Blog Post

Ray Ozzie sounds off on NSA spygate

As a technologist, Ray Ozzie knows a little something about data security and is also known for thinking through — and articulating — the ramifications of technology and how we use it. Now, the former Microsoft chief software architect and developer of Lotus Notes has waded into the NSA surveillance controversy with a weekend post to Hacker News and with remarks at the Nantucket Conference.

safeHis take? U.S. citizens are reaping what was sewn more than ten years ago when the U.S. Patriot Act passed nearly unanimously in the wake of 9/11. In that deal and subsequently, we’ve given up more of our rights to privacy in return for better security from terrorist threats.

“I hope that people wake up, truly wake up, to what’s happening to society, from both a big brother perspective and little brother perspective,” Ozzie said according to a report. From the passage of that law till now, we’ve seen an increasing ability of government agencies to gather data (or at least meta data) from cell phone records and social networks.

Update: Ozzie, who is traveling in Asia,  responded to my request to comment, reiterating his call for debate.He wrote:

“Watching this pan out from afar has been difficult – especially as some in our industry seemingly want to sweep it away and move on to the next news cycle.  I do hope it stays in-focus as long as possible and that people appreciate the importance and relevance of what’s transpiring.  [the Electronic Privacy Information Center and  [the Electronic Freedom Foundation] can help, but we all need to find a way to advance this discussion in a nonpartisan way.”

Before joining Microsoft, Ozzie shepherded the development of Lotus Notes collaboration and email software and had to navigate a tricky course between offering the most secure software possible — with 64-bit encryption — and laws that forbid the export of that technology outside the U.S. because it was too secure. A compromise was struck that allowed Lotus to offer a version of Notes that was more secure than other commercial offerings but met government export restrictions.

As a former Lotus exec explained it this weekend: “Lotus had the maximum security standard (64-bit encryption) for domestic distribution but only 40-bit for export … There was a public key deal with NSA that would essentially accelerate their process of decrypting messages – their key would unlock 24 bits of the 64, leaving 40 bits encrypted – conforming to the export restriction.”

In Hacker News, Ozzie said the difference between then and now was that when Lotus shipped that implementation, he also spoke at the RSA Conference to spell out what Lotus did. That transparency is lacking today, he wrote.

With the disclosures about NSA tab-keeping, it’s time for citizens to reconsider the deal they’ve struck with government, appears to be Ozzie’s takeaway. In short: If we’re ceding more of our rights to privacy we should at least talk about it first.

He wrote:

“Of course, the common man knows it’s common sense that there’s an inherent need for secrecy in conducting small scale covert operations. We do get it.

However, it’s also common sense that it’s inevitable that any complex large-scale long-term operation will ultimately come to light. And so it’s just common sense that any such broad-based operations that might be perceived as impacting our constitutional rights should be the subject of broad public debate.”

I’ve reached out to Ozzie, who is a board member of Electronic Privacy Information Center (EPIC), for comment and will update this if it’s forthcoming.

This story was updated at 6:03 a.m. PDT on July 10 with a more complete explanation of the Lotus encryption plan and again at 3:50 p.m. PDT with Ray Ozzie’s additional comment.

10 Responses to “Ray Ozzie sounds off on NSA spygate”

  1. Camper73211

    Seems we have given our keys of private dealings in our companies and personal world away to our big brother government. Now we are alarmed. Why did we not read that bill? Unencrypted text can be just read via a network capture tool. If you want something held private – the thing is best encrypted. Big brother has the keys to help unencrypt the message anyway.

    The reading of other peoples mail goes way back under the English in WWI at least. The English read all the cables. The hidden acts that some people do are not so hidden. There is no privacy. (think of the Zimmerman note) Earlier posts mention that government is not evil. As others have posted since you are betting that good people will still be in government in the future – this expectation narrows over time just look at history. Promise the moon (free land, jobs, whatever) then the camps start, the government velvet hand is exposed as steel.

  2. Laird Popkin

    The argument that something (gay, affair, etc.) can’t be allowed because it subjects someone to blackmail seems circular to me, because the person can only be blackmailed because of the rule that if they’re discovered they be fired, not because of their being gay, having an affair, etc. So isn’t it actually the rule that’s creating the potential for blackmail?

