The Edward Snowden saga has been playing out dramatically across the front pages of newspapers and nightly news worldwide. And the effects of his very public revelation of the National Security Agency’s (NSA) surveillance program, PRISM, still have not been fully realized. However, enough time has passed since he first sat down with Glenn Greenwald of The Guardian that a reexamination of the events seems in order.
Here’s a quick re-cap of what we do know. The NSA has, since 2007, been provided direct access to troves of data collected by for-profit companies like Google, Yahoo!, Microsoft, AOL and others. The contents of that data include e-mails, search histories, live chats and file transfers. While the law that established the PRISM program claims only non-US citizens are subject to surveillance, Americans who communicate with anyone outside the United States are not exempted.
Each of the companies associated with PRISM initially offered flat-out denials they, in any way, cooperated with, participated in, or even knew of the existence of the NSA surveillance program. However, those denials became hollow earlier this month when it was reported Microsoft had helped the NSA circumvent their own encryption process which aided the agency in being able to intercept live web chats on Microsoft’s Outlook.com portal. Microsoft also worked with the agency to provide easier access to their cloud storage service, SkyDrive.
Since the idea of a government run surveillance program went from probability to confirmed reality, there have been statements and opinions offered by government officials, pundits, security analysts and citizens, alike. The legality of this program will have to be fought out by constitutional scholars and lawyers. For the rest of us, let’s look at the nature of privacy and how our being ever-more-tied to our mobile and digital devices strips away our anonymity.
Does Privacy Exist Anymore?
In a recent study, published in the March edition of Nature’s journal Scientific Reports, researchers pored over mobility data for 1.5M individuals based on their mobile providers antennas. They determined, when refreshed hourly, four spatio-temporal points are all that is needed to be able to uniquely identify 95 percent of the individuals. Their study, entitled ‘Unique in the Crowd: The privacy bounds of human mobility’, paints an interesting conundrum on how future frameworks must be created in order to protect the privacy of individuals.
As they claim in their introduction, “…the notion of privacy has been foundational to the development of our diverse societies, forming the basis for individuals’ rights such as free speech and religious freedom. Despite its importance, privacy has mainly relied on informal protection mechanisms.” The team highlights an important 19th Century publication by Samuel Warren and Louis Brandeis, brought about by photography and yellow journalism, which argued privacy law must evolve in response to technological changes.
This fact remains especially true in a world dominated by modern information technologies like the Internet and mobile phones. Mobility data has been used previously for research purposes as well as to provide personalized services to users. However, a sufficiently motivated organization could use such data to, for instance, track movements of a competitor’s sales force, determine an individual’s place of worship, or even know when someone has been at a particular motel or abortion clinic. The research team, for this reason, suggests the maintenance of individual privacy, in the age of the smartphone, requires the individual to engage in idiosyncratic movement.
Immediately after the PRISM program was brought to light, the US faced a backlash from many of our European allies. They claimed they were none too happy about the United States possibly spying on their own citizens. In an article published in Germany’s Der Spiegel, it was reported more than 20 million German phone connections and 10 million Internet data sets are monitored by the NSA on an average day. Busier days saw the 20 million figure jump as high as 60 million.
In the very same article, however, allegations of complicity on the part of the German government were leveled. The published interview, conducted with Snowden prior to his becoming the public face of the scandal, states, “The partnerships are organized in a way so that authorities in other countries can “insulate their political leaders from the backlash” in the event it becomes public “how grievously they’re violating global privacy.” Prior to its publication, German Chancellor Angela Merkel had decried the revelations, likening them to “Cold War” tactics.
While Britain has their own surveillance program, codenamed ‘Tempora’, and a publication in the French daily Le Monde stated that country was also engaged in a widespread surveillance scheme, German citizens have reason to express such sensitivities where spying and surveillance are concerned. Their not-too-distant past has examples of intrusive surveillance and snooping in the former communist German Democratic Republic and also during the Nazi era.
The Battle In Britain
The aforementioned ‘Tempora’ program, operated by Britain’s GCHQ eavesdropping agency, is known in the intelligence world as a “full take”. As Snowden detailed, “It sucks up all information, no matter where it comes from and which laws are broken. If you send a data packet and it goes through Britain, we’ll get it. If you download anything, and the server is in Britain, we’ll get it.”
In fact, when the NSA decides to target an individual, they virtually assume full control of a person’s data. Effectively, they take over an individual’s computer. That computer, as Snowden says, “…more or less belongs to the US government.”
This intrusion has led to lawsuits having been filed, both in the US and the UK, over an individual’s right to privacy. Privacy International filed suit against the British government, citing both PRISM and Tempora, which taps major internet cables around the world. As the privacy activist group states, the lack of a publically accessible legal framework for the NSA spying on British citizens, and then sending the resulting data to UK authorities, (a tact that would clearly be illegal if the British collected the data themselves), the legality of PRISM and Britain’s own Tempora program are called into question.
Privacy International’s research chief, Eric King says, “One of the underlying tenets of law in a democratic society is the accessibility and foreseeability of a law. If there is no way for citizens to know of the existence, interpretation or execution of a law, then the law is effectively secret. And secret law is not law. It is a fundamental breach of the social contract if the Government can operate with unrestrained power in such an arbitrary fashion.”
A similar lawsuit, filed by the American Civil Liberties Union in the United States, has effectively been quashed as the Obama administration asserted the FISA court has no requirement to publish its decisions, even those that address the constitutionality of mass surveillance programs.
Part 2 of this series, to be published Wednesday, July 31, will explore if and how large intelligence gathering schemes can be dismantled, what the future of governmental and private corporate surveillance means to you, and how you can take measures to protect your identity and privacy in this brave new world.
(originally published at SiliconANGLE.com)