It looks like going to the FISA court and getting warrants for each new effort at widespread trawling of phone records was too much trouble for the Obama administration, even though that court is notorious for being a rubber stamp. Yet another major revelation today says that they have decided to simply get blanket permission once and for all for authorization to tap directly into the servers of major internet companies and take what they want.
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
Of course the companies have to be complicit in this, though they deny it.
The government probably knows what you ate for breakfast today if you happened to tweet it to someone.
According to the article, not Twitter, apparently.
Although of course government agents, just like anyone else, can read your tweets if they’re public.
While the argument saying the data they collected didn’t contain actual content was always a red herring, it’s great that this release ruins that narrative. I wonder if they planned having that in mind.
That aside…this is really, really disturbing.
“It may be the first of its kind.”
Meaning that there may have been others before it.
http://en.wikipedia.org/wiki/ECHELON
There are some legalities involved. I haven’t been tracking them after 2008 when I left the rat race, but IIRC there is a difference between communication and storage. FISA grants licences for interception of communication (live sessions and store&forward channels like e-mail), but snooping static data stored in servers like fish in barrels is not within their bailiwick. The spooks can pirate content from servers freely without bothering the FISA.
Also there is the extraterritorial issue. If the servers are outside US territory, who makes the rules? The USA or the country of the servers? Some Chinese hackers would like to know…
For an overview of how bad things are, the books by James Bamford that discuss the NoSuchAgency are indispensable. The Shadow Factory: the Ultra-Secret NSA from 9/11 to the Eavesdropping on America (2008) is still fairly current. The earlier ones give an indication of how long this has been going on.
The recently discussed phone records being gathered do in fact not contain content. I believe that international calls are monitored and if certain criteria are met the content is gathered in case it is needed in some future investigation. This doesn’t mean that anyone actually listens to the calls.
I realize this all sounds terribly alarming, yet there is no real news here. This has all been discussed in the past, and none of the recent revelations are out of line with what people who have been following such issues in the press carefully already knew. The only real difference here is that apparently given the mood of sensationalism in the press lately, the media deemed it in their best commercial interests to give this issue a lot of attention now.
I don’t view this gathering of data as much different from what commercial firms are already doing, and in fact the data that Facebook gathers and how they use it seems more alarming to me than the government gathering data and how they use it.
Of course in an ideal world, we wouldn’t want anyone to have any information about us ever under any circumstances.
But on the other hand, I think we are all very glad that the Boston bombers were caught so quickly. Once someone commits a terrorist act, or murder, or other grievous crime, do we want the police and FBI to be able to gather information about them in the future so that they can track them and arrest them? Well the data gathering being talked about now extends that capability into the past, to the time before the crime was committed. The data is gathered provisionally, but nobody has the right to use it unless there is probable cause.
The gathering of the data can have some good consequences. The problem of course is if the data is used for unlawful and unauthorized purposes. This is where we really need to be vigilant. I don’t think it makes as much sense to block the formation of memory in our communication infrastructures, as it does to control the ways in which that memory can be used. I remember when caller ID was new and many people were very alarmed. Now most people wouldn’t want to live without it. In some ways this data gathering is a similar two edged sword.
I guess the fundamental question is: is there a way to control the usage of such data, once gathered, to prevent injustice, abuse, and violation of law? If the answer is no, then the only choice is to try to block all gathering of data. If the answer is yes, then worrying about the gathering of the data is a bit silly. It is the controls and checks and balances on its usage that we need to be concerned about. Rather than insisting they not collect data, we should insist on procedures that govern how it is handled. Trying to block data gathering by corporations and government is a ship that sailed long ago.
We really have to ask ourselves what is it that protects our freedom and our civil rights? It is not keeping the government from having access to technology. It is not keeping the government from having access to information. The government has always had the most lethal and powerful technologies available. And it is not keeping the details of our lives private that protects us. What privacy does is it makes it easier for criminals to evade detection and capture. But no matter how much privacy you have, it won’t stop the government from killing you or arresting you or otherwise ruining your life. What stops them from doing that, what actually protects us, is rule of law and democracy. It’s courts and due process, judicial review, presumption of innocence, etc. What protects us are the checks and balances that prevent such information from being used without cause, that prevent action from being initiated based on that information unless there is cause, and that guarantee we have the right to challenge any accusations in a court of law. These are the things that protect us, not privacy.
If I thought that someone in the government was actively focusing on my information without any probable cause to do so, I’d be more upset. But the fact that information is being gathered and stored away unexamined, where it might be used in the future when there is a real need to track down, arrest, and prosecute very violent and dangerous people, doesn’t bother me nearly as much.