Neglecting the Lessons of Cypherpunk History

 

Over the course of the Snowden revelations there have been a number of high profile figures who’ve praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece, Greenwald claimed:

“It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive.”

So, while he concedes the role of public relations in the ongoing cyber security push, Greenwald concurrently believes encryption is a “genuine” countermeasure. In other words, what we’re seeing is mostly marketing hype… except for the part about strong encryption.

With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. Seeking refuge in a technical quick fix can be hazardous for a number of reasons.

Amazon’s frightening CIA partnership

Capitalism, corporations and our massive new surveillance state

Hundreds of millions flow to Amazon from the national security state. It’s a kind of partnership we shouldn’t allow

Amazon's frightening CIA partnership: Capitalism, corporations and our massive new surveillance state
Jeff Bezos, Dick Cheney (Credit: AP/Reed Saxon/Manuel Balce Ceneta/Photo montage by Salon)

When Internet retailer and would-be 21st century overlord Amazon.com kicked WikiLeaks off its servers back in 2010, the decision was not precipitated by men in black suits knocking on the door of one of Jeff Bezos’ mansions at 3 a.m., nor were any company executives awoken by calls from gruff strangers suggesting they possessed certain information that certain individuals lying next to them asking “who is that?” would certainly like to know.

Corporations, like those who lead them, are amoral entities, legally bound to maximize quarterly profits. And rich people, oft-observed desiring to become richer, may often be fools, but when it comes to making money even the most foolish executive knows there’s more to be made serving the corporate state than giving a platform to those accused of undermining national security.

The whistle-blowing website is “putting innocent people in jeopardy,” Amazon said in a statement released 24 hours after WikiLeaks first signed up for its Web hosting service. And the company wasn’t about to let someone use their servers for “securing and storing large quantities of data that isn’t rightfully theirs,” even if much of that data, leaked by Army private Chelsea Manning, showed that its rightful possessors were covering up crimes, including the murder of innocent civilians from Yemen to Iraq.

The statement was over the top — try as it might, not even the government has been able to point to a single life lost due to Manning’s disclosures — but, nonetheless, Amazon’s capitalist apologists on the libertarian right claimed the big corporation had just been victimized by big bad government. David Henderson, a research fellow at Stanford University’s Hoover Institution, explained that those calling for a boycott of Amazon were out of line, as the real enemy was “megalomaniacal Senator Joe Lieberman,” who had earlier called on Amazon to drop WikiLeaks (and is, admittedly, a rock-solid choice for a villain).



“The simple fact is that we live in a society whose governments are so big, so powerful, so intrusive, and so arbitrary, that we have to be very careful in dealing with them,” Henderson wrote. That Amazon itself cited a purported violation of its terms of service to kick WikiLeaks off its cloud was “a lie,” according to Henderson, meant to further protect Amazon from state retribution. Did it make him happy? No, of course not. “But boycotting one of the government’s many victims? No way.”

But Amazon was no victim. Henderson, like many a libertarian, fundamentally misreads the relationship between corporations and the state, creating a distinction between the two that doesn’t really exist outside of an intro-to-economics textbook. The state draws up the charter that gives corporations life, granting them the same rights as people — more rights, in fact, as a corporate person can do what would land an actual person in prison with impunity or close to it, as when Big Banana was caught paying labor organizer-killing, right-wing death squads in Colombia and got off with a fine.

Corporations are more properly understood not as victims of the state, but its for-profit accomplices. Indeed, Amazon was eager to help the U.S. government’s campaign against a website that — thanks almost entirely to Chelsea Manning — had exposed many embarrassing acts of U.S. criminality across the globe: the condoning of torture by U.S. allies in Iraq; the sexual abuse of young boys by U.S. contractors in Afghanistan; the cover-up of U.S. airstrikes in Yemen, including one that killed 41 civilians, 21 of them children. The decision to boot WikiLeaks was, in fact, one that was made internally, no pressure from the deep state required.

“I consulted people I knew fairly high up in the State Department off the record, and they said that they did not have to put pressure … on Amazon for that to happen,” said Robert McChesney, a professor of communication at the University of Illinois, in an appearance on “Democracy Now!.” “It was not a difficult sell.”

And it paid off. A little more than a year later, Amazon was awarded a generous $600 million contract from the CIA to build a cloud computing service that will reportedly “provide all 17 [U.S.] intelligence agencies unprecedented access to an untold number of computers for various on-demand computing, analytic, storage, collaboration and other services.” As The Atlanticnoted, and as former NSA contractor Edward Snowden revealed, these same agencies collect “billions and perhaps trillions of pieces of metadata, phone and Internet records, and other various bits of information on an annual basis.”

That is to say: On Amazon’s servers will be information on millions of people that the intelligence community has no right to possess — Director of National Intelligence James Clapper initially denied the intelligence community was collecting such data for a reason — which is used to facilitate corporate espionage and drone strikes that don’t just jeopardize innocent lives, but have demonstrably ended hundreds of them.

Instead of helping expose U.S. war crimes, then, Amazon’s cloud service could be used to facilitate them, for which it will be paid handsomely — which was, in all likelihood, the whole point of the company proving itself a good corporate citizen by disassociating itself from an organization that sought to expose its future clients in the intelligence community.

“We look forward to a successful relationship with the CIA,” Amazon said in a 2013 statement after winning that long-sought contract (following a protracted battle for it with a similarly eager tech giant, IBM).

If it were more honest, Amazon might have said “We look forward to a successful relationship with the [coup d’état-promoting, drone-striking, blood-stained] CIA.”

And if it were more honest, Amazon could have said the same thing in 2010.

So long as there are giant piles of money to be made by systematically violating the privacy of the public (the CIA and NSA together enjoy a budget of over $25 billion), corporations will gladly lie in the same bed as those who created them, which is, yes, gross. Protecting consumer privacy is at best an advertising slogan, not a motivating principle for entities whose sole responsibility to shareholders is to maximize quarterly profits. This isn’t an admission of defeat — and when companies fear state-sanctioned invasions of privacy will cost them customers in the private sector or contracts with foreign states, they do sometimes roll back their participation — but a call to recognize the true villain: If we desire more than just an iPhone with encryption, we must acknowledge the issue is not just a few individual megalomaniacs we call senators, but a system called capitalism that systemically encourages this behavior.

In the 1970s, following the resignation of President Richard Nixon, the Church Committee exposed rampant spying on dissidents that was illegal even according to the loose legal standards of the time. Speeches were made, reforms were demanded and new laws were passed. The abuses, it was claimed, were relegated to history. What happened next? Look around: The total surveillance we enjoy today, enabled by high-tech military contractors including AT&T and Googleand Verizon and every other nominally private tech company that capitalism encourages to value profits over privacy — a public-private partnership that grants those in power a means of spying on the powerless beyond the wildest dreams of any 20th century totalitarian. Sure, ostensibly communist states can of course be quite awful too, but the difference is that, in capitalist nations, the citizens actually place the eavesdropping devices in their own homes.

Now, whether the reforms of the 1970s were inadequate or were just plain ignored by those who were to be reformed is sort of beside the point; the status quo is what it is and, at least if one values privacy and the ability to organize and engage in political discussion and search the Internet without fear a spy agency or one of its contractors is monitoring it all in real-time, it sure isn’t good. So when groups such as the Electronic Frontier Foundation and progressive magazines such as The Nation call for “another Church Committee,” the question we ought to ask them is: “Fucking really?”

Abolishing capitalism is indeed a utopian goal, but when corporations routinely go above and beyond their legal duties to serve the state — granting police and intelligence agencies access to their customers’ data without so much as a judge’s rubberstamp on a warrant — expecting meaningful change from a few hearings or legislative reforms will only leave the reformers disappointed to find their efforts have just led to dystopia. So long as there’s money to be made serving the corporate state, that is what corporations will do; there’s no need to resort to conspiracy for it’s right there in their corporate. And that’s not to be defeatist, but to suggest we ought to try a different approach: we ought to be organizing to put a stop to public-private partnerships altogether.

