ten in Tajikistan.(41)

Views about the origins of sharia are more mixed in Southern and Eastern Europe.(42) At least half of Mulsims describe sharia as the divine word of god in Russia (56%) and Bosnia-Herzegovina (52%).(43) By contrast, three-in-ten or fewer hold this view in Kosovo (30%) and Albania (24%).(44)

Overall, Muslims who pray several times a day are more likely to believe that sharia is the revealed word of god than are those who pray less frequently.(45) This is the case in many countries where the question was asked, with especially large differences observed in Russia (+33 percentage points), Uzbekistan (+21), Kyrgyzstan (+20) and Egypt (+15).(46) Views on the origins of sharia according to Pew Research do not vary consistently with other measures, such as age or gender.(47)

How is Sharia Interpreted?

Muslims differ widely as to whether sharia should be open to multiple understandings.(48) While many say there is only one true interpretation, substantial percentages in most countries either say there are multiple interpretations or say they do not know.(49)

gsi2-chp1-2

A majority of Muslims in three Central Asian countries – Tajiksitan (70%), Azerbaijan (65%) and Kyrgyszstan (55%) – say there is only one way to understand sharia.(50) But elsewhere in the region there is less consensus, including in Turkey, where identical proportions (36% each) stand on either side of the equation.(51)

Muslims in Southern and Eastern Europe tend to lean in favor of a single interpretation of sharia.(52) However, only in Bosnia-Herzegovina (56%) and Russia (56%), do majorities take this position.(53)

Across the countries surveyed in South Asia, majorities consistently say there is only one possible way to understand sharia.(54) The proportion holding this view ranges from 67% in Afghanistan to 57% in Bangladesh.(55) But more than a quarter of Muslims in Afghanistan (29%) and Bangladesh (38%) say sharia should be open to multiple interpretations.(56)

In the Middle East-North Africa region, belief in a single interpretation of sharia prevails in Lebanon (59%) and the Palestinian territories (51%).(57) But opinion in Iraq is mixed: 46% say there is only one possible way to understand sharia, while 48% disagree.(58) And in Tunisia and Morocco, large majorities (72% and 60% respectively) believe sharia should be open to multiple interpretations.(59)

In Southeast Asia, opinion leans modestly in favor of a single interpretation of sharia.(60) The biggest divide is found in Thailand, where 51% of Muslims say there is only one possible understanding of Islamic law, while 29% say it should be open to multiple interpretations.(61)

In a number of countries, significant percentages say they are unsure whether sharia should be subject to one or multiple understandings, including at least one-in-five Muslims in Albania (46%), Kosovo (42%), Uzbekistan (35%), Turkey (23%), Russia (21%), Malaysia (20%) and Pakistan (20%).(62)

An individual’s degree of religious commitment appears to influence views on interpreting sharia.(63) In many countries where the question was asked, Muslims who pray several times a day are more likely than those who pray less often to say that there is a single interpretation.(64) The largest differences are found in Russia (+33 percentage points) and Uzbekistan (+27), but substantial gaps are also observed in Lebanon (+18%), Malaysia (+16%) and Thailand (+15%).(65)

In the spectrum of religious belief, Islam, as a technology designed to provide humans hope and faith in an ever-changing world, appears to have its highest meaningful use to its followers when its texts are taken as the literal interpretation of god’s word. The level of devotion to the literal interpretation of texts is so high one could misinterpret that level of devotion as fanaticism, but do the majority of Muslims believe sharia should be the law of the land to govern our lives? Let’s explore more Pew Research data to find out.

Sharia As The law of The Land

According to Pew Research, among Muslims who support making sharia the law of the land, most do not believe that it should be applied to non-muslims. (66) Only in 5 of 21 countries where this follow-up question was asked do at least half say all citizens should be subject to Islamic law.(67)

gsi2-chp1-3

The belief that sharia should extend to non-muslims is most widespread in the Middle East and North Africa, where at least four-in-ten Muslims in all countries except Iraq (38%) and Morocco (29%) hold this opinion.(68) Egyptian Muslims (74%) are the most likely to say it should apply to Muslims and non-Muslims alike, while 58% in Jordan hold this view.(69)

By contrast, Muslims in Southern and Eastern Europe who favor making sharia the official law of the land are among the least likely to say it should apply to all citizens in their country.(70) Across the nations surveyed in the region less than a third take this view.(71) This includes 22% of Russian Muslims.(72)

In other regions, opinion varies widely by country.(73) For example, in Southeast Asia, half of Indonesian Muslims who favor sharia as the official law say it should apply to all citizens, compared with about a quarter (24%) of those in Thailand.(74) Similarly, in Central Asia, a majority of Muslims in Kyrgyzstan (62%) who support making sharia the official law say it should apply to non-Muslims in their country, but far fewer in Kazakhstan (19%) agree.(75) Meanwhile, in South Asia, Muslims who are in favor of making sharia the law of the land in Afghanistan are 27 percentage points more likely to say all citizens should be subject to Islamic law than are those in Pakistan (61% in Afghanistan vs. 34% in Pakistan).(76)

Muslim Views On Current Laws and Their Relation to Sharia

Many Muslims say their country’s laws do not follow sharia, or Islamic law. At least half take this view in 11 of 20 countries where the question was asked.(77) Meanwhile, in six countries, at least half of Muslims believe their national laws closely adhere to sharia.(78)

gsi2-chp1-10

Muslims in Southern and Eastern Europe and Central Asia are among the most likely to say their laws do not adhere closely to Islamic law.(79) A majority of Muslims in Bosnia-Herzegovina (68%), Russia (61%) and Kosovo (59%) take this view.(80) Roughly four-in-ten Muslims in Albania (43%) also say their country’s laws do not follow sharia closely, and about half (48%) are unsure.(81)

In Central Asia, at least half of Muslims in Kazakhstan (72%), Azerbaijan (69%) and Kyrgyzstan (54%) say their laws do not follow sharia closely.(82) In Tajikistan, by contrast, 51% say the laws of their country follow sharia.(83)

In the Middle East-North Africa region, Muslims differ considerably in their assessments on this question.(84) Lebanese Muslims (79%) are the most likely to say their country’s laws do not follow Islamic law closely.(85) At least half of Muslims in the Palestinian territories (59%), Jordan (57%), Egypt (56%) and Tunisia (56%) say the same.(86) Fewer Muslims agree in Iraq (37%) and Morocco (26%).(87)

In the two countries in Southeast Asia where the question was asked, at least half of Muslims say their country’s laws adhere to sharia.(88) By a 58%-to-29% margin, most Malaysian Muslims say their laws follow sharia; in Indonesia, the margin is 54% to 42%.(88)

Muslims in Afghanistan stand out for the high percentage (88%) that says their laws follow sharia closely.(89) Fewer Muslims in the other countries surveyed in South Asia believe their laws closely follow sharia (48% in Bangladesh and 41% in Pakistan).(90)

gsi2-chp1-11

Across the countries surveyed, many Muslims who say their laws do not follow sharia believe this is a bad thing.(91) Muslims in South Asia are especially likely to express this sentiment, including at least eight-in-ten Muslims in Pakistan (91%), Afghanistan (84%) and Bangladesh (83%).(92) In Southeast Asia and the Middle East-North Africa region, too, Muslims who believe their country’s laws depart from sharia tend to say this is a bad thing.(93) At least six-in-ten in the Palestinian territories (83%), Morocco (76%), Iraq (71%), Jordan (69%), Egypt (67%), Malaysia (65%) and Indonesia (65%) hold this view.(94) Somewhat fewer Muslims in Tunisia (54%) say the same.(95)

