Professionalism/Babak Pasdar and the Quantico Circuit

Background edit

Babak Pasdar is President and CEO of Bat Blue Networks. He is an information security expert, holding a certification from the International Council of E-Commerce Consultants as an "ethical hacker." In September 2003, Verizon Wireless hired Pasdar to upgrade their security infrastructure. He was responsible for installing new security equipment and updating the firewall policies. [1][2]

Pasdar worked with two consultants and the director of security for Verizon. He described the consultants as "highly competent," but noted that the director oddly did not have experience with information security.[1] Pasdar quickly got to work with informing the director, touring the data center, and understanding the environment. Over the next few days, his team made good progress updating the security infrastructure.

Pasdar overhead the consultants discussing about skipping a location while working one night. He told the consultants that they should "migrate all sites." The consultants suggested against it, telling him the site was "different." He then inquired about the site. The consultants told him it was called the "Quantico Circuit" and could receive and send phone and internet data. When Pasdar implicitly asked if it was going to a government facility in Quantico, Virginia, the consultants gave no reply. Pasdar continued to push for applying security policies to the site, but the consultants continued to deny him. Realizing he would not win, he suggested they should at least log the activity over the link. The consultants still denied him saying, "I don't think that is what they want." When Pasdar asked who "they" were, the consultants ignored him. He continued pushing for securing the link and the consultants contacted the director of security. The director drove one hour at night to meet Pasdar at the data center. Pasdar noted the uncertain director he met now turned an aggressive man threatening termination if he continued to ask about the link. [2]

Pasdar gave up and continued his work securing the other links. With the "Quantico Circuit" left unsecured, Pasdar noted that the party on the other side has unrestricted access to Verizon's core network. This means that parties on this link can access all the systems including text messages, billing information, and real-time voice calls. After Pasdar finished working with Verizon, he did not mention his observations until an affidavit in 2008. In his affidavit, he described in full detail, the events that occurred and suggested, in detail, how the third party on the Quantico Circuit could access the network core. [2]

Verizon Wireless Lawsuit edit

In 2006, several parties sued Verizon Wireless, the Bush administration, and other telecommunications companies for disclosing customer information to the government without warrant or subpoena. The lawsuit mentioned the Total Information Awareness program that allowed the government access to call data for surveillance on telephone and internet traffic. The Bush administration defended that the program allowed the government to collect information without a warrant to protect national security. The lawsuit described the program as illegal and had no basis in law. [3]

Though Pasdar never confirmed, this lawsuit is similar to his affidavit descriptions. In the lawsuit, Verizon had a high-speed link labeled "Quantico" confirmed to go to a third party in Quantico, Virginia. The link was unsecured and had unrestricted access to real-time call data and customer information. In the lawsuit, it was predicted that Verizon gave unlimited and unrestricted access to a third party in or around 2003. [3]

Whistleblowing edit

Babak Pasdar is an example of a whistleblower. According to the US Whistleblower Protection Act of 1989, whistleblowing is the act of disclosing "violations of any law, rule, or regulation, or gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety" within an organization[4]. Whistleblowers often attempt to correct misconduct through internal communication before taking public action. When problems are not resolved internally, they face the dilemma of remainig loyal to their employer by keeping misconduct secret or going against their employer. Although whistleblowers follow their moral principles when exposing wrongdoing, they face career-compromising risks with little to no benefit to themselves. Many potential whistleblowers therefore refrain from exposing misconduct.

In an interview, Pasdar criticized organizations for not taking internal complaints seriously. He stated, “the system does not seem to be very interested in getting feedback and getting criticism [and] it seems to be overt about its desire to punish people who just don't toe the line, regardless of if it was right or wrong.” [1] Pasdar reveals that whistleblowing occurs because organizations do not seem to care about internal criticisms. As a result, dissidents have either to take the extreme of leaking information or go against their ethics by keeping quiet.

The Silent Treatment edit

Organizations often disregard or ignore reported misconduct to stifle whistleblowers. Because the voices of dissenters only matter to the extent that people pay attention to them. Ignoring whistleblowers, therefore, minimizes or eradicates their internal influence. Sunstein contends that "even in democracies, disparities in power play a large role in silencing dissent - sometimes by ensuring that dissenters keep quiet, but more insidiously by ensuring that dissenters are not heard" [5]. In a 2013 study of the experiences of 1,000 whistleblowers, the University of Greenwich reported that the vast majority of whistleblowers said they had received no response from management and their concern was ignored. [6] Although many would attempt to correct misconduct within the organization, most refrain from taking the issue externally for fear of being further ostracized.