Right-wing libertarians and other defenders of capitalism are absolutely right when they say that the profit motive is a mighty motive indeed — and that’s precisely why we should seek to remove it; to take away even just the prospect of a federal contract. If the demands of privacy advocates are limited by myopic concerns of what’s politically possible here and now, all they will have to show for their advocacy will be a false sense of achievement. The problem isn’t, as some imagine it, a state spying without appropriate limits, but the fact that capitalism erases the distinction between public and private, making it so non-state actors gleefully act as the state’s eyes and ears. This isn’t about just Google or the government, but both: the capitalist state. And until we start recognizing that and saying as much, the result of our efforts will be more of the same.

Charles Davis is a writer and producer in Los Angeles whose work has been published by outlets including Al Jazeera, The New Inquiry and Vice. You can read more of his writing here.

 

http://www.salon.com/2014/12/01/amazons_frightening_cia_partnership_capitalism_corporations_and_our_massive_new_surveillance_state/?source=newsletter

Monolithic corporations aren’t our saviors — they’re the central part of the problem.

Tech Companies Are Peddling a Phony Version of Security, Using the Govt. as the Bogeyman

http://kielarowski.files.wordpress.com/2014/11/b4817-tech.png?w=399&h=337

This week the USA Freedom Act was blocked in the Senate as it failed to garner the 60 votes required to move forward. Presumably the bill would have imposed limits on NSA surveillance. Careful scrutiny of the bill’s text however reveals yet another mere gesture of reform, one that would codify and entrench existing surveillance capabilities rather than eliminate them.

Glenn Greenwald, commenting from his perch at the Intercept, opined:

“All of that illustrates what is, to me, the most important point from all of this: the last place one should look to impose limits on the powers of the U.S. government is . . . the U.S. government. Governments don’t walk around trying to figure out how to limit their own power, and that’s particularly true of empires.”

Anyone who followed the sweeping deregulation of the financial industry during the Clinton era, the Gramm–Leach–Bliley Act of 1999 which effectively repealed Glass-Steagall and the Commodity Futures Modernization Act of 2000, immediately sees through Greenwald’s impromptu dogma. Let’s not forget the energy market deregulation in California and subsequent manipulation that resulted in blackouts throughout the state. Ditto that for the latest roll back of arms export controls that opened up markets for the defense industry. And never mind all those hi-tech companies that want to loosen H1-B restrictions.

The truth is that the government is more than happy to cede power and authority… just as long as doing so serves the corporate factions that have achieved state capture. The “empire” Greenwald speaks of is a corporate empire. In concrete analytic results that affirm Thomas Ferguson’s Investment Theory of Party Competition, researchers from Princeton and Northwestern University conclude that:

“Multivariate analysis indicates that economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence.”

Glenn’s stance reveals a broader libertarian theme. One that the Koch brothers would no doubt find amenable: the government is suspect and efforts to rein in mass interception must therefore arise from the corporate entities. Greenwald appears to believe that the market will solve everything. Specifically, he postulates that consumer demand for security will drive companies to offer products that protect user privacy, adopt “strong” encryption, etc.

The Primacy of Security Theater

Certainly large hi-tech companies care about quarterly earnings. That definitely explains all of the tax evasion, wage ceilings, and the slave labor. But these same companies would be hard pressed to actually protect user privacy because spying on users is a fundamental part of their business model. Like government spies, corporate spies collect and monetize oceans of data.

Furthermore hi-tech players don’t need to actually bullet-proof their products to win back customers. It’s far more cost effective to simply manufacture the perception of better security: slap on some crypto, flood the news with public relation pieces, and get some government officials (e.g. James ComeyRobert Hannigan, and Stewart Baker) to whine visibly about the purported enhancements in order to lend the marketing campaign credibility. The techno-libertarians of Silicon Valley are masters of Security Theater.

Witness, if you will, Microsoft’s litany of assurances about security over the years, followed predictably by an endless train of critical zero-day bugs. Faced with such dissonance it becomes clear that “security” in high-tech is viewed as a public relations issue, a branding mechanism to boost profits. Greenwald is underestimating the contempt that CEOs have for the credulity of their user base, much less their own workers.

Does allegedly “strong” cryptography offer salvation? Cryptome’s John Young thinks otherwise:

“Encryption is a citizen fraud, bastard progeny of national security, which offers malware insecurity requiring endless ‘improvements’ to correct the innately incorrigible. Its advocates presume it will empower users rather than subject them to ever more vulnerability to shady digital coders complicit with dark coders of law in exploiting fear, uncertainty and doubt.”

Business interests, having lured customers in droves with a myriad of false promises, will go back to secretly cooperating with government spies as they always have: introducing subtle weaknesses into cryptographic protocols, designing backdoors that double as accidental zero-day bugs, building rootkits which hide in plain sight, and handing over user data. In other words all of the behavior that was described by Edward Snowden’s documents. Like a jilted lover, consumers will be pacified with a clever sales pitch that conceals deeper corporate subterfuge.

Ultimately it’s a matter of shared class interest. The private sector almost always cooperates with the intelligence services because American spies pursue the long-term prerogatives of neoliberal capitalism; open markets and access to resources the world over. Or perhaps someone has forgotten the taped phone call of Victoria Nuland selecting the next prime minister of Ukraine as the IMF salivates over austerity measures? POTUS caters to his constituents, the corporate ruling class, which transitively convey their wishes to clandestine services like the CIA. Recall Ed Snowden’s open letter to Brazil:

“These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.”

To confront the Deep State Greenwald is essentially advocating that we elicit change by acting like consumers instead of constitutionally endowed citizens. This is a grave mistake because profits can be decoupled from genuine security in a society defined by secrecy, propaganda, and state capture. Large monolithic corporations aren’t our saviors. They’re the central part of the problem. We shouldn’t run to the corporate elite to protect us. We should engage politically to retake and remake our republic.

 

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis.

http://www.alternet.org/tech-companies-are-peddling-phony-version-security-using-govt-bogeyman?akid=12501.265072.yCLOb-&rd=1&src=newsletter1027620&t=29&paging=off&current_page=1#bookmark

You should actually blame America for everything you hate about internet culture

November 21

The tastes of American Internet-users are both well-known and much-derided: Cat videos. Personality quizzes. Lists of things that only people from your generation/alma mater/exact geographic area “understand.”

But in France, it turns out, even viral-content fiends are a bit more … sophistiqués.

“In France, articles about cats do not work,” Buzzfeed’s Scott Lamb told Le Figaro, a leading Parisian paper. Instead, he explained, Buzzfeed’s first year in the country has shown it that “the French love sharing news and politics on social networks – in short, pretty serious stuff.”

This is interesting for two reasons: first, as conclusive proof that the French are irredeemable snobs; second, as a crack in the glossy, understudied facade of what we commonly call “Internet culture.”

When the New York Times’s David Pogue tried to define the term in 2009, he ended up with a series of memes: the “Star Wars” kid, the dancing baby, rickrolling, the exploding whale. Likewise, if you look to anyone who claims to cover the Internet culture space — not only Buzzfeed, but Mashable, Gawker and, yeah, yours truly — their coverage frequently plays on what Lamb calls the “cute and positive” theme. They’re boys who work at Target and have swoopy hair, videos of babies acting like “tiny drunk adults,” hamsters eating burritos and birthday cakes.

That is the meaning we’ve assigned to “Internet culture,” itself an ambiguous term: It’s the fluff and the froth of the global Web.