In the Middle East-North Africa region, Lebanon is the only country where opinion on the matter is closely divided.(96) Among Lebanese Muslims who say their laws do not follow sharia closely, 41% say this is a good thing, while 38% say it is a bad thing, and 21% have no definite opinion.(97)

Muslims in Southern and Eastern Europe and Central Asia are less likely to say it is a bad thing that their country’s laws do not follow sharia.(98) Among Muslims who believe their country’s laws do not follow sharia, fewer than a third in most countries surveyed in these regions say this is a bad thing, while many say it is neither good nor bad, or express no opinion.(99) The two exceptions are Russia and Kyrgyzstan, where almost half (47% each) say it is a bad thing that their country’s laws do not adhere closely to Islamic law.(100)

To quickly summarize, the Pew Research data tells a compelling story about the nature of Islam that is meaningful in the discussion of religion as a technology. The Islamic faith is the fastest growing religion in the world and is predicted to be equal to Christianity by 2050. The majority of followers of the Islamic favor a literal interpretation of its texts as being god’s word. Moreover, while many Muslims believe only Muslims should be subject to sharia, when it comes to the influence sharia has over the laws of the governance systems where survey participants lived, the sentiment of how much sharia influenced those laws was mixed. What was very clear though is that Muslims overwhelmingly feel it is bad when laws do not follow the sharia closely. A caveat to this analysis is that political sentiment can change based on geopolitical events; the data provided here was a snapshot in time. So what does the future hold for U.S. governance and the religion of Islam as they progress?

How Do The Technologies of Religion & Governance Progress?

To quickly revisit what Brian Arthur said about the nature of technology. Technologies often group into domains based on the natural effects they exploit.(101) An example of this is how governance and religion, as technologies, serve similar human purposes. Arthur believes a change in domain is the main way in which technology progresses.(102) An example of this from our data analysis is how a governance technology (U.S. Government) begins to operate more like a fanatical religion, and a Religion (Islam) appears to have aspirations to be a global governance system. So we have a very powerful state, competing with a fast growing, ambitious, and potent religion that seeks to govern in a church vs. state battle for human hearts and minds.

Remember, according to Arthur technology provides a vocabulary of elements that can be put together in endlessly new ways for novel purposes.(103) Just because the U.S. is a democracy doesn’t necessarily mean it cannot morph into an authoritarian/fanatical government. In fact, it can be argued it is already an authoritarian national surveillance state. Just because Muslims may live in Democratic countries, doesn’t mean the nature of those democracies won’t be secular.

Technology is self- creating; it creates new opportunity niches and new problems, which call forth still more new technology. Since the fall of the Soviet Union that ended the cold war, the U.S. has been a global hegemon with no real competitor in the geopolitical sphere. Today, modern Russia has seen a resurgence in its economic and geopolitical power, however its ambitions are different and its influence is not as great as it once was.

Russia is a crafty geopolitical foe, however the ambitions of the religion of Islam to compete against the U.S are far greater. In fact it could be argued Russia is encouraging Islam to challenge the U.S. based on recent Russian involvement in the Syrian Civil war.(104) On October 21st, 2015 Robert Gates the previous U.S. Secretary of Defense testified before congress and said the U.S. government needs a cold war containment strategy as it relates to Islamic terrorism.(105)

Conclusion

So how tolerant is the religion of state power with religion of Islam? With an overly aggressive foreign and military policy the U.S. runs the risk of pushing a sufficient number of devoted followers of Islam to join the ranks of the fanatical Islamists (ISIL/DAESH). The majority of Islam’s followers take a literal interpretation of religious texts, with a big enough push by a geopolitical foe those people may consider themselves freedom fighters in the near future and take up jihad. With the nuclear Iran deal now approved and signed, there will be a flood of monetary assets to the Iranians who is largest supporter of regional terrorist groups.(106) I concur with Robert Gates, the U.S. needs a containment strategy for Islamic terrorists that does not further radicalize the majority of Muslims who may not need a lot of encouragement to join the fight.

I would also argue U.S. citizens need a containment strategy for the Religion of State power, known as U.S. Governance. In the absence of public virtue, the U.S. government will continue to expand its power over us by treating everyone, foreigners alike, as less than humans. Every human has to believe in something because nobody is quite like you. It is readily apparent to even the most casual of observers that Government & Islam seek power above all else.  No doubt in response to the terrorist attacks in France on November 13th by Islamic terrorists, western governments will look to exploit the fear these events cause to enact more legislation which further expands the power of the state. Last month the top Intelligence Lawyer in the U.S. testified to congress that another terrorist attack would help push for the government’s push for anti-encryption legislation, which furthers the assault on our digital lives by our own governments.

Its time to start believing we can change the direction the world is going by upgrading our technologies of religion and governance to be more tolerant of differences. The answer is public virtue because nobody will listen, let alone change their heart or mind, until they know how much you care.  A more direct form of democracy would be prudent because representative approach is working against our common interests.

Posted in Thoughts | Tagged , | Leave a comment

Thoughts – Is Our Information Sufficiently Secure From Theft and Illicit Use?

security_tip_large

The question of whether our information in the information age is sufficiently secure from theft and illicit use has an obvious answer. No. What is not as obvious is exactly why our information is not sufficiently secure from theft and illicit utilization.   My original masters thesis at the Fletcher school of Law and Diplomacy, written in 2011, addressed this question and comprises Part 3 of this research blog. I conclude Part 3 with the point that every human has a digital life and a real life that are effectively one in the same, however do not share the same set of civil liberties. Moreover, I explain how cost and complexity have been barriers to adoption for technological security solutions, but recommend intelligent multi-factor authentication and end-to-end encryption as answers to the technological problem. I also suggest a new method for interpreting the 4th amendment that recognizes our digital lives and real lives as being effectively one in the same.

In this post I am revisiting the same question, but writing from the point of view of an American citizen analyzing the juxtaposition of U.S. counter terrorism & intelligence gathering policies and programs vs. how the U.S. government protects its own information and digital life from similar intelligence policies of foreign adversaries. The job of the U.S. government is to protect its citizens, however if the U.S. government cannot protect itself in its digital life, then how can U.S. citizens have confidence the government can protect its real life and ultimately our own in this brave new world? Lets now digest some background information for further context.

Background

In 2013 Edward Snowden released the single largest trove of top-secret national security documents to journalists. To this day, the U.S. government doesn’t know exactly how many or what documents he took. The simple fact that Snowden walked out with this information virtually undetected warrants a moment of pause and reflection. However, after two years of stunning national surveillance revelations one would think the U.S. government would have learned its lesson on protecting its own data. On June 4th, 2015 it was reported in the Wall Street Journal the Office of Personnel Management within the U.S. government had suffered a major breach of its records. The personnel records, security clearance applications, etc. within the Office of Personnel Management were accessed exposing approximately 4 million current and formers employees of the U.S Government. Although the government recently suggested it could be up to 18 million or higher. It’s also widely speculated the databases this critical information is stored in were not encrypted either, which many legislators and pundits think should be a criminal offense. The irony in this position is that the head of the FBI, James Comey, and the Department of Justice have been demonizing the technology industry for its expansion of encryption products and suggesting these companies are aiding terrorists, etc.(1)

In direct response to the Snowden revelations the technology industry has been fervently increasing the security of their products by implementing end-to-end encryption and intelligent-multifactor authentication. The U.S. government is embarrassed by the Snowden revelations and is publicly demonizing the tech industry for, in the government’s words, “putting critical information outside the hands of the law”. All while the U.S. government has proven to be insufficiently protecting the sensitive information in its own networks and is now rushing to institute encryption and intelligent multi-factor authentication. Lets now explore why this is the case because, in my opinion, this is the very tip of how technology is going to start changing politics again. This will be done by briefly exploring again evolutions in Smartphone and tablet computer technology when coupled with social media services. Then we will explore the nature of digital threats, how not all encryption methods are equal, and how governments are preparing for cyberwarfare.

