Yeah, all right, it’s a scandal – but what does it all *mean*?!

Something wicked…

Things have quietened down around Edward Snowden, it seems. Since the announcement at the start of last week that Snowden has applied for asylum in Russia, there has been little news, bar some brief reports in the days that followed that he might be able to leave the transit area of Moscow’s Sheremetyevo airport within two weeks – he has been stuck there since 23rd June.

The same goes for the NSA leaks. The German press, especially Der Spiegel, keeps reporting that things are looking increasingly grim for the German administration because they seem to have known more than they initially claimed (no one’s surprised but if there was proof that they had lied this close to the general election, things might still get interesting). Not so most of the UK press; news reporting in Britain has, as I write this, been reduced to Royal Babies and horses in McDonald’s (not horse meat in the burgers either but an actual horse in McDonald’s) – it must be the heat wave. As temperatures soar to 33 degrees I suspect people’s brains are melting.

Or perhaps not; actually, the lull following the initial uproar does not surprise me in the slightest. It upsets me though. What we have seen in the past couple of weeks is that our rights as people and citizens of democratic states are under massive threat. The right to privacy is part of our idea(l) of what it means to be not only a free citizen but also, ultimately, a human being. Our governments have not only failed to protect that right, they have also – probably – had a part in its infringement. In any case, they have reacted with helplessness in the face of these revelations, with empty speeches and token visits to the US to demand ask politely for explanations. Most tellingly, they have caved in to US pressure and failed to protect the very man by whose courtesy we got the information in the first place.

But okay, I am not going to discuss Snowden himself – yet.

Instead, because there is less news to keep up with at the moment (and, thankfully, I am currently reading more comments by people who talk sense, like for example Philip Giraldi, than by morons who don’t), I thought I’d take the opportunity of talking about the “substance” of Edward Snowden’s revelations (as Mr Snowden and Glenn Greenwald have encouraged us to do) and bring you all up to speed with what that “substance” actually is. If you have been following the case very slowly and are perfectly well informed, none of this will be much news to you – feel free to tune out now. However, if you are only marginally aware of the entire shambles or if you are still wondering what dragnet collection, metadata, Prism, Tempora and FISA are, then I suggest you read on.

 The NSA leaks – hang on! What happened there?

To start off with, a reminder: on 5th June, the Guardian ran a story on the true scale of domestic surveillance in the US. It detailed the mass collection of phone records of millions of Verizon customers.

On 6th June, there followed another story, this time about an NSA programme called Prism “which allows officials to collect material including search history, the content of emails, file transfers and live chats.” Guardian journalists had obtained a secret file containing 41 PowerPoint presentation slides that detailed how the programme works. Their article made it clear that, in additional to the mass collection of telephone metadata under the Verizon order, Prism allowed access to content of monitored communication.

8th June: yet another story reveals the existence of a programme called Boundless Informant which catalogues and organizes global surveillance data, allowing its users to look at a map of the world (yes, this means the entire world) and see how much data is collected where.

On the day after, 9th June, the person who leaked the information for these stories to the Guardian identified himself as former NSA contractor Edward Snowden – here is his interview with Guardian reporter Glenn Greenwald and it is well worth watching! In a live-chat  on 17th June, Snowden then answered further questions on why he decided to leak the information, explained his movements after leaving the US and responded to accusations that he is, in fact, a spy working for the Chinese (or Russian) government. I highly recommend the chat transcript and the videoed interviews – not only because they are full of additional information but also because they might help you get an idea about Snowden as a person. I think this is important because, as you may or may not agree, some of the most sensible and level-headed arguments and explanations about the whole affair have come from both Snowden and Glenn Greenwald, who, by some members of the media and the US government, have been called traitor, spy or “arrogant jerk” respectively. I suggest you see for yourselves whether or not you agree. Just for the record: I don’t.
Apart from the reactions from Melissa Harris-Perry, Geoffrey Ingersoll and Joshua Foust, which I have addressed in previous posts, one of my favourite evaluations of Snowden, “the traitor”, was written by Charles Moore in the Telegraph and it starts with this glorious paragraph: “In traditional accounts of Hell, sinners end up with punishments that fit their crimes. Rumour-mongers have their tongues cut out; usurers wear chains of burning gold. On this basis, it will be entirely fitting if Edward Snowden spends eternity in a Moscow airport lounge.” I still cannot fully believe that the man is serious but it is a case in point of the kind of emotionally-charged irrational jargon that has been deployed against Snowden and Greenwald. Take a look at both and decide for yourselves who makes the better case. Also, here is the full timeline of the events from 20th May – when Snowden first arrived in Hong-Kong – to 23rd June, when he left for Russia.

You will not have missed all that went on in the interim between the first leaks and now (if you know me, you will have been subject to my incessant status updates and rants): discussions of privacy and human rights, the US government’s hunt for Edward Snowden, the real or feigned surprise, outrage and – ultimately – helplessness of Western governments, the exposure of GCHQ’s use of Prism, as well as their own Tempora programme. Questions on how much the German BND knew about this, calls from German chancellor Angela Merkel for explanations from the US and tougher data protection laws in Europe. Confusion, outrage, discussions, dirt-dishing by media morons… the works.

Renewal of the Verizon order – a missed chance

Flash forward to last Friday, 19th July – 5pm; the phone data bulk collection order that allows dragnet collection of metadata from Verizon by the NSA expires. No comment from the US administration beforehand on whether it intends to renew the order. Many members of Congress demand that it should expire, that the information should be declassified so that it can be discussed in public.