Unfavorable Outcomes edit

For many organizations, whistleblowing is discouraged. Whistleblowers are often labeled as disloyal, bullied, or threatened with demotion or dismissal in the organization. Organizations may also attempt to discredit the whistleblower's reputation by claiming that he/she is diagnosed with a psychiatric illness or have a personal dislike of the organization [7]. Once dismissed from their organizations, whistleblowers also carry a reputation that make finding a new job more difficult. According to the University of Greenwich study, most whistleblowers' situations were worse after whistleblowing [6]. This phenomenon discourages reporting of wrongs because the price of acting on principle often outweighs the benefits.

Parallels edit

Leyla Wydler edit

Leyla Wydler is a former employee at the Stanford Financial Group that exposed a multi-billion dollar Ponzi scheme. After refusing to sell misleading certificates of deposit, the company fired Wydler. To expose the scandal, Wydler attempted to contact the Securities and Exchange Commission, the National Association of Securities Dealers, and various newspapers. However, no one acknowledged her claims until the scheme was exposed more than 4 years later [8]. Although the Stanford Financial Group was punished, Wydler lost her job, paid $100,000 in court fees, and gained a reputation that kept her from finding new jobs [9]. Yet whistleblowers such as Wydler still take action because they find their moral integrity and beliefs more important.

Edward Snowden edit

 
Edward Snowden

Edward Snowden is perhaps the most high profile whistleblower case from recent years. Snowden was a contractor for the National Security Agency (NSA), first working at Dell, and then at Booz Allen Hamilton. [10] As an Infrastructure Analyst, Snowden had access to hundreds of thousands of classified NSA documents regarding their activities and the data they collected from US citizens. In 2013, Snowden leaked those documents to the media and fled to Hong Kong. [11]

While these cases are similar, the nature of the leaked materials from Snowden is noticeably different from those of the Quantico Circuit. When Pasdar brought attention to the Quantico Circuit, phone calls were still a dominant form of communication. Now, however, digital communications such as email and instant messaging have become much more common. In particular, Snowden uncovered the NSA’s classified work to exploit data from Google services by intercepting the SSL layer between the user and Google’s services. This gives the NSA access to emails, instant messages, documents, maps, etc. that people may use with Google. [12] Snowden also uncovered the NSA’s internal application called “The Boundless Informant,” which helps them collect and organize the more than 124 billion phone calls they have tapped and the over 97 billion internet records. Snowden’s case is similar to Pasdar’s because both involve leaked information from an insider’s view. The key difference is that Pasdar did not leak classified information, while Snowden absolutely did. The United States charged Snowden with conveying classified information to an unauthorized third party, disclosing communications intelligence information, and theft of government property. [13]

Conclusion edit

Pasdar tried to be as legal as possible throughout the process, but Snowden knew his actions were illegal. It is noteworthy that despite knowing the consequences of his actions, Snowden came forward with this information as himself and not as an anonymous source. [10] He felt that doing so would make his claims more legitimate. As a result, some see Snowden as a hero and patriot, while others see him as a traitor and an enemy of the state. We must evaluate if he did the “right” thing, or if there was another course of action to achieve the same result. Snowden unearthed a plethora of information proving the NSA was in violation of national security and privacy laws. Pasdar found that Verizon was giving unrestricted access to an outside part. Both cases involve professionals who found their organizations doing illegal and arguably unethical things. Both individuals argued that internal means for complaining were insufficient, forcing them to leak information. If in a similar situation, would you stand up and say so? Would you potentially risk everything to be a “dissident” and go against it? Are there alternative solutions within an organization to fix these problems? These are difficult questions to answer, as each case is slightly different. In general, however, it is the duty of a professional to come forward and stand up for what is right.

References edit

  1. a b c German, M. (Interviewer) & Pasdar, B. (Interviewee). (2014). Rethinking Intelligence: An Interview with Babak Pasdar [Interview transcript]. http://www.brennancenter.org/
  2. a b c Pasdar, B. Affidavit (Feb. 29, 2008), http://www.wired.com/
  3. a b Rev. Joe MCMurray v. Verizon Communications Inc., S.D.N.Y. (2006)
  4. U.S. Congress (Jan. 03, 1989), http://www.usda.gov/
  5. Cass R. Sunstein (2005)
  6. a b Public Concern at Work (2013) Whistleblowing: The Inside Story - A study of the experiences of 1000 whistleblowers, http://www.pcaw.org.uk/
  7. Jean Lennane (May 2012), http://www.bmartin.cc/
  8. John Wasik (Mar. 07, 2012), http://www.forbes.com/
  9. Richard Renner (Mar. 07, 2012), http://www.whistleblowersblog.org/
  10. a b Wikipedia article on Snowden
  11. Edward Snowden: the whistleblower behind the NSA surveillance revelations
  12. NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
  13. U.S. charges Snowden with espionage