Smartphone & Tablet Computing

According to Gartner research global Smartphone shipments surpassed one billion units in 2014 and Smartphone sales represented two-thirds of global phone market.(2) Sales of Smartphones to end-users totaled 1.2 billion units, up 28.4 percent from 2013.(3) These devices continue to increase in their processing power at every product iteration while also becoming more reliable and stable computing systems. The telling sign, it’s expected by Gartner research in 2015, tablet sales will for the first time outpace the sales of regular personal computers.(4) Gartner is predicting in 2015 there will be nearly 321 million tablets shipped, versus close to 317 million personal computers.(5) So the big news is that in 2015 there will be more tablets sold than personal computers. The compact nature of devices including watches, etc enables humans to measure behavior and express themselves in ways never before done. So what are people doing on all these Smartphones, tablets, and other wearable tech devices?

Social Media & The Internet of Things (IOT)

socialmedialand

The utilization of mobile Internet devices, thanks to new application environments and mobile Internet browser technologies, has opened the door for Software-as-a-Service (SaaS) to change peoples lives. This combination serves the personal and professional needs on devices that are rarely three feet from their owners, twenty-four hours a day, seven days a week.

One single phenomenon that has changed the way people communicate and connect has been the advent of social media. Services like Facebook, linkedin, and Twitter have revolutionized the way people connect, communicate, express themselves, and consume content and information.

Social media is the digital equivalent of how people previously interacted face to face, through email, text message, or heaven forbid an actual phone call. Interestingly enough, Facebook and the Internet phone service Skype, owned by Microsoft, are in partnership to integrate their services (6). Facebook alone has over 1.4 billion people utilizing its services.(7) However, the unintended, or intended, consequence of social media has been the vast amount of personal identifiable information (PII) people have shared about themselves. From pictures, favorite restaurants, movies, music, hobbies, you name it, people have exposed themselves, all voluntarily. Additionally, people are expressing their every move and holding public conversations on message boards about all facets of their personal and periodically their professional lives.  This information is also not owned by the user.

Social media has become the equivalent hanging out at the local pub; except there are over 1.4 billion other people sharing stools at the same counter and they can ‘hear’ almost every word. If they missed it the first time, Facebook and other platforms, have made it easy for viewers to go back into an individuals social profile history and see what people have shared publicly. People are practicing their first amendment rights of freedom to express and freedom of speech, however they are also leaving a quantitatively large and qualitatively useful pool of information about who they are and what they do every day of the week. All this personal information about habits, desires, friends, political opinions, personal grievances, deaths in the family, are all being monitored and tracked by someone or something. Facebook is not the only company in the data mining and aggregation business.

With the advancements in smart phone technology and social media software services, people are exercising their first amendment rights every hour in a forum and method where the protection of those rights are not the same as they are in their physical person. In my last research post I explain in detail how the U.S. government and legal scholars plan on using the information technology industry to restrict our First Amendment rights.

The combination of smart phone technology and social media Internet services has created the equivalent of a digital twin for everyone. The difference is that our fourth amendment rights are not comparable to that of our twin. This is thanks to the capacity expansion of the USA Patriot Act, FISA Amendment Act that granted government agencies the ability to shape how the US Constitution’s Fourth Amendment is being interpreted. This can be clearly seen in a recent article published by ProPublica & The New York Times based on Snowden documents that reveal secret U.S. Department of Justice Memos the Expand Spying. Lets now discuss the nature of the digital threat, why not all encryption methods are equal, and how governments are preparing for cyber warfare.

The Digital Threat

The frequency and sophistication of intrusions into government and civilian institutions has increased over the past ten years.(8) Everyday networks across the Internet are scanned and probed thousands of times.(9) Every year Verizon Wireless and the U.S. Secret Service work together on a body of research aimed at determining the number of data breaches in the United States and their fundamental nature.(10) Since 2010 the number of data breaches has increased exponentially.(11)  Below is a graphical representation of the types and instances experienced determined by the contributors in the 2015 Verizon report. (You can read the entire report here)

The 2015 report is based on data from:

– 79,790 security incidents

– 2,2122 data breaches

– 70 contributors, including incident response forensics firms, government agencies, Computer Security Information Response Teams (CIRTs), security vendors, and others

Top 5 Industries Most Breached

The Verizon DBIR covers a plethora of information and charts. Some of these speak to security incidents and others speak to data breaches. To avoid confusion, lets clarify these terms:

  • Security Incident – An event that compromises the confidentiality, integrity, or availability of data. It’s less severe than a breach.(12)
  • Data Breach – A confirmed disclosure of data on an unauthorized party. This is more serious than an incident.(13)

The top three industries affected by security incidents remain the same as last year: Public, Information, and Financial Service Sectors.(14) However, when looking at breaches a different picture arises:

1-DBIR-chart-security-incidents-by-victim-industry-size

The top most-breached industries in descending order are:

  • Public
  • Financial Services
  • Manufacturing
  • Accomodation
  • Retail

Manufacturing is in the top three for breaches but not security incidents.(15) This may be related to it being the industries most-targeted for cyber espionage.(16) In two of the top five, small organizations appear to be breached far more often than large ones:

  • In retail, the researchers found more than four-times as many breaches of small organizations
  • In accommodation, they found a whopping 18-times as many

1 in 4 Breaches hits Point of Sale Machines (POS)

Last years data breach investigations report noted that 92% of the more than 100,000 breaches analyzed by Verizon over the last 10 years fell into nine basic patterns, or types of threats.(17)

The threat landscape did not change dramatically in 2014. The chart below shows the “incident classification patterns” with the greatest number of breaches for the year.(18)

2-DBIR-chart-frequency-incident-patterns-breaches

Note that POS intrusions accounted for 1 in 4 breaches observed last year (not surprising given the major retail breaches in the news of Target, Home depot, etc.) (19) Combined with crimeware, these two threats comprise nearly half of all the breaches for 2014. (20)

Things get even more interesting as we review the distribution of breaches by the type of threat across industries:

3-DBIR-chart-breach-by-incident-type-industry

More than 90% of breaches in the accommodation sector hit point-of-sale machines.(21) POS systems were also the biggest targets for the entertainment and retail industries.(22)

Cyber espionage hit manufacturing and professional organizations particularly hard, and espionage combined with crimeware accounted for almost 95% of all breaches in manufacturing. (23)

Shooting Phish in a Barrel

Though it doesn’t contain a chart, the phishing section of the DBIR is rather disturbing. In short: phishing is just too easy. On average, phishing emails can receive email open and click rates that rival email marketing of the business world:

  • 23% of recipients open phishing messages(24)
  • 11% click on attachments(25)