But Lamb’s observations on Buzzfeed’s international growth would actually seem to suggest something different. Cat memes and other frivolities aren’t the work of an Internet culture. They’re the work of an American one.

American audiences love animals and “light content,” Lamb said, but readers in other countries have reacted differently. Germans were skeptical of the site’s feel-good frivolity, he said, and some Australians were outright “hostile.” Meanwhile, in France — land of la mode and le Michelin — critics immediately complained, right at Buzzfeed’s French launch, that the articles were too fluffy and poorly translated. Instead, Buzzfeed quickly found that readers were more likely to share articles about news, politics and regional identity, particularly in relation to the loved/hated Paris, than they were to share the site’s other fare.

A glance at Buzzfeed’s French page would appear to bear that out. Right now, its top stories “Ça fait le buzz” — that’s making the buzz, for you Americaines — are “21 photos that will make you laugh every time” and “26 images that will make you rethink your whole life.” They’re not making much buzz, though. Neither has earned more than 40,000 clicks — a pittance for the reigning king of virality, particularly in comparison to Buzzfeed’s versions on the English site.

All this goes to show that the things we term “Internet culture” are not necessarily born of the Internet, itself — the Internet is everywhere, but the insatiable thirst for cat videos is not. If you want to complain about dumb memes or clickbait or other apparent instances of socially sanctioned vapidity, blame America: We started it, not the Internet.

Appelons un chat un chat.

Caitlin Dewey runs The Intersect blog, writing about digital and Internet culture. Before joining the Post, she was an associate online editor at Kiplinger’s Personal Finance.
http://www.washingtonpost.com/news/the-intersect/wp/2014/11/21/you-should-actually-blame-america-for-everything-you-hate-about-internet-culture/

Google’s secret NSA alliance: The terrifying deals between Silicon Valley and the security state

Inside the high-level, complicated deals — and the rise of a virtually unchecked surveillance power

Google's secret NSA alliance: The terrifying deals between Silicon Valley and the security state
Cover detail of “@War” by Shane Harris

In mid-December 2009, engineers at Google’s headquarters in Mountain View, California, began to suspect that hackers in China had obtained access to private Gmail accounts, including those used by Chinese human rights activists opposed to the government in Beijing.

 Like a lot of large, well-known Internet companies, Google and its users were frequently targeted by cyber spies and criminals. But when the engineers looked more closely, they discovered that this was no ordinary hacking campaign.

In what Google would later describe as “a highly sophisticated and targeted attack on our corporate infrastructure originating from China,” the thieves were able to get access to the password system that allowed Google’s users to sign in to many Google applications at once. This was some of the company’s most important intellectual property, considered among the “crown jewels” of its source code by its engineers. Google wanted concrete evidence of the break-in that it could share with U.S. law enforcement and intelligence authorities. So they traced the intrusion back to what they believed was its source — a server in Taiwan where data was sent after it was siphoned off Google’s systems, and that was presumably under the control of hackers in mainland China.

“Google broke in to the server,” says a former senior intelligence official who’s familiar with the company’s response. The decision wasn’t without legal risk, according to the official. Was this a case of hacking back? Just as there’s no law against a homeowner following a robber back to where he lives, Google didn’t violate any laws by tracing the source of the intrusion into its systems. It’s still unclear how the company’s investigators gained access to the server, but once inside, if they had removed or deleted data, that would cross a legal line. But Google didn’t destroy what it found. In fact, the company did something unexpected and unprecedented — it shared the information.

Google uncovered evidence of one of the most extensive and far-reaching campaigns of cyber espionage in U.S. history. Evidence suggested that Chinese hackers had penetrated the systems of nearly three dozen other companies, including technology mainstays such as Symantec, Yahoo, and Adobe, the defense contractor Northrop Grumman, and the equipment maker Juniper Networks. The breadth of the campaign made it hard to discern a single motive. Was this industrial espionage? Spying on human rights activists? Was China trying to gain espionage footholds in key sectors of the U.S. economy or, worse, implant malware in equipment used to regulate critical infrastructure?



The only things Google seemed certain of was that the campaign was massive and persistent, and that China was behind it. And not just individual hackers, but the Chinese government, which had the means and the motive to launch such a broad assault.

Google shared what it found with the other targeted companies, as well as U.S. law enforcement and intelligence agencies. For the past four years, corporate executives had been quietly pressing government officials to go public with information about Chinese spying, to shame the country into stopping its campaign. But for President Obama or Secretary of State Hillary Clinton to give a speech pointing the finger at China, they needed indisputable evidence that attributed the attacks to sources in China. And looking at what Google had provided it, government analysts were not sure they had it. American officials decided the relationship between the two economic superpowers was too fragile and the risk of conflict too high to go public with what Google knew.

Google disagreed.

Deputy Secretary of State James Steinberg was at a cocktail party in Washington when an aide delivered an urgent message: Google was going to issue a public statement about the Chinese spying campaign. Steinberg, the second-highest-ranking official in U.S. foreign policy, immediately grasped the significance of the company’s decision. Up to that moment, American corporations had been unwilling to publicly accuse the Chinese of spying on their networks or stealing their intellectual property. The companies feared losing the confidence of investors and customers, inviting other hackers to target their obviously weak defenses, and igniting the fury of Chinese government officials, who could easily revoke access to one of the biggest and fastest-growing markets for U.S. goods and services. For any company to come out against China would be momentous. But for Google, the most influential company of the Internet age, it was historic.

The next day, January 12, 2010, Google’s chief legal officer, David Drummond, posted a lengthy statement to the company’s blog, accusing hackers in China of attacking Google’s infrastructure and criticizing the government for censoring Internet content and suppressing human rights activists. “We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech,” said Drummond.

Back at the State Department, officials saw a rare opportunity to put pressure on China for spying. That night Hillary Clinton issued her own statement. “We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation,” she said. “The ability to operate with confidence in cyberspace is critical in a modern society and economy.”

As diplomatic maneuvers go, this was pivotal. Google had just given the Obama administration an opening to accuse China of espionage without having to make the case itself. Officials could simply point to what Google had discovered as a result of its own investigation.

“It gave us an opportunity to discuss the issues without having to rely on classified sources or sensitive methods” of intelligence gathering, Steinberg says. The administration had had little warning about Google’s decision, and it was at odds with some officials’ reluctance to take the espionage debate public. But now that it was, no one complained.

“It was their decision. I certainly had no objection,” Steinberg says.

The Obama administration began to take a harsher tone with China, starting with a major address Clinton gave about her Internet Freedom initiative nine days later. She called on China to stop censoring Internet searches and blocking access to websites that printed criticism about the country’s leaders. Clinton likened such virtual barriers to the Berlin Wall.

For its part, Google said it would stop filtering search results for words and subjects banned by government censors. And if Beijing objected, Google was prepared to pull up stakes and leave the Chinese market entirely, losing out on billions of dollars in potential revenues. That put other U.S. technology companies in the hot seat. Were they willing to put up with government interference and suppression of free speech in order to keep doing business in China?

After Google’s declaration, it was easier for other companies to admit they’d been infiltrated by hackers. After all, if it happened to Google, it could happen to anyone. Being spied on by the Chinese might even be a mark of distinction, insofar as it showed that a company was important enough to merit the close attention of a superpower. With one blog post, Google had changed the global conversation about cyber defense.

The company had also shown that it knew a lot about Chinese spies. The NSA wanted to know how much.

Google had also alerted the NSA and the FBI that its networks were breached by hackers in China. As a law enforcement agency, the FBI could investigate the intrusion as a criminal matter. But the NSA needed Google’s permission to come in and help assess the breach.

