02-16-2018 12:28:03 PM -0800
01-23-2018 09:55:12 AM -0800
01-18-2018 11:02:22 AM -0800
01-09-2018 01:54:15 PM -0800
12-22-2017 09:40:32 AM -0800
It looks like you've previously blocked notifications. If you'd like to receive them, please update your browser permissions.
Desktop Notifications are  | 
Get instant alerts on your desktop.
Turn on desktop notifications?
Remind me later.

The Flow of Mistrust

One of the conundrums of delegated power is that to be effective, it also has to be capable of potential abuse. Deprive an agent of discretion and the point of hiring him disappears. He may be able to do many things, but not everything he can legally do should be done. Take the question of whether the NSA has too much power. Commenter RWE3  compared it to the USAF's even more awesome power. "The question in reality is not whether the NSA is accessing such data. Of course they have the capability to do so; it's their job. It's like asking if the USAF has the capability to nuke Chicago; if they cannot they better well explain why the hell not."

We grant agents enormous power but on the implicit understanding that they selectively use it.  Andrew McCarthy makes a similar argument. He says the problem with arguing the NSA has too much leeway is that they simply had a larger version of the power granted to every prosecutor. The problem is not with the grant of power, but the abuse of power.

Again, as noted above, usage records for services, like telephone service, to which a customer subscribes do not belong to the subscriber. They are the property of the service provider. As a result, they have never had any Fourth Amendment protection, and they have precious little statutory protection. Again, we on the national security right wanted this legal reality, long ingrained in routine law-enforcement, to be reflected in national security investigations.

When I was a federal prosecutor, if I wanted phone records for an investigation, I wrote a subpoena and had an agent serve it on the relevant phone company. I did not have to go to court. I did not have to make any showing to a judge that the records were relevant, much less that I had probable cause to believe the customer whose records I wanted was suspected of committing a crime....

It has long been the law that grand juries do not have to suspect a crime in order to conduct an investigation; they can investigate, if they wish, just to satisfy themselves that no crime has been committed. As a practical matter, that never happens. Grand juries, agents, and prosecutors are too busy with real crime to conduct witch-hunts....

I could have compelled the production of phone records of countless innocent people. If I did not have a good reason for doing so, it would have been an abuse of my power. But it would not have been a violation of laws that, quite intentionally, allow the executive branch to compel non-privileged records with virtually no oversight. It would mean we’d need a new, more responsible prosecutor, not new laws.

Of course the USAF is not in the business of nuking American cities, even if it could. Though that does not prevent Hollywood from imagining scenarios where the President orders New York destroyed, usually to prevent the Zombie apocalypse from spreading or as a last ditch measure against Space Aliens. But the fact remains that as with a guns anything powerful enough to do the job on enemies can do a job -- on civilians.

One solution to this problem is to remove all sources of danger. This is the logic behind campaigns to create a world without nuclear weapons, wiretapping or guns. And it's had to argue against this in principle, other than to point out that we have been unable to figure out how to do it. The bad guys maddeningly insist on keeping their nukes, China will undoubtedly keep its hackers and the criminals will insist on retaining their guns.  So while we can decree that henceforth the USAF will no longer have nukes, the wisdom of that course is doubtful for as long as Russia, China or Pakistan keep theirs.

Since we can't control things the next best approach is to control people through molding organizational cultures and implementing accountability.  That is the approach of checks and balances and the role played -- until recently -- by culture. It is fairly safe to assume that the generals in charge of the USAF don't spend much time thinking about how to nuke America, and so "as a practical matter" -- to borrow a phrase from McCarthy -- "that never happens".

We have confidence in the USAF culture, which is sometimes referred to as "trust". We trust the gun in the hands of policemen; in the hands of our friends on the firing range. We form trust networks.  In the current debate over surveillance it's useful to ask ourselves, in this instance who do we trust?

Most people who use Google, Facebook or Microsoft self-evidently trust Google, Facebook or Microsoft. If they didn't then they would not have subscribed to or used their services.

The decline in trust must therefore be attributed to the introduction into the trust network of an untrusted party. In the original web of trust we are "Friends of Google" or Facebook, or Microsoft as the case may be.

The NSA in this case is a FOAF; a "friend of a friend".  They are not our friends. They are Google's -- as mandated by the Patriot Act -- or not, as I am unqualified to interpret the law. The problem lies with Transitivity. "In situations where A trusts B and B trusts C, transitivity concerns the extent to which A trusts C." Since we don't trust the NSA to the extent that perhaps Google does, our trust of Google doesn't carry over completely to the NSA. It is less than complete and therefore the overall trust metric declines. Like a convoy that travels at the speed of the slowest ship, the trust network is only as strong as the node that we trust the least.

In a pretty fundamental way the question is not whether you "trust Google" -- you already did -- but whether you trust Obama. And even if you did trust Obama, would you trust his successor and the one after his successor? In general, do you trust the FOAF?

There is one final wrinkle in this problem. The FOAF is no ordinary "friend". He is a sovereign; a person with vast power over you. Can you really be "friends" with such an entity or should the friendship have special and limited properties?

It is important to grasp this argument in crafting a solution to the current crisis of trust. You cannot fix the problem of trust by purely technical means; by limiting the fix internally to Google, Facebook or Microsoft. The contagion comes from elsewhere. What you do not trust -- not completely anyway -- is the new entrant into the trust network.

Therefore the solution to the problem can only take two basic forms 1) either you sever the network connection to the FOAF or 2) you make the FOAF accountable by insisting on an organizational culture of integrity and making it subject to oversight or some other form of review.  In other words, you either remove the power or make those who exercise it accountable. Some combination of the two can doubtless be conceived, but basically those are the variables in play.

For this reason the current crisis of trust in tech cannot be dispelled without resort to a political solution, just as the question of trusting the USAF with nukes cannot be severed from the question of whether those in charge of the Air Force daily dream of nuking America or not. The Administration is part of the problem. Though they pretend it is not, the quality of their character is relevant. In fact, the doubts over that quality are the central element in this crisis of trust. It spreading the contagion of mistrust into the system. The vector of doubt doesn't go from Tech to the Administration. It goes from the Administration to Tech.

The Three Conjectures at Amazon Kindle for $1.99

Storming the Castle at Amazon Kindle for $3.99

No Way In at Amazon Kindle $8.95, print $9.99

Tip Jar or Subscribe or Unsubscribe