The NSA has it all but what will it do with it?

Dissecting the PRISM Overreaction

The NSA has it all but what will it do with it?
The NSA has it all but what will it do with it?

Americans went up in arms when a program managed by the United State’s National Security Agency (NSA) called PRISM was leaked to the media. PRISM is a secret espionage program that monitors valuable foreign communications that passes through servers located in the United States and possibly even those located offshore but owned by companies based in the United States. The revelations showed that this program was extended beyond foreigners to also cover Americans. In a country where civil liberties are highly prioritized and any form of government surveillance is heavily rejected, you can imagine the magnitude of the storm that swept through the United States in the past week.

The main problems with PRISM was that it allowed the collection of granular US citizen information without requiring a warrant. Audio and video chats, photographs, emails, documents and connection logs could be monitored. It is the usual two edged sword argument. While PRISM gave the NSA a treasure trove of information that would allow greater protection of national interests, citizens were rightly fearful of how the government would handle such information.

However, I feel that the entire uproar over PRISM is a little overblown. There are obvious problems that must be rectified but there’s no need to panic the way some media outlets are encouraging its readers to do so.

 

 

Always Been There

Information is power. It gives you space to react and allows you to put yourself in a more advantageous position. As such, governments always keep tabs on their citizens. PRISM spawned off the Patriot Act which had multiple precedents in the century past. The US government was always spying on its own citizens. You can reduce the severity of the word with euphemisms like monitoring, preemptive protection, etc. It has been there for a long time.

 

It is naive to believe that no one is keeping watch on you. In reality, everyone is keeping watch of each other.

 

It is naive to believe that no one is keeping watch on you. In reality, everyone is keeping watch of each other. There are those who take greater effort to observe their surroundings. This allows them to read individuals with the multiple data points they have picked up. The act of careful observation is an active effort to glean information that is otherwise unobtainable and this is done by everyone to everyone. The question is simply how effective one is able to do that.

PRISM’s problem is that it is so effective it can be scary. The NSA is able to dig deep into a person if they need to. It is not just the United States, every country has a similar operation and they declare their agencies as one that provides internal security. When you join sensitive jobs, you can be sure they run background checks on you. This actually spans a large number of jobs. The fact that they can run background checks on you means that they have monitored everyone so much so they simply need to reach in for your file and run through it. In short, your file was always there. Yes, even before PRISM.

The dichotomy between perceptions and reality is probably what keeps people sane. But we should wake up and see the world as it is. Don’t be naive. If you believed that everything you did was private, you are very sadly mistaken whether PRISM existed or not.

 

 

 

Noise

Continuing on the same lines, let’s be realistic about the information that the U.S. government has access to. One of the  biggest fears is that the government has access to everyone and anyone. What this also means is that the data is 95% noise, useless to security officials. When gathering data, whether be it on people or simple statistics for a harmless academic project, any student would tell you how hard it is to get good data. There’s plenty of information out there and more of it in not necessarily better. It means more work sorting out what is relevant and what is not.

 

More data usually means plenty of worthless noise to sieve through. You are not as attractive an information dataset as most self indulgent human beings think they are.

 

Scope can actually be a great hindrance to the security operations in the United States. The FBI, CIA, NSA, etc may be huge organizations but they do not have the capacity to monitor every single citizen. They are likely to focus on no more than 1% of the population. More data doesn’t mean better data. And more data usually means plenty of worthless noise to sieve through.

Don’t jump the gun and think that someone is scrutinizing your every move. Maybe they would if they could but the fact is they can’t. Unless you fall in that 1%, the relevant U.S. agencies have no time to dig things up on you. You are not as attractive an information dataset as most self indulgent human beings think they are.

 

 

Data Sources

Let’s turn our attention away from the now rather absurd ‘spy-on-everyone’ theory and focus on the data sources. The PRISM programme was simply one that encouraged tech companies to cooperate and hand over user data to state agencies. There’s an important point here. The government (at least in this programme) is not actively collecting information on you first hand.