On the day that Google’s lawyer wrote the blog post, the NSA’s general counsel began drafting a “cooperative research and development agreement,” a legal pact that was originally devised under a 1980 law to speed up the commercial development of new technologies that are of mutual interest to companies and the government. The agreement’s purpose is to build something — a device or a technique, for instance. The participating company isn’t paid, but it can rely on the government to front the research and development costs, and it can use government personnel and facilities for the research. Each side gets to keep the products of the collaboration private until they choose to disclose them. In the end, the company has the exclusive patent rights to build whatever was designed, and the government can use any information that was generated during the collaboration.

It’s not clear what the NSA and Google built after the China hack. But a spokeswoman at the agency gave hints at the time the agreement was written. “As a general matter, as part of its information-assurance mission, NSA works with a broad range of commercial partners and research associates to ensure the availability of secure tailored solutions for Department of Defense and national security systems customers,” she said. It was the phrase “tailored solutions” that was so intriguing. That implied something custom built for the agency, so that it could perform its intelligence-gathering mission. According to officials who were privy to the details of Google’s arrangements with the NSA, the company agreed to provide information about traffic on its networks in exchange for intelligence from the NSA about what it knew of foreign hackers. It was a quid pro quo, information for information.

And from the NSA’s perspective, information in exchange for protection.

The cooperative agreement and reference to a “tailored solution” strongly suggest that Google and the NSA built a device or a technique for monitoring intrusions into the company’s networks. That would give the NSA valuable information for its so-called active defense system, which uses a combination of automated sensors and algorithms to detect malware or signs of an imminent attack and take action against them. One system, called Turmoil, detects traffic that might pose a threat. Then, another automated system called Turbine decides whether to allow the traffic to pass or to block it. Turbine can also select from a number of offensive software programs and hacking techniques that a human operator can use to disable the source of the malicious traffic. He might reset the source’s Internet connection or redirect the traffic to a server under the NSA’s control. There the source can be injected with a virus or spyware, so the NSA can continue to monitor it.

For Turbine and Turmoil to work, the NSA needs information, particularly about the data flowing over a network. With its millions of customers around the world, Google is effectively a directory of people using the Internet. It has their e-mail addresses. It knows where they’re physically located when they log in. It knows what they search for on the web. The government could command the company to turn over that information, and it does as part of the NSA’s Prism program, which Google had been participating in for a year by the time it signed the cooperative agreement with the NSA. But that tool is used for investigating people whom the government suspects of terrorism or espionage.

The NSA’s cyber defense mission takes a broader view across networks for potential threats, sometimes before it knows who those threats are. Under Google’s terms of service, the company advises its users that it may share their “personal information” with outside organizations, including government agencies, in order to “detect, prevent, or otherwise address fraud, security or technical issues” and to “protect against harm to the rights, property or safety of Google.” According to people familiar with the NSA and Google’s arrangement, it does not give the government permission to read Google users’ e-mails.

They can do that under Prism. Rather, it lets the NSA evaluate Google hardware and software for vulnerabilities that hackers might exploit. Considering that the NSA is the single biggest collector of zero day vulnerabilities, that information would help make Google more secure than others that don’t get access to such prized secrets. The agreement also lets the agency analyze intrusions that have already occurred, so it can help trace them back to their source.

Google took a risk forming an alliance with the NSA. The company’s corporate motto, “Don’t be evil,” would seem at odds with the work of a covert surveillance and cyber warfare agency. But Google got useful information in return for its cooperation. Shortly after the China revelation, the government gave Sergey Brin, Google’s cofounder, a temporary security clearance that allowed him to attend a classified briefing about the campaign against his company. Government analysts had concluded that the intrusion was directed by a unit of the People’s Liberation Army. This was the most specific information Google could obtain about the source of the intrusion. It could help Google fortify its systems, block traffic from certain Internet addresses, and make a more informed decision about whether it wanted to do business in China at all. Google’s executives might pooh-pooh the NSA’s “secret sauce.” But when the company found itself under attack, it turned to Fort Meade for help.

In its blog post, Google said that more than twenty companies had been hit by the China hackers, in a campaign that was later dubbed Aurora after a file name on the attackers’ computer. A security research firm soon put the number of targets at around three dozen. Actually, the scope of Chinese spying was, and is, much larger.

Security experts in and outside of government have a name for the hackers behind campaigns such as Aurora and others targeting thousands of other companies in practically every sector of the U.S. economy: the advanced persistent threat. It’s an ominous-sounding title, and a euphemistic one. When government officials mention “APT” today, what they often mean is China, and more specifically, hackers working at the direction of Chinese military and intelligence officials or on their behalf.

The “advanced” part of the description refers in part to the hackers’ techniques, which are as effective as any the NSA employs. The Chinese cyber spies can use an infected computer’s own chat and instant-messenger applications to communicate with a command-and-control server. They can implant a piece of malware and then remotely customize it, adding new information-harvesting features. The government apparatus supporting all this espionage is also advanced, more so than the loose-knit groups of cyber vandals or activists such as Anonymous that spy on companies for political purposes, or even the sophisticated Russian criminal groups, who are more interested in stealing bank account and credit card data. China plays a longer game. Its leaders want the country to become a first-tier economic and industrial power in a single generation, and they are prepared to steal the knowledge they need to do it, U.S. officials say.

That’s where the “persistent” part comes into play. Gathering that much information, from so many sources, requires a relentless effort, and the will and financial resources to try many different kinds of intrusion techniques, including expensive zero day exploits. Once the spies find a foothold inside an organization’s networks, they don’t let go unless they’re forced out. And even then they quickly return. The “threat” such spying poses to the U.S. economy takes the form of lost revenue and strategic position. But also the risk that the Chinese military will gain hidden entry points into critical-infrastructure control systems in the United States. U.S. intelligence officials believe that the Chinese military has mapped out infrastructure control networks so that if the two nations ever went to war, the Chinese could hit American targets such as electrical grids or gas pipelines without having to launch a missile or send a fleet of bombers.

Operation Aurora was the first glimpse into the breadth of the ATP’s exploits. It was the first time that names of companies had been attached to Chinese espionage. “The scope of this is much larger than anybody has ever conveyed,” Kevin Mandia, CEO and president of Mandiant, a computer security and forensics company located outside Washington, said at the time of Operation Aurora. The APT represented hacking on a national, strategic level. “There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now,” said Mandia, a veteran cyber investigator who began his career as a computer security officer in the air force and worked there on cybercrime cases. Mandiant was becoming a goto outfit that companies called whenever they discovered spies had penetrated their networks. Shortly after the Google breach, Mandiant disclosed the details of its investigations in a private meeting with Defense Department officials a few days before speaking publicly about it.

The APT is not one body but a collection of hacker groups that include teams working for the People’s Liberation Army, as well as so-called patriotic hackers, young, enterprising geeks who are willing to ply their trade in service of their country. Chinese universities are also stocked with computer science students who work for the military after graduation. The APT hackers put a premium on stealth and patience. They use zero days and install backdoors. They take time to identify employees in a targeted organization, and send them carefully crafted spear-phishing e-mails laden with spyware. They burrow into an organization, and they often stay there for months or years before anyone finds them, all the while siphoning off plans and designs, reading e-mails and their attachments, and keeping tabs on the comings and goings of employees — the hackers’ future targets. The Chinese spies behave, in other words, like their American counterparts.

No intelligence organization can survive if it doesn’t know its enemy. As expansive as the NSA’s network of sensors is, it’s sometimes easier to get precise intelligence about hacking campaigns from the targets themselves. That’s why the NSA partnered with Google. It’s why when Mandiant came calling with intelligence on the APT, officials listened to what the private sleuths had to say. Defending cyberspace is too big a job even for the world’s elite spy agency. Whether they like it or not, the NSA and corporations must fight this foe together.

