
Why aren’t there any technologists on the NSA review panel? - Libertatea
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/28/why-arent-there-any-technologists-on-the-nsa-review-panel/?tid=rssfeed
======
rayiner
Because Obama doesn't see this as a technology issue. It's a security versus
legal rights issue. Technology is involved merely incidentally. Hence a panel
that involves two intelligence people (Morell and Clarke), and three law
professors (Sunstein, Swire, and Stone).

The professors aren't ideologically diverse, but they're hardly intelligence
community insiders like the article is trying to make them out to be. Swire
was Chief Counselor for Privacy in the OMB under Clinton. Stone writes a lot
on subjects like preserving free speech rights during wartime. None of these
guys are anarcho-libertarians, but they're not John Woo "security first" guys
either. They pretty much represent the views of the "mainstream left."

Hypothesis: what people want is not someone who knows "how to run a packet
sniffer." There is nothing complicated about the underlying technology that
can't be explained adequately to a bunch of intelligent people. What people
are really mad about is the lack of any representation of the political views
of technologists: people who put a very high ideological priority on free
information and protecting communications online. Because _that_ is the thing
you can't explain in a whitepaper.

~~~
TomJoad
"There is nothing complicated about the underlying technology that can't be
explained adequately to a bunch of intelligent people."

Assuming the underlying technology and it's implications are explained
adequately at all. We already know how they try to explain metadata, so how
are they going to explain the stuff we still don't know about?

~~~
rayiner
Metadata is actually a good example. I'd bet that everyone on that panel
understands perfectly well what metadata is and is not. The relevant part of
the metadata issue isn't technical, it's legal: can it be protected by the 4th
amendment, when it's sitting on AT&T's servers? What sophisticated technical
understanding is needed to answer this question? Indeed, arguably better
technical understanding undermines the argument for protecting it. When you
understand that the metadata is something that's generated by AT&T and not you
or your phone, that's less of an argument for protecting it.

------
junto

      Why aren’t there any technologists on the NSA review panel? 
    

Because they might ask sane questions of course.

------
revelation
Because the review panel is a joke.

First, they wanted Clapper to do the independent review. [1] This is the man
that openly lied to congress and remains scott-free to this day.

Next they picked Michael Morell. [2] This dude was the acting director for the
CIA until March of this very year. Clearly he has the capacity to conduct an
independent review of his NSA buddies.

Joining this luminary will be Cass Sunstein [3], author of such classics like
"Democracy and the Problem of Free Speech", and the person who proposed the
government should infiltrate what he deems "conspiracy theory groups":

 _However, our main policy idea is that government should engage in cognitive
infiltration of the groups that produce conspiracy theories_ [4, page 14]

Supporting these brains is Richard Clarke, who built his personal career on
pushing the "war on terror" after 9/11\. He also recently added "cyberwar" to
his extensive portfolio of things he has absolutely no clue of. His views on
privacy protections and large scale surveillance are well known:

 _If given the proper authorization, the United States government could stop
files in the process of being stolen from getting to the Chinese hackers. If
government agencies were authorized to create a major program to grab stolen
data leaving the country, they could drastically reduce today’s wholesale
theft of American corporate secrets._ [5]

(It doesn't take a genius to realize this is the proposal of a person that
probably doesn't even have internet access.)

Of course, all of these people work in some capacity for the Obama
administration. It didn't even occur to the government morons running this
show that maybe, just maybe, they should not pick people with an obvious and
direct conflict of interest. They don't even bother to give the impression of
caring.

[1]:
[https://www.techdirt.com/articles/20130812/13512624147/presi...](https://www.techdirt.com/articles/20130812/13512624147/president-
asks-confessed-liar-to-congerss-james-clapper-to-set-up-independent-review-
committee-over-nsa-surveillance.shtml)

[2]: [http://abcnews.go.com/blogs/politics/2013/08/white-house-
pic...](http://abcnews.go.com/blogs/politics/2013/08/white-house-picks-panel-
to-review-nsa-programs/)

[3]:
[http://en.wikipedia.org/wiki/Cass_Sunstein](http://en.wikipedia.org/wiki/Cass_Sunstein)

[4]:
[http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1084585](http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1084585)

[5]: [http://www.nytimes.com/2012/04/03/opinion/how-china-
steals-o...](http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-
secrets.html)

~~~
tptacek
Cass Sunstein is among the most famous living constitutional law scholars.

Richard Clarke built his post-government career (after being the most senior
counterterrorism official in the Clinton administration) as a critic of the
way the "war on terror" had been prosecuted, and has been working on
"cyberwar" subjects for over a decade.

I don't like Clarke much and I don't agree with everything Cass Sunstein
proposes but your dismissive tone harms your argument.

