[Cryptography] A different explanation of the Snowden documents

Mark Seiden mis at seiden.com
Tue Oct 22 22:25:00 EDT 2013 

your impression is an astute one, i think.  

Though with no personal experience with the NSA, some years ago i was on a National Academies
study board of IT modernization at the FBI, and repeatedly observed similar middle management reality distortions
supermodulated on top of the reality distortion field inside the J Edgar Hoover Building and that inside the Beltway.

(at one point, after a middle manager presented to us, I said out loud, "Does anyone else have the feeling they're
being lied to?" and the whole room (full of much more experienced people than I) cracked up, and then patiently 
explained to me how this form of pervasive corruption works, when only cheerful news can be sent up or down the 
management chain.).

I then recalled when George Radin (credited as the inventor of RISC) gave a talk in maybe 1983 on the 
history of IBM's FS project.  George was an IBM fellow. 
He had been the lead architect and development manager at IBM of the FS project, which was supposed to be
the technology that would follow the IBM 370 (and had vast overruns in time and cost, finally being killed around 1975).
George admitted that the had lied both up and down the management chain, telling his worker-bees that they had management
commitment for enough time/money to finish the project and simultaneously telling management that it could be done in less time than his worker-bees
(and his own) best estimate.  If he hadn't done that, he said, the project would have never been started in the first place, and it had to be done.

(more info including a cartoon on the subject at http://www.jfsowa.com/computer/  )

To return to the smaller question at hand:

The Prism slide (the one that says "you must use both" Prism and the fiber sniffing systems) sets off the crap detectors of several others I've talked with also.

i am still of the belief that the only thing Prism could be is a compliance management workflow system, for presenting 
legal demands to the various NSPs and collecting their responses more uniformly and efficiently than previously.

Nothing else in government could cost as little as $26M/year.

and all of those companies (one of whom i worked for) would not have so quickly and quietly rolled over and agreed 
to any such thing unless it simply mechanized something they already do, saved them money and was no less legal 
than the old and inefficient way of processing govt demands for records.

I also am certain that several forms of the kinds of data which are all listed on the prism slide as "available" are not uniformly available for all
NSPs, and certainly not for all users and all traffic sent in the past.  in particular, i can think of no business reason why an NSP who did not 
supply to their users any form of video and audio instant messaging logging would engineer such a facility and retain user traffic simply to 
make it available to law enforcement just in case they were interested in a particular user's activities.   The business would reject such logging 
simply based on the cost of disk space involved.

(I am not saying it's technically impossible or that they wouldn't do what was feasible, but only under a Title III wiretap order signed by a 
judge pertaining to an individual named user).


On Oct 22, 2013, at 3:34 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:

> We have all seen what happens when an organization have a clear set of priorities, a set of aggressive metrics used to evaluate progress and an 'up or out' culture: The middle managers massage the figures to meet the metrics.
> 
> So China might be going through an economic boom or a bust but the official figures won't show the difference because they bear no relation to reality. Are the leaked NSA documents possibly the result of the same cultural effect?
> 
> 
> I am specifically thinking of claims like the purported vulnerabilities introduced into security specs. So far we have detected the NIST random number generator but that was spotted at the time. There are a few areas where DoD contractors have dominated IETF process but the result has not been to block changes to the standard, the standards have instead been set outside IETF process.
> 
> So I see the following possibilities
> 
> 1) The NSA documents are genuine
> 
> 2) The NSA documents are a hoax
> 
> 3)  The NSA documents are the result of structural self delusion. 
> 
> I discount 2 and at least some documents are describing real programs. But I am starting to think that some of the programs maybe work about as well as that missile defense scheme they have never tested without fudging the result so it succeeds.
> 
> 
> Imagine you are a Major in the NSA and Alexander has taken over and the only way he knows to win a war is to destroy the opposition (rather than not start it). You have ten years of working constructively with the IETF etc. to improve the security of Internet standards. How do you present your work?
> 
> -- 
> Website: http://hallambaker.com/
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list