Spying is usually the business of governments. After all, this is what has given us
Casanova and Bond. But, on sheer volume, the biggest spies of today may not be working for governments at all…
Take the FBI, for example. Nominally, it is a federal police, created to address crimes that cross state boundaries. Increasingly, though, it seems increasingly focused on trying to outdo MI6.
To be fair, the FBI is pretty open about its program of spying on Americans. The agency is particularly interested in being able to intercept communications that are slowly supplanting email: skype, chat programs, and even ‘strong’ email hosts like gmail. Under CALEA, an act passed by Congress, the FBI can already ask any telecommunication provider to give it real-time access to its network to listen in on calls or emails. But there is nothing on the books that is focused on Google, Facebook, and others, and that is increasingly how people (both good and bad) communicate. So the FBI has been trying to find ways to remedy this.
For example, the US government asked Skype to restructure its architecture to allow federal agents to spy on communications in real time. It is an interesting example of a company actively downgrading a product and making it less secure than it could, in response to government prompting.
There is another layer to the manipulation here, though. It is one thing to strong-arm a company into creating a back door for eavesdropping. Under the law, though, the FBI and others still need a warrant to actually carry out the eavesdropping. The trick, though, is that they need a warrant from a special court, called the FISA warrant. The FISA court is a special court established mostly to review surveillance applications, and was established as the ‘guardian’ of the new surveillance powers granted to the FBI and others through the Patriot Act.
The issue is that this special court has never seen an application for surveillance that it did not like. In 2012, for example, the court received 1,789 requests for surveillance (around one application every 4 hours). It granted… 1,789 of them.
That’s right. Each and every one of the surveillance applications were granted warrants, which were then served by the FBI and used to spy on various folks. Keep in mind that the US indicts around 50 people a year for “terrorism”, the main reason the FISA court was founded. It does beg the question as to what the remaining 1,739 applications were made…
Of course, the manipulation is relatively simple to understand – once the capability for spying is made, either technical (Skype back doors) or legal (FISA courts), the urge to use them becomes harder and harder to resist in all sorts of cases. After all, if we could spy on our neighbours and friends with impunity, how many of us would resist?
The FBI is not the only organization trying to gain access to our electronic communications, though. Moxie Marlinspike, a security expert, recently posted an email exchange he had with a Saudi executive trying to entice him to develop software to spy on Saudis at the provider level, by modifying the country’s telecommunication infrastructure to allow for spying and eavesdropping.
What is interesting about the email exchange is to see the reaction of the Saudis when Moxie refused to help them: “I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that’s why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.”
Ironically, this is a good example of a WATOC argument.
It was also the argument that India used when they threatened Blackberry with a ban unless the company gave them access to their servers. Back a few years ago, pre-Apple, Blackberries were the main business tools. Everyone had one. And one of the interesting elements of the Blackberry service was that all communications between devices bypassed local infrastructure and was decrypted and forwarded by special servers in the company’s control in Canada. So if India wanted to spy on its citizens that were using Blackberries, they were out of luck – they could compel their national companies to give them back doors or access, but without an international warrant served in Canada, that access was useless.
This was a problem for India, and so the government decided to ban Blackberry from India unless the company put some servers under the control of the Indian government. A move that other governments, from China to the UAE (and of course our friends the Saudi) immediately emulated.
In all cases, the threatened ban never materialized. Eventually, the countries concerned dropped the ban – although, of course, no resolution was ever announced: whether Blackberry eventually allowed the countries access to their data or resisted and called the bluffs of the government is not known at this time.
But what about if your computer spies on you without any involvement from police at all?
For example, this is a Bloomberg Terminal:
It is pretty much standard issue on Wall Street. It is what allowed Mike Bloomberg, mayor of New York, to earn his fortune, when he developed it for traders. The terminal allows a trader to bring up information on stocks, bonds, or any other security at will. It is a powerful tool, and its price reflects that: each terminal costs the user around $20,000 a year. And large firms like Goldman Sachs will have thousands of Bloomberg terminals on their premises.
Which is why these clients were shocked recently to realize that each terminal ‘phones home’ fairly regularly, and reports a lot of data to Bloomberg itself: who logged into the terminal, for how long, and what did they do while logged in.
This is not good news in general, but when the user is Bernanke or Tim Geithner, Secretary of Commerce, the news becomes particularly problematic. Knowing what the Secretary of Commerce is looking at, how frequently, and when can make a big difference to traders and Bloomberg journalists looking to scoop the market.
And others have caught Bloomberg spying on them with those terminals. Goldman Sachs itself, the master manipulator, was stunned by the fact that Bloomberg traders and insiders could gather so much data about them from terminals that Goldman was leasing from the company. JP Morgan is demanding more information from Bloomberg’s CEO on exactly why the company should be allowed to collect and analyze all of this information. There will probably be more such calls in the weeks to come.
Perhaps the ultimate in this kind of manipulation is this:
It doesn’t look like much, but it is one of the largest data centers ever built. It is the data center of the National Security Agency (the CIA’s less flashy cousin but more successful), capable of processing over a yottabyte of information – enough to process all the phone calls and emails of every US citizen in near-real time. Essentially, every phone call you make – cellular or otherwise – will be routed to this facility and archived. Some of it will be analyzed, but most of it will probably not be, at least until the NSA takes a special interest in you.
The magnitude of this endeavor is hard to grasp. Every phone call made, digitized and held for analysis. Every email, corporate or otherwise, stored for future reference. It is both technically impressive and manipulatively striking.
Spying has traditionally been thought of as governments spying on each other, but the scale of that effort is dwarfed by the capabilities being built to spy on their own citizens. For most governments, what the Russians are doing is becoming far less interesting than what their own citizens are doing. And with companies like Bloomberg paving the way, they are learning how to capture and analyze that information. Whether that leads to a safer or a better nation, no one knows, but it will be a more manipulative one.