The recent revelations of the breadth and depth of the telecoms surveillance being conducted by the United States has been highlighting the extent to which communication is no longer private. This post discusses some matters that Caribbean and non-US Internet users especially, should be consider.
Unless you have been wholly disconnected from international news over the last two weeks, we have been inundated with reports about the extent of the surveillance and spying being done by the United States National Security Agency (NSA). Although from time to time we here at ICT Pulse have been discussing the fact that Internet privacy is an illusion, and suggesting ways in which to improve your privacy online, these recent revelations indicate a more pervasive (and government-sanctioned) programme exists. Hence it is opportune to revisit not just our thoughts on privacy and the Internet, but also some of the implications of those revelations.
US telecoms surveillance in a nutshell
Through electronic surveillance projects, most notably one codenamed PRISM, the NSA has been collecting data from, inter alia, telecoms companies, such as AT&T and Verizon, and from large internet properties, such as Microsoft, Yahoo, Google, Facebook, AOL, YouTube, Skype and Apple (Source: US Today). When news about PRISM was made public, some of companies sought to refute claims that the NSA was collecting the data “directly from the servers”. However, subsequent reports have suggested that the US government has indeed been getting access to user content (Source: The Guardian UK).
To defuse some of the outcry that occurred in the US when the story broke, the government revealed that its surveillance has been geared primarily towards identifying potential threats to America. The data it receives from various sources (such as those indicated above) was being stored, and would be referred to as and when needed (Source: CNN).
With regard to voice calls, the US government indicated that it collects the metadata of those transactions, and did not necessarily listen in on people’s conversations. However, the metadata, while not capturing the actual content of persons’ interactions, can provide enough information to deduce the nature of those conversations, as the Electronic Frontier Foundation outlines below:
…What they are trying to say is that disclosure of metadata—the details about phone calls, without the actual voice—isn’t a big deal, not something for Americans to get upset about if the government knows. Let’s take a closer look at what they are saying:
- They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed…
…Sorry, your phone records—oops, “so-called metadata”—can reveal a lot more about the content of your calls than the government is implying. Metadata provides enough context to know some of the most intimate details of your lives. And the government has given no assurances that this data will never be correlated with other easily obtained data….
Revisiting online behaviour?
For those of us in the Caribbean, our telephone conversations generally might fall outside of US jurisdiction, and so not be immediately subject to PRISM and other forms of scrutiny. However, in circumstances where Internet Messaging and Voice over Internet Protocol- (VoIP) type services are being used, e.g. Skype, Viber, and iChat, and especially when the servers might be located in the US, those interactions could be subject to US government surveillance.
We also ought to bear in mind, that even in the region, law enforcement is increasingly seeking to have access to and to rely on the tapping of phones (fixed and mobile/cellular) in their investigations. In many Caribbean countries, mobile/cellular phone registration is mandatory, which means that, up to a point, the original owner of a device is known. Moreover, from time to time, proposals are mooted to relax device-tapping or call interception procedures – for example so that a government Minister can sanction such activities instead of the courts. Although generally there has been opposition to those proposals, they will continue to rear their head, as law enforcement continues to grapple with crime, and governments place increasing focus on “national security”.
Are countries complicit in the US’ behaviour?
With the exception of the European Union, countries worldwide have been relatively silent about the disclosures regarding the depth and breadth of US electronic surveillance. Hence it could cause us to question whether or not, or the extent to which countries, including those in the Caribbean, might have cooperated with the US on such matters.
To be clear: the US is a world power and one of the largest trading partners for many countries. In the Caribbean, the relationship with the US might be more acute, as our economies are dependent (to a considerable extent) on our neighbour to the north, and we all have a strong affinity, including family linkages, there. Hence countries might opt to choose the lesser of two evils, and acquiesce to the US’ demands, but such an approach might not necessarily foster the confidence that your country is prepared to defend you and your rights whilst within its jurisdiction.
Over reliance on the US Internet facilities
Finally, and in a completely different vein, we may also need to re-examine and recognise that our personal and business-related data could also be subject to US scrutiny, should they be stored in the US. Hence for those of us who are using US-based email and web-hosting facilities, or servers located in the US, our content, whether we like it or not, could be copied and stored by the US indefinitely and potentially used in ways we had not envisaged.
