{"id":6050,"date":"2014-07-15T05:30:47","date_gmt":"2014-07-15T12:30:47","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=6050"},"modified":"2020-04-21T14:38:30","modified_gmt":"2020-04-21T21:38:30","slug":"cybersecurity-canon-place-hide-part-1","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2014\/07\/cybersecurity-canon-place-hide-part-1\/","title":{"rendered":"The Cybersecurity Canon: No Place to Hide (Part 1)"},"content":{"rendered":"

\"cybersec<\/span><\/div><\/a><\/p>\n

For the past decade, I have held the notion that the security industry needs a Cybersecurity Canon:<\/a> a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional\u2019s education.<\/em><\/p>\n

If you\u2019d like to hear more about my Cybersecurity Canon idea, take a look at the presentations I made at this year\u2019s RSA Conference<\/a> and at Ignite 2014<\/a>. As always, I love a good argument, so feel free to let me know what you think.<\/em><\/p>\n

No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State (2014)<\/strong> by Glenn Greenwald<\/p>\n

There\u2019s much to talk about with many arguments to consider so we\u2019re going to spend a bit more time with this book. Check back tomorrow for Part 2.<\/em><\/p>\n

Glenn Greenwald and other journalists began releasing a seemingly endless supply of classified U.S. government documents to the public in summer 2013. Those documents describe just how deep the rabbit hole goes<\/a> in terms of U.S. government surveillance of its own citizens and allies and in terms of potential threats to the U.S. government.<\/p>\n

Ever since, politicians, military leaders, and talk show pundits alike have attempted to characterize Edward Snowden\u2014the man who stole the documents from the NSA and released them to the journalists\u2014in an unfavorable light. They say he is a traitor<\/a>. They say he is a coward<\/a>. They say he is a spy<\/a>.They say he is a hacker<\/a>. They say he was just a low-level analyst with no understanding of the impact of what he did<\/a>. They say he was an insider threat<\/a>.<\/p>\n

All of these characterizations, whether true or not, divert the conversation away from the main issue -- the most pressing question that we all, as American citizens, should be asking ourselves: Should the U.S. intelligence community be allowed to spy on U.S. citizens without the benefit of a warrant and without the benefit of a checks-and-balances system managed by a trusted third party? Glenn Greenwald does not think so and wrote No Place to Hide<\/em> to make the case.<\/p>\n

The book is a strange concoction: part expose, part autobiography, and part screed \u201cagainst the man.\u201d Greenwald tries to accomplish many tasks here, and I think because of that, the important messages within it are not as clear as they should be. He tries to set the record straight on the mechanics of how Snowden was able to position himself with two U.S. government contractors\u2014Dell and Booz Allen Hamilton\u2014and as an employee of the NSA and the CIA in order to steal secrets that exposed the U.S. government\u2019s surveillance programs on U.S. citizens. But Greenwald does not provide enough detail to make sense of the story. Readers must seek other sources to fill in the gaps.<\/p>\n

Greenwald attempts to make the case that government-sponsored, unwarranted and secret searches of American citizens are a trespass on the U.S. Constitution and America\u2019s notions on privacy rights. But his argument is fuzzy. Everything Greenwald says is absolutely true, but the way he says so is not convincing. If you want a concise and elegant explanation why this is an issue that everyone should be concerned about, not just U.S. citizens but all citizens from around the world, watch Stephen Fry\u2019s short video on the subject<\/a>.<\/p>\n

Greenwald also launches an attack on the Fourth Estate, claiming that journalism has completely failed in its presumed adversarial role against the government and has not monitored and checked abuse of state power. He loses his credibility because instead of writing about the story, he is writing about himself in the story. It comes across as whiny.<\/p>\n

That said, this is an important book. Greenwald puts constant pressure on the American political establishment in order to challenge the need for such invasive programs \u2013 he keeps us talking about it. And I believe we all must continue to talk about it. Just because No Place to Hide<\/em> is not as clear as it could or should be does not mean that it does not have value.<\/p>\n

This debate about how intrusive the U.S. intelligence community can be on American citizens, on American allies, and on potential American threats and about what the American political leadership decides to do about it will impact the character of the country forever. We have to get this right.<\/p>\n

