Sections

Services

Information

UK United Kingdom

Nine reasons you should care about NSA’s PRISM surveillance

In the wake of former CIA employee Edward Snowden’s revelations of the PRISM NSA mass surveillance, people are once again asking why the general public should care if they’ve got nothing to hide. “Nothing…

You have nothing to hide – but does that mean you have nothing to worry about? JasonDGreat

In the wake of former CIA employee Edward Snowden’s revelations of the PRISM NSA mass surveillance, people are once again asking why the general public should care if they’ve got nothing to hide.

Nothing to hide” hides a lot behind an absolutist gloss. It puts the focus on the individual rather than on the real problem of a society-wide loss of data control at many levels.

Is this a fair question? Not really. Below, I give nine reasons why we must care – regardless of our innocent intentions.

1) Presumption of guilt

Mass surveillance and data retention overturn the foundation of the modern legal system: the presumption of innocence. Not only is the presumption lost for gathering evidence, it also weakens the effect of that presumption throughout the rest of the legal process.

If there is a normalisation in the public consciousness that there is a weakened presumption of innocence, we have compromised the effectiveness of our legal system.

2) The loss of personal data control

Mass surveillance circumvents our right to personal data control, also known as informational self-determination. As the late Professor of Public Law Alan F. Westin put it in his 1970 book, Privacy and Freedom:

The right of the individual to decide what information about himself [sic] should be communicated to others and under what circumstances.

We have envelopes for our letters and curtains on our windows not because we’re doing something wrong but because our we are choosing how to share (or not) that business. Governments and security organisations should have no part in that choice without a specific, targeted, and legally warranted reason.

3) Transferring power to security organisations

Allowing security organisations to have far-reaching capabilities without strict oversight effectively transfers power from governments to the security organisations themselves.

The power of voting for elected officials is weakened if security organisations make choices based on securing their own position rather the interests of the country.

topgold

Vladimir Putin is reputed to be finding the siloviki (the “men of power” from state security) who helped build his regime to now be more demanding than in the past. Such transfers of power are not limited to a shadowy few in a far-off land, nor just at the highest level.

In this kind of climate, the power to invoke or even just threaten a search from mass surveillance can be devolved to even front-line law enforcement.

4) False positives

Anyone searching for information on “topics of concern” to security agencies, for legitimate reasons (such as researchers, journalists, students) or even personal curiosity, could be falsely identified as a person of interest in an investigation.

As security technologist and author Bruce Schneier argued in a guest blog post last year, this is one of the fundamental problems of profiling.

The ramifications for the individual might range from inclusion on no-fly lists, denial of access to some jobs, through to false arrest.

5) Changing definitions of issues of concern

What counts as a problematic topic in the eyes of security organisations changes over time, especially in the wake of an incident. We are all still taking off our shoes at many airports because of one “shoe bomber”, Richard Reid, in 2001.

When something as seemingly benign as shoes is suddenly linked to security concerns, the potential for large retrospective data sweeps - as well as having shoe-related topics then included in future sweeps - increases, with concurrent increases in the possibility of embarrassing and/or gravely serious mistakes.

6) Political corruption

The potential exists for the government of the day to request detailed information that falls well outside the scope of legality. Watergate is the classic example of data-gathering about political adversaries, but compared to the potential corruption made possible by mass surveillance, that was a drop in the ocean.

Mass surveillance could be directed not only at direct political adversaries but also their official supporters and those who might fall into a demographic of potential support.

7) Personal abuse of power

While most security agents work within the law, there are occasions when they abuse their power. The London Police were found to be complicit in the News Of The World hacking scandal and, as ABC journalist Nick Ross noted in an article last September, many small-scale examples of abuse of power are captured on the news website Reddit.

Communication data gathered for abusive private purposes could include email, texts, pictures intended for revenge, extortion or prurience.

Free Press Pics

8) Honeypots

Large collections of telecommunications data - be it the content or the metadata - attract hackers. Unfortunately, governments and their sub-contractors have a poor track record safe-guarding such data.

Even without blunders, the data can be stolen or individuals with direct access can be manipulated to hand over this information through social engineering, bribery, or coercion.

9) Big data and the problem of patterns

The entire premise of “big data” – large and complex sets of computer data – is to find patterns from aggregates. While you may feel that, post-by-Facebook-post, you have “nothing to hide”, mass surveillance creates the possibility of finding patterns that catch the interest of security organisations.

Such patterns have the possibility of including the innocent with the guilty. Worse, there’s the possibility to not just find but “create” patterns from such aggregations that frame the innocent as potentially guilty.

Everything to lose

As security expert Bruce Schneir wrote for Wired in 2006, and is even more true today, we must not “accept the premise that privacy is about hiding a wrong”.

The issue with the NSA PRISM program, and other such programs around the world, is not that we have “nothing to hide” – it’s that we have everything to lose.