Google’s Sergey Brin is just one of hundreds of CEOs who have been brought into the NSA’s circle of secrecy. Starting in 2008, the agency began offering executives temporary security clearances, some good for only one day, so they could sit in on classified threat briefings.

“They indoctrinate someone for a day, and show them lots of juicy intelligence about threats facing businesses in the United States,” says a telecommunications company executive who has attended several of the briefings, which are held about three times a year. The CEOs are required to sign an agreement pledging not to disclose anything they learn in the briefings. “They tell them, in so many words, if you violate this agreement, you will be tried, convicted, and spend the rest of your life in prison,” says the executive.

Why would anyone agree to such severe terms? “For one day, they get to be special and see things few others do,” says the telecom executive, who, thanks to having worked regularly on classified projects, holds high-level clearances and has been given access to some of the NSA’s most sensitive operations, including the warrantless surveillance program that began after the 9/11 attacks. “Alexander became personal friends with many CEOs” through these closed-door sessions, the executive adds. “I’ve sat through some of these and said, ‘General, you tell these guys things that could put our country in danger if they leak out.’ And he said, ‘I know. But that’s the risk we take. And if it does leak out, they know what the consequences will be.’ ”

But the NSA doesn’t have to threaten the executives to get their attention. The agency’s revelations about stolen data and hostile intrusions are frightening in their own right, and deliberately so. “We scare the bejeezus out of them,” a government official told National Public Radio in 2012. Some of those executives have stepped out of their threat briefings meeting feeling like the defense contractor CEOs who, back in the summer of 2007, left the Pentagon with “white hair.”

Unsure how to protect themselves, some CEOs will call private security companies such as Mandiant. “I personally know of one CEO for whom [a private NSA threat briefing] was a life-changing experience,” Richard Bejtlich, Mandiant’s chief security officer, told NPR. “General Alexander sat him down and told him what was going on. This particular CEO, in my opinion, should have known about [threats to his company] but did not, and now it has colored everything about the way he thinks about this problem.”

The NSA and private security companies have a symbiotic relationship. The government scares the CEOs and they run for help to experts such as Mandiant. Those companies, in turn, share what they learn during their investigations with the government, as Mandiant did after the Google breach in 2010. The NSA has also used the classified threat briefings to spur companies to strengthen their defenses.

In one 2010 session, agency officials said they’d discovered a flaw in personal computer firmware — the onboard memory and codes that tell the machine how to work — that could allow a hacker to turn the computer “into a brick,” rendering it useless. The CEOs of computer manufacturers who attended the meeting, and who were previously aware of the design flaw, ordered it fixed.

Private high-level meetings are just one way the NSA has forged alliances with corporations. Several classified programs allow companies to share the designs of their products with the agency so it can inspect them for flaws and, in some instances, install backdoors or other forms of privileged access. The types of companies that have shown the NSA their products include computer, server, and router manufacturers; makers of popular software products, including Microsoft; Internet and e-mail service providers; telecommunications companies; satellite manufacturers; antivirus and Internet security companies; and makers of encryption algorithms.

The NSA helps the companies find weaknesses in their products. But it also pays the companies not to fix some of them. Those weak spots give the agency an entry point for spying or attacking foreign governments that install the products in their intelligence agencies, their militaries, and their critical infrastructure. Microsoft, for instance, shares zero day vulnerabilities in its products with the NSA before releasing a public alert or a software patch, according to the company and U.S. officials. Cisco, one of the world’s top network equipment makers, leaves backdoors in its routers so they can be monitored by U.S. agencies, according to a cyber security professional who trains NSA employees in defensive techniques. And McAfee, the Internet security company, provides the NSA, the CIA, and the FBI with network traffic flows, analysis of malware, and information about hacking trends.

Companies that promise to disclose holes in their products only to the spy agencies are paid for their silence, say experts and officials who are familiar with the arrangements. To an extent, these openings for government surveillance are required by law. Telecommunications companies in particular must build their equipment in such a way that it can be tapped by a law enforcement agency presenting a court order, like for a wiretap. But when the NSA is gathering intelligence abroad, it is not bound by the same laws. Indeed, the surveillance it conducts via backdoors and secret flaws in hardware and software would be illegal in most of the countries where it occurs.

Of course, backdoors and unpatched flaws could also be used by hackers. In 2010 a researcher at IBM publicly revealed a flaw in a Cisco operating system that allows a hacker to use a backdoor that was supposed to be available only to law enforcement agencies. The intruder could hijack the Cisco device and use it to spy on all communications passing through it, including the content of e-mails. Leaving products vulnerable to attack, particularly ubiquitous software programs like those produced by Microsoft, puts millions of customers and their private information at risk and jeopardizes the security of electrical power facilities, public utilities, and transportation systems.

Under U.S. law, a company’s CEO is required to be notified whenever the government uses its products, services, or facilities for intelligence-gathering purposes. Some of these information-sharing arrangements are brokered by the CEOs themselves and may be reviewed only by a few lawyers. The benefits of such cooperation can be profound. John Chambers, the CEO of Cisco, became friends with George W. Bush when he was in office. In April 2006, Chambers and the president ate lunch together at the White House with Chinese president Hu Jintao, and the next day Bush gave Chambers a lift on Air Force One to San Jose, where the president joined the CEO at Cisco headquarters for a panel discussion on American business competitiveness. California governor Arnold Schwarzenegger also joined the conversation. Proximity to political power is its own reward. But preferred companies also sometimes receive early warnings from the government about threats against them.

The Homeland Security Department also conducts meetings with companies through its “cross sector working groups” initiative. These sessions are a chance for representatives from the universe of companies with which the government shares intelligence to meet with one another and hear from U.S. officials. The attendees at these meetings often have security clearances and have undergone background checks and interviews. The department has made the schedule and agendas of some of these meetings public, but it doesn’t disclose the names of companies that participated or many details about what they discussed.

Between January 2010 and October 2013, the period for which public records are available, the government held at least 168 meetings with companies just in the cross sector working group. There have been hundreds more meetings broken out by specific industry categories, such as energy, telecommunications, and transportation.

A typical meeting may include a “threat briefing” by a U.S. government official, usually from the NSA, the FBI, or the Homeland Security Department; updates on specific initiatives, such as enhancing bank website security, improving information sharing among utility companies, or countering malware; and discussion of security “tools” that have been developed by the government and industry, such as those used to detect intruders on a network. One meeting in April 2012 addressed “use cases for enabling information sharing for active cyber defense,” the NSA-pioneered process of disabling cyber threats before they can do damage. The information sharing in this case was not among government agencies but among corporations.

Most meetings have dealt with protecting industrial control systems, the Internet-connected devices that regulate electrical power equipment, nuclear reactors, banks, and other vital facilities. That’s the weakness in U.S. cyberspace that most worries intelligence officials. It was the subject that so animated George W. Bush in 2007 and that Barack Obama addressed publicly two years later. The declassified agendas for these meetings offer a glimpse at what companies and the government are building for domestic cyber defense.

On September 23, 2013, the Cross Sector Enduring Security Framework Operations Working Group discussed an update to an initiative described as “Connect Tier 1 and USG Operations Center.” “Tier 1” usually refers to a major Internet service provider or network operator. Some of the best-known Tier 1 companies in the United States are AT&T, Verizon, and CenturyLink. “USG” refers to the U.S. government. The initiative likely refers to a physical connection running from an NSA facility to those companies, as part of an expansion of the DIB pilot program. The expansion was authorized by a presidential executive order in February 2013 aimed at increasing security of critical-infrastructure sites around the country. The government, mainly through the NSA, gives threat intelligence to two Internet service providers, AT&T and CenturyLink. They, in turn, can sell “enhanced cybersecurity services,” as the program is known, to companies that the government deems vital to national and economic security. The program is nominally run by the Homeland Security Department, but the NSA provides the intelligence and the technical expertise.