The Law<\/h3>\n

In order to understand the significance of the situation, we have to start with the Founding Fathers. In Greenwald\u2019s interpretation, they passed the Fourth Amendment because of their experience with the British before and during the American Revolution. The Founders agreed that it was acceptable for a government to search individual citizens if it had probable cause of wrongdoing and produced a warrant approved by a judge attesting to the fact, but they viewed the practice of a government using a general warrant to make the entire citizenry subject to indiscriminate searches as inherently unacceptable.<\/p>\n

The language in the Fourth Amendment to the U.S. Constitution is simple, elegant and clear. It is part of our Bill of Rights, and we fought a revolution to get it:<\/p>\n

\u201cThe right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.\u201d<\/em><\/p>\n

According to Greenwald,<\/p>\n

\u201cIt was intended, above all, to abolish forever in America the power of the government to subject its citizens to generalized, suspicionless surveillance.\u201d<\/em><\/p>\n

Greenwald quotes U.S. Supreme Court Justice Louis Brandeis, in the seminal 1890 Harvard Law Review<\/em> article \u201cThe Right to Privacy,\u201d to make his point:<\/p>\n

\u201c[R]obbing someone of their privacy was a crime of a deeply different nature than the theft of a material belonging.\u201d<\/em><\/p>\n

After 9\/11, Americans were afraid and rightfully so. More than 3,200 citizens died in a scant two hours due to the results of a well-executed, surprise, terrorist attack the likes of which had never been seen before on American soil.<\/p>\n

The US\u2019s reaction was immediate. Not even a month later, President Bush signed a Presidential Directive called the Presidential Surveillance Program that granted an unprecedented amount of surveillance powers to the NSA, in pursuit of terrorist activities, that allowed bulk collection of metadata from U.S. citizens.<\/a> Shortly after, the U.S. Congress passed the Patriot Act that essentially made President Bush\u2019s Directive the law of the land<\/a>.<\/p>\n

Section 215 of this act was the first legislation that authorized metadata collection. The Patriot Act also authorized the FBI to compel Internet service providers, credit card companies, and phone companies via a national security letter (NSL) to provide information relevant to a counterterrorism or counterintelligence investigation. They could also impose gag orders<\/a> to prohibit NSL recipients from disclosing that they received the NSL. This change eliminated the former law enforcement restriction of collecting intelligence<\/a> on only a foreign power without a warrant.<\/p>\n

According to Greenwald,<\/p>\n

\u201cWhat made the Patriot Act so controversial when it was enacted in the wake of the 9\/11 attack was that Section 215 lowered the standard the government needed to meet in order to obtain \u201cbusiness records,\u201d from \u201cprobable cause\u201d to \u201crelevance.\u201d This meant that the Federal Bureau of Investigation, in order to obtain highly sensitive and invasive documents\u2014such as medical histories, banking transactions, or phone records\u2014needed to demonstrate only that those documents were \u201crelevant\u201d to a pending investigation.\u201d<\/em><\/p>\n

In the mid-1970s, America clamped down on the intelligence community after scandals regarding CIA assassination plots and other abuses emerged in the public. But as these things normally do over time, the Patriot Act caused the pendulum to swing in the opposite direction in regard to how much leeway America wanted to give its intelligence community. We had taken almost all of the safeguards off of the intelligence community and told them to never let another 9\/11 happen again.<\/p>\n

What We Learned from the Leaks<\/h3>\n

According to Greenwald,<\/p>\n

\u201cSnowden\u2019s files indisputably laid bare a complex web of surveillance aimed at Americans (who are explicitly beyond the NSA\u2019s mission) and non-Americans alike. \u2026Taken in its entirety, the Snowden archive led to an ultimately simple conclusion: the US government had built a system that has as its goal the complete elimination of electronic privacy worldwide.\u201d<\/em><\/p>\n

I think the biggest revelation about the Snowden leaks was not that the NSA was spying on U.S. citizens, although that was a big one, but that our assumed liberal-minded Internet start-ups were in on the deception. According to classified documents that Snowden stole, the NSA had deals with many of our favorite Internet companies to collect information directly from their servers pertaining to U.S. citizens, companies like the following:<\/p>\n