I’ve been covering privacy issues for the past six years, roughly the same time period that saw the largest erosion of personal privacy in human history. Yet of the handful of technology topics I write about, privacy is consistently the least popular with readers. Unless some federal minister is equating privacy fears with support for child molesters, people just don’t click. But two weeks ago, everyone decided to finally give a damn about privacy. Then, just as suddenly, everyone was over it.
The inciting incident was the news of PRISM, a massive National Security Agency surveillance effort, which was leaked to the press by former NSA contractor Edward Snowden. Snowden revealed that the U.S. federal government has been bulk-spying in realtime on our e-mail, web searches and other Internet traffic. Subsequent revelations exposed other efforts, such as: MARINA, which collects Internet metadata, NUCLEON, with records phone calls en masse, and MAINWAY, which spies on phone metadata.
There is much debate and murkiness about who the NSA is spying on, to what degree Canada’s CSEC is doing the same, and which Internet and phone companies are complicit. The confusion is intentional and transparency is unlikely. These are spy agencies, after all, and they don’t care what you think of them. More concerned about public outrage is Barack Obama, whose reassurance to Americans that the NSA is not listening to their phone calls without warrants has been exposed in detail as a patent falsehood—the NSA is most certainly doing so to many Americans, and they’re not saying who these targets are. Of course, in the case of non-U.S. citizens like us, all bets are off, and nobody is even bothering to offer us bullshit denials. The only reasonable assumption we can make from all this is that until we learn otherwise, everything from everyone is being spied on, all the time.
Why collect information in such an indiscriminate manner? The answer, it seems, is why not? No legal barriers prevent the NSA from doing so, following post 9/11 amendments to the Foreign Surveillance Intelligence Act. Technological barriers to bulk surveillance have also been removed — our data is almost exclusively digital now, and the cost of storing unfathomable troves of it drops each day. We know a little about the scale of this. (Via Wired,) the Washington Post reported that in 2010 the NSA intercepted and stored 1.7 billion emails, phone calls and other communications. This figure is already wildly out of date—last week’s coverage in the Guardian had it that in March of this year alone, the NSA collected three billion pieces of intelligence, just counting U.S. communications.
This all leads us to another question: How could they possibly make sense of so much information?
Because of Big Data. Drastic increases in processing power and the development of sophisticated data mining/data crunching techniques magically allow authorities to sift through our stuff with algorithms that can locate that needle in the haystack—a terrorist plot in the making. It all sounds neat in a Bourne Identity kind of way, but I’ve often wondered just how effective Big Data is, especially in these cases, where the cost of a false positive (erroneously identifying an innocent person as a terrorist) is high, but not nearly as high as the cost of a false negative (erroneously identifying a true terrorist as an innocent).
My curiosity was disturbingly satisfied by this shocking interview with William Binney, a retired NSA analyst who says Big Data is no great shakes. It seems the NSA was in fact recording Tamerlan Tsarnev’s phone calls, but the Boston Marathon bomber fell through the cracks—nobody got around to transcribing or analyzing the tape. According to Binney, Big Data is worse than ineffective — it actually renders the NSA “dysfunctional,” as real leads get lost in oceans of irrelevant snoopage. This helps the NSA perpetually demand (and receive) ever-increased funding to buy more and more transcribers and analysts, but it does little to keep America safe.
The final question to emerge while I was changing diapers, and the most saddening, is “why should I care?” Having just learned that their own government has secretly and perhaps totally disregarded their right to privacy, many have shrugged, claiming they have nothing to hide. Some have even suggested we’re all getting our just desserts for participating in social media, as if signing up for a GMail account is somehow a tacit invitation for government spooks to read your letters. Meanwhile, a Pew Center poll revealed that 56 per cent of Americans are okay with the NSA listening to their phone calls in the name of security, and 45 per cent don’t mind if their emails are being read.
Explaining why we all should care — and will care — feels very Grade 8 civics, like explaining why freedom is important or why voting is a good idea. It’s hard to not sound pedantic and self-righteous when doing so. Let me stick to practicalities: you should care because the government is always losing data, and eventually they will lose yours. Cory Doctorow provides another good reason to care by illustrating the difference between privacy and secrecy. “I know what you do in the toilet,” he writes, “but that doesn’t mean you don’t want to close the door when you go to the stall.” Here’s another one: You might be the next false positive, your life ruined in an instant because some algorithm flagged you as a terrorist based on a data glitch.
Above all, I care because a perfect record of my whereabouts, Internet searches, emails, and phone calls that I don’t know about and can’t access is of high value to lots of people, but is nothing but a liability to me. Your government, your boss and your would-be identity thief all might desire access to such a database. It’s hard to think of any application that would be anything but harmful to you. It’s similar to how lawyers advise clients to never say anything to police until they show up, whether or not the client has done anything wrong. What you say might be used against you, but it’s sure as hell not going to be used to help you. If you have nothing to hide, you also have nothing gain by being spied on. They’re not looking for people to send money to.
I can go on, but I’m afraid I missed my moment. The public outrage seems to have passed. If the NSA or CSEC have learned anything from this, it might be that they can probably get away with much more than they’re already doing. The only saving grace here is the Internet itself, the same network that makes such sci-fi level surveillance possible. It’s also the technology that makes conspiracies untenable. A program like PRISM requires dozens, if not hundreds, of complicit agents. Among this crowd, there will, we hope, always be an Edward Snowden or a Bradley Manning, a free-thinking individual whose ethics simply do not allow them to stay silent and complicit, no matter the personal cost. These souls will always be one click away from telling us the truth.
Whatever comes next, we can never say they didn’t warn us.
Follow Jesse on Twitter @JesseBrown