~~~
Amadou
_Cass Sunstein is among the most famous living constitutional law scholars._

Obama himself graduated magna cum laude with a masters degree in law from
Harvard and then lectured on constitutional law for 12 years at the University
of Chicago Law School. Expertise in constitutional law doesn't necessarily
translate to skepticism here. The constitution is not a moral authority on
privacy.

 _Richard Clarke_

He wrote an interesting op-ed before he was named to this committee. It
appears to be critical of the NSA's operation, but a closer reading suggests
his problem is about the degree, he's fine with massive record keeping, he
just wants it in the hands of the telcos.

[http://www.nydailynews.com/opinion/worry-nsa-
article-1.13697...](http://www.nydailynews.com/opinion/worry-nsa-
article-1.1369705)

~~~
tptacek
Sunstein is a much more highly regarded legal scholar. Obama was a lecturer at
UChicago. Sunstein was a professor. They're not in the same league. Sunstein
is up there with Tribe.

I'm not sure where "moral authority on privacy" enters the picture. The
question is how the program comports with the Constitution and the American
system of governance.

~~~
arjunnarayan
Then why didn't they pick Tribe? The problem isn't that Sunstein doesn't have
the legal chops. The problem is that Sunstein has gone on record (and written
a book) supporting governmental overreach. You're hiring yes-men to do your
"independent review".

~~~
tptacek
This is the "purity test" theory of public policy. It's easy to be the kind of
scholar that Obama (or Bush) can put on any panel; just shut up. Don't write
anything ambitious or controversial.

The idea that Cass Sunstein is a "yes man" for Obama is laughable. If
anything, it's the other way around.

You will also find in the work of _most_ constitutional scholars something to
upset any message board anarcho-libertarian, because very few of them believe
in the black-letter absolutism that anarcho-libertarians choose to evaluate
the Constitution in. You think there's nothing in Tribe's record to argue
with? He's a gun control supporter, for one. You think pundits wouldn't be
calling _him_ an "Obama yes-man"?

~~~
arjunnarayan
You're right. I concede that Cass Sunstein is not the problem on the panel.
And acknowledge the very troubling "shut up and say nothing" outcomes that my
viewpoint has on anyone with any sort of ambition of public office.

But I'm still not convinced that the panel is anywhere near independent given
the rest of the crew such as Morell and Richard Clarke.

~~~
tptacek
I don't think the panel is ideologically independent at all, and rather doubt
such independence was a goal of the panel to begin with. I don't think the
panel is being run for "your" benefit.

(I appreciate how gracious your comment was. Thank you.)

------
drcube
Because the goal isn't an unbiased review, but a stamp of political approval?
Did you really think the government as a whole is self-critical?

Read Feynman's account of being on the Challenger review panel. He was the
token scientist among politicians and PR people, and they tried to steer him
away from doing any actual investigations. They tried to agree, before doing
any investigation into why the shuttle blew up, not to blame NASA and to
indeed give it vote of confidence.

The goal is to deflect blame from the government while making the status quo
look hunky dory. Any actual investigation is counterproductive and I guarantee
it won't actually happen to the NSA. This is a PR campaign, period.

------
noir_lord
Why aren’t there any technologists on the NSA review panel?

Because the last thing the NSA wants on a panel reviewing them is someone
technically competent.

------
tptacek
Because no relevant technologist wants to sit on a panel that is inevitably
going to conclude that some degree of SIGINT will need to impact Google.
They've got to keep working in this industry, after all.