Through this exchange of intelligence, the government has created a cyber security business. AT&T and CenturyLink are in effect its private sentries, selling protection to select corporations and industries. AT&T has one of the longest histories of any company participating in government surveillance. It was among the first firms that voluntarily handed over call records of its customers to the NSA following the 9/11 attacks, so the agency could mine them for potential connections to terrorists — a program that continues to this day. Most phone calls in the United States pass through AT&T equipment at some point, regardless of which carrier initiates them. The company’s infrastructure is one of the most important and frequently tapped repositories of electronic intelligence for the NSA and U.S. law enforcement agencies.

CenturyLink, which has its headquarters in Monroe, Louisiana, has been a less familiar name in intelligence circles over the years. But in 2011 the company acquired Qwest Communications, a telecommunications firm that is well known to the NSA. Before the 9/11 attacks, NSA officials approached Qwest executives and asked for access to its high-speed fiber-optic networks, in order to monitor them for potential cyber attacks. The company rebuffed the agency’s requests because officials hadn’t obtained a court order to get access to the company’s equipment. After the terrorist attacks, NSA officials again came calling, asking Qwest to hand over its customers’ phone records without a court-approved warrant, as AT&T had done. Again, the company refused. It took another ten years and the sale of the company, but Qwest’s networks are now a part of the NSA’s extended security apparatus.

The potential customer base for government-supplied cyber intelligence, sold through corporations, is as diverse as the U.S. economy itself. To obtain the information, a company must meet the government’s definition of a critical infrastructure: “assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” That may seem like a narrow definition, but the categories of critical infrastructure are numerous and vast, encompassing thousands of businesses. Officially, there are sixteen sectors: chemical; commercial facilities, to include shopping centers, sports venues, casinos, and theme parks; communications; critical manufacturing; dams; the defense industrial base; emergency services, such as first responders and search and rescue; energy; financial services; food and agriculture; government facilities; health care and public health; information technology; nuclear reactors, materials, and waste; transportation systems; and water and wastewater systems.

It’s inconceivable that every company on such a list could be considered “so vital to the United States” that its damage or loss would harm national security and public safety. And yet, in the years since the 9/11 attacks, the government has cast such a wide protective net that practically any company could claim to be a critical infrastructure. The government doesn’t disclose which companies are receiving cyber threat intelligence. And as of now the program is voluntary. But lawmakers and some intelligence officials, including Keith Alexander and others at the NSA, have pressed Congress to regulate the cyber security standards of critical-infrastructure owners and operators. If that were to happen, then the government could require that any company, from Pacific Gas and Electric to Harrah’s Hotels and Casinos, take the government’s assistance, share information about its customers with the intelligence agencies, and build its cyber defenses according to government specifications.

In a speech in 2013 the Pentagon’s chief cyber security adviser, Major General John Davis, announced that Homeland Security and the Defense Department were working together on a plan to expand the original DIB program to more sectors. They would start with energy, transportation, and oil and natural gas, “things that are critical to DOD’s mission and the nation’s economic and national security that we do not directly control,” Davis said. The general called foreign hackers’ mapping of these systems and potential attacks “an imminent threat.” The government will never be able to manage such an extensive security regime on its own. It can’t now, which is why it relies on AT&T and CenturyLink. More companies will flock to this new mission as the government expands the cyber perimeter. The potential market for cyber security services is practically limitless.

Excerpted from “@WAR: The Rise of the Military-Internet Complex” by Shane Harris. Copyright © 2014 by Shane Harris. Used by permission of Houghton Mifflin Harcourt Publishing Company. All rights reserved.

Shane Harris is the author of The Watchers: The Rise of America’s Surveillance State, which won the New York Public Library’s Helen Bernstein Book Award for Excellence in Journalism and was named one of the best books of 2010 by the Economist. Harris won the 2010 Gerald R. Ford Prize for Distinguished Reporting on National Defense. He is currently senior writer at Foreign Policy magazine and an ASU fellow at the New America Foundation, where he researches the future of war.

http://www.salon.com/2014/11/16/googles_secret_nsa_alliance_the_terrifying_deals_between_silicon_valley_and_the_security_state/?source=newsletter

William Gibson: I never imagined Facebook

The brilliant science-fiction novelist who imagined the Web tells Salon how writers missed social media’s rise

William Gibson: I never imagined Facebook
William Gibson (Credit: Putnam/Michael O’Shea)

Even if you’ve never heard of William Gibson, you’re probably familiar with his work. Arguably the most important sci-fi writer of his generation, Gibson’s cyber-noir imagination has shaped everything from the Matrix aesthetic to geek culture to the way we conceptualize virtual reality. In a 1982 short story, Gibson coined the term “cyberspace.” Two years later, his first and most famous novel, “Neuromancer,” helped launch the cyberpunk genre. By the 1990s, Gibson was writing about big data, imagining Silk Road-esque Internet enclaves, and putting his characters on reality TV shows — a full four years before the first episode of “Big Brother.”

Prescience is flashy, but Gibson is less an oracle than a kind of speculative sociologist. A very contemporary flavor of dislocation seems to be his specialty. Gibson’s heroes shuttle between wildly discordant worlds: virtual paradises and physical squalor; digital landscapes and crumbling cities; extravagant wealth and poverty.

In his latest novel, “The Peripheral,” which came out on Tuesday, Gibson takes this dislocation to new extremes. Set in mid-21st century Appalachia and far-in-the-future London, “The Peripheral” is partly a murder mystery, and partly a time-travel mind-bender. Gibson’s characters aren’t just dislocated in space, now. They’ve become unhinged from history.

Born in South Carolina, Gibson has lived in Vancouver since the 1960s. Over the phone, we spoke about surveillance, celebrity and the concept of the eternal now.

You’re famous for writing about hackers, outlaws and marginal communities. But one of the heroes of “The Peripheral” is a near-omniscient intelligence agent. She has surveillance powers that the NSA could only dream of. Should I be surprised to see you portray that kind of character so positively?

Well, I don’t know. She’s complicated, because she is this kind of terrifying secret police person in the service of a ruthless global kleptocracy. At the same time, she seems to be slightly insane and rather nice. It’s not that I don’t have my serious purposes with her, but at the same time she’s something of a comic turn.

Her official role is supposed to be completely terrifying, but at the same time her role is not a surprise. It’s not like, “Wow, I never even knew that that existed.”



Most of the characters in “The Peripheral” assume that they’re being monitored at all times. That assumption is usually correct. As a reader, I was disconcerted by how natural this state of constant surveillance felt to me.

I don’t know if it would have been possible 30 years ago to convey that sense to the reader effectively, without the reader already having some sort of cultural module in place that can respond to that. If we had somehow been able to read this text 30 years ago, I don’t know how we would even register that. It would be a big thing for a reader to get their head around without a lot of explaining. It’s a scary thing, the extent to which I don’t have to explain why [the characters] take that surveillance for granted. Everybody just gets it.

You’re considered a founder of the cyberpunk genre, which tends to feature digital cowboys — independent operators working on the frontiers of technology. Is the counterculture ethos of cyberpunk still relevant in an era when the best hackers seem to be working for the Chinese and U.S. governments, and our most famous digital outlaw, Edward Snowden, is under the protection of Vladimir Putin?

It’s seemed to me for quite a while now that the most viable use for the term “cyberpunk” is in describing artifacts of popular culture. You can say, “Did you see this movie? No? Well, it’s really cyberpunk.” Or, “Did you see the cyberpunk pants she was wearing last night?”

People know what you’re talking about, but it doesn’t work so well describing human roles in the world today. We’re more complicated. I think one of the things I did in my early fiction, more or less for effect, was to depict worlds where there didn’t really seem to be much government. In “Neuromancer,” for example, there’s no government really on the case of these rogue AI experiments that are being done by billionaires in orbit. If I had been depicting a world in which there were governments and law enforcement, I would have depicted hackers on both sides of the fence.

