Apologists for the US government’s NSA surveillance program, PRISM, (the system set up to collect every piece of data you and I generate) normally fall back on the same talking points when trying to rationalize the situation. Normally, they'll point out that no one involved actually broke the law, or that the information and "metadata" gathered won't affect American citizens.
Pardon us if we have a tough time believing them. Or forgetting the implications for non-American citizens.
Sure, they can make the claim that no one broke the law--the same way no US government officials in the 1960s broke the law by prohibiting African-Americans from voting. The laws on the books, the infamous Jim Crow laws, prohibited an entire group of people from their constitutional right to vote. (And like the laws over the GCSB soon to be on the books here in New Zealand, it’s easy for new laws to retrospectively ensure there are very few laws for anyone listening in to anyone else to actually break.)
But perhaps the even bigger concern should not be the PRISM system itself, but the “metadata” that they and the GCSB have been collecting. A word that seems foreign to most people, but will probably become more common as this story continues to develop, the collection of metadata is what affects us all. In one way, it's what defines your presence on the Internet. And the related concern is very real: when data on hundreds of millions of citizens are gathered around the world and shared by a whole network of worldwide government agencies, bland assurances that citizens of your particular state agency may not be spied upon are somewhat unassuring.
And as today's Guest Post by Washingtonian magazine writer Shane Harris will show, it's what the NSA and GCSB are collecting, the metadata, that should be the most disconcerting thing to come out of this most recent scandal.
This is, hands down, the scariest part of the NSA revelations
Forget PRISM, the US National Security Agency's system to help extract data from Google, Facebook, and the like. The more frightening secret program unearthed by the NSA leaks is the gathering and storing of millions of phone records and phone location information of U.S. [and non-US] citizens.
According to current and former intelligence agency employees who have used the huge collection of metadata obtained from the country's largest telecom carriers, the information is widely available across the intelligence community from analysts' desktop computers.
The data are used to connect known or suspected terrorists to people in the United States, and to help locate them. It has also been used in foreign criminal investigations and to assist military forces overseas. But the laws that govern the collection of this information and its use are not as clear. Nor are they as strong as those associated with PRISM, the system the NSA is using to collate information from the servers of America's tech giants.
Metadata are not protected by the Fourth Amendment. Content of emails and instant messages -- what PRISM helps gather -- is. An order issued to Verizon by the Foreign Intelligence Surveillance Court instructs the company to supply records of all its telephony metadata "on an ongoing, daily basis." Although legal experts say this kind of broad collection of metadata may be legal, it's also "remarkably overbroad and quite likely unwise," according to Paul Rosenzweig, a Bush administration policy official in the Homeland Security Department. "It is difficult to imagine a set of facts that would justify collecting all telephony metadata in America. While we do live in a changed world after Sept. 11, one would hope it has not that much changed."
By comparison, PRISM appears more tightly constrained and operates on a more solid legal foundation. Current and former officials who have experience using huge sets of data available to intelligence analysts said that PRISM is used for precisely the kinds of intelligence gathering that Congress and the administration intended when the Foreign Intelligence Surveillance Act was amended in 2008. Officials wanted to allow intelligence agencies to target and intercept foreigners' communications when they travel across networks inside the United States.
The surveillance law prohibits targeting a U.S. citizen or legal resident without a warrant, which must establish a reasonable basis to suspect the individual of ties to terrorism or being an agent of a foreign power. In defending PRISM, administration officials have said repeatedly in recent days that the FISA Court oversees the collection program to ensure that it's reasonably designed to target foreign entities, and that any incidental collection of Americans' data is expunged. They've also said that press reports describing the system as allowing "direct access" to corporate servers is wrong. Separately, a U.S. intelligence official also said that the system cannot directly query an Internet company's data.
But the administration has not explained why broadly and indiscriminately collecting the metadata records of millions of U.S. citizens, legal residents [and non-U.S. citizens and residents] comports with a law designed to protect innocent people from having their personal information revealed to intelligence analysts. Nor have officials explained why the NSA needs ongoing, daily access to all this information, and for so many years, particularly since specific information can be obtained on an as-needed basis from the companies with a subpoena.
Here's why the metadata of phone records could be more invasive and a bigger threat to privacy and civil liberties than the PRISM system:
- Metadata are often more revealing than contents of a communication, which is what's being collected with PRISM. A study in the journal Nature found that as few as four "spatio-temporal points," such as the location and time a phone call was placed, are enough to determine the identity of the caller 95% of the time.
- The Wall Street Journal reports that in addition to phone metadata, the NSA also is collecting metadata on emails, website visits, and credit card transactions (although it's unclear whether those collection efforts are ongoing). If that information were combined with the phone metadata, the collective power could not only reveal someone's identity, but also provide an illustration of his entire social network, his financial transactions, and his movements.
- Administration officials have said that intelligence analysts aren't indiscriminately searching this phone metadata. According to two intelligence employees who've used the data in counterterrorism investigations, it contains no names, and when a number that appears to be based in the United States shows up, it is blocked out with an "X" mark.
But these controls, said a former intelligence employee, are internal agency rules, and it's not clear that the FISA Court has anything to say about them. In this employee's experience, if he wanted to see the phone number associated with that X mark, he had to ask permission from his agency's general counsel. That permission was often obtained, but he wasn't aware of the legal process involved in securing it, or if the request was taken back to the FISA court.
- The metadatabase is widely available across the [foreign and domestic] intelligence community on analysts' desktops, increasing the potential for misuse.
- The metadata have the potential for mission creep. They are not used only for dissecting potential homegrown terror plots, as some lawmakers have said. The metadata are also used to help military forces overseas target terrorist and insurgent networks. And they are used in foreign criminal investigations, including ones involving suspected weapons traffickers [and fat German copyright infringers].
For all these reasons, and probably more yet to emerge, it's the metadata that are of bigger concern. By comparison, PRISM is a cool name, a lame PowerPoint presentation -- and business as usual.
** Shane Harris is a senior writer at The Washingtonian magazine and the author of The Watchers: The Rise of America's Surveillance State. This article originally appeared here.
[Ed. note: What the government does with the data they already have is out of our hands. Asking them to give back your privacy is likely not going to happen. So it looks like it's going to be up to us to make sure that whatever information we give them... is useless.
The way the system is set up makes things difficult. All metadata run through a handful of Internet hubs. So you have to make sure that the information they receive can't be traced back to your computer.
So be careful what you share on the Internet. And stay tuned…]
[Hat tip and permissions Laissez Faire Today]