Nothing To Hide?

Good, because you can’t.

It should be clear to everyone by now that the National Security Agency (NSA) has achieved an unprecedented level of access to the communication patterns and digital trails of American citizens.

The exact details are murky due to the classified nature of the program and the public relations denials of the companies involved (including Apple, Google, Microsoft, and Facebook), but the best information we have at this time is that PRISM is an NSA program for streamlining Foreign Intelligence Surveillance Act (FISA) requests with these companies, and receiving data in return. The companies claim that the NSA does not have direct access to their servers, and information is only delivered after a lawfully issued FISA request, and is not delivered in an automated fashion. This might be comforting, if it weren’t for the fact that the FISA courts have largely rubber stamped any request the government makes on national security grounds. With the passage of the FISA Amendments Acts of 2008, it is easier than ever to get a court order for expansive datasets on the shakiest of foundations.

The NSA’s reach goes far beyond the newly revealed PRISM program. In 2006, whistleblower Mark Klein revealed that the NSA has a top secret room in an AT&T facility in San Francisco that gives them direct, realtime access to all traffic on its backbone network. It has since been revealed that over a dozen such rooms exist in major facilities across the country, giving the NSA wiretapping capabilities for nearly all Internet traffic.

I have a lot to say on the subject of Internet surveillance — too much for this space, in fact — so let me be brief. The Internet is arguably the most important communication medium in human history. The open communication and democratization of information made possible by the Internet has been transformative for societies across the globe. When central governments build surveillance (or control) capacity over these critical tools, it makes its citizens (that’s you and me) vulnerable to abuses unimaginable just 20 years ago. We need only take a page from history and look to the abuses of the FBI during the reign of J. Edgar Hoover to catch of glimpse of what’s possible. He used his immense authority to stifle Vietnam War protests, and the Free Speech and Civil Rights movements, infiltrate and sow dissent within these movements, which were seen as directly challenging government authority, and discredit or embarrass political leaders and personal enemies. Imagine if Hoover were tapping not just the phones calls of Martin Luther King, Jr., but his emails and location, as well as those of his associates and followers. It would have been much more difficult, if not impossible to organize the protests that expanded our rights and ended a senseless war.

However, getting lost in this discussion is another, perhaps even more disturbing, revelation that came to light a few days prior to the PRISM leak. An order by the FISA court obtained by the Guardian demands that Verizon (and its subsidiary Verizon Wireless) hand over “comprehensive communication routing information” for all of its customers, including for calls entirely within the United States, to the NSA on a continual, daily basis. This does not include the name and address of the customer, and this “anonymization” is one of the ways that these broad collection orders make it through the court. However, the information does include the handset ID and cell tower IDs. Using a process known as trilateration, the location of the person making the call can be calculated.

Why is this important if they don’t actually know who is making the call? According to a report published in Nature in March 2013, human mobility traces are highly unique. We all have our own fingerprint of sorts, and relatively few data points are required to uniquely identify an individual. Futher, the world we live in today is awash with data. Numerous companies, such as Acxiom and Datalogix, compile massive datasets on consumer behavior. Built for marketing purposes, these databases correlate information from numerous sources to build profiles of individuals and their behavior. For example, Facebook now uses obfuscated versions of their users’ email addresses and phone numbers to correlate with Datalogix to learn about your purchasing behavior, so now the companies can connect what ads you see on Facebook with what you buy in brick and mortar retail stores. Of course, this is all done for marketing and advertising, but these, and many other, databases are also available to the NSA, making it possible to potentially correlate rich identity information with location tracking from phone records.

We live in the era of Big Data. Some of the world’s top data scientists are gathering at two enormous new NSA facilities in Maryland and Utah to work with unprecedented volumes of data — Internet activity, phone records, realtime and historical data, government and commercially available data — building profiles of individuals and looking for patterns, attempting to root out terrorists. I have no doubt that such information is valuable in identifying patterns that might look suspicious. It is also useful for other purposes. The real trouble is the complete lack of transparency and oversight of these programs. We are told that everything is done with Congressional oversight, yet members briefed on these programs are unable to talk about them outside of closed hearings due to their classified nature, making it effectively impossible for them to represent us.

Democracy requires an informed citizenry to function properly. Transparency and accountability are essential to that goal. We must declassify surveillance programs conducted against American citizens and reopen debate on the Patriot Act so we can make an informed decision as a society on the proper balance of liberty and security.