  3. Great article, Barb. I would love to agree with Hubbert’s hope for a gov’t that we can trust not to abuse info necessary to prevent more 9/11s. However, I’ve been concerned ever since the “anonymous” FBI man took it upon himself to use taxpayer $$ to review 10,000 emails of Gen. David Petraeus….all done to expose “an affair.” The result of this very time-consuming undertaking by the FBI was a huge scandal just days before a presidential election, resulting in his very immediate resignation as head of the CIA, having just been recently appointed by Pres. Obama, who could ill afford any scandal, ESPECIALLY at that time. Arguably one could say that sexual indiscretions — so common among politicians, soldiers, musician, movie stars, sports heroes (and even FBI and secret service employees) — could not be tolerated by the head of the CIA due to blackmail potential. But it certainly did give ME pause to think about the timing of the news, the memory of the FBI as run by J. Edgar, and the use and abuse of electronic communication surveillance.

  4. Hubbert

    Our government is responsible for our public safety.
    The debate should weigh the consequences of restricting our governments ability to protect us, and at the same time protect our bill of rights.
    I have nothing to hide, and I would very much prefer that our government efficiently do it’s assigned job to protect our safety and spend less of my tax money doing so.
    Much of this debate (and the gun control debate as well) is based on an underlying distrust of the government. Our government has many flaws, but it is not evil.
    The answer lies in government transparency.

      • Laird Popkin

        No, transparency means that you don’t have to trust the people; the entire point is that you shouldn’t have to trust people to be trustworthy, it means that you have to trust the system of “checks and balances”. For example, the reason that we have three, independent branches of government is that even if one branch tries to “cheat” the other branches have the incentive to detect and stop the cheating. Admittedly a sufficiently rich/powerful gang can corrupt all three branches of government, but splitting the government into three independent branches at least makes it harder to corrupt – in a dictatorship, it’s be automatic!

    • Robert Halloran

      The argument of “I have nothing to hide, go ahead and look” is exactly backward; it is properly “I have nothing to hide, but WHY do you want to look?”

      Having come of age in the Nixon years, whose abuses prompted the creation of the FISA court to begin with, I can only believe that his ‘dirty tricks’ crew would have had spontaneous orgasms with something like PRISM available.

      The US arose from a revolution against the British monarchy’s abuses, and scandals like Watergate only reinforce the idea that concentrating power in the hands of a few is dangerous; the majority of US citizens are at best skeptical of government if not outright distrustful.

      It’s safe to say that the government’s heavy-handedness post-9/11 has become too obvious: the NSA’s blanket monitoring of *domestic* traffic (outside their intelligence charter), the security theater of airport checkpoints, the FBI’s Nat’l Surveillance Letters that cannot even be discussed without penalty, etc etc. It’s time to have an *intelligent* discussion of the tradeoffs between privacy and security and where the lines need to be adjusted. Unfortunately, given the polarized, strident tone of Congress, honest intelligence seems to be in all-too-short supply.

  5. Christopher

    Broad public debates are fine. And transparency is required. But that’s just a starting point, we should expect a lot more than that.

    Each person should be in full control, technically and legally, of all their private data. The software “defaults” on private data is completely backwards; service providers and software vendors try to grab as much private data as possible. This has been the web defaults from the get-go. Instead, services should be “locked out” of all private data and And these data defaults MUST comply with all laws and Constitutional rights.

    If I CHOOSE to share my data with either private organizations or governments, that should be under my software control that can not be undermined.

    Software companies have for years utterly failed the consumer and have used private consumer for their own private profit. Is it no wonder governments have taken note and done likewise?

  6. Barb, I agree with Ray…it should be a debate. I’m not surprised they created PRISM in the post 9/11 era, the post Cold War budget era, and with the furious responses every time our intel people ‘miss something’. Big Data is a powerful trend for commercial use, so why would it be absent from government use? We’d have to be naive to be surprised.

    WIth that said, the public (or semi-public) debate is the key. Someone needs to surveil the surveillers and that role needs to be well though out and implemented with serious rigor.

  7. Data security, is such a pain with all those passwords, and other security measures…But one area being neglected, such a “soft target” few are even aware of, photocopiers. What? Yes, true, they must be treated with similar caution as desktops and other related equipment, as they too have hard drives, and often form large networked fleets. The industry has failed on all levels, except to make user’s lives a misery.