Think about those stats for a moment. A phishing campaign sent to 100 people will net 10 to 12 victims in the catch. Small, targeted campaigns are almost guaranteed to work:

  • A campaign of just 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey, according to the Verizon data breach report.(26)

In a controlled test involving more than 150,000 emails, Verizon’s team found the median time-to-first click was 1 minute 22 seconds. Nearly 50% of people opened and clicked in the first hour.(27) 

Cyber Espionage Loves Email

When you consider the term “Cyber Espionage,” you may think of huge countries with nearly infinite resources launching the most sophisticated, cutting edge attacks across the globe.(28) Surprisingly, most espionage begins with a simple email, according to the 2015 Verizon report:

6-DBIR-chart-vector-malware-installation

Three out of four (77.3%) of these attacks require someone to engage with an email attachment or email link.(29) The report notes that web drive-by attacks were more popular in espionage than prior years.(30) What are these actors looking for? Your secrets! The second highest category, “credentials” were targeted in 11.4% of the attacks.(31) The industries most commonly attacked via cyber-espionage in 2014 were manufacturing, public, professional, and information, as you can see in the chart below.(32) This is partly why two of these industries, manufacturing and public, were amongst the most breached overall.(33)

7-DBIR-chart-top-espionage-targeted-industries

Ram Scrapers Are Growing Fast

Verizon’s 2015 data breach report also looks at threat actions, which can be roughly summarized by the type of attack behind a breach. Examples include POS intrusions, web app attacks, insider misuse, etc.(34) Phishing attacks continue to increase but their growth has slowed.(35) The real break-out is RAM scraping which has seen tremendous growth since 2012.(36)

8-DBIR-chart-significant-threat-actionsRam scraping malware was used in the majority of breaches at national retailers such as Target, Home Depot, and many others.(37) Ram scraping is commonly used by malware on point-of-sale systems. POS machines often hold cardholder data in memory a moment before its encrypted. This tiny window provides enough time for malware to scrape the unencrypted data and send it to a log file.(38)

Keystroke logging seems to be falling out of fashion as RAM scraping makes its rise.(39) And phishing may have lost ground in 2013, but it has climbed back to exceed its 2012 level.(40) Stealing and compromising access credentials remains the most common threat action.(41) Nothing beats having the keys to the front door.(42)

External Threats are STILL Greater

Internal actors may enable a breach inadvertently, but the overwhelming percentage of breaches were caused by external threats.(43)

9-DBIR-chart-threat-actor-categories-chart

More than 80% of breaches reviewed in the report are attributed to external threats.(44) Roughly 17% are from internal actors, and a small number are attributed to partners.(45) So the enemy is not within but external actors will find a meaningful utilization of your internal resources against you.(46)

DDoS Attacks Double in 2014

Denial of Service (DOS) attacks were also in the news last year.(47) Although not quite as prominent a topic as ransomeware or retail data breaches, the number of attacks doubled according to the report’s authors.(48) The most affected industries are the public, retail, and financial services sectors.(49) As you can see in the chart below, these attacks may target large organizations (those with more than 1,000) employees more often, but the overwhelming majority hit organizations of unknown size.(50)

10-DBIR-chart-ddos-attack-industry-size

So the big story in examining the digital threat is that our information is just as, if not more, at risk today than ever before. So how is all this information being stored and why do not all encryption methods live up to their promises? Lets examine.

Why Not All Encryption Methods Live Up to Their Promises

Encryption very simply is the utilization of mathematics to protect communications from spying – is used for electronic transactions of all types, by governments, firms and private users alike.(51) A main theme from the Edward Snowden NSA surveillance revelations is the topic of encryption and a recent article published by the German newspaper Der Spiegel goes further into the topic through the lens of the Snowden archive to show that not all encryption methods live up to their promises and why.(52) Some of the most well respected experts on encryption technologies either co-wrote or consulted on the article and supporting documentation. I rely on their expertise and writing extensively here.

One example is the encryption featured in Skype, a program used by some 300 million users to conduct Internet video chat that is touted as secure.(53) It isn’t really. “Sustained Skype collection began in Feb 2011,” reads a National Security Agency (NSA) training document from the Edward Snowden archive.(54) Less than half a year later, in the fall, the code crackers declared their mission accomplished.(55) Since then, data from Skype has been accessible to the NSA snoops.(56) Software giant Microsoft, which acquired Skype in 2011, said in a statement: “We will not provide governments with direct or unfettered access to customer data or encryption keys.”(57) The NSA had been monitoring Skype even before that, but since February 2011 the service has been under order from the secret U.S. Foreign Intelligence Surveillance Court (FISC), to not only supply information to the NSA but also to make itself accessible as a source of data for the agency.(58)

The “sustained Skype collection” is a further step taken by the authority in the arms race between intelligence agencies seeking to deny users of their privacy and those wanting to ensure they are protected.(59) There have also been some victories for privacy, with certain encryption systems proving to be so robust they have been tried and true standards for more than 20 years.(60)

For the NSA, encrypted communication – or what all other Internet users would call secure communication – is “a threat”.(61) In one internal NSA training document an NSA employee asks: “Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?”(62)

The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure.(63) Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies.(64) “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.(65)

The digitization of society in the past several decades has been accompanied by the broad deployment of cryptography, which is no longer the exclusive realm of secret agents.(66) Whether a person is conducting online banking, Internet shopping or making a phone call, almost every Internet connection today is encrypted in some way.(67) The entire realm of cloud computing – that is of outsourcing computing tasks to data centers somewhere else, possibly even on the other side of the globe – relies heavily on cryptographic security systems.(68) Internet activists even hold crypto parties where they teach people who are interested in communicating securely and privately how to encrypt their data.(69)

In Germany, concern about the need for strong encryption goes right up to the highest levels of government.(70) Chancellor Angela Merkel and her cabinet now communicate using phones incorporating strong encryption.(71) The government has also encouraged members of the German public to take steps to protect their own communication.(72) Michael Hange, the president of the Federal Office for Information Security, has stated: “We suggest cryptography – that is, consistent encryption.”(73)

It’s a suggestion unlikely to please some intelligence agencies.(74) After all, the Five Eyes alliance – the secret services of Britain, Canada, Australia, New Zealand and the United States – pursue a clear goal: removing the encryption of others on the Internet wherever possible.(75) In 2013, the NSA had a budget of more than $10 billion.(76) According to the U.S. intelligence budget for 2013, the money allocated for the NSA department called Cryptanalysis and Exploitation Services (CES) alone was $34.3 million.(77)

Last year, the Guardian, New York Times, and ProPublica reported on the contents of a 2010 presentation on the NSA’s BULLRUN decryption program, but left out many specific vulnerabilities.(78) The presentation states that, “for the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” and “vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”(79) Decryption, it turns out, works retroactively – once a system is broken, the agencies can look back in time in their databases and read stuff they could not before.(80) This specific risk is why in Part 1 of my research blog, I assert under the 5th Amendment your digital life should never be able to incriminate your real life, because they are effectively one in the same.

