Shhhh… Do You have Secrets?

I have been asked recently, “Brian, how do I dodge the NSA?” Hahahahaha – you can’t – not really… But, I don’t want to distress my good friend or alienate him, either. My reply was, “They can break your security if they want to badly enough. The best you can do is 1) make it just a little challenging to keep honest people honest, and 2) don’t hide everything, or you will attract the NSA’s attention.”

I read /. now and then http://slashdot.com for those who may not know. They have a lot of “chatter” about “techie stuff” that I enjoy reading when I have a few minutes of spare time. I recalled a few articles I read on /. some time ago, when my friend pressed me about the NSA:

The US Government considered closing about 1200 data centers (40% of their centers) in 2012.  Did you know that the US government had more than 3000 data centers? Google for Federal Data Center Consolidation initiative or FDCCI.

What I recalled more vividly is from a 2009 /. article – an announcement that the NSA was building a $1.5B data center in Utah. I can’t find the /. link to this article, but Googling brought this other link up for me:

http://fcw.com/Articles/2009/10/27/Web-NSA-data-center-cybersecurity.aspx

I recall thinking in 2009 that the NSA was going to store enormous numbers of e-mails and phone records for the entire country – perhaps for  much of the world. Why else would the NSA need that much data center floorspace? There was not a word of this on CNN at the time. Today, of course, with the Snowden disclosures, this “kind of thing” is all over the news.

Not too many people are good at critical thinking (you all need to get better!). Most people don’t connect the dots very well (you all need to get better!). And with regard to this particular data center, there is still “silence” in the mass media. At the time, I was wondering how much power the data center would draw from the local electric utility? How many BTU’s to cool the center? How many hard disk drives? How many bytes of storage? How long was the data retention planned for (15 years was my guess)? That is what an engineer wonders when they hear about this kind of place. The article about this data center maintained that only 10% of the floorspace would be dedicated to data storage, though I wager it is far more than that. Also, the article states that the center is 1 million sq ft, but I seem to recall that the center was a bit larger at 1.2 million sq ft. Where did I read that?

How many HDs in the Utah data center?  Well, let’s do some math…  An 11 ft rack typically holds about 100 drives, and it requires about 12 sq ft of floor if you want front and rear access.  Let’s assume that 75% of the 1.2M sq ft of floor are covered with storage racks – that’s 75,000 racks of drives or 7.5 million HDs, each storing two terabytes average – some more and many less…  that’s 15 exabytes (10e18) or so of storage.

How much power consumption? Assume a drive consumes 5 watts.  That’s 37.5 MW of power just for the HDs. Whew – that’s a lot of power… And you need a lot of network equipment to get the data in and out and to perform searches.

How many BTU? About 130 million BTU to compensate for the drives, 40 million BTU to cool the network equipment, and 70 million BTU to cool the volume of air to a cool ambient temperature assuming 16 ft ceilings… That’s a lot of air conditioning – 240 million BTUs! As a point of reference, that’s about 10 times the rule of thumb BTUs per sq ft for a typical home.

Eliminate rear access, stuff the racks, and I bet you could double the number of drives in the center.

Is my math correct? I may be making a few mental calculation errors, so feel free to check my numbers!

Do you recall the hard drive shortage in 2011? The floods in Thailand shut down hard drive production – so we were told. I wonder if that shortage wasn’t really do to a single, very, very large order… Well, I’ll never know, but I have to wonder…

So, back to my friend’s query.

Oh, before I forget, almost ten years ago, I recall a Project Trailblazer with SAIC (and I find now with a Google search, Booze Allen). The mission was to analyze all Internet traffic in the US. As I recall, it failed (though, I bet it succeeded to some degree, after all…). Oh, and before that, the Telecommunications Act of 1996 that required backdoor access for all public telephone networks. And before that, the predecessor act of 1984, too, required access for Government purposes.

My point is that none of this is really secret from a high level point of view. If you can read, you can learn what’s going on around you (you all need to GET READING!). There seems to be a surprising amount of transparency.

OK, now to my friend’s query. I asked, “What are you trying to hide?” “Porn,” he said. I remember laughing long and hard (no pun intended). “OK – just encrypt an external drive with TruCrypt or MacOSX Core Storage encryption services, and put your porn there. Choose a relatively strong encryption method like AES128…” That’s useful enough to keep the data private from a criminal or your partner or parents or children. But I wager that the NSA can readily decrypt that drive if they really want to.

My friend wants to encrypt his e-mail, too (I am wondering what my friend really does after midnight…). “Get a security certificate from PGP or Verisign (now Symantec?) or Thwate and use it for those e-mails.” Some ISP’s provide encrypted e-mail service for a price where your e-mail transits your ISP encrypted just like a browser HTTPS transaction does.

The cellphone – my friend wants to encrypt his calls. Well, you can’t do that very easily. You can purchase an encrypted handset – an encryption feature is part of the GSM technical standard for our cellphone networks. The government is the primary user of encrypted phone services, but ordinary callers do not have ready access to encrypted cellphones as far as I know. I don’t know where you can get an encrypted cellphone, but I bet you can find one if you look hard enough. And to be honest, I don’t know if AT&T would let an encrypted phone operated by an ordinary customer work on their network – I bet not. Forget the cellphone.

You have to work hard to protect your privacy, but you can do it to a small degree. Use Private Browsing features, turn off your cellphone’s GPS until you need it (and then turn it off, again). If you use Google, don’t search while you are logged in to your G-mail account. There are all kinds of precautions to take to limit your exposure on the Internet. There are anonymizing http proxy servers on the Internet, though frankly, you still leave footprints, and the proxy server owners still maintain logs – and how much do you really trust these proxy services? Do you know those people who own and operate them? No?

I wager that the NSA can break ciphers on demand easily enough to defeat most anything you can do. The NSA clearly is capable of network interception, deep packet inspection, packet insertion and masquerading techniques if you believe the Snowden disclosures. My advise to my friend – just don’t attract the attention of the NSA in the first place (or of the CIA or Defense Intelligence Agency or the Russians or the Chinese, etc.). They’ll notice if you are heavily encrypting your net services or taking steps to hide your activities, and then they will wonder what you are up to!

Do you have secrets? I think it is better to assume that they are not secret after all. Because they aren’t, really. And to my friend, I don’t think the NSA is interested that you have porn from the Internet…