Reasoning Words: Should Public Libraries be TOR Exit Relays?

The Electronic Freedom Foundation reports that a a pilot project at the Lebanon, New Hampshire, Library to serve as a TOR exit relay has been temporarily halted, and potentially totally scotched, by the U.S. Department of Homeland Security. ProPublica has a rundown as well.

To shed some light on the the question of whether this is an outrage or reasonable, here’s a quick TOR 101 lesson.  TOR (name comes from The Onion Router, but no relation to the satirical web site) is a means of using the Internet anonymously. Individual computers (of volunteers) provide entry into and exit from anonymous, encrypted network paths–sort of a series of safe houses that let computer traffic pass from one to the next without recording from whence it came or whither it goest. (Disclosure: I’ve not used it, got as far as downloading the software, installing it, and chickening out. So somebody who has it running live can no doubt improve and correct that description.) Also: lots of good explanations around the web, including one from EFF’s “in plain English” series. The key thing is that the set-up provides a theoretically untraceable way to navigate the Internet, and can be installed on any computer.

The library proposes to offer an exit for TOR, meaning people could use its computer network to download materials anonymously. A bunch of questions ensue: what do people do in TOR, and does this activity matter as a point of library policy? The dark speculations come easily: Deal drugs? Send a bomb threat? Plot insurrection or worse? Just steal software? But in the other column, there are better possibilities: evading censorship for for political art? Blowing the whistle on unconstitutional surveillance? Negotiating a job offer across international borders or protecting a trade secret? Organizing for rights in a closed regime? Negotiating safe passage for a political prisoner?

Since it’s software, TOR is simply a platform for human purposes, be they benign or malignant. It is no more culpable than the library card catalog of a previous era: those listed  how to find books on the shelves, providing neutral access to anything, be it The Anarchist Cookbook or Charlotte’s Web. What patrons did with the books was their concern, and librarians at least aspired to stay out of that question.

Were I still a librarian, I would be vexed by this one. It’s a first-amendment loving profession, and access is central (both characteristics resonate with me). At the same, criminal activity such as Silk Road, or ransomware bots, may live in TOR, organizing capacity for hate groups, and human trafficking networks could lurk as well. Yet, TOR’s stated goals are to support free expression, privacy, and human rights, and libraries, in their nerdy, sometimes quaint way aim to live that mission every day. If some teenage Ai Wei Wei-type in is trying to get her message out, and my library is her exit relay, should I say no? Access is entwined with the right to privacy: being able to checking out the oft-banned Ulysses, for instance, means being able to check this out more or less anonymously. If I use a library terminal to tap the Internet, what content is fair game, and what level of privacy is appropriate?

I think on the whole (particularly if I were a New Hampshire librarian–a state that has “Live Free Or Die” on its license plants), I’d brave the battle and provide the relay. Libraries are networks, and although its easy to stay out of the fray, and let others fight this battle, who is really doing it from the public interest side? Our Google overlords have already got a huge advantage, and are so unfazed by their ability to track our every move online that their position–something which I think the STASI would have been fine with — is “don’t do anything that you shouldn’t, and everything will be fine.” Privacy in our lawful actions is not something we should compelled to give up, nor do our intentions and our explanations of what we might do become property of the state, even if some of our fellow inhabitants of the planet have dark ones, and use tools to foment them. TOR is tool to keep things private, at least some of which should be, even at a public library, perhaps even particularly there, where there is a means to discuss the public good and answer to it.


NSA, NetRoots and Booz Allen Hamilton

Screen Shot 2013-06-23 at 12.44.24 PM
Cisco has a helpful diagram on how to configure an NSA-friendly network. Piece of cake, huh? Those squiggly lines between subscriber and law enforcement? Could that be the 4th Amendment?

I continue to be fascinated by the way the NSA story is unfolding (back to poems and opera arias soon, I promise).