The number of Internet users concerned about privacy online has risen dramatically since the first Snowden revelations.(81) But people who consciously use strong end-to-end encryption to protect their data still represent a minority of the Internet-using population.(82) There are a number of reasons for this: Some believe encryption is too complicated to use.(83) Or they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program.(84)

Still Safe from the NSA

This isn’t true.(85) As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012.(86) An NSA presentation for a conference took place that year lists the encryption programs the Americans failed to crack.(87) In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of difficulty of the attack and the outcome, ranging from “trivial” to “catastrophic.”(88)

Attacks against Crypto (Reference Documents)

Monitoring a documents path through the Internet is classified as “Trivial.”(89) Recording Facebook chats is considered a “minor” task, while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider “mail.ru” is considered “moderate.”(90) Still, all three of those classifications don’t appear to pose any significant problems for the NSA.(91)

Things first become troublesome at the fourth level.(92) The presentation states that the NSA encounters “major” problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network, which was developed for surfing the web anonymously.(93) Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers.(94) The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user’s information.(95) For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the web.(96)

Cryptanalytics (Reference Documents)

The NSA also has “major” problems with Truecrypt, a program for a encrypting files on computers.(97) Truecrypt’s developers stopped their work on the program last May, prompting speculation about pressures from government agencies.(98) A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems.(99) Both are programs whose source code can be viewed, modified, shared and used by anyone.(100) Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft.(101) Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed.(102) Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism – an NSA program that accesses data from at least nine American Internet companies such as Google, Facebook, and Apple – show that the NSA efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.”(103) This shows that OTR at least sometimes makes communications impossible to read for the NSA.(104)

Things become “catastrophic” for the NSA at level five – when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP.(105) This type of combination results in a “near-total loss/lack of insight to target communications, presence,” the NSA documents state.(106)

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal.(107) “It’s satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque,” says RedPhone developer Moxie Marlinspike.(108)

Too Robust for Fort Meade

Also, the “Z” in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today.(109) PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack.(110) “No decrypt available for this PGP encrypted message,” a further document viewed by the contributors of the Speigel article states of emails the NSA obtained from Yahoo.(111)

Phil Zimmerman wrote PGP in 1991.(112) The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals.(113) His system quickly became very popular among dissidents around the world.(114) Given its use outside the United States, the U.S. Government launched an investigation into Zimmerman during the 1990’s for allegedly violating the U.S. Arms Export Control Act.(115) Prosecutors argued that making encryption software of such complexity available abroad was illegal.(116) Zimmerman responded by publishing the source code as a book, an act that was constitutionally protected as free speech.(117)

PGP continues to be developed and various versions are available today.(118) The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch.(119) One document shows that the Five Eyes intelligence services sometimes use PGP themselves.(120) The fact is that hackers obsessed with privacy and the U.S. authorities have a lot more in common than one might initially believe.(121) The Tor project, was originally developed with the support of the U.S. Naval Research Laboratory.(122)

Deanonymizing (Reference Documents)

Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show.(123) Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited.(124) One GCHQ document from 2011 even mentions trying to decrypt the agencies’ own use of Tor – as a test case.(125)

To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data.(126) It appears secure channels still exist for communication.(127) Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.(128) Internet security comes at various levels – and the NSA and its allies obviously are able to “exploit” – i.e. crack – several of the most widely used ones on a scale that was previously unimaginable.(129)

VPN Security only Virtual

One example is virtual private networks (VPN), which are often used by companies and institutions operating from multiple offices and locations.(130) A VPN theoretically creates a secure tunnel between two points on the Internet.(131) All data is channeled through that tunnel, protected by cryptography.(132) When it comes to the level of privacy offered here, virtual is the right word, too.(133) This is because the NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside VPN – including, for example, the Greek government’s use of VPN’s.(134) The team responsible for the exploitation of those Greek VPN communications consisted of 12 people, according an NSA document reviewed by the Der Spiegel article authors.(135)

Attacks on VPN (Reference Documents)

The NSA also targeted SecurityKiss, a VPN service in Ireland.(136) The following fingerprint for Xkeyscore, the agency’s powerful spying tool, was reported to be tested and working against the service(137):

fingerprint(‘encryption/securitykiss/x509) = $pkcs and ( ($tcp and from_port(443)) or ($udp and (from_port(123) or from_por (5000) or from_port(5353)) ) ) and (not (ip_subnet(‘10.0.0.0/8 or ‘172.16.0.0/12 or ‘192.168.0.0/16 )) ) and ‘RSA Generated Server Certificate’c and ‘Dublin1’c and ‘GL CA’c;

According to an NSA document dating from late 2009, the agency was processing 1,000 requests an hour to decrypt VPN connections.(138) This number was expected to increase to 100,000 per hour by the end of 2011.(139) The aim was for the system to be able to completely process “at least 20 percent” of these requests, meaning the data traffic would have to be decrypted and reinjected.(140) In other words, by the end of 2011, the NSA’s plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour.(141)

VPN connections can be based on a number of different protocols.(142) The most widely used ones are called Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (Ipsec).(143) Both seem to pose few problems for the NSA spies if they really want to crack a connection.(144) Experts have considered PPTP insecure for some time now, but it is still in use in many commercial systems.(145) The authors of one NSA presentation boast of a project called FOURSQUARE that stores information including decrypted PPTP VPN metadata.(146)

Using a number of different programs, they claim to have succeeded in penetrating numerous networks.(147) Among those surveilled were the Russian carrier Transaero Airlines, Royal Jordanian Airlines as well as Moscow-Based telecommunications firm Mir Telematiki.(148) Another success touted is the NSA’s surveillance of the internal communications of diplomats and government officials from Afghanistan, Pakistan, and Turkey.(149) Ipsec as a protocol seems to create slightly more trouble for the spies.(150) But the NSA has the resources to actively attack routers involved in the communication process to get to the keys to unlock the encryption rather than trying to break it, courtesy of the unit called Tailored Access Operations: “TAO got on the router through which banking traffic of interest flows,” it says in one presentation.(151)

Anything But Secure

Even more vulnerable than VPN systems are the supposedly secure connections ordinary users must rely on all the time for web applications like financial services, e-commerce or accessing webmail accounts.(152) A lay user can recognize these allegedly secure connections by looking at the address bar in his or her Web browser: With these connections, the first letters of the address there are not just http – for Hypertext Transfer Protocol – but https.(153) The “s” stands for “secure”.(154) The problem is that there isn’t really anything secure about them.(155)

Attacks on SSL/TLS (Reference Documents)

The NSA and its allies routinely intercept such connections – by the millions.(156) According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012.(157) The intelligence services are particularly interested in the moment when a user types his or her password.(158) By the end of 2012, the system was supposed to be able to “detect the presence of at least 100 password based encryption applications” in each instance some 20,000 times a month.(159) This is why Intelligent Multi-Factor Authentication is so important in a security stack, it will thwart this point of weakness.

