Much of the web is alight with the news of the NSA’s PRISM program that came to light a few days ago. It is the cover of the Guardian , USA today, and others. In other words, it is a Big Deal. And it is a manipulation of truly epic scale, so we would be remiss if we didn’t cover it here! Especially since our last post was about government spying! Go to it now and refresh yourself, ‘cos we’re going deeper!
So let’s summarize what we know at this stage (there’s likely to be more later, so we may return to this in a follow-up). The NSA is the CIA’s secretive brother. While the CIA is supposed to spy on other countries, the NSA is tasked with spying on the telecommunications of other countries, and protecting the US telecommunications from foreign infiltration. It is a secretive group, as we discussed before. A few days ago, a contractor for the NSA, named Edward Snowden , leaked an internal presentation of the NSA that detailed its electronic eavesdropping activities. The presentation revealed a number of things that shocked many journalists. For example, the NSA compelled Verizon to deliver, daily, records of every call made within the US and from the US to abroad. The data Verizon had to supply (by means of a secret National Security Letter, also covered on this blog a while back) included the number called, the calling number, the duration of the call, and the location of the caller if it was a mobile phone.
This was pretty bad, in and of itself – the government was basically collecting information on every call every US citizen has made, for no specific reason – the order specifically mentioned that this data collection was ‘routine’, and not connected to any investigation. But it quickly got worse as journalists pored over the leaks…
The NSA presentation boasted that the agency was connected to the servers of most large
Internet companies – Google, Skype, Facebook, and others. Immediately after the leaks, all
these major tech companies issued denials that they were granting the government free reign over their servers and their data. A day later, the denials became more circumspect. The tech companies maintained that they did not give unfettered access to their data to the NSA, but most admitted that the NSA did, in fact, work with them to get access to metadata – basically, who did what when, but not necessarily what they actually said. For example, the NSA would know that you posted to your Facebook Wall this morning, following a Skype call with your friend in California, but it wouldn’t know what you posted or what you said on the call. It would know that you googled something after checking your hotmail account, but not the precise Google search – at least, not with the level of surveillance that it is currently achieving.
Of course, the NSA can go to FISA court and get a warrant (the FISA court has never turned down any agency. Ever. For any warrant) and get the actual content of the search, or the emails themselves, but they still apparently need to deploy a bit more effort for that sort of data. Either way, the NSA has a record of what you’ve been doing online for the past several years. You, and everyone you know.
The technical details of how the NSA pulled this off are interesting; basically a combination of good old-fashioned eavesdropping hardware on telecoms networks, National Security Letters on tech companies, and many many computers spread throughout the planet to collect all this data. By some estimates, the NSA collects over two petabytes of information per hour . It accomplishes this through a number of different programs with names like Echelon and Prism and Boundless Informant and Five eyes.
To some extent, most informed citizens knew or suspected that the NSA spied on electronic communications, but few understood the scale of that effort before today. Every hour, billions and billions of bytes are flowing into the NSA’s severs – phone records, metadata on everything from Facebook posts and gmail access, and, as the Verizon letters showed, actual content of messages at the flick of a switch. As Edward Snowden said, as a technical employee of the NSA, he could eavesdrop and catch emails and calls at will – his neighbour’s or the President’s.
This raises several interesting questions around just how manipulative this initiative is.
One of the definition of manipulation is that the manipulator would be shamed by the exposure of the manipulation. This is not what happened here. The Obama administration decided to double down on the initiative, not only defending it under some interpretations of the Patriot Act, but calling it “one of the most important tools for the security of the nation”. The director of the NSA actually blamed the “recklessness” of the media, who dared expose the scale of the spying that the NSA was actually engaged in. Basically, the government’s position is: “we need to have all these capabilities to spy on foreigners who could be terrorists. Yes, the same system picks up all the communications of Americans as well, but that is ‘incidental'”. So not a lot of shame there.
