The shadow of U.S. Army Gen. Keith Alexander, director of the NSA. Getty Images.
The NSA allegations abound with confusion and acronyms. We are assured that PRISM and BLARNEY are all about terror, and you only have to worry about LOVEINT if an NSA analysts has a crush on you. But the best names in the entire NSA pantheon are Bull Run and Manassas, named as they are after the largest battle America has ever had with itself.
We are engaged in another significant internal American conflict. Issues of privacy, civil liberties, due process are important, but do not negate arguments on scope, direct costs, and risks to American jobs as our leadership in technology is matched by the lack of confidentiality in our systems.
Consider the scope of identification and sheer scale of the number of subjects. Rules about personal information date to the days when our entire communications data footprint consisted of phone company records noting who we called and when. Even then, this information could be subject to reverse look-up, meaning given a phone number it could be attached to a name or (for public phones, remember those?) location. Now this data includes much more information. The rules that were written for location of a phone booth are being used for the detailed tracking information that Google uses to keep us from being lost, and OpenTable uses to keep us happily fed.
And who is being watched? Any non-U.S. citizen or friend of a non-U.S. citizen or person collocated with a non-citizen is a subject. So consider that there is a meeting, or location such as a hotel lobby where many of the people in that space are not Americans. Detailed location information are part of the metadata that is being discussed as legitimately subject to collection. Begin with, “Who is at this location?”. Under the publicized model, the identities of all the people in that location could be provided to law enforcement. This means that those who work in international communities or near tourist locations are, under the new rules, legitimate targets. New York City and Washington, D.C. are certainly top tourist destinations.
When laws about surveillance and personally identifiable information were written, social networking was the thing you did at the bar with business cards to enhance your Rolodex. Imagine a social network with only 100 participants, each of which has ten friends. In this network, surveillance of one person results in complete coverage if one of them is not American, or perhaps gave money to a charity later deemed suspicious. Surveillance that includes everything visible to friends of friends, and determining if these friends of friends interact with the target, results in surveillance of everyone. Every person with friends who are foreign nationals, friends traveling (and thus accessing the network abroad), or have friends who have such friends risk being caught in the current dragnet. In fact, it appears that everyone who has friends who have friends who have such friends are fair game. While the information is intrusive, is it useful? After all, the programs had been going for a decade when the Boston bombers were identified not by their metadata or the NSA, but by actual friends horrified by the carnage wrought by the Tsarnaevs.
The cost of PRISM and BLARNEY are undeniable, and — subject to the light of day — unacceptable. The scale of surveillance and the nature of social networks mean that there is a very high level of surveillance of Americans due to friendship, business relationships, or simple collocation with foreign nationals. The direct cost of data processing, storage, hygiene, and compilation are extremely high with no justification that these massive compilations of data are the best investment. After all, to find a needle in a haystack the one thing you do not need is more hay.
Pingback: NSA Surveillance News Monitor — October 1- November 30, 2024