Join the conversation

22 Comments sorted by

  1. Ettore Greco

    logged in via Facebook

    In regard to this surveillance program the public opinion is split once again between those who respect themselves and their freedom and those who instead live in fear, look for protection and welcome the leash of their master.

    It is also about a certain culture that had been slave since ancient Egypt.

    http://www.wavevolution.org/en/index.html

    report
  2. Citizen SG

    Citizen

    I think there is some truth in the contention that increased surveillance of the population and increased powers of our intelligence community has lead to a decrease in criminal and/or terrorist attack (ie the Holsworthy Army base plot).
    The argument is that is this worth the commensurate decrease in our liberty?

    I think not.

    But if we all think that way we may have to accept an increase in citizen deaths as a result in criminal and/or terrorist activity as the price for our liberty.

    report
    1. Sean Lamb

      Science Denier

      In reply to Citizen SG

      "But if we all think that way we may have to accept an increase in citizen deaths as a result in criminal and/or terrorist activity as the price for our liberty."

      What is the saying? Those who are willing to trade a little liberty to obtain a little security shall find they know neither liberty nor security.

      In the recent attacks in Woolwich and Boston the one feature in common is not only were both attackers known to the security organs, there were credible reports that they had been engaged…

      Read more
    2. Daniel Kinsman

      logged in via Twitter

      In reply to Citizen SG

      The Holsworthy plot was likely foiled by good old fashioned targeted investigation under warrants, not dragnet surveillance of the entire population. Their phones were tapped six months prior to their arrest, with calls recorded and translated (source http://www.abc.net.au/news/2010-12-23/three-guilty-of-planning-terror-attack/1884470). These are the kinds of powers security agencies need to do their jobs, and they are powers that they have had for decades and decades.

      PRISM and the Verizon scandal…

      Read more
  3. Alan O'Neill

    Freelance Consultant / Inventor at freelance consultant

    Once you accept and support big corporations holding your data, and being able to aggregate and process and employ that data for whatever use they deem in their interests..then you must also accept that the state must be able to defend us by having equal access to that data..this is a no-brainer

    If in contrast you seek to avoid any such corporation having access to your data then we must support edge based applications and data (personal storage via distributed/federated systems under our control…

    Read more
    1. Sean Lamb

      Science Denier

      In reply to Alan O'Neill

      "Once you accept and support big corporations holding your data, and being able to aggregate and process and employ that data for whatever use they deem in their interests"
      Except I don't accept and support that - every time google et al bring out a privacy policy I always put the settings to store as little as possible, even though I had no doubt these policies were potemkin policies and the data is still being collected. Where is the oversight to ensure that these policies have any meaning…

      Read more
    2. Alan O'Neill

      Freelance Consultant / Inventor at freelance consultant

      In reply to Sean Lamb

      and everything you mention actually occurs...whether by rogue employees, corporate policies, government policy or court order.. I am not advocating that..but it is the reality

      report
    3. Daniel Kinsman

      logged in via Twitter

      In reply to Alan O'Neill

      That is far from a "no-brainer". You're talking about the difference between voluntarily submitting information to a company because it benefits you, in exchange for a service, versus involuntarily having that information taken by covert surveillance.

      As far as the "hidden" tracking via third party cookies etc that isn't obvious or "voluntary" to the average web consumer, the solution there isn't to then turn around and give that to the NSA. The solution is to make such tracking by advertisers illegal.

      report
    4. Alan O'Neill

      Freelance Consultant / Inventor at freelance consultant

      In reply to Daniel Kinsman

      Hi Daniel, The 'no-brainer comment' is not in regard to the use that the state might apply to your data, nor to the method by which it is obtained. It of course must be obtained legally (as it seems it was under US laws).

      The no-brainer rational is that; if you are prepared to give your data to a corporation, potentially foreign and not subject to your state laws of control, given that you have no idea what future use or third party use will be applied to it, nor have any idea when that data…

      Read more
  4. John Holmes

    Agronomist - semi retired consultant

    Where two foes conduct a long confrontation there is a tendency for each to do similar things. "My H bomb is bigger than yours". Is this the logical consequence of the Cold War and the revenge of the East German security apparatchik?

    Where are we going, " not happy Jan!"

    report
  5. peter prewett

    retired

    And it is interesting that Firefox Ghostery is indicating that this web page has 5 trackers.

    report
  6. R. Ambrose Raven

    none

    "If you are not doing anything wrong then you have nothing to fear from surveillance."
    Hermann (later Reichsmarschall) Göring, Munich Beerkeller, 21 March 1938 celebrating the failed 32/33 "putsch".