For it’s part, Britain’s GCHQ collects information about encryption using the TLS and SSL protocols – the protocols https connections are encrypted with – in a database called “Flying Pig.”(160) The British spies produce weekly “trends reports” to catalog which services use the most SSL connections and save details about those connections.(161) Sites like Facebook, Twitter, Hotmail, Yahoo, and Apple’s iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions for the top 40 sites alone.(162)

Hockey Sites Monitored

Canada’s Communications Security Establishment (CSEC) even monitors sites devoted to the country’s national pastime: “We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season,” it says in one presentation.(163) The NSA also has a program with which it claims it can sometimes decrypt the Secure Shelf Protocol (SSH).(164) This is typically used by systems administrators to log into employees’ computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems.(165) The NSA combines the data collected in this manner with other information to leverage access to important systems of interest.(166)

Weakening Cryptographic Standards

But how do the Five-Eyes agencies manage to break all these encryption standards and systems? The short answer is: They use every means available.(167)

One method is consciously weakening the cryptographic standards that are used to implement the respective systems.(168) NSA documents show that NSA agents travel to the meetings of the Internet Engineering Task Force (IETF), an organization that develops such standards, to gather information but presumably also to influence the discussions there.(169) “New session policy extensions may improve our ability to passively target two sided communications,” says a brief write-up of an IETF meeting in Sand Diego on an NSA-internal Wiki.(170)

This process of weakening encryption standards has been going on for some time.(171) A classification guide, a document that explains how to classify certain types of secret information, labels “the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable as TOP SECRET.(172)

Cryptographic systems actively weakened this way or faulty to begin with are then exploited using supercomputers.(173) The NSA maintains a system called Longhaul, an “end-to-end attack orchestration and key recovery services for Data Network Cipher and Data Network Session Cipher traffic.”(174) Basically, Longhaul is the place where the NSA looks for ways to break encryption.(175) According to an NSA document, it uses facilities at the Tordella Supercomputer Building at Fort Meade, Maryland, and Oak Ridge Data Center in Oak Ridge, Tennessee.(176) It can pass decrypted data to systems such as Turmoil – a part of the secret network the NSA operates throughout the world, used to siphon off data.(177) The cover term for the development of these capabilities is Valientsurf.(178) A similar program called Gallantwave is meant to “break tunnel and session ciphers.”(179)

In other cases, the spies use their infrastructure to steal cryptographic keys from the configuration files found on Internet routers.(180) A repository called Discoroute contains “router configuration data from passive and active collection” one document states.(181) Active here means hacking or otherwise infiltrating computers, passive refers to collecting data flowing through the Internet with secret NSA-operated computers.(182)

An important part of the Five Eyes’ efforts to break encryption on the Internet is the gathering of vast amounts of data.(183) For example, they collect so-called SSL handshakes – that is, the first exchange between two computers beginning an SSL connection.(184) A combination of metadata about the connections and metadata from the encryption protocols then help to break the keys, which in turn allow reading or recording the now decrypted traffic.(185)

If all else fails, the NSA and its allies resort to brute force: they hack their target’s computers of Internet routers to get to the secret encryption – or they intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination, a process they call interdiction.(186)

A Grave Threat to Security

For the NSA, the breaking of encryption methods represents a constant conflict of interest.(187) The Agency and its allies do have their own secret encryption methods for internal use.(188) But the NSA is also tasked with providing the U.S. National Institute of Standards and Technology (NIST) with “technological guidelines in trusted technology” that may be “used in cost-effective systems for protecting sensitive computer data.”(189) In other words: Checking cryptographic systems for their value is part of the NSA’s job.(190) One encryption standard the NIST explicitly recommends is the Advanced Encryption Standard (AES).(191) The standard is used for a large variety of tasks, from encrypting the PIN numbers of banking cards to hard disk encryption for computers.(192)

One NSA document shows that the agency is actively looking for ways to break the very standard it recommends – this section is marked as “Top Secret”(TS): “Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically.(193) The NSA has only a handful of in-house techniques.(194) The Tundra Project investigated a potentially new technique – the Tau statistic – to determine its usefulness in codebook analysis.”(195)

The fact large amounts of the cryptographic systems that underpin the entire internet have been intentionally weakened or broken by the NSA and its allies poses a grave threat to the security of everyone who relies on the Internet – from individuals looking for privacy to institutions and companies relying on cloud computing.(196) These governments are themselves at risk. Many of these weaknesses can be exploited by anyone who knows about them – not just the NSA.(197)

Inside the intelligence community, this danger is widely known: According to a 2011 document, 832 individuals at GCHQ alone were briefed into the BULLRUN project, whose goal is a large-scale assault on Internet security.(198)

So the big news in encryption methods is that governments have been diligently working to weaken encryption standards in order to serve their own self-interests, not necessarily the interests of the people they govern. So how is the NSA and U.S. government preparing for a digital arms race and future battles?

How Is The NSA Preparing the U.S. for a Digital Arms Race and Future Battles?

The dual mandate of the NSA is to secure the Internet and protect people while simultaneously leveraging weaknesses in the system in order for it to engage in mass surveillance and deploy cyber weapons. A key question this poses: How is the NSA preparing the U.S. for a digital arms race and future battles?

An article in the German paper Der Spiegel based on the documents from Edward Snowden does a terrific job addressing this question. The following journalists and experts wrote the article:

Jacob Appelbaum, Aaron Gibson, Claudio Guarnieri, Andy Müller-Maguhn, Laura Poitras, Marcel Rosenbach, Leif Ryge, Hilmar Schmundt and Michael Sontheimer

Normally, internship applicants need to have polished resumes, with volunteer work on social projects considered a plus.(199) But at Politerain, the job posting calls for candidates with significantly different skills sets.(200) We are, the ad says, “looking for interns who want to break things.”(201)

Politerain is not a project associated with a conventional company.(202) It is run by a U.S. Government intelligence organization, the National Security Agency (NSA).(203) More precisely, it’s operated by the NSA’s digital snipers with Tailored Access Operations (TAO), the department responsible for breaking into computers.(204)

Potential interns are also told that research into third party computers might include plans to “remotely degrade or destroy opponent computers, routers, servers and network enabled devices by attacking the hardware.”(205) Using a program called Passionatepolka, for example, they may be asked to “remotely brick network cards.”(206) With programs like Berserkr they would implant “persistent backdoors” and “parasitic drivers”.(207) Using another piece of software called Barnfire, they would “erase the BIOS on a brand of servers that act as a backbone to many rival governments.”(208)

An intern’s tasks might also include remotely destroying the functionality of hard drives.(211) Ultimately, the goal of the internship programs was “developing an attackers mindset.”(212)

The internship listing is eight years old, but the attacker’s mindset has since become a kind of doctrine for the NSA’s data spies.(213) And the intelligence service isn’t just trying to achieve mass surveillance of Internet communication, either.(214) The digital spies of the Five Eyes alliance – comprised of the United States, Britain, Canada, Australia and New Zealand – want more.(215)

The Birth of Digital Weapons

According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.(216)

During the 20th century, scientists developed so-called ABC weapons – atomic, biological and chemical.(217) It took decades before their deployment could be regulated and, at least partly, outlawed.(218) New digital weapons have now been developed for the war on the Internet.(219) But there are almost no international conventions or supervisory authorities for these “D” weapons, and the only law that applies is the survival of the fittest.(220)

Canadian media theorist Marshall McLuhan foresaw these developments decades ago.(221) In 1970, he wrote, “World War III is a guerrilla information war with no division between military and civilian participation.”(222) That’s precisely the reality that spies are preparing for today.(223) It’s a private and public cooperative effort.

