[liberationtech] On the technical and legal aspects of security, transparency, and audibility of the NSA surveillance data.

Mon Jul 1 12:19:07 PDT 2013

On 06/30/2013 06:16 PM, Jae Kwon wrote:
> There is debate about whether the NSA's PRISM program is related to 
> Palantir's products.
>
> http://www.dailykos.com/story/2013/06/23/1218189/-HBGary-Palantir-Prism-Facebook-The-Industrial-Surveillance-Complex
>
> Whether they are related or not, it seems that the government's claims 
> of transparency and audibility of the NSA's PRISM program is related 
> (perhaps directly) to the claims of Palantir's. Search for "immutable 
> auditing" below:
>
> http://www.palantir.com/wp-content/static/pg-analysis-blog/2009/07/Privacy-and-Civil-Liberties-are-in-Palantirs-DNA.pdf
>
> It seems that even professor Lessig has bought into their marketing.
>
> http://lessig.tumblr.com/post/54268127504/on-the-freedom-to-speak

tldr; just add an _additional_ splitter to the internet and you've 
almost certainly broken whatever audit trail they claim to provide in 
time for dinner and a movie. :)

It really matters very little who the company is:

If a system has the feature of "immutable auditing", then that system 
also solves what's known as the "double-spend problem" in digital 
currencies-- i.e., any parties who want to make a transaction can use 
the system itself to make sure the tokens haven't been spent yet.

Using such a system for a digital currency is obviously more lucrative 
than using it for auditing transactions in some narrow domain.  I.e., 
your market would be people who have a need for fungible digital 
tokens-- basically everyone in the modern world-- vs. an extremely small 
subset of everyone in the world.

AFAICT, Palantir does not offer their solution as a digital currency.

In conclusion, Palantir probably does not offer "immutable auditing" in 
any meaningful sense of the phrase.

What is so striking about Lessig's statement is that he seemed to be 
making a stark separation between policy solutions and technical code 
solutions, and he put Palantir on the technical side.  I suppose I could 
understand if he were saying he'd like to see more people he knows and 
trusts working with the government to strike a balance between privacy 
and surveillance, but he was clearly saying that Palantir's systems 
provided strong _technical_ protections against government misuse.  If 
that is true, then as a long-standing advocate of free culture I think 
Lessig has a responsibility to reveal to his readers exactly how 
Palantir's system achieves this feat in his understanding.  A system 
that can really provide an "immutable audit" trail has a plethora of 
uses for privacy advocates even beyond a digital currency.  To mention 
such technology in passing without further explaining how it works is at 
the very least the height of laziness.

If neither Lessig nor Palantir cannot divulge how Palantir is able to 
achieve this feat without threatening the security of the system, then 
that probably speaks volumes about the efficacy of the system. (And the 
quote I cannot find ATM from the cryptography guy back in the 1800s who 
said you should be able to describe how a cryptosystem works without 
breaking it probably applies here.)

-Jonathan