From a sovereignty and national security perspective, a case could be made for individual countries or even the region collectively, to actively develop their own web hosting, server facilities, Internet infrastructure, etc., in order to encourage their citizens to bring their data closer to home. However, that would require countries to have a clearer sense of the value of their citizens’ data and the intellectual property from which they could inherent benefit.
Image credit: Stuart Miles (FreeDigitalPhotos.net)
__________
Excellent.
Glad there is discussion on this topic, because this one now goes beyond “taking necessary care to safeguard one’s privacy”. The implications of all this are that:
Can the US continue to hold the moral high ground to criticise other countries ( eg China, Russia ) that have reportedly been persistent at doing this?
And if the US does not criticise, won’t it be a “free-for-all” countries to snoop into all conversations and communications under the guise of national security.
But even of more concern, is if the information so extracted falls ( not in the wrong, but ) in the “right” hands, eg the insurance company. ( There are lots of incidents – eg New Zealand – when government/public employees have, from time to time, mistakenly e/mailed personal information to the wrong people). Take the conversations quoted above for the Electronic Frontier Foundation. Having privy to certain indicative information the insurer will have difficulties making a claim pay out or, conversely, be compelled to revise its premiums or underwriting.
Perhaps it’s time we all accept that the era when private information was “private” is gone.
As suggested in one of your previous post privacy is an illusion. It comes as no surprise to me the level of snooping that has been taking place. What annoys me is the hypocrisy. Western nations have come out against Iran, China and other eastern countries for censoring and monitoring online/electronic activity when they have been doing the same things without saying.
Do we actually have a right to privacy? I think there are those among us that relinquished that right some time ago.
Privacy on the Internet is an illusion. Period. The addressing schemes and payload arrangements behind all transit makes it dead easy to now know definitively who you are, watch where you go and deduce what you do going hither and yon. I for one have always assumed that if our Uncle Sam wants to know who I speak to or what I talk about, he can. And if needs be can do so without let or hindrance.
Maybe its because I started in the ICT business working for the telephone company. And in the 80’s when electromechanical frames still existed in LSOs, ‘stray’ pairs interconnected and not registered in the trunk database always ‘turned’ up. It was not unusual to ‘facilitate’ the government. In fact, the guy was usually an old hand and friend of almost every engineer and plant man. This was a huge private company. Unlike the situation in this region where the phone companies were, by and large, then government-owned and operated, wink wink! In less than 3 months on the job, a co-worker demonstrated that even if the number was ‘private’, its plaintext was available to us. That was the cue I needed to stop paying for ‘private listing’ for always.
Back in those days of circuit-switched traffic, overseas traffic exited and entered the US at certain points. We who were long-distance circuit engineers knew where those were. It was dead easy to monitor; that eventually became on of my jobs. And if any telephone company anywhere in the world had a switch design that originated in Bell Labs, especially those on the ESS-chassis, we could easily access that call data. We knew how to download them then to mainframe-connected direct access storage devices. By the late 80’s we were writing that data to cassette tapes. And I spent many nights running a 32-unit string, watching them pop at once and giving the ops man exactly 3 mins to clear and reload. Now with connection-less IP-enabled traffic, it is even easier to monitor, capture and store call data. Enough said of the sleight-of-hand misinformation about metadata and content, in extant case a distinction without a difference.
Here’s the thing. The Internet has spawned a host of technologies and practices that makes monitoring and collecting content, metadata or otherwise, pro forma. Google, Twitter and Facebook have built multibillion-dollar businesses where monitoring and collection of content are central to success of the business model. Sure, they have a different objective for the action. But if you know this, it is foolish to believe that governments do not have access to the same tools; these generally exist in the ‘black’ world long before they are commercialised. Failing their own farming operation and by using the powers vested in the national security state, not have access to same from your ‘friendly’ service provider. You must credit Google and the rest for fighting to reveal what the government asks of them. Goes to show, you need power to pushback against the government.
What is not generally understood is that in the US, all three branches of the government are aligned on this matter; the executive branch requests, the court grants and the legislative branch which is suppose to have oversight for the people’s sake nods in response. Here, IMO, is the best caption I’ve heard on the entire affair. It comes from John Oliver on the Daily Show responding to comments from President Obama: “No one is saying that you break any laws. We’re just saying its a little bit weird that you didn’t have to”.
Match point, set and game over.