When Edward Snowdon's revelations about pervasive NSA surveillance first came to light, I thought the worst thing that could happen would be for people to be faux-raged for a little while and then to turn their attention to the next big news story. Has that already happened? Sometimes I think so, sometimes I don't.
What I'm sure of is that, even as the revelations keep coming, I keep hearing from smart, educated, responsible, thoughtful people -- friends, family, and acquaintances -- that pervasive surveillance is old news; not a meaningful invasion of privacy; and/or a 'necessary compromise' to keep evildoers in check.
It's not a gimme to push back against these arguments. It's complicated. There are multiple aspects of what's worrisome about a pervasive surveillance state, some of them are related in non-obvious ways, and even the most avid newshound is hobbled by the simple truth that civilians and even most experts are working from incomplete information. The reasons we ought to take pervasive surveillance seriously are complex. Some of the complexity is technical, while some is social or political.
I think that several months after Glenn Greenwald first broke the Snowdon leak story in The Guardian, it makes sense to examine aspects of the most consequential issues his leak raised, through some of the best journalism that has emerged since. By "best" I mean "most clarifying" or "most illustrative"; there's some wildly speculative and hyperbolic muck out there ... and while I recognize that not everyone will award golden "most clarifying" stars to the same pieces I do ... well, that's why there's a comments section.
I'm not going to try to examine all the important aspects of pervasive NSA surveillance. I'm not that smart. And there's no room for that thorough an examination in a single essay, not even this ridiculously long one!
Here are key points I'll touch on in this post:
- The data that's being gathered reveals an enormous amount about an individual's activity in social, economic, and political spheres.
- Surveillance data being harvested today places ordinary people at risk of persecution by the present and any future government.
- Nefarious use of surveillance data could easily look like current "civil forfeiture" practice applied to ordinary people.
- The strategies used by the NSA to enable pervasive surveillance may have already undermined the trust and security of the internet itself, on which enormous sectors of economic, political, and social activity depends.
More below the fold...
Metadata mining is much more invasive than airport body scans
Days after the Snowdon leak story broke, I posted a diary titled Not your granddaddy's metadata: don't believe the PRISM anti-hype, in which I pointed to expert opinions and studies indicating how much can be learned about a person's activities from a very little bit of metadata. Since then, this topic has been treated extensively in many public forums, so it would be silly to belabor the point.
However, a very clever analysis just came to my attention a week ago (thanks to B-- and S-- of Madison, WI -- which is probably enough metadata for the NSA to figure out to whom I'm referring, if they care).
The analysis is worth sharing.
In Using Metadata to Find Paul Revere, Kieran Healy, Associate Professor of Sociology at Duke University, details in farcical form how social network analysis (SNA) -- an analytical technique applicable to social media and similar metadata to discover roles and relationships in any given group of people -- might have been used by the British in the 1770s to unmask (and perhaps nip in the bud) Paul Revere's catalytic role in the American Revolution ... if the Redcoats had actually known how to perform SNA.
The gist is this: applying social network analysis techniques to eighteenth-century data about memberships in seven Boston-area organizations -- covering a mere 260 persons in toto -- surfaces Revere's importance as a central, brokering, key individual in the mobilization that led to the revolution that freed the United States from British subjugation. Had they been in possession of information surfaced by SNA, a British special ops team, had one existed at that time, might have set out to garrote Paul Revere in order to disrupt, and perhaps incapacitate, revolutionary activity in Boston.
Here's how Prof. Healy puts it in a faux-18th-century voice:
So, there you have it. From a table of membership in different groups we have gotten a picture of a kind of social network between individuals, a sense of the degree of connection between organizations, and some strong hints of who the key players are in this world. And all this—all of it!—from the merest sliver of metadata about a single modality of relationship between people. I do not wish to overstep the remit of my memorandum but I must ask you to imagine what might be possible if we were but able to collect information on very many more people, and also synthesize information from different kinds of ties between people! For the simple methods I have described are quite generalizable in these ways, and their capability only becomes more apparent as the size and scope of the information they are given increases. We would not need to know what was being whispered between individuals, only that they were connected in various ways. The analytical engine would do the rest! I daresay the shape of the real structure of social relations would emerge from our calculations gradually, first in outline only, but eventually with ever-increasing clarity and, at last, in beautiful detail—like a great, silent ship coming out of the gray New England fog.But perhaps that's too whimsical or allegorical an approach for flinty-minded readers.
