PRISM primer: We’ll get you up to speed on spying
Need help understanding the basics of this surveillance brouhaha? Read on.
My head has been deeply buried in sand for the past month. What’s PRISM?
PRISM is a counterterrorism program overseen by the National Security Agency’s Special Source Operations group, which allows the NSA and the FBI to obtain email, phone call, video, login, and social-networking data from major Internet companies such as Google, Microsoft (and Skype), Yahoo!, Facebook, AOL, Apple, and the chat service PalTalk. Ostensibly, the aim is to look for patterns that could indicate terrorist activity. Intelligence officials say the program is authorized under the Foreign Intelligence Surveillance Act.
But they’re only spying on non-US citizens, right?
According to the Washington Post, analysts use various search terms and filters that are designed to produce at least 51 percent confidence in a target’s “foreignness.” As the Post put it, “That is not a very stringent test.” Or, as John Oliver noted on The Daily Show, “that’s like flipping a coin, plus one percent.”
Not to mention that documents released by the Guardian in mid-June “show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used” and that the NSA may “retain and make use of ‘inadvertently acquired’ domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity.”
What about the big telecomm companies? How are they involved?
A separate revelation earlier in June showed that the NSA has also been collecting phone call “metadata” — basically everything about a call except its contents (numbers of both parties on the call, plus location and duration) — from Verizon, AT&T, and SprintNextel for seven years. The program appears to be based on a section of the USA PATRIOT Act that allows the government to obtain business records that are relevant to an ongoing terrorism investigation. Under the Foreign Intelligence Surveillance Act, a top-secret panel of judges must evaluate and approve such “metadata” surveillance and warrant requests. If the NSA wants to mine the metadata more specifically, it must seek permission to do so.
Have these programs actually helped foil any terrorist plots?
Depends on who you ask. According to a statement from US director of national intelligence James Clapper, “Communications collected under [these programs] . . . have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies,” as well as “provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks.”
But as Leonid Bershidsky pointed out in Bloomberg, “infrastructure set up by the National Security Agency . . . may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The PRISM surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use.”
What are some of the things being done to effect change or at least advance debate on this issue?
US Senator Patrick Leahy, Democrat of Vermont, has introduced the FISA Accountability and Privacy Protection Act of 2013, which would strengthen oversight of government surveillance programs while increasing privacy protections. The proposed bill would also require that FISA be re-examined in 2015, instead of 2017 as currently scheduled.
Additionally, the San Francisco-based Electronic Frontier Foundation launched the stopwatching.us campaign — “We demand the US Congress reveal the full extent of the NSA’s spying programs” — which had gathered close to 500,000 signatures (individuals, non-profits, and businesses) by Tuesday afternoon.
And Republican senator Rand Paul, of Kentucky, is asking supporters “to join me in a class-action lawsuit to STOP Barack Obama’s NSA from snooping on the American people.”
Counterveillance 101: How to stay off the NSA’s radar
We’ve come a long way from invisible ink and secret decoder rings — these days, if you want to keep your personal matters truly private, you have to take a few extra precautions. Regardless of whether you do so for practical or philosophical reasons, consider employing one of these tools to help maintain your own obscurity.
* The Tor browser system allows for encrypted, anonymous browsing. The free software bounces your communications around an international open network, preventing anyone from learning your location or what sites you visit. There’s an Android app too. And you can add a Tor plug-in to your Mozilla Firefox browser.
* HTTPS Everywhere, a joint endeavor of the folks at the Electronic Frontier Foundation and the Tor Project, provides online security in three ways: 1) server authentication; 2) data confidentiality (via encryption); 3) data integrity (ensuring that your communications are not modified). It’s a free extension for Firefox and Chrome browsers.
* For an effective model of counterveillance — turning the tables to watch who’s watching you — check out Do Not Track (donottrack.us), which “signals a user’s opt-out preference with an HTTP header, a simple technology that is completely compatible with the existing web.” Another option is Mozilla Collusion, an experimental Firefox add-on that allows you to see the “spider-web” of third parties tracking your movement across the Web.
* Don’t want Google and the government to know (or store!) all your search queries? Try Startpage.com, which uses encryption and doesn’t store any data. “We make this perfectly clear to everyone, including any governmental agencies,” Startpage CEO Robert Beens says in a public letter to users. “We do not record the IP addresses of our users and we don’t use tracking cookies, so there is literally no data about you on our servers to access. Since we don’t even know who our customers are, we can’t share anything with Big Brother. In fact, we’ve never gotten even a single request from a governmental authority to supply user data in the fourteen years we’ve been in business.”
* Find many more free (and paid) services for email encryption, social networking, cloud storage, text and video chatting, and more at prism-break.org.
* Perhaps the most important tip is simply to stay informed. Know who has access to your data and what they use it for. As author and journalist Shel Israel said at last month’s International Association of Privacy Professionals conference in Portsmouth, “I can’t tell you what you should do, other than be aware and pay attention.”