In “Neuromancer,” I don’t think there’s any evidence of anybody who has any parents. It’s kind of a very adolescent book that way.

In “The Peripheral,” governments are involved on both sides of the book’s central conflict. Is that a sign that you’ve matured as a writer? Or are you reflecting changes in how governments operate?

I hope it’s both. This book probably has, for whatever reason, more of my own, I guess I could now call it adult, understanding of how things work. Which, I suspect, is as it should be. People in this book live under governments, for better or worse, and have parents, for better or worse.

In 1993, you wrote an influential article about Singapore for Wired magazine, in which you wondered whether the arrival of new information technology would make the country more free, or whether Singapore would prove that “it is possible to flourish through the active repression of free expression.” With two decades of perspective, do you feel like this question has been answered?

Well, I don’t know, actually. The question was, when I asked it, naive. I may have posed innocently a false dichotomy, because some days when you’re looking out at the Internet both things are possible simultaneously, in the same place.

So what do you think is a better way to phrase that question today? Or what would have been a better way to phrase it in 1993?

I think you would end with something like “or is this just the new normal?”

Is there anything about “the new normal” in particular that surprises you? What about the Internet today would you have been least likely to foresee?

It’s incredible, the ubiquity. I definitely didn’t foresee the extent to which we would all be connected almost all of the time without needing to be plugged in.

That makes me think of “Neuromancer,” in which the characters are always having to track down a physical jack, which they then use to plug themselves into this hyper-futuristic Internet.

Yes. It’s funny, when the book was first published, when it was just out — and it was not a big deal the first little while it was out, it was just another paperback original — I went to a science fiction convention. There were guys there who were, by the standards of 1984, far more computer-literate than I was. And they very cheerfully told me that I got it completely wrong, and I knew nothing. They kept saying over and over, “There’s never going to be enough bandwidth, you don’t understand. This could never happen.”

So, you know, here I am, this many years later with this little tiny flat thing in my hand that’s got more bandwidth than those guys thought was possible for a personal device to ever have, and the book is still resonant for at least some new readers, even though it’s increasingly hung with the inevitable obsolescence of having been first published in 1984. Now it’s not really in the pale, but in the broader outline.

You wrote “Neuromancer” on a 1927 Hermes typewriter. In an essay of yours from the mid-1990s, you specifically mention choosing not to use email. Does being a bit removed from digital culture help you critique it better? Or do you feel that you’re immersed in that culture, now?

I no longer have the luxury of being as removed from it as I was then. I was waiting for it to come to me. When I wrote [about staying off email], there was a learning curve involved in using email, a few years prior to the Web.

As soon as the Web arrived, I was there, because there was no learning curve. The interface had been civilized, and I’ve basically been there ever since. But I think I actually have a funny kind of advantage, in that I’m not generationally of [the Web]. Just being able to remember the world before it, some of the perspectives are quite interesting.

Drones and 3-D printing play major roles in “The Peripheral,” but social networks, for the most part, are obsolete in the book’s fictional future. How do you choose which technological trends to amplify in your writing, and which to ignore?

It’s mostly a matter of which ones I find most interesting at the time of writing. And the absence of social media in both those futures probably has more to do with my own lack of interest in that. It would mean a relatively enormous amount of work to incorporate social media into both those worlds, because it would all have to be invented and extrapolated.

Your three most recent novels, before “The Peripheral,” take place in some version of the present. You’re now returning to the future, which is where you started out as a writer in the 1980s. Futuristic sci-fi often feels more like cultural criticism of the present than an exercise in prediction. What is it about the future that helps us reflect on the contemporary world?

When I began to write science fiction, I already assumed that science fiction about the future is only ostensibly written about the future, that it’s really made of the present. Science fiction has wound up with a really good cultural toolkit — an unexpectedly good cultural toolkit — for taking apart the present and theorizing on how it works, in the guise of presenting an imagined future.

The three previous books were basically written to find out whether or not I could use the toolkit that I’d acquired writing fictions about imaginary futures on the present, but use it for more overtly naturalistic purposes. I have no idea at this point whether my next book will be set in an imaginary future or the contemporary present or the past.

Do you feel as if sci-fi has actually helped dictate the future? I was speaking with a friend earlier about this, and he phrased the question well: Did a book like “Neuromancer” predict the future, or did it establish a dress code for it? In other words, did it describe a future that people then tried to live out?

I think that the two halves of that are in some kind of symbiotic relationship with one another. Science fiction ostensibly tries to predict the future. And the people who wind up making the future sometimes did what they did because they read a piece of science fiction. “Dress code” is an interesting way to put it. It’s more like … it’s more like attitude, really. What will our attitude be toward the future when the future is the present? And that’s actually much more difficult to correctly predict than what sort of personal devices people will be carrying.

How do you think that attitude has changed since you started writing? Could you describe the attitude of our current moment?

The day the Apple Watch was launched, late in the day someone on Twitter announced that it was already over. They cited some subject, they linked to something, indicating that our moment of giddy future shock was now over. There’s just some sort of endless now, now.

Could you go into that a little bit more, what you mean by an “endless now”?

Fifty years ago, I think now was longer. I think that the cultural and individual concept of the present moment was a year, or two, or six months. It wasn’t measured in clicks. Concepts of the world and of the self couldn’t change as instantly or in some cases as constantly. And I think that has resulted in there being a now that’s so short that in a sense it’s as though it’s eternal. We’re just always in the moment.

And it takes something really horrible, like some terrible, gripping disaster, to lift us out of that, or some kind of extra-strong sense of outrage, which we know that we share with millions of other people. Unfortunately, those are the things that really perk us up. This is where we get perked up, perked up for longer than for over a new iPhone, say.

The worlds that you imagine are enchanting, but they also tend to be pretty grim. Is it possible to write good sci-fi that doesn’t have some sort of dystopian edge?

I don’t know. It wouldn’t occur to me to try. The world today, considered in its totality, has a considerable dystopian edge. Perhaps that’s always been true.

I often work in a form of literature that is inherently fantastic. But at the same time that I’m doing that, I’ve always shared concerns with more naturalistic forms of writing. I generally try to make my characters emotionally realistic. I do now, at least; I can’t say I always have done that. And I want the imaginary world they live in and the imaginary problems that they have to reflect the real world, and to some extent real problems that real people are having.

It’s difficult for me to imagine a character in a work of contemporary fiction who wouldn’t have any concerns with the more dystopian elements of contemporary reality. I can imagine one, but she’d be a weird … she’d be a strange character. Maybe some kind of monster. Totally narcissistic.

What makes this character monstrous? The narcissism?

Well, yeah, someone sufficiently self-involved. It doesn’t require anything like the more clinical forms of narcissism. But someone who’s sufficiently self-involved as to just not be bothered with the big bad things that are happening in the world, or the bad things — regular-size bad things — that are happening to one’s neighbors. There certainly are people like that out there. The Internet is full of them. I see them every day.

You were raised in the South, and you live in Vancouver, but, like Philip K. Dick, you’ve set some of your most famous work in San Francisco. What is the appeal of the city for technological dreamers? And how does the Silicon Valley of today fit into that Bay Area ethos?

I’m very curious to go back to San Francisco while on tour for this book, because it’s been a few years since I’ve been there, and it was quite a few years before that when I wrote about San Francisco in my second series of books.

I think one of the reasons I chose it was that it was a place that I would get to fairly frequently, so it would stay fresh in memory, but it also seemed kind of out of the loop. It was kind of an easy canvas for me, an easier canvas to set a future in than Los Angeles. It seemed to have fewer moving parts. And that’s obviously no longer the case, but I really know contemporary San Francisco now more by word of mouth than I do from first-person experience. I really think it sounds like a genuinely new iteration of San Francisco.