~~~
polymatter
If having a technologist was important, there would be a technologist there.
I'm sure there are many who would accept a position if it was offered. Much
more likely is that it wasn't considered a technology matter at all. The
technology is just there to do what its told after all.

~~~
tptacek
That is, as a matter of fact, true.

------
csmatt
They should just put Snowden on the panel and be done with it :D

------
CWuestefeld
_Having a technologist like Felten on the panel could provide much-needed
insight into the broader technical implications of government surveillance
practices. For example, the National Security Agency (NSA) has claimed a data
collection practice later ruled unconstitutional by the Foreign Intelligence
Surveillance Act (FISA) Court was the result of a complex technical problem
rather than an overreach by the NSA during a press call. Someone with
technical training would be well-positioned to evaluate the technical merits
of this claim._

When the government is doing something bad, it's not relevant whether it came
from technical problems rather than cultural.

All we need to know is that the government has been doing something bad. The
evidence that this has occurred, _for any reason_ , should be sufficient to
shut it down.

------
frank_boyd
Why are we even mentioning a "NSA review panel"?

Stating the obvious: This panel is not about solving the issue at hand.

Another example: Was anyone really satisfied with the "9/11 commission"?

~~~
mcherm
> Was anyone really satisfied with the "9/11 commission"?

Actually, that commission produced a number of recommendations
([http://govinfo.library.unt.edu/911/report/index.htm](http://govinfo.library.unt.edu/911/report/index.htm))
which were welcomed by many in Congress and some of which were actually
implemented. They included such issues as requiring government security
agencies to share data with each other and reorganizing the reporting
structure to ensure that would happen.

The analogy fails in this case though, because the 9/11 commission was
independent and had members from various backgrounds.

------
mhurron
Ignoring the 'they won't do anything so it doesn't matter who is on it' part
of things -

> review government surveillance policies

Because they're not needed to review policy. You honestly don't need to
understand technology, and therefore don't need a technology expert, for most
things that happen in the world.

Do you expect a technology expert on a medical review board? The doctor is
after all going to be using technology ...

~~~
msandford
Let's say that I work at a bank and that the bank policy is to put all the
money in the vault and as a result, the money will not be stolen. Then one
day, the money is stolen.

Turns out that the reason the money was stolen is because the vault has no
door. Just because the bank has a "money in the vault can't be stolen" policy
on paper doesn't cause that vision of how the world SHOULD be to become
REALITY. In order to winnow out the truth in this situation the review panel
would need to have someone who knows something about security and vault
construction on it. Also who perhaps would be allowed to inspect said vault to
verify it's intact.

This is 100% analogous to the NSA review panel as all the folks in government
are crowing about how it's policy that you can't look at such-and-such without
a reason, but in fact there's no technological enforcement of said policy.
Analysts can look at whatever they want provided that they give (type into a
text field) some kind of ostensible reason, but that reason is only for
auditing purposes. A bad reason typed into a field doesn't prevent the search
as there's no review of said reason prior to the search running.

It's a bank vault with a door where the "lock" is a "sign in, sign out" sheet
taped to the wall near the handle. And no security guard ensuring that people
do in fact sign in and sign out. And definitely not checking to see that the
money everyone's leaving with is in fact for the regular operations of the
bank and not for their own personal gain.

~~~
mhurron
Those are handled by reports via required experts. Or did you also need an
architect on the policy board because it involved a building? They probably
plan to print the policy out, I guess we need the engineer who designed the
printer on the board as well.

Just because it uses something does not mean a subject matter expert on that
thing needs to be involved in every part of the policy surrounding it.

On top of that, this specific group is concerned with the legality of what the
NSA is doing. This is the realm of lawyers and constitutional experts. The
fact that they are using a computer instead of pads of paper doesn't change
that.

Or did they need representatives from the paper mill before?

> in fact there's no technological enforcement of said policy

Oh, and policy writers are often not policy implementers and never are in
government, a review board of the policy won't change that.

~~~
msandford
Do you really think that the NSA is going to allow non-NSA experts to review
and audit their systems for what the access controls are? I'm not optimistic
on the odds.

We've seen before that the NSA can't be trusted to tell the truth about their
systems. That means that their experts, reporting on their systems, also can't
be trusted.

Furthermore the legality does in fact hinge on the implementation. If the NSA
records everything but encrypts it with something that they themselves can't
crack and different judges are given the encryption keys for their respective
regions of authority and better still there are multiple judges for each
region and its randomly decided which judge gets the key on a given day, you
might actually convince me that the NSA hasn't yet performed a search.

So let's suppose for a minute that the NSA would claim exactly that. And let's
suppose that the panel decides that given the system described, it is in fact
constitutional. We would still need an independent auditor to examine the
systems in question and ascertain if in fact the NSA is telling the truth.
Because what matters isn't the WRITTEN policy, it's the ENFORCED policy. If
all we're doing is finding out the legality of the written policy, it's a
total joke.