The information that is available on Google’s, Microsoft’s, Apple’s, Facebook’s, etc servers are all provided by you. I have written in the past that everything you do online can be easily reversed engineered and searched through. You should always be on your guard online just as you would when you step out of your house.

I personally give Facebook, Google, Microsoft and Twitter plenty of data about myself. I make scheduled efforts to erase data that is over 30 days old but I am fully aware that this data will probably remain in backups. So, I make sure that I am perfectly fine with people crawling through whatever I post or store on any of these platforms. If I am not, then that piece of data doesn’t go online.

 

Many homebrew hackers can do what PRISM does and are more interested about you than the government will ever be.

 

I can understand that people with plenty of secrets would have issues with this argument. But do ask yourself this. If you have plenty of secrets, you should only have a small group that you share these secrets with. Having secrets with many people destroys the entire notion of secrets. Tongues are always found wagging and such propensities increase with the number of people you share secrets with. Therefore, if these secrets are sensitive enough, you and those you share with should be a close knit bunch that do not mind meeting face to face. The government is not the only one able to intercept your electronic communications, many homebrew hackers can. The later is likely to be more interested in your personal life than the former.

In short, keep all forms of electronic communication free of your secrets. If you have secrets, you should only be sharing them with a small bunch anyways and this should not be a problem. If the above is not true in your case, you should carefully evaluate how you handle your so called secrets.

 

 

The Problem With PRISM

PRISM has its issues. The most pertinent issue is transparency. NSA officials have come out in defence of the programme saying that there is sufficient checks and balances and that multiple facets of the leadership is ensuring that the system is not abused. This, of course, includes both the legislature and judiciary. But the problem is that people on the ground did not know it.

Due to the sensitivity of surveillance issues, it is clear that the United States have chosen to skip asking for permission.  If they had gone that route, the programme would never have been passed. Also, this programme is not necessarily the most cutting edge one out there. Other competing countries have done better. The United States needed to get a leg up in this competitive global space.

 

The US should take time to explain the system to a degree that is sufficient for public knowledge.

 

This is probably the right move but now that PRISM has been blown open to the public, the US should take time to explain the system to a degree that is sufficient for public knowledge. People need to know that their data is accessible by law enforcement officials. They may not need to know the how but they need to know that it exists. This is the biggest problem with PRISM but one that can be rectified.

 

 

What’s Next

Most people want the system shut down. That’s a crazy move. The lack of surveillance is a prelude to a lack of accountability. If people are free to do what they like, the country becomes a magnet for more shady activities. Just look at the safe havens in Sweden in the banking sector. Who ended up using those banks? No, not people concerned with privacy but people concerned with tax evasion and hiding proceeds from illegal activities. The United States would not want to be the first country to fall behind in this area and also turn into a safe haven for such untoward things.

It is in human nature to be more careless and inconsiderate (to put things mildly) when you know you have space to use and abuse without accountability. As much as the government wants to keep its citizens honest, the necessary details of PRISM must be made known since it can directly affect citizens. Making parts of it known will also act as a form of deterrence which could make would-be criminals to think twice before attempting to do something in the U.S. or via U.S. services.

 

 

Don’t Freak Out, Execute Better

In short, there’s no need for the general public to freak out over this. Tech media outlets have gone absolutely bananas because this is their core area of interest. The issue requires immediate attention but it also has to be done with balance and context.

 

If you have secrets to keep, then do your secrets a favour and handle them properly.

 

It must be made transparent that the instruments are available but it must also be understood that there’s no way the government have the funds, time or capability to monitor every single one of its citizens. People who raise red flags will be monitored as they probably deserve to be. Besides that, take good control of what you do online or even over the telephone. If you have secrets to keep, then do your secrets a favour and handle them properly.

Remember, before the internet, there was always a mail man or an operator. The existence of a middle man severely depreciates the privacy of whatever you are sending.

Don’t get paranoid. Get real and handle things better.

 

 

For more posts like these, follow @davejunia on Twitter.