The U.S. Army, Navy, Marines and Air Force have already established their own cyber forces, but it is the NSA, also officially a military agency, that is taking the lead.(224) It’s no coincidence that the director of the NSA also serves as the head of the U.S. Cyber Command.(225) The Country’s leading data spy, Admiral Michael Rogers, is also its chief cyber warrior and his close to 40,000 employees are responsible for both digital spying and destructive network attacks.(226)

Surveillance Only ‘Phase 0’

From a military perspective, surveillance of the Internet is merely “Phase 0” in the U.S. digital war strategy.(227) Internal NSA documents indicate that it is the prerequisite for everything that follows.(228) They show that the aim of the surveillance is to detect vulnerabilities in enemy systems.(229) Once “stealthy implants” have been placed to infiltrate enemy systems, thus allowing “permanent access,” then Phase Three has been achieved – a phase headed by the word “dominate” in the documents.(230) This enables them to “control/destroy critical systems & networks at will through pre-positioned accesses. (laid in Phase 0).”(231) Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation.(232) The internal documents state that the ultimate goal is “real time controlled escalation”.(233)

One NSA presentation proclaims, “The next major conflict will start in cyberspace.”(234) To that end, the U.S. Government is currently undertaking a massive effort to digitally arm itself for network warfare.(235) For the 2013 secret intelligence budget, the NSA projected it would need around $1 billion in order to increase the strength of its computer network attack operations.(236) The budget included an increase of some $32 million for “unconventional solutions” alone.(237)

NSA Docs on Network Attacks and Exploitation

In recent years, malware has emerged that experts have attributed to the NSA and its Five Eyes alliance based on a number of indicators.(238) They include programs like Stuxnet, used to attack the Iranian nuclear program.(239) Or Regin, a powerful spyware Trojan that created a furor in Germany after it infected the USB stick of a high-ranking staffer to Chancellor Angela Merkel.(240) Agents also used Regin in attacks against the European Commission, the EU’s executive, and Belgian telecoms company Belgacom in 2011. (241) Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.(242)

The new documents shed some new light on other revelations as well.(243) Although an attack called Quantaminsert has been widely reported by Der Spiegel and other newspapers, documentation shows that in reality it has a low success rate and it has likely been replaced by more reliable attacks such as Quantumdirk, which injects malicious content into chat services provided by websites such as Facebook and Yahoo.(244) And computers infected with Straitbizarre can be turned into disposable and non-attributable “shooter” nodes.(245) These nodes can then receive messages from the NSA’s Quantam network, which is used for “command and control for very large scale active exploitation and attack.”(246) The secret agents were also able to breach mobile phones by exploiting vulnerability in the Safari browser in order to obtain sensitive data and remotely implant malicious code.(247)

In this guerrilla war over data, little differentiation is made between soldiers and civilians, the Snowden documents show.(248) Any Internet user could suffer damage to his or her data or computer.(249) It also has the potential to create perils in the offline world as well.(250) If, for example, a D weapon like Barnfire were to destroy or “brick” the control center of a hospital as a result of a programming error, people who don’t even own a mobile phone could be affected.(251)

Intelligence agencies have adopted “plausible deniability” as their guiding principle for Internet operations.(252) To ensure their ability to do so, they seek to make it impossible to trace the author of the attack.(253)

It’s a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe.(254) This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions.(255)

NSA Docs on Malware and Implants

Attribution is difficult and requires considerable forensic effort.(256) But in the new documents there are at least a few pointers.(257) Querty, for example, is a keylogger that was part of the Snowden archive.(258) It’s a pieces of software designed to surreptitiously intercept all keyboard keys pressed by the victim and record them for later inspection.(259) It is an ordinary, indeed rather dated, keylogger.(260) Similar software can already be found in numerous applications, so it doesn’t seem to pose any acute danger – but the source code contained in it does reveal some interesting details.(261) They suggest that this keylogger might be part of the large arsenal of modules that belong to the Warriorpride program, a kind of universal Esperanto software used by all the Five Eyes partner agencies that at times was even able to break into iPhones, among other capabilities.(262) The documents published by Spiegel include sample code from the keylogger to foster further research and enable the creation of appropriate defenses. (263)

‘Just a Bunch of Hackers’

The men and women working for the Remote Operations Center (ROC), which uses the codename S321, at the agency’s headquarters in Fort Meade, Maryland, work on one of the NSA’s most crucial teams, the unit responsible for covert operations.(264) S321 employees are located on the third floor of one of the main buildings on the NSA’s campus.(265) In one report from the Snowden archive an NSA man reminisces about how when they got started, the ROC people were “just a bunch of hackers.”(266) Initially, people worked “in a more ad hoc manner,” the report states.(267) Nowadays, however, procedures are “more systematic”.(268) Even before NSA management massively expanded the ROC group during the summer of 2005, the department’s motto was, “Your data is your data, your equipment is our equipment.”(269)

NSA Docs on Exfiltration

The agents sit in front of their monitors, working in shifts around the clock.(270) Just how close the NSA has already gotten to its aim of “global network dominance” is illustrated particularly well by the work of department S31177, codenamed Transgression.(271) The department’s task is to trace foreign cyber attacks, observe and analyze them and, in the best-case scenario, to siphon off the insights of competing intelligence agencies.(272) This form of “Cyber Counter-Intelligence” counts among the most delicate forms of modern spying.(273)

How Does The NSA Read Over Shoulders of Other Spies?

In addition to providing a view of the U.S.’s own ability to conduct digital attacks, Snowden’s archive also reveals the capabilities of other countries.(274) The Transgression team has access to years of preliminary fieldwork and experience at its disposal, including databases in which malware and network attacks from other countries are cataloged.(275) The Snowden documents show that the NSA and its Five Eyes partners have put numerous network attacks waged by other countries to their own use in recent years.(276) One 2009 document states that the department’s remit is to “discover, understand and evaluate” foreign attacks.(277) Another document reads: “Steal their tools, tradecraft, targets and take.”(278)

In 2009, an NSA unit took notice of a data breach-affecting workers at the U.S. Department of Defense.(279) The department traced an IP address in Asia that functioned as the command center for the attack.(280) By the end of their detective work, the Americans succeeded not only in tracing the attack’s point of origin to China, but also in tapping intelligence information from other Chinese attacks – including data that had been stolen from the United Nations.(281) Afterwards, NSA workers in Fort Meade continued to read over their shoulders as the Chinese secretly collected further internal UN data.(282) “NSA is able to tap into Chinese SIGINT collection,” a report on the success in 2011 stated.(283) SIGINT is short for Signals Intelligence.(284)

The practice of letting other intelligence services do the dirty work and then tapping their results is so successful that the NSA even has a name for it: “Fourth Party Collection.”(285) And all countries that aren’t part of the Five Eye alliance are considered potential targets for use of this “non-traditional” technique – even Germany.(286)

“Difficult To Track, Difficult To Target”

The Snowden documents show that, thanks to fourth party collection, the NSA succeeded in detecting numerous incidents of data spying over the past 10 years, with many attacks originating from China and Russia.(287) It also enabled the Tailored Access Operations (TAO) to track down the IP address of the control server used by China and, from there, to detect the people responsible inside the People’s Liberation Army.(288) It wasn’t easy, the NSA spies noted.(289) The Chinese had apparently used changing IP addresses, making them “difficult to track; difficult to target.”(290) In the end, though, the document states, they succeeded in exploiting a central router.(291)

The document suggests that things got more challenging when the NSA sought to turn the tables and go after the attacker.(292) Only after extensive “wading through uninteresting data” did they finally succeed in infiltrating the computer of a high-ranking Chinese military official and accessing information regarding targets in the U.S. Government and in other governments around the world.(293) They also were able to access source code for Chinese malware.(294)

NSA Docs on Fourth Party Access

But there have also been successful Chinese operations.(295) The Snowden documents include an internal NSA assessment from a few years ago of the damage caused.(296) The report indicates that the U.S. Defense Department alone registered more than 30,000 known incidents; more than 1,600 computers connected to its network had been hacked.(297) Surprisingly high costs are listed for damage assessment and network repair: more than $100 million.(298)

