Friday, June 7, 2013

The Missing Bit Of The NSA PRISM Story


Unless you really haven't been paying attention to the news this week, you'll be aware of the NSA's "PRISM" program.  On the one hand, there are a series of sources that say beyond Verizon handing over ALL call information, other companies are participating in the program, such as Facebook, Google, Microsoft, Skype, and so on.  On the other hand, there are now a number of statements from the same companies that categorically deny that they are participating.

Either way, there's a few things that are not coming up in the news stories because what we're seeing is very little "original thought" put into these stories - so it's just the same fodder being sent around and around in a loop.  

What's missing is this angle...

This program is supposed to help anti-terrorism efforts, and you'll probably remember that one of the biggest failures with 9/11 was the perceived failure to "connect the dots".  The basic response to this was "if we collect more dots, we might have better success at connecting them", which seems logical enough on the surface of the argument.

The need to harvest information was there, but not the technology to effectively harvest this information at a commercially acceptable price… 

...until three months later, when on December 2nd, Enron filed for bankruptcy.  

In the aftermath of the Enron scandal, we learned how Arthur Anderson had shredded much of the documentation, and deleted a lot of email correspondence.  This ultimately led to the Sarbanes-Oxley (also known as "SOX") rules that stipulated what you could or could not retain according to the law, and served as a backup so that when errant directors foul up a huge company, an audit trail of everything they've ever sent/recieved is still retrievable - even if the directors have hand fed their laptops and phones to a smouldering volcano to hide the evidence.  

In order to help with "SOX Compliance", a multitude of new technologies sprung up that could target every major system in existence, from sales, to customer relations, to emails and VOIP calls.  

Once the initial rush was over to become "SOX compliant", you had a lot of people sitting around in technology with useful knowledge and skills pertaining to the mountains that they had just climbed.  

Now, it doesn't take a genius to work out where that "know-how" went next.  But there's a problem with this approach:   Whilst the technology to harvest more "dots" has arrived, most people still aren't connecting them - which was the original problem to start off with.   

To put this problem in a way a five year old kid would understand:  Imagine you had problems harvesting all the fish in the oceans, collecting up all the oceans waters into a huge fish tank would would ultimately leave you with all the fish in the world - but you still have to apply the same methods of trawlers and fishing boats - just now they're in your huge fish tank too.

If anything, they're just going around in circles, and unlikely to garner much more info than they had to start with.