    "You can't smash terrorism by philosophising, you have to smash it by using even greater terror." - the 24th Chancellor of the German Reich.

    report
  7. ian cheong

    logged in via email @acm.org

    I thought we all knew that government surveillance was happening. Maybe we should care, but with such a huge mountain of data, how could anybody hope to find much useful, excepting for those concocting fake identities and committing fraud on financial institutions.

    Even is the NSA isn't doing it, Google still is. At least the NSA is governed by a government which has some rules. Google isn't.

    All corporations are collecting a mass of data about us - especially credit card companies, banks, customer loyalty programs, frequent flyer programs, etc.

    Privacy legislation is routinely usurped by "if you use this service, you grant us permission to use your information for whatever we like".

    (PS the second instance of "Bruce Schneir" is a typo)

    report
  8. Mark A. Lane

    Unemployed Information and Communications Technology Professional. at A dole queue near you.

    Personally, I prefer the Pink Floyd plugin : https://github.com/jblinder/DarkSideOfThePrism as opposed to the Mozillia extension : https://github.com/CIAvash/Originz .

    Although, the 2009 plugin : http://mashable.com/2009/05/10/prism-10/ doesn't quite cut it, and appears to have been removed.

    As an IT/ICT Admin / Engineer / etc, with over 30 years experience, I'm looking forward to 26/07/2013 ( yes, that's Sysadmin day : http://sysadminday.com/ )

    If your not aware of it, LOPSA have released…

    Read more
    1. Sean Rintel

      Lecturer in Strategic Communication at University of Queensland

      In reply to Mark A. Lane

      Nice!

      Can you please elaborate on these two points:

      (1) "By the way, PRISM, is just a 'very, very, large' NIDS ( Network Intrusion Detection System ). Every Government and Corporation have at least one, it just depends on how long they keep the data."

      On what do you base that claim?

      (2) If you are really 'scared' that your web surfing is being monitored, there is a really 'good' NIDS, that is available to anyone on the internet, http://www.webpagetest.org/ ( the project is hosted by Google if your paranoid ).

      How would you recommend that someone uses this?

      report
    2. Mark A. Lane

      Unemployed Information and Communications Technology Professional. at A dole queue near you.

      In reply to Sean Rintel

      Hi Sean

      1)

      My Career ( see comment 'As an IT/ICT Admin / Engineer / etc, with over 30 years experience' )

      2)

      Within the legal constraints of the 'source' and 'target' systems, limited by their own imagination ?

      How about you follow the doco, and see what happens.....or who comes a knocking on you door ?

      report
    3. Mark A. Lane

      Unemployed Information and Communications Technology Professional. at A dole queue near you.

      In reply to Sean Rintel

      If you havn't herd....SSL ( Open ) has a bug in it.....;)

      report
  9. Mark A. Lane

    Unemployed Information and Communications Technology Professional. at A dole queue near you.

    This is kinda laughable, but :

    A quick check of DNS records @ various DNS servers via `dig @${DNS_SERVER_IP} prism.nsa.gov A` revels :

    ComodoSecureDNS:8.20.247.20:prism.nsa.gov. 1 IN A 92.242.144.50
    ComodoSecureDNS:8.26.56.26:prism.nsa.gov. 1 IN A 92.242.144.50
    DNSAdvantage:156.154.70.1:prism.nsa.gov. 600 IN A 92.242.144.2
    DNSAdvantage:156.154.71.1:prism.nsa.gov. 600 IN A 92.242.144.2
    Dyn:216.146.35.35:prism.nsa.gov. 1 IN A 69.16.143.63
    Dyn:216.146.36.36:prism.nsa.gov. 1 IN A 69.16.143.63…

    Read more
  10. Carole Di Tosti, Ph.D.

    Writer, journalist at The Fat and the Skinny

    Excellent logic. Every American should read this...instead of accepting the blather on Fox and other mainstream media outlets that are controlled by politicos with agendas...that we do not understand because of their lies of omission and commission and these are controlled by elite shadow government. Fascism thrives when the surveillance state is taken over by an elite power group. We saw what happened in Hitler's Germany...do we need to think twice about this? Look at any totalitarian fascist regime...what…

    Read more
    1. Mark A. Lane

      Unemployed Information and Communications Technology Professional. at A dole queue near you.

      In reply to Carole Di Tosti, Ph.D.

      Hi Carol

      Interesting comment 'every American should read this'

      From a 'black comedy' technical perspective :

      Requesting 'every American' to read this entry on TheConversation, could be construed, as requesting a denial of service attack, by asking 'every American' to perform, a http request on the site.

      Perhaps, if you upload, the email address of 'every American', the site administrators could email them a pdf copy, containing appropriate / inappropriate meta data ( from each individual's details ) ....;) Hopefully, this site would not be listed as a SPAM site in doing so....!

      Most people are quite aware of 'Hitler's Germany' have you read : http://www.ibmandtheholocaust.com ?

      report