In that case, I recommend an academic paper (to which Prof. Healy links in an afternote to his piece) by Shin-Kap Han, an Associate Professor of Sociology at University of Illinois at Urbana-Champaign: The Other Ride of Paul Revere: The Brokerage Role in the Making of the American Revolution (PDF). This dense, 20-page treatment with tables, graphs, 19 footnotes, and dozens of cited references, was published in June 2009 in Mobilization, a "a review of research about social and political movements, strikes, riots, protests, insurgencies, revolutions, and other forms of contentious politics" run out of San Diego State University. The review's purpose "is to advance the systematic, scholarly, and scientific study of these phenomena, and to provide a forum for the discussion of methodologies, theories, and conceptual approaches across the disciplines of sociology, political science, social psychology, and anthropology."
Prof. Han's article builds on membership data about five organizations to which Paul Revere and 136 others belonged (a subset of data Prof. Healy used). His paper describes through detailed illustration and analysis of this data how SNA is applicable to real-world activities, and how a seemingly small quantity of metadata can reveal a very great deal indeed.
What government surveillance means to you, today and in the future
In the case of Paul Revere, the revelations provided by sparse metadata comes long after the fact of his political activity. But the same methods apply to individuals alive today (and tomorrow), and an enormously greater body of metadata concerning today's activities is available to those -- like the NSA -- who collect it.
For a summary of what is known about what the NSA is collecting, I'd recommend the Electronic Frontier Foundation's How the NSA's Domestic Spying Program Works and the ACLU's A Guide to What We Now Know About the NSA's Dragnet Searches of Your Communications (the latter report is dated 9 Aug 2013). My summary of key elements of this week's bottom line includes:
- metadata about telephone communication (names, addresses, detailed records of calls) is being vacuumed up by the NSA;
- the NSA has real-time surveillance access to just about everything that a typical person does on the internet, and search tools that make it possible to zero in on any name, e-mail address, or IP (computer network) address, etc. that an analyst wishes to examine ("without prior authorization"), whether that data/activity originated in the United States or elsewhere;
- the NSA is building a huge ($2Bn) data facility in Utah to store the data it has been collecting over the past decade or so and into the future.
What this means to your average person may be best summarized by Edward Snowden himself, in a widely viewed video interview published by the Guardian on 9 June 2013. The following is my own transcription of what Snowden said beginning at 7'12" into the interview:
... even if you're not doing anything wrong you're being watched and recorded, and the storage capability of these systems increases every year, consistently, by orders of magnitude to where it's getting to the point you don't have to have done anything wrong, you simply have to eventually fall under suspicion from somebody, even by a wrong call, and then they can can use this system to go back in time and scrutinize every decision you've ever made, every friend you've ever discussed something with, and attack you on that basis, to sort of derive suspicion from an innocent life, and paint anyone in the context of a wrongdoer.Will the grim picture Snowden paints necessarily happen?
Well, no. If the people who hold the power to "derive suspicion from an innocent life, and paint anyone in the context of a wrongdoer" decide not to exercise their power in that way, then it won't happen.
But -- even if you trust the current U.S. government to do the right thing today -- you need to ask yourself whether you similarly trust next year's or next decade's government (details persons and policies TBD) to take a similarly trustworthy approach.
As they say in the investment world, past performance does not predict future returns.
If pervasive surveillance data is collected, and stored, and accessible to analysts, then whatever agency or agencies have the data and tools also have the means to "derive suspicion from an innocent life, and paint anyone in the context of a wrongdoer." Any agency or agencies who have the data and tools. Not just the ones whose politics and policies one might like.
Whether this is worrisome enough to do something about it is a political and sociological call that each of us as individuals and citizens, and we collectively as a nation and society, need to make.
