Tuesday, January 19, 2016

Thoughts on Eric King interview with Bill Binney & SIA bureaucracies

Eric King, Director of Don't Spy on Us and Deputy Director of Privacy International, recently interviewed former Technical Director at the NSA, Bill Binney, following the latter's testimony before the Joint Committee on the Draft Investigatory Powers Bill.

The interview is available in 3 parts on YouTube and embedded below.

Binney is very clear in his belief that mass surveillance costs lives. He is also clear on the need for targeted, judicially supervised, necessary and proportionate surveillance.

The thing that strikes you about Binney and other life long intelligence careerists turned whistleblowers like Thomas Drake, is the absolute commitment they had to their craft, preserving, protecting and defending the US Constitution. Binney spent over 30 years with the NSA. Drake had a long career in military intelligence, the CIA, private contractor intelligence and finally the NSA.

Now there are discussions to be had about the activities, efficacy and adherence to constitutional, ethical and/or other nominal constraints of their respective employers during their careers. Both men, however, believed themselves to be working for institutions concerned fundamentally with operating within and protecting the Constitution.

We know that large organisations are subject to regime change. Regime change can and repeatedly does put even the core structural principles and values of any institution in jeopardy. Institutional memory fades and anything can be sacrificed to the agenda of the realpolitik of the new crew at top table.

Binney and Drake will have seen many internal organisational regime changes during their lives. They absorbed the associated slings and arrows and, it seems, for most of that period maintained the capacity to do their jobs to their own satisfaction. Around the turn of the century, though and after the 9/11 attacks, that changed. Both consider the power brokers within the NSA and other agencies took advantage of the times to throw off any and all historic constitutional leashes and committed their agencies wholesale to mass surveillance.

Admiral Poindexter, as the Director of the Defense Advanced Research Projects Agency (DARPA) Information Awareness Office (IAO), brought his Total Information Awareness programme to Congress where even the congress-critters eventually rejected it. Yet the intelligence agencies went ahead and essentially built and operated the infrastructure of mass surveillance in secret anyway.

When the NSA, both considered, ditched the Constitution and engaged in waste, fraud and crime on an industrial scale, to a degree neither could stomach any longer, Binney retired in 2001 and Drake resigned in 2008. Drake went on record in 2011 to suggest the agencies' activities had outstripped the criminality of former president Richard Nixon.  Both were subsequently pursued by federal authorities with criminal investigations relating to their whistleblowing. Binney wasn't charged but Drake faced a long stretch in prison before all the serious charges against him were finally dropped in 2011.

When asked why the agencies and the UK's GCHQ insist that bulk collection of communications data is so essential to their operations, Binney has a simple answer - power, control and money. Eric King puts to him that the military industrial complex is perhaps not so well established in the UK as the US, so it seems reasonable to ask why GCHQ would be so insistent about the importance of their continuance of bulk communications data collection and retention for target development.

Without bulk collection, the argument goes, they can't find new threats. Binney insists this is "absolutely false." They never start with an empty slate. If they take a targeted approach instead, they can define rules of association round social networks and associated zones of suspicion.

General Alexander of the NSA said we want to "collect it all". So he commits the agencies to gathering more and more data every year and therefore the government to the non-audited and unlimited ongoing funding of same. It means an ever increasing budget for any agency involved in such activities, including for GCHQ. So that, asserts Binney, is their motive for mass surveillance.

It's hard to believe any ethical institution would behave in a way - e.g. using mass instead of targeted surveillance - that jeopardises its core functions - e.g. preventing terrorist attacks - and instead devote its energies to protecting and growing the institution.

Yet you don't need to be an expert in management or organisational behaviour, in the writings of Geoffrey Vickers, Russell Ackoff or other systems experts, to know that this is exactly how both public and private sector bureaucracies do behave.

The driving forces in the DNA of every bureaucracy are the twin desires for survival and growth.

When you divide complex, deeply interconnected and interdependent public service systems up into competing quasi-autonomous silos - some bigger and more glamorous than others - and then instruct the leaders of those silos they will be evaluated on the basis of single figure simplistic targets or metrics - e.g. A&E waiting times or police response times - you cannot be surprised when the silos focus on those metrics at the expense of everything else; including the effective operation of the individual silo.

Some bureaucracies are prepared to shrink temporarily if that's what it takes to survive. An IT department, under scrutiny, can cut a third of its employees, thereby cutting nominal costs. But if simultaneously cuts 90% of the services it used to provide to the institution and declines to deal with complex problems because they undermine their "success rate", then the rest of the institution suffers. The IT department might "fix" most of the 10% of simple problems they are prepared to deal with, apparently faster and cheaper than ever before, but the real costs are absorbed by everyone else.

The intelligence agencies are a special kind of bureaucracy, not subject to the same level of scrutiny as other government agencies; and sometimes with a shared interest, with political overseers, in expanding the perceived level of threat. Home Secretaries don't get headlines by claiming all is calm, all is bright. And intelligence agencies don't get money for SIGINT, HUMINT and other activities, effective or not, by reporting we live in the safest era in the history of the west.

There is a lot of political kudos and media exposure to be gained from spreading fear and declaring toughness in the face of it. There is a lot of political kudos in being seen to be "doing something" involving spending a lot of money on security services. It would be naive to think that senior career bureaucrats in the security and intelligence agencies would not be inclined to take advantage of that psychology.

Time and again in the wake of terrorist attacks since and including 9/11, Madrid, 7/7, the murder of Lee Rigby and attacks in Paris last year, we learn of intelligence failures relating to known suspects getting lost in the morass of data and limited front line resources of the agencies. Time and again the "answer" is more extensive powers and more expansive investment in more mass communications surveillance. As Binney says, the agencies have been engaged in mass surveillance since 9/11 and it doesn't work.

In the case of GCHQ, I'm not sure I entirely accept his critique of their motivation being all about power, control and money. But I can see how they would be caught in the perennial affliction of bureaucracies through the ages, relating to survival and growth.

The current Home Secretary is absolutely determined to get the Investigatory Powers Bill on the statute books, thereby codifying most of the SIAs' ongoing communications surveillance activities into law. It would, therefore, be uncharacteristically remiss of the suits in the agencies not to take advantage of the prevailing political winds, to maximise their current and future survival and growth capital. Whether the Investigatory Powers Act, as it will become, will enhance their capability to counter threats to national security is another question entirely, one Mr Binney would presumably answer in the negative.

It does beg the further question, though, what is a 20, 30 or more years career veteran of a hugely valued public service institution to do, when said institution rejects and ejects the fundamental values and principles which underpinned its operations from inception?

Binney and Drake resigned and went public, at significant personal cost. Martin Luther King Jr might have approved, as he noted -
"Our lives begin to end the day we become silent about things that matter"
So, whether you stay and fight for what's important, lay low until you can tap the next regime change for a re-establishment of the foundational values (though when bad institutional behaviour becomes normalised it is notoriously difficult to change) or accept the institution is irrevocably damaged and depart for more productive shores, don't be silent.