The snowden effect - why digital privacy protection is still in the ice age.

Photo Credits: Digitalreins
It is probably the biggest and most important revelation since wiki-leaks and it has already been forgotten. The story of how the US government has been spying on everyone- including its own citizens has been reduced to a Tom Clancy like saga of one person. What started of as a serious discussion on the limits of government power has been reduced to a ridiculous attack on one man's credibility. What slowly developed as an unveiling of how much information private companies have on individuals has turned into an orchestrated effort from the media (both liberal and conservative) to divert our attention. 

What happened to this story? and what does it tell us about how serious we are about our digital privacy?

The snowden effect

As soon as Edward Snowden decided to come out from hiding, the story and the debate he started was doomed. Don't get me wrong, I still consider him as a modern day hero. Although the government and most of the paid media are calling him a traitor- that characterization really depends on which side you are on. One group's traitor is another group's saviour I guess? The reason I say the story got doomed as soon as he came out is because the government and the paid media was given a face to the story. 

The snowden effect gave the government and the paid media two choices: i. kill a dangerous story or ii. kill a person's credibility. They took the easy way out and decided to go after the person instead. If you noticed, the government never denied the allegations because the story was real and the story was dangerous. They decided however to paint a dark picture of daily terror threats both domestic and international and how their invasion of people's privacy has made the world safer. Then it pushed the scare tactic even further by saying the leaks has jeopardized the lives of thousands of individuals in the program and the lives of millions of Americans. The stage and background was set- the FBI and the NSA came out with guns blazing claiming programs like PRISM has stopped actual terror plots and saved lives. How exactly they did this is still "classified" information. So the US government's narrative is simple: 

"We have this program that spies on everyone. We are doing this for your own good and to prove it we have a list of terror plots we have stopped but we cannot give you details on how listening to your phone calls and tracking your online activities has helped us do this. Just trust us! We have your back- LITERALLY!" 


You would hope no one would fall for this rhetoric in this age but we all did. The paid media found an out and the government kept drumming it up. The story of how the world's superpower has been spying on everyone- including its own citizens- was turned into the story of one man. Snowden became the focal point of the story while the story of how our digital privacy was breached faded away. 

How did this happen? I believe that question is now irrelevant because it has already happened. The more important question is why did it happen? How can a story like this be reduced into a by-line in main-stream media? I believe the answer to that has more to do with how much value we put in our digital privacy than the amount of money and political will put in to kill this story. 

Meta-data is real data 
Photo Credits: Stratebi


The sad reality is this- the story was killed off because very few people understood what they lost. Nobody heard a recording of their own phone call, or saw a copy of their own emails in the hands of the government. Instead they were re-assured that the government only collected "meta-data" of their calls and their internet activity. So it was not real data. We are safe, not such a big deal. This is one of the biggest lies the US government has put out recently. Meta-data is real data. Let me show you a few examples of how and why it is real:

1. Call Data: These are routing information, originating and receiving telephone numbers, IMSI and IMEI, calling card number, time and duration of the call. 

Routing information gives the NSA data on where you were at the time you placed and received a call. This information works almost as good as having a GPS tag on your device. When you make or receive a call, your call is routed through two layers- a switch and a cell. Routing information provides them the location of the cell that picked up your call. With simple triangulation they can pin-point your exact location during the call. They can easily re-create your movement through time simply by looking at your routing data.  

Having access to your phone number, IMSI and IMEI allows the NSA to re-create your contact list through cross referencng. Everytime you make or receive a call, the cell network keeps a log of your Phone number, IMSI and IMEI number (these information is captured for both the caller and receiver). This is done by your telco provider for routing and billing purpose. Armed with this information, the NSA can create a list of people you are callng, and people calling you. The NSA can then extend this extrapolation to the people you have been in contact with and create a list of contacts you have in common. Together with their routing data, the NSA can essentially create a "known-associates" list for every person. All that information from our call "meta-data." 

2. Internet data: These are emails, chats (video and voice), Videos, Photos, Social networking details, File transfers, online purchases etc. This is probably the most serious allegation made by Snowden's leaks. If the NSA does have direct access to the servers, then they essentially have unlimited access to any information. All the tech companies implicated in the leaks though have all denied providing a direct tap into their servers. In the same breadth, the same tech companies admitted to answering to thousands of government requests for user information- a process that is legal. Wether the NSA has direct and real-time access to our data or gets access only through a FISA request, the issue is that they can get our information that easily and the information they go after is deeply invasive. Facebook alone received government data requests for 19,000 users just in the last 6 months of 2012. Let us assume only half of that was FISA related, so roughly 9,000 accounts- not too bad right? You might change your mind once you look at what kind of information Facebook keeps and also keep in mind that the average degrees of separation in Facebook is only 4.75.

What kind of information will the NSA get from their "Person of Interest' (POI's) Facebook account? Aside from the usual name, address, phone-number, photo, etc (all related to who the person is), Facebook also collects information about the people their POI interacts with. This extends the NSA's data to other people their POI connects with- ie. friends, relatives, relationships. How does this happen? Since most of us use our real names in our Facebook page, the NSA can run a data-base (cross-referenced with data the government already has on you) of people their POI is in contact with. Since the NSA has full access to their POI's Facebook timeline, this means they can see the people they have mentioned, tagged and shared with- allowing them to create a kind of ranking of who their POI interacts with the most to isolate the most relevant associates. Facebook also allows users to upload their calendar and phonebook- if you happen to be in the NSA POI's contact list then you can possibly be flagged as a known associate (keep in mind just being in someone's phonebook is not a crime but can turn you into a suspect and subject to the same kind of surveillance under FISA rules). With only 4.75 degrees of separation in Facebook, the chances of this happening is increased significantly. Facebook also stores chat-information (including the actual chat) indefinitely! Since the NSA has access to their POI's Facebook account, they will also get access to all their POI's chat history (who they chatted with) and chat content (what they talked about). 