Do you think that Google and Facebook and this Silicon Valley culture are the heirs to the Internet that you so presciently imagined in the 1980s? Or do they feel like they’ve taken the Web in different directions than what you expected?

Generally it went it directions that didn’t occur to me. It seems to me now that if I had been a very different kind of novelist, I would have been more likely to foresee something like Facebook. But you know, if you try to imagine that somebody in 1982 writes this novel that totally and accurately predicted what it would be like to be on Facebook, and then tried to get it published? I don’t know if you would be able to get it published. Because how exciting is that, or what kind of crime story could you set there?

Without even knowing it, I was limited by the kind of fiction of the imaginary future that I was trying to write. I could use detective gangster stories, and there is a real world of the Internet that’s like that, you know? Very much like that. Although the crimes are so different. The ace Russian hacker mobs are not necessarily crashing into the global corporations. They’re stealing your Home Depot information. If I’d put that as an exploit in “Neuromancer,” nobody would have gotten it. Although it would have made me seem very, very prescient.

You’ve written often and eloquently about cults of celebrity and the surrealness of fame. By this point you’re pretty famous yourself. Has writing about fame changed the way you experience it? Does experiencing fame change the way you write about it?

Writers in our society, even today, have a fairly homeopathic level of celebrity compared to actors and really popular musicians, or Kardashians. I think in [my 1993 novel] “Virtual Light,” I sort of predicted Kardashian. Or there’s an implied celebrity industry in that book that’s very much like that. You become famous just for being famous. And you can keep it rolling.

But writers, not so much. Writers get just a little bit of it on a day-to-day basis. Writers are in an interesting place in our society to observe how that works, because we can be sort of famous, but not really famous. Partly I’d written about fame because I’d seen little bits of it, but the bigger reason is the extent to which it seems that celebrity is the essential postmodern product, and the essential post-industrial product. The so-called developed world pioneered it. So it’s sort of inherently in my ballpark. It would be weird if it wasn’t there.

You have this reputation of being something of a Cassandra. I don’t want to put you on the spot and ask for predictions. But I’m curious: For people who are trying to understand technological trends, and social trends, where do you recommend they look? What should they be observing?

I think the best advice I’ve ever heard on that was from Samuel R. Delany, the great American writer. He said, “If you want to know how something works, look at one that’s broken.” I encountered that remark of his before I began writing, and it’s one of my fridge magnets for writing.

Anything I make, and anything I’m describing in terms of its workings — even if I were a non-literary futuristic writer of some kind — I think that statement would be very resonant for me. Looking at the broken ones will tell you more about what the thing actually does than looking at one that’s perfectly functioning, because then you’re only seeing the surface, and you’re only seeing what its makers want you to see. If you want to understand social media, look at troubled social media. Or maybe failed social media, things like that.

Do you think that’s partly why so much science fiction is crime fiction, too?

Yeah, it might be. Crime fiction gives the author the excuse to have a protagonist who gets her nose into everything and goes where she’s not supposed to go and asks questions that will generate answers that the author wants the reader to see. It’s a handy combination. Detective fiction is in large part related to literary naturalism, and literary naturalism was a quite a radical concept that posed that you could use the novel to explore existing elements of society which had previously been forbidden, like the distribution of capital and class, and what sex really was. Those were all naturalistic concerns. They also yielded to detective fiction. Detective fiction and science fiction are an ideal cocktail, in my opinion.

 

http://www.salon.com/2014/11/09/william_gibson_i_never_imagined_facebook/?source=newsletter

AT&T and Verizon use “supercookies” to track users’ online activities

http://cnet3.cbsistatic.com/hub/i/2011/02/02/2d623373-f0f7-11e2-8c7c-d4ae52e62bcc/2763f6f7be4174cdfe8e6ec7deb63b30/attverizoniphonescompared.jpg

By Thomas Gaist
7 November 2014

Telecommunications corporations Verizon and AT&T automatically monitor and record all Internet activity by users accessing their cellular data networks, according to reports published this week by the Washington Post and privacy groups. The tracking system has been referred to as a “supercookie” because it is nearly impossible for users to disable it.

AT&T and Verizon secretly tracked internet activity by more than 100 million customers using the “supercookie” system, according to figures cited by the Washington Post. All users accessing AT&T and Verizon networks are subject to tracking and logging of their Internet browsing, regardless of whether they are customers with AT&T or Verizon, the Post reported.

Corporate and government clients are not subject to tracking with the “supercookie,” according to assurances given by Verizon.

The X-UID supercookie, which Verizon says was first activated in November 2012, allows Verizon and AT&T to keep a record of every single website a user visits, even when the user has enabled common security features such as “Private Browsing” mode or is using encryption technology.

Privacy groups note that data collected by the companies can easily be transferred to the NSA and other state surveillance agencies, and that even more advanced data tracking software is currently in development.

In 2012, Verizon launched Precision Market Insights (PMI), a subsidiary firm that sells information to marketing companies to tailor their advertising strategies based on Verizon customers’ Internet use patterns. PMI’s official literature touts the “PrecisionID” system, described as “an anonymous unique device identifier, which can be used to reach the right audiences on mobile through demographic, interest and geographic targeting.”

While the company maintains secrecy about its PMI operations, previous comments from top executives make clear the eagerness of Verizon’s corporate leadership to profit by spying on its customers.

“We realized we had a latent asset. We have information about how customers are using their mobile phones,” PMI vice president Colson Hillier told FierceMobileIT in October 2012.

Changes to Verizon’s privacy policy in 2011-12, enabled PMI to “take insights from the network … and create a series of tools that companies can use to better understand their consumers,” Hillier said.

“There’s a stampede by the cable companies and wireless carriers to expand data collection,” Jeffry Chester of the Center for Digital Democracy told the Washington Post.

“They all want to outdo Google,” Chester said.

PMI executive Bill Diggins bragged, “We are able to view just everything that they [cell phone users] do,” while speaking to the Paley Center’s “Data to Dollars” media symposium in 2012.

Verizon executive Thomas J. Tauke told a 2008 congressional hearing that Verizon would seek “meaningful, affirmative consent from consumers” before tracking their Internet usage with cookies.

Instead of positive consent, however, all users are subject to tracking by default, according to company sources cited by the Post, and Verizon continues to track and record all web activity even by customers who have “opted out” of the data tracking.

Once the data is collected, advertising companies can still use “de-anonymizing” technologies to identify and use data from customers who opted out, the Post reported.

Taken together with the growing mountain of evidence that the US government surveillance operations benefit from active collaboration with the major technology and communications companies, the latest revelations further show that the US corporate establishment views the privacy and democratic rights of the population with contempt.

Despite the public relations efforts of the companies to distance themselves from the mass surveillance programs run by the US and other governments, the “supercookie” exposures show that the most powerful telecoms are running data mining operations that are easily comparable to those of the government.

Aside from AT&T and Verizon, all of the other major tech and communications companies have been implicated in the US government’s global surveillance operations. Apple, Google, Microsoft, Yahoo, Facebook, AOL, Skype and Youtube all allowed the NSA’s PRISM program to collect e-mails, video and audio recordings, documents, photos, and other forms of data from their central servers, over a period of years, as part of secret agreements signed with the US government.

The NSA’s corporate partners are well compensated for their involvement in the mass spying. The NSA’s Corporate Partner Access Program paid some $280 million to tech companies to access and spy on their “high volume circuit and packet-switched networks” in 2012 alone, Snowden leaks from August 2013 showed.

 

http://www.wsws.org/en/articles/2014/11/07/supe-n07.html

Follow

Get every new post delivered to your Inbox.

Join 1,627 other followers