Imagining nefarious use of surveillance data: consider civil forfeiture
It's hard for many people to imagine the path from the United States they inhabit to a nation with a Soviet-scale gulag or to the world depicted in Neill Blomkamp's dystopian thriller, Elysium. It's therefore useful, I think, to consider repression at less dramatic scale. Doing so helps one put police-state-creep into real world perspective.
An article titled Taken, by Sarah Stillman in The New Yorker of 12 August 2013, takes a hard look at certain current practices of some state, county, and city law-enforcement agencies. These practices fall under the general category of "civil forfeiture."
What is "civil forfeiture"? In a nutshell, quoting from the sub-title of Stillman's article:
Under civil forfeiture, Americans who haven’t been charged with wrongdoing can be stripped of their cash, cars, and even homes.In Taken, Stillman describes the experience of American citizens and residents whose property was seized under circumstances that are functionally indistinguishable from being forced to pay authorities a bribe to be released from a police investigation and/or a threatened prosecution. But not an illegal bribe. Civil forfeiture sufficiently conforms to the letter of the law that it's difficult or impossible to fight for many individuals whose legal property is taken from them by agents of law enforcement.
The examples Stillman gives in her article take place in Texas, Oklahoma, Georgia, Arizona, Washington, D.C., Pennsylvania, Virginia, et al. In other words: all over the country.
Here's how civil forfeiture works in greater detail, again from Stillman's article:
The basic principle behind asset forfeiture is appealing. It enables authorities to confiscate cash or property obtained through illicit means, and, in many states, funnel the proceeds directly into the fight against crime. In Tulsa, Oklahoma, cops drive a Cadillac Escalade stencilled with the words “this used to be a drug dealer’s car, now it’s ours!” In Monroe, North Carolina, police recently proposed using forty-four thousand dollars in confiscated drug money to buy a surveillance drone, which might be deployed to catch fleeing suspects, conduct rescue missions, and, perhaps, seize more drug money. Hundreds of state and federal laws authorize forfeiture for cockfighting, drag racing, basement gambling, endangered-fish poaching, securities fraud, and countless other misdeeds.The pattern of the many examples Stillman cites leads the reader to conclude that in some jurisdictions, civil forfeiture is practiced in order to fund law enforcement budgets:
In general, you needn’t be found guilty to have your assets claimed by law enforcement; in some states, suspicion on a par with “probable cause” is sufficient. Nor must you be charged with a crime, or even be accused of one. Unlike criminal forfeiture, which requires that a person be convicted of an offense before his or her property is confiscated, civil forfeiture amounts to a lawsuit filed directly against a possession, regardless of its owner’s guilt or innocence.
[...] civil-forfeiture statutes continued to proliferate, and at the state and local level controls have often been lax. Many states, facing fiscal crises, have expanded the reach of their forfeiture statutes, and made it easier for law enforcement to use the revenue however they see fit. In some Texas counties, nearly forty per cent of police budgets comes from forfeiture. (Only one state, North Carolina, bans the practice, requiring a criminal conviction before a person’s property can be seized.) Often, it’s hard for people to fight back. They are too poor; their immigration status is in question; they just can’t sustain the logistical burden of taking on unyielding bureaucracies.Now.
Take a deep breath (especially if you followed the link and read Stillman's descriptions of the devastation to real people's lives caused by civil forfeiture practices). And, with a clear mind, consider local incentives to inflict civil forfeiture proceedings on helpless individuals against Snowden's description of what pervasive surveillance enables.
Quoting again from Snowden's June 9th Guardian interview, with ellipses to get us right to the heart of the matter:
... even if you're not doing anything wrong you're being watched and recorded [...] it's getting to the point you don't have to have done anything wrong, you simply have to eventually fall under suspicion from somebody, even by a wrong call, and then they can can use this system to [...] derive suspicion from an innocent life, and paint anyone in the context of a wrongdoer.The heart of the matter, of course, is that it doesn't even have to be criminal or political. You don't have to be regarded by powerful authorities as a political 'problem' or a 'terrorist' to have your life ruined when your activities are recorded and maintained by government spies.
You might not even fall under actual suspicion. Maybe you just look like a juicy target.