Mobile internet meta-data is another kind of internet data they can collect. Since mobile internet connects to the cellular network one good meta-data they can collect is routing/location data. As mentioned earlier, routing information can give the NSA your location information at any given time and space. Mobile internet routing meta-data is even more pervasive than call routing meta-data as most smartphones are built to "call" the cellular data-network regularly without the user's intervention. In theory, mobile internet routing meta-data can re-create a very clear picture of where you have been- thanks to your smartphone telling the cellular network where it is- regularly.

As you can see, meta-data is real hard and actionable data. Some people even argue that meta-data is more powerful than regular data as it provides context to our everyday lives. With enough meta-data and computing power, the NSA can model human behaviour and tendencies- essentially predicting how we might react to specific situations. This may sound far-fetched and science fiction at first glance but you will be surprised how our internet data and meta-data is being used today by data-mining companies such as Acxiom (read a NewYorkTimes profile of the company here) and Alliance Data (see wiki on company here). These are multi-million dollar companies that collect, process and analyze consumer internet data for the worlds biggest retailers. These companies are able to effectively predict your preferences and your tendency to buy based, in large part, to your internet meta-data. My point here is simple, if a private company is able to make millions out of these crumbs of information we leave behind in the internet then meta-data is important.

Until we start to look at our digital privacy seriously and start to protect it like our real-world identity, these types of surveillance will continue to happen. I agree that the government has the right to defend its citizens and may- in some instances- have to spy on individuals to accomplish that. However the status quo does not require the same kind of legal scrutiny for request to gather meta-data. Some politicians even go as far as to say that call meta-data and internet meta-data have no "reasonable expectation of privacy." They argue that since the meta-data is stored in a 3rd party server (your Telephone company, Internet Service Provider, or Facebook etc.) we cannot and should not reasonably expect the information to be absolutely private- and a such do not fall under protection of the right to privacy. Some of them are even arrogant enough to say: "if you do not want your information to fall in the hands of the NSA, then do not use the internet!" These types of narratives and stone-aged mentality needs to change fast. Our current understanding of "reasonable expectation of privacy" was developed in a time when computers were still the size of a living rooms. The most famous case that set the first test of "reasonable expectation of privacy" was in 1967 Katz v United States. I believe it is time for us to call for a re-examination of what is reasonably expected to be private in an age that is increasingly inter-connected. In an age where to cut-off oneself from the internet is not an option- we should consider our digital identity and privacy equally as sacred as our physical identity and privacy. As much as some of you would like to pretend that you can opt to unplug anytime- the reality is most of us do not have the luxury to be unplugged. Most of us do not have the luxury to miss a call from a prospective employer, to not answer an email from a possible customer, to not enjoy the convenience of buying something without leaving our home, and to work efficiently without having to be in a physical office.

This is the reality we all live in today but the sad part is most of us still pretend that our online/ always connected life is just a fantasy dream we can all end anytime we want. The more we think this way, the greater the chance it will all turn into a nightmare.







Comments

Post a Comment

Popular posts from this blog

Justice is blind but the scale is rigged when it comes to whistleblowers.

Image
General David Petraeus was sentenced to two years probation and a $100K fine for leaking classified information (link to  plea deal ). This sentence is nothing short of an insult to the justice system in the United States. It is a clear example of how the justice system in the United States is rigged.  Let us recall what got Petraeus into this mess by looking at two things - i. What did he leak? ii. What was intention for leaking the information?  What did he leak? Petraeus leaked names of covert operatives, war plans for US forces, and detailed discussion with senior officials including the US President. This information was contained in notebooks that Petraeus kept for himself. He then gave Paula Broadwell access to these notebooks to help her write his biography. The information contained in those notebooks are highly classified by any standard and had the potential of endangering US covert operatives.  When Chelsea Manning leaked the Afghan war-logs to WikiLeaks th
Read more

Tim Cook on Privacy.

Apple is leading the way in promoting user privacy in the digital age and recently Apple CEO Tim Cook delivered a speech during an event in Washington where he made some very important and controversial points about privacy in the digital age.  "Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security...We can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.” This statement is supported by Apple's action being the first major phone manufacturer to make encryption as a default in its Operating System. It goes to show how serious Apple is in protecting customer privacy and in not making money out of customer information. There are hundreds of millions of iOS devices all over the world and each one is connected to the internet. Whenever these devices connect to the internet
Read more

How a robbery in 1976 robbed US citizens of their privacy in the digital age.

B altimore - Shortly after midnight on March 5, 1976 Mrs. Patricia Mcdonough was robbed just outside her home. She was able to take a good look at the robber and his 1975 Monte Carlo automobile. A few days after the robbery, Mrs. McDonough started receiving threatening phone calls from the man claiming to be the robber. Mrs. McDonough started recording some of these threatening phone calls and notified the police. On March 13, the police asked the telephone company to install a terminating accounting equipment on Mrs. Donough's telephone line to determine the origin of the calls she was receiving. The police found out that most of the calls were made from pay-phones near McDonough's residence.  On March 16, in the general vicinity of Mrs. McDonough's home, someone asked a police officer for help in opening the locked door of his 1975 Monte Carlo. The officer helped the man, took down his plate# and notified the investigating officer.  The police ran the plate # and tra
Read more