Pages

Thursday, June 6, 2013

Through a #PRISM, Darkly: Tech World's $20 Million Nightmare

from mashable.com: If you're still not feeling queasy after reading Thursday's revelations about the National Security Agency tapping Internet records, you're probably not paying close enough attention.

In short: a leaked intelligence presentation, verified by multiple major news sources, claimed to reveal the existence of an NSA program called PRISM. This program allegedly lets the NSA tap in to the servers of major Internet organizations, possibly at will.

The names of those organizations include Facebook, Google, Apple, Microsoft, Yahoo, YouTube and Skype. It's a who's who of popular, often beloved tech services. Who among us does not have one of these company's web pages open on their browser right now, or carry one of their devices in your pocket? 

Nearly all of those companies quickly denied knowledge of PRISM Thursday. But it was interesting that they all did so in pretty much the same way — denying that there is any kind of NSA "direct access" to their company's servers (leaving the door open to some form of warrantless indirect access), then pointing out that they comply with the law.

If PRISM exists, it is almost certainly perfectly legal under the Patriot Act and similar legislation. Take this little piece of light reading, the amended foreign intelligence surveillance Act of 2008 [PDF]. Skip forward to section 702. It has a very interesting section about compensating tech companies for their troubles. The annual budget of the PRISM program is $20 million; we don't know where that is supposed to be going.

Indeed, the "how" of PRISM is still murky; there's only so much you can glean from a bad Powerpoint. (And it is a pretty appalling example of the form, complete with borrowed clip art.) But put it together with other metadata tools and wiretapping powers the NSA has acquired over the last decade. Something that used to sound like a conspiracy theory has become an open secret: the NSA is potentially aware of your Internet activity right now. 

No doubt whatever snooping is taking place is being done in a very safe, anonymized way. They're looking for metadata, or for certain behavioral characteristics that denote terrorist activity, right? Emails to known potential bad guys abroad in quick succession, that sort of thing. 

The Director of National Intelligence has insisted that the leak reports were "full of inaccuracies", without denying the accuracy of the leaked document itself; he was also careful to point out was that American citizens were not "targeted." But here's the rub: at the level of anonymized metadata, how are you supposed to distinguish between citizens and non-citizens? On the Internet, we're all 1s and 0s. 

"Procedures," said the DNI dryly, "minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons."

Your comfort level, then, largely depends on how much you trust America's most secretive intelligence-gathering apparatus, and what exactly you imagine they're up to. By dint of what the NSA is, it doesn't ever talk about what it does, so your mileage may vary. The NSA's $8 billion-a-year budget dwarves that of other intelligence agencies. So we like to hope it's on our side, whatever side we imagine that to be.

True, the alleged $20 million cost of PRISM is a drop in the NSA bucket. But that's still $20 million spent creating an Orwellian metadata monitoring service that could go to giving us jobs or education or research or, you know, roads.

The "how" is murky; the "what now" is not. If PRISM or something like it exists, it's because we stood by and watched it assemble itself. That is, we in the tech community and we in the U.S. as a whole. If you disagree with it, if you think it an overreach, if you think enough is enough, PRISM or no PRISM, then you have to demand change from Congress. 

And changing laws as entrenched as these — passed with bipartisan support — will require you to get SOPA mad, Occupy Wall Street mad, Tea Party mad, Howard Beale mad. Labels hardly matter on an issue of this magnitude. Let your democratic representatives hear, and fear, your voice. 

When you've done that, by all means keep the conversation going on Twitter, where it has been buzzing nonstop all evening. Not only will that help keep the issue front and center, it also supports a company that — so far as we know — is not embroiled in this security state apparatus. 

Depending on how you feel about boycotts and your confidence level in this report, you might want to swap your Apple or Android device for one by BlackBerry, another company not implicated in PRISM. 

Either way, that queasy feeling is probably a good thing. If this kind of activity is out in the open, if the NSA is leaking for what is really the first time, then there are some on the inside who feel the same way. And we can start to have a great national debate about what it means, whether it is necessary, and when — if ever — we should start reining it in.

No comments:

Post a Comment