What civil forfeiture in these United States tells us is that pervasive surveillance of the sort the NSA practices enables subjugation of average, innocent civilians by authorities who are motivated by ... budget cuts. Or call it greed. Or call it lust for power. You know, the kind of crooked timber that human beings are built from.
Are you worried yet?
The other cost of NSA surveillance 'techniques': destruction of the internet?
If the risk to individuals doesn't worry you, how 'bout the news that the NSA has been secretly undermining technology that enables trust between merchants and customers, and between participants in social media activity that powers huge sectors of the 21st century's economy, political dialog, and social activity? By "trust" I mean the secure knowledge that things I willingly tell or give to a business or person won't be pirated by a malicious actor who will then do me harm.
So-called "security guru" Bruce Schnier is a fellow at the Berkman Center for Internet and Society at Harvard Law School and board member of the Electronic Frontier Foundation. In a post on his blog, Schneier on Security, dated 5 September 2013, titled The NSA Is Breaking Most Encryption on the Internet ... well, the title pretty much says it all.
What does that title mean? It means that the secure connection that you use when you give your credit card information to a vendor, like Amazon or PayPal, is not actually secure. Surprise!
It means that the intricate, clever password you use to protect your on-line bank account or your 401(k) can't possibly be intricate or clever enough, because the secure connection you use when you type it in is permeable to bad guys. Whee!
See, it's not a matter of only the NSA being able to sniff out your credit card info. That would be creepy, yes; and in a civil forfeiture context, in which not just the NSA but the local sheriff might be able to sniff it out too -- that might be really creepy ... and materially risky as well.
The problem is that the NSA, we've now learned, has made it possible to break the encryption that protects your commercial transactions by subverting the standards on which most encryption technology is built. The encryption technology that everyone uses is weak because the NSA secretly gamed the system so the agency could play Peeping Tom ... with the unavoidable and completely foreseeable side effect that other, unknown, clever bad guys can exploit the same weaknesses.
Oh, I'm not saying I could do it myself (I'm not a clever enough geek, and I'm not a bad guy ... really, I'm not!). I'm not even saying the whole department of programmers with whom I work at UC Berkeley could do it. But, oh, how about an army of cryptographers hired by organized crime syndicates (pick your favorite here, I won't risk naming favorites...)? Or how about a literal army of cryptographers run by a national government?
If you're up for a lot of tech talk, you can get the geeky details of the NSA's insanely reckless subversion of internet security in On the NSA. This is a 5 Sept 2013 post on the blog A Few Thoughts on Cryptographic Engineering, written by Matthew Green, cryptographer and research professor at Johns Hopkins University (it's the post that launched a kerfuffle in which his academic dean first demanded that Green remove the post from the internet, then abjectly apologized for making that demand).
An alternative to this thickly techie post would be to read the news stories to which Prof. Green refers in the excerpt included below, summarizing those articles' revelations (TL;DR, for those unfamiliar with the meme, means "too long; didn't read"):
If you haven't read the ProPublica/NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:Back to Harvard's Bruce Schnier, in an article published by the Guardian on the same date (things were pretty busy on 5 Sept). Prof. Schneir, who reviewed many of the leaked documents himself, responds to the NSA's stunning betrayal by calling his fellow eggheads to arms:
- Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
- Influencing standards committees to weaken protocols.
- Working with hardware and software vendors to weaken encryption and random number generators.
- Attacking the encryption used by 'the next generation of 4G phones'.
- Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
- Identifying and cracking vulnerable keys.
- Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
- And worst of all (to me): somehow decrypting SSL connections.
By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.If you're not worried yet? I don't know what more I can type.....
[...] I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.
What we've got is a military/industrial/security complex that is running off its rails. Just like President Eisenhower warned about half a century ago. It's putting individuals -- any and all individuals -- at perilous risk, and it's corroding key foundational elements of 21st century economic, political, and social life.
...a new leader will be elected, they'll flip the switch, say that because of the crisis, because of the dangers that we face in the world, you know, some new and unpredicted threat, we need more authority, we need more power, and there will be nothing that people can do at that point to oppose it, and it'll be turnkey tyranny.Turnkey tyranny.
Yup. We should worry about that.
This diary is cross-posted from the author's blog, One Finger Typing