Some choice bits from recent reading on it:

Jill Lepore in the New Yorker has an interesting piece on the precedents to the current flap (including a suggestive, if ultimately unconvincing, effort to trace a link from sacred mysteries of faith to the secrets of kings, finally to state secrets). A nice line from Disraeli on an earlier age of interception, this time compromising of the mail in 19th century England:

In 1844, during the parliamentary debate that followed the report issued by the Committee of Secrecy, some members, believing, with Bentham, that publicity is the enemy of secrecy, suggested that it was fine for the government to open people’s mail, as long as the recipients of the mail were notified that it had been read. (Disraeli said that he would be only too happy to hand over his mail to the Home Office: “They may open all my letters, provided they answer them.”)

Sunday’s NYTimes Review section gives former executive editor Max Frankel front page space to bring up some points that I (and many others) have been wondering about:

How many thousands have access to these storage bins? Who decides to open any individual file and who then gains access to its content? Is there ever a chance to challenge the necessity of opening a file? And what happens to gleaned information that has no bearing whatsoever on terrorism?

Going on to invoke J. Edgar Hoover, Joe McCarthy, Presidents Johnson and Nixon, Frankel points out that they are just a few, of a long dishonor role, that made political and personal use of secrets collected for other purposes. That high level officials, or regular bureaucrats might misuse citizens’ data for such baleful personal or political reasons, or might just ineptly lose track of it seems a real risk. Private industry doesn’t have a great job of keeping people’s data secure (even companies who do this for a living). Would government really do a better job at it? Why should we think so?

Of course, as Frankel points out, government has outsourced this job:

What ought to compound our skepticism is the news that there is money to be made in the mass approach. We are learning that much of the snooping is farmed out to profit-seeking corporations that have great appetites for government contracts, secured through executives who enrich themselves by shuttling between agency jobs and the contractors’ board rooms. We have privatized what should be a most solemn government activity, guaranteeing bloat and also the inevitable and ironic employ of rebellious hackers like Mr. Snowden.

That Snowden (like Manning before him) was entrusted with access to this level of and amount of data does seem to be deeply out of whack, whatever your view of him and the merits of PRISM in the first place. Why was all of this in the hands of a private contractor? Seems an outrage at first glance. But an eye-opening piece by By Drake Bennett and Michael Riley in Bloomberg Business Week, Booz Allen, the World’s Most Profitable Spy Organization, explains that this outsourcing is business as usual and goes back to WWII. Frankel is right, there is money to be made:

In the fiscal year ended in March 2013, Booz Allen Hamilton reported $5.76 billion in revenue, 99 percent of which came from government contracts, and $219 million in net income. Almost a quarter of its revenue—$1.3 billion—was from major U.S. intelligence agencies. Along with competitors such as Science Applications International Corp. (SAIC), CACI, and BAE Systems (BAESY), the McLean (Va.)-based firm is a prime beneficiary of an explosion in government spending on intelligence contractors over the past decade. About 70 percent of the 2013 U.S. intelligence budget is contracted out, according to a Bloomberg Industries analysis; the Office of the Director of National Intelligence (ODNI) says almost a fifth of intelligence personnel work in the private sector.

And later…the revolving door between government service and private industry (aka Help Wanted: spies with good Rolodexes):

Booz Allen and its competitors are able to keep landing contracts and keep growing, critics charge, not because their expertise is irreplaceable but because their Rolodexes are. Name a retired senior official from the NSA or the CIA or the various military intelligence branches, and there’s a good chance he works for a contractor—most likely Booz Allen. Name a senior intelligence official serving in the government, and there’s a good chance he used to work for Booz Allen. (ODNI’s Sanders, who made the case for contractors, is now a vice president at the firm, which declined to make him available for an interview.) McConnell and others at Booz Allen are quick to point out that the contracting process has safeguards and oversight built in and that it has matured since the frenzied years just after Sept. 11. At the same time, the firm’s tendency to scoop up—and lavishly pay—high-ranking intelligence officers once they retire suggests the value it places on their address books and in having their successors inside government consider Booz Allen as part of their own retirement plans.