What’s interesting, of course, is that until the leaks the administration completely misled
everyone about the NSA capabilities. This video shows the director of the NSA explaining to Congress that the agency doesn’t collect data on US citizens. 2 Petabytes of data is, after all, ‘incidental’, so watch for some interesting debates on the exact meaning of the words used (“we don’t spy. We collect information surreptitiously”).
Once a manipulation is exposed, though, the consequences can be messy. For example, the
Electronic Frontier Foundation, the primary defender of online privacy and individual rights, filed a suit to demand answers on PRISM and other warrantless surveillance of Americans. The administration declared that the program was state secrets, and
that it did not have to defend itself in court as a result. This is an interesting trend that the Obama administration has used before – basically, it argues that anything that it deems ‘state secret’ – and it wants to be the sole arbiter of what is or is not state secret – is immune from review or judicial action.
Another interesting consequence of Prism is the loss of moral high ground of the US with
respect to countries like China. THe US has long criticized China for its monitoring and
censorship of digital media (the Great Digital Wall of China). This becomes harder when the US can be shown to not only monitor its own citizens data communication, but also millions on millions of foreigner traffic from within the US as well. The reverse is also true, by the way – early indications are that the Prism data was shared with other governments, like the UK and Canada. So data on US citizens was passed, as a matter of routine, to foreign governments.
Some have argued that, technically, Prism is not manipulative – a manipulation is designed to change behavior in some way, and Prism doesn’t change behavior. But this misses two important points: The first one is how the administration got this program approved. Basically, when Obama argued, in the wake of the disclosure, that the program is fully legal, he was technically right – the FISA Act passed under Bush does arguably authorize the monitoring of telecommunications without a warrant, but does so with two provisos: it is an emergency measure, designed to be used when “intelligence important to the national security of the United States may be lost or not timely acquired and time does not permit the issuance of an [specific] order”, and it is supposed to be used for a year. Basically, the Obama administration took an emergency measure and institutionalized it, renewing all the letters once a year on a routine basis. So warrantless surveillance that was initially thought to be very specific and punctual turned into systemic and massively broad.
The second manipulative element is the claim that the system is critical to “US interests.”
The reality is that there are very, very few terrorist acts in the US. The entire Prism
infrastructure is complex, and generates gargantuan quantities of data. But, however broad, the system is easy to bypass for those that truly value secrecy. Prism can spy on you
accessing your email, but if you decide that you really don’t want to be spied upon, it’s
quite possible to do so – encrypt your email, use TOR, and take some relatively simple
measures that would make it very, very difficult for Prism to capture any meaningful data.
Presumably, intelligent terrorists are smart enough to not post their plans of Facebook, and to use a basic encryption attachment for their emails. Even dumb terrorists, like the Boston Bombers, tend not to advertise their plans on social media. Presumably, a very careful search of their google habits might have revealed something, but it clearly did not. In effect, the administration has created a massive infrastructure that is largely useless to the stated purpose of what it needs to do.
It’s also worth noting that the Obama administration has had a very poor track record of
dealing with whistleblowers and leaks. For an administration that prided itself on being “transparent”, it has consistently waged persecutions the harshest war on leaks and whisteblowers that expose government corruption and illegal activities of any administration on record. The ink was hardly dry on the Guardian’s piece about Prism that Washington officials were already decrying the leak and promising
extensive investigations and prosecutions for the individuals that leaked the information.
The question this raises is obvious – if Prism is perfectly legal and overseen by Congress as
Obama claimed, why the ire and anger at the whistleblower? Why the urge to prosecute someone that explained what the government does in all legality?
* * * *
Prism is a monitoring system, which is not manipulative in nature since it doesn’t try to
change behaviors. But the way the administration has put it in place, kept it in place, and
coerced tech companies under its jurisdiction to help implement it is massively manipulative. As a result, if you use Google, any Apple service, any Microsoft product, Prism is probably collecting your information as we speak. Ironically, the only tech company that refused to cooperate with the NSA was Twitter. A company designed to broadcast information publicly was the sole standout amongst Internet companies to resist surrendering its users’ privacy and rights…