Among the data on “sensitive military technologies” hit in the attack were air refueling schedules, the military logistics planning system, missile navigation systems belonging to the Navy, information about nuclear submarines, missile defense and other top secret defense projects.(299)

The desire to know everything isn’t, of course, an affliction only suffered by the Chinese, Americans, Russians and British.(300) Years ago, U.S. agents discovered a hacking operation originating in Iran in a monitoring operation that was codenamed Voyeur.(301) A different wave of attacks, known as Snowglobe, appears to have originated in France.(302)

Transforming Defense Into Attacks

The search for foreign cyber attacks has long since been largely automated by the NSA and its Five Eyes partners.(303) The Tutelage system can identify incursions and ensure that they do not reach their targets.(304) The examples given in the Snowden documents are not limited to attacks originating in China.(305) The relatively primitive Low Orbit Ion Cannon(LOIC) is also mentioned.(306) The name refers to malware used by the protest movement Anonymous to disable target websites.(307) In that instance, one document notes, Tutelage was able to recognize and block the IP addresses being used to conduct the denial of service attack.(308)

The NSA is also able to transform its defenses into an attack of its own.(309) The method is described as “reverse engineer, re-purpose software” and involves botnets, sometimes comprising millions of computers belonging to normal users onto which software has been covertly installed.(310) They can thus be controlled remotely as part of a “zombie army” to paralyze companies or to extort them.(311) If the infected hosts appear to be within the United States, the relevant information will be forwarded to the FBI Office of Victim Assistance.(312) However, a host infected with an exploitable bot could be hijacked through a Quantambot attack and redirected to the NSA.(313) This program identified in NSA documents as Defiantwarrior and it is said to provide advantages such as “pervasive network analysis vantage points” and “throw-away non-attributable CNA (Computer Network Attack) nodes”.(314) This system leaves people’s computers vulnerable and covertly uses them for network operations that might be traced back to an innocent victim.(315) Instead of providing protection to private Internet users, Quantambot uses them as human shields in order to disguise its own attacks.(316)

NSA Docs on Botnet Takeovers

NSA specialists at the Remote Operations Center (ROC) have an entire palette of digital skeleton keys and crowbars enabling access to even the best-protected computer networks.(317) They give their tools aggressive sounding names, as though they were operating an app-store for cyber criminals: The implant tool “Hammerchant” allows the recording of Internet-based phone calls (VOIP).(318) Foxacid allows agents to continually add functions to small malware programs even after they have been installed in target computers.(319) The project’s logo is a fox that screams as it is dissolved in acid.(320) The NSA has declined to comment on operational details but insists that it has not violated the law.(321)

But as well developed as the weapons of digital war may be, there is a paradox lurking when it comes to breaking into and spying on third party networks: How can intelligence services be sure that they don’t become victims of their own methods and be infiltrated by private hackers, criminals or other intelligence services, for example?(322)

To control their malware, the Remote Operations Center operatives remain connected to them via their own shadow network, through which highly sensitive telephone recordings, malware programs and passwords travel.(323)

The incentive to break into this network is enormous.(324) Any collection of VPN keys, passwords and backdoors is obviously of very high value.(325) Those who possess such passwords and keys could theoretically pillage bank accounts, thwart military deployments, clone fighter jets and shut down power plants.(326) It means nothing less than “global network dominance”.(327)

But the intelligence world is a schizophrenic one.(328) The NSA’s job is to defend the Internet while at the same time exploiting its security holes.(329) It is both cop and robber, consistent with the motto adhered to by spies everywhere: “Reveal their secrets, protect our own.”(330)

As a result, some hacked servers are like a bus during rush hour, with people constantly coming and going.(331) The difference, though, is that the server’s owner has no idea anyone is there.(332) And the presumed authorities stand aside and do nothing.(333)

“Unwitting Data Mules”

It’s absurd: As they are busy spying, the spies are spied on by other spies.(334) In response, they routinely seek to cover their tracks or to lay fake ones instead.(335) In technical terms, the ROC lays false tracks as follows: After third-party computers are infiltrated, the process of exfiltration can begin – the act of exporting the data that has been gleaned.(336) But the loot isn’t delivered directly to ROC’s IP address. (337) Rather, it is routed to a so-called Scapegoat Target.(338) That means that stolen information could end up on someone else’s servers, making it look as though they were the perpetrators. (339)

Before the data ends up at the Scapegoat Target, of course, the NSA intercepts and copies it using its mass surveillance infrastructure and sends it on to the ROC.(340) But such cover-up tactics increase the risk of a controlled or uncontrolled escalation between the agencies involved.(341)

It’s not just computers, of course, that can be systematically broken into, spied on or misused as part of a botnet.(342) Mobile phones can also be used to steal information from the owner’s employer.(343) The unwitting victim, whose phone has been infected with a spy program, smuggles the information out of the office.(344) The information is then retrieved remotely as the victim heads home after work.(345) Digital spies have even adopted drug-dealer slang in referring to these unsuspecting accomplices.(346) They are called “unwitting data mules.”(347)

NSA agents aren’t concerned about being caught.(348) That’s partly because they work for such a powerful agency, but also because they don’t leave behind any evidence that would hold up in court.(349) And if there is no evidence of wrongdoing, there can be no legal penalty, no parliamentary control of intelligence agencies and no international agreement.(350) Thus far, very little is known about the risks and side effects inherent in these new D weapons and there is almost no government regulation.(351)

Edward Snowden has revealed how intelligence agencies around the world, led by the NSA, are doing their best to ensure a legal vacuum in the Internet.(352) In a recent interview with the U.S. public broadcaster PBS, the whistleblower voiced his concerns that “defense is becoming less of a priority than offense.”(353)

Snowden finds that concerning.(354) “What we need to do,” he said, “is we need to create a new international standards of behavior.”(355)

I agree with Edward Snowden and I believe the place to begin with standards of behavior is for governments and organizations to respect that our digital lives and real lives are one in the same and should be treated exactly the same under the law.  Also, any cyber weapon or capability before being approved should be analyzed through the lens that our digital lives and real lives are effectively one in the same and whether or not the use of such a tool or weapon would infringe on our Constitutional/Natural Human Rights. So lets now conclude by discussing why our information in the information age is not sufficiently secure from theft and illicit use.

Conclusion

Our information is not sufficiently secure from theft and illicit use due to the nature of politics and state power. State systems at one time had a monopoly on people’s information whereas today, all that information resides on the servers and phones of corporations and private individuals. The nature of state systems and politics is to secure their positions of power, even if that means breaking their own principles of governance, as has obviously happened in the U.S based on my research. The U.S. government is even planning to immediately purge some government wide network surveillance data because they know it will incriminate them once the nature of the information is exposed.

The digital technological problems of securing information can be solved through the standardization of end-to-end encryption and intelligent multi-factor authentication within digital systems (both public and private). The political problems with the technology of the law that comprises our governance systems, can only be solved by public virtue. Case in Point: U.S. national security mouthpieces are now expressly threatening Apple with terrorism prosecutions for providing end-to-end encryption to its customers to protect their data.  People need to fight for these rights to protect their digital lives, because if they don’t protect their digital life, they are not truly protecting their real life either. It is my contention the technology industry needs to lead this effort on behalf of its global customers/users. Know and protect your digital self and to thy own digital self be true.

Posted in Thoughts | Leave a comment