data networks

Carrier IQ FOIA results in FBI blanket denial

Courtesy of Karl Duboist, an Opera developer


FBI: Carrier IQ files used for "law enforcement purposes"

A recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents - but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.

CarrierIQ-FOIA-rejection-letter-small.gif removed.

The "Wikileaks" Executive Order

Among the unintended consequences of the "reform" of government data management that took the blame for the success of the Atta Gang's murder-suicide was the extension of access to previously agency-partitioned data sets. The prosecution of PFC Bradley E. Manning rests upon the claim that he had access to SIPRNet, along with about a half-million other persons, some of whom are nationals of Australia, Canada, the United Kingdom and New Zealand... (consequent of a RAND report that found that occupation forces in Iraq and Afghanistan were "at mortal risk" due to lack of direct access to SIPDIS (SIPrnet DIStribution) product -- a problem for which coordination rather than direct access is an alternate choice), and that State Department Cables and other agencies data could, and should be accessed by anyone "vetted" by enlistment in any branch of the military (or employment by many civilian contractors) and completion of a training at a signals school.

The "reform" of a "fragmented intelligence community" was to merge the previously separate data sets, and defund the previously separate distribution networks -- because that was sufficient -- under the prevailing theory of cause and effect -- to have caused the timely identification of the threat posed by the Atta Gang.

The number of cause-and-effect assumptions, inter-intelligence-agency competitions, DoD and DHS budget justifications contained in this rational for "reform" is worth a moment's quiet reflection. Since SIPRINet, like its precursor, DSNet (I, II, III), is just another packet data network using the TCP/IP suite of protocols, the fundamental issue of partition and protection should be readily comprehensible to anyone with a slightly informed opinion on the consequences of allowing any Facebook App "frictionless" access to all user prior behavioral and current connection state data, correlated with off-line data sources such as the Axion data archives of consumer credit data.

Attorney General Eric Holder and Director of National Intelligence, James Clapper are to to establish an “Insider Threat Task Force”, consisting, as such tasks forces must, of representatives of heads of consumer and producer agencies. Will the ITTF will identify re-partitioning the data sets, and re-establishing agency-specific distribution networks, as "critical information infrastructure", or will the ITTF simply attempt to "harden" access to what is, by institutional infrastructure design, a single point of failure?

The larger issue is agency-level data management, in a large administrative state. Mohammad Atta and his gang are no more. Wikileaks may continue -- I hope it does as the protections for "whistle blowers" are inadequate -- but its disclosure of circa 2007 SIPDIS product too has a limited effective life. Restated, the "threat" is absent, exhausted by execution or the passage of time, but the dependency of governmental agencies upon data networks is not, and the number of rational economic actors, and potential rational non-economic actors, which can benefit by access to, even control over, agency data, is non-zero, and unlikely to ever be zero.

The DoD's Fiscal Year 2012 Budget Request (34pp .pdf) identifies $2.3bn in proposed spending -- for current war fighting requirements alone -- on computational infrastructure, along with another billion for other information assurance expenses, a 2% budget increase over the 2011 budget year. Related, the DHS is seeking another billion for its computational infrastructure expenses, a 12% increase over the 2010 DHS computational infrastructure budget. From these budget requests it seems likely that continuation of, with "hardening" rather than a departure from the merged data, common distribution media, unlimited attack surface, is what the administration's senior administrative and defense technology managers are proposing for the next budget cycle.

The text of the Executive Order of October 7th, 2011, "Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information" is here at the White House Briefing Room. An accompanying "fact sheet" is available here.

Subscribe to RSS - data networks

Register a Domain

placeholder block for the registrar function.

hosting

Yes. We host blogs. Available choices are drupal, movable type, wordpress, and django.

vis3

vis3