Wrapping up, most fascinating to me is this report on Nancy Pelosi’s response to hecklers at NetRoots Nation: (via Slate’s Dave Weigel and Ed Kilgore at Washington Monthly)

Finally, Pelosi got a kind of bailout. An activist near the front of the room yelled about security consultants. “You’re absolutely right!” said Pelosi. “I’m with you babe, all the way! If you couldn’t hear her, the real problem, she said, is outsourcing our national security. I get criticized by this community a lot. [Former NSA director Mike] O’Connell worked at Booz Allen Hamilton, came in, worked in the federal government, exatled to the positions he was, hired consultants galore, contractors galore from Booz Allen Hamilton. And now he’s at Booz Allen again. This really is astounding.”

She was in Kilgore’s words, “surfing the boos,” and trying, perhaps successfully, to make this about the evils of privatization and of some Republicans’ anti-government stance. She also claimed that, “You should reject any notion that President Obama’s actions have anything to do with what President Bush was doing.”

Not a supportable position, as Pro Publica makes clear.

Now I see that Snowden has left for Moscow. Is this whole thing being scripted by John LaCarre and Tom Clancy on a bender or what? (Please don’t say Dan Brown…)

Finally, a neat summary what it all means to the couple on the couch, courtesy of a NYorker cartoon.

Screen Shot 2013-06-23 at 12.10.01 PM

Verizon: Your Data is Ever So Important to Us!

The story about Verizon handing private data to the NSA is indeed outrageous…but seriously, it’s Verizon, how well could it have worked? Something like this perhaps?

Screen Shot 2013-06-07 at 5.47.22 PMHello, you've reached the Verizon Foreign Intelligence Surveillance Act Help Line. Although your call is special to us, we are currently serving other security agencies, and you will be placed in the queue for faster service. There are currently, pause [nine], callers ahead of you, including Mossad, Chinese State Security, and Vladimir Putin's Dry Cleaner, but rest assured you are currently ahead of Latvia and Belize. Your call is important to us!

Hold music “Danger Zone” for 10 minutes.

Hello, we are still busy helping other callers with their business and surveillance needs. If you would like to use our automated help line for frequently requested queries, press 1, otherwise please stay on the line and a representative will be with you shortly. Did you know you can now get free automatic upgrades based on usage via quick and convenient text messages right from your phone? Text us today, and soon you will be a gold elite Verizon Surveillance Service Member (for users who trace 10000 or more calls a month) entitling you to free cocktails at any DoubleTree bar where are you using one of our handy assumed identities. Txt 007up to us right now and enroll today!

Presses 1

Please listen carefully to the menu options, as we are currently updating them based on pending litigation, and they may change during the course of this call. If you have a subpoena, please press 1, if you don't have a subpoena, please press 2.

Presses 1

Thank you. If your question is technical, press 1, if you have forgotten your PIN, press 2, if you are using our mobile app or web site, press 3, if your computer crashed after downloading metadata from tracking a gazzillion phone calls and you don't know what to do, press 4, if you just lost the message about that fantasy baseball league you wanted to join, and would like us to undelete it for you, press 5. Press 6 for all other inquiries or to speak to a representative.

Presses 2.

We are sorry to hear that you have lost your PIN, and frankly a little disappointed. But Verizon realizes these things happen! We regret to inform you, however, that you cannot reset your PIN via this help line, only your FISA customer representative, your control, or Senator Diane Feinstein can do that. To meet your FISA customer representative, please hang up and drive to the Pittsburgh Bus Station and ask Eunice for the key to locker 002. You will know what to do after that. If you would like to speak to a representative about another issue, please press 1, otherwise, please hang up.

Presses 1

A representative will be with you shortly; as customer service is job one at Verizon, will you help us out by staying on the line to take a brief survey about whether we are meeting all your surveillance needs? Please press 1 for yes.

Live cheerful voice trying hard to sound like it belongs to somebody from Iowa comes on the line, Hello, My name is Lindsey, thank you for your call, how can I help you today?

Joking aside, seems like a lot of bets are out on the inability of the public to get exercised by this latest affront. Maybe digital media is the new opiate of the masses, but are we so high on it that we let government in on our every move without putting up a ruckus?