The order is renewed –  a telling comment on where the Obama administration stands with regard to mass data collection from (read: spying on) America’s and the world’s citizens. The Verizon court order is here. Check it out; it is not very long and it really says it all.

So what does this mean? What is this bulk collection of metadata? What do Prism and Tempora do? How does this affect us?

I admit that until quite recently, I wasn’t really sure what any of those were, and discussing the issue with several of my friends and family I realized that they didn’t know either.
To be honest, I wasn’t really that bothered about it at first. Okay, I thought, so the BND, NSA and GCHQ are reading our emails and potentially listening to our phone calls – so what? We’ve been suspecting all along that we are living in a bit of an Orwellian society. And really, I thought, I don’t have anything to hide; let the spooks get bored listening to my phone calls to my mum or reading my emails discussing my love life with my friends. Whatever. It’s not like they’d recognize me in the street and laugh at how silly I can be (and even if they did recognize me, they’d hardly admit to it, would they?) Nothing I can do about it anyway, it’s not like I will ever become a target. No use worrying about it, right? Wrong. And I am going to tell you why.

Brilliant, but scaaaary – the story of the NSA Spy Protection League

First, though, let me take a detour and tell you an amusing story I read recently.
A young man from the German town of Griesheim, Daniel Bangert, 28, got a little fed up with the hysteria that followed in the wake of the NSA leaks. And he organized a Facebook event. You see, small though Griesheim may be, suspicions are that the local “Dagger Complex” houses one of the NSA’s main headquarters in Germany. So Daniel Bangert decided to go and take a look – and to take others along for a bit of spy spotting.

Now, the tongue-in-cheek nature of Bangert’s Facebook invitation made it perfectly clear that this was not supposed to be a gathering with any malicious intent. Rather, it was an invitation to take a walk (yes, that’s right, a walk) and observe the illusive species that is the NSA spy in its natural habitat. Bangert called his Facebook group the “NSA spy protection league” (NSA Spion Schutzbund, in German) – a society dedicated to the study and conservation of a reclusive species. So far, so hilarious.

Sadly, this is about where the story seizes to be amusing. It seems that the common NSA spy, in addition to being reclusive, also lacks a sense of humour. They didn’t get the joke.

Mr Bangert received an unexpected visit from the police at 7.17 a.m. on no particular morning. Not only was he then questioned by the police about his intentions for his “event” (read: walk). He was also referred to a security officer, who grilled him about how many people were expected to take part and whether he had any affiliations with violent protest groups.

In the end, Bangert decided to register his spy-spotting field trip as an official demonstration and it seems that he has taken it all in good humour – the Facebook page for the “NSA spy protection league” is still up, and apparently the eighty people who did turn up on the day had a really good time, even though they were a bit disappointed not to spot any of the elusive spies. (Update: they had another walk recently – much of the German press turned up as well – yet they once again failed to spot any spies. Seems that the spooks are as impervious to the lure of pastries as Edward Snowden is to torture…oh no, hang on, he didn’t say that (again, see my earlier posts)).

So, all’s well that ends well? Rather not. The story seems ludicrous of course and what amuses me about it is the laudable effort by Bangert and his fellow spy spotters to counter the hysteria surrounding the NSA revelations and Edward Snowden as a person by poking a bit of fun at it (unless I am much mistaken, many of these pioneers are members of “Team Ed”). However, the reaction his Facebook event got from the powers that be points to the real issue and that is obviously something much more sinister.

Cooperation or ignorance? How much did our governments know?

To me, the story reveals two things: one, Prism seems to be working and two, so, apparently, is the cooperation between the German and American – yes, what precisely? The NSA and the BND? The Merkel and Obama administrations? It remains to be seen, I guess, because new information on how much the different intelligence services and administrations knew still keeps emerging.

Edward Snowden has repeatedly been quoted as saying that, regarding surveillance, the German government is very much in bed with the US, and despite claims to the contrary from the German chancellor and other government officials recent  information suggests that the BND’s cooperation with the NSA is indeed a little too close for comfort.

German authorities claim that they knew nothing about Prism; that they learned about it from the press along with everybody else. Asking yourself whether or not you want to believe that’s true quickly lands you in a catch-22. If the authorities are lying, then the German government, along with the US and British governments, has systematically spied on its citizens or at least aided or endorsed the surveillance activities of other governments. If they are telling the truth, the German government (again, along with other governments) has failed in its duty to protect its citizens from the unlawful activities of others – not to mention the fact that the US have violated the sovereignty of more than one state (which seems to be all the rage these days, just ask President Evo Morales of Bolivia). Now, I don’t know that I trust an administration that is oblivious of spying of this magnitude going on under its nose, possibly with full knowledge of their own foreign intelligence agency.

So much for the Germans. What has also been revealed over the past couple of weeks is that the British GCHQ is just as bad, if not worse, than the NSA. Their secret operation is called Tempora and it involves nothing less than the direct tapping of fibre optic cables (as in transatlantic underwater cables that carry our communication across the world). According to Edward Snowden, this “full-take buffer,” (the first of its kind in the world) saves all of the data passing through the country.

Stop and think about this for a moment: it saves all of the data passing through the country. Saves. All of it. Saves.

Getting the heebie-jeebies yet? Consider this: “[Edward] Snowden says, one can only prevent GCHQ from accessing their data if they do not send any information through British Internet lines or servers.” Yeah, well, haha, good luck with that – and good luck with not sending them through American ones too!

In fact, as a German living in Britain, I’d be almost disappointed to know that my communication wasn’t being monitored by both GSHQ and the NSA (hello, you guys, how are you doing?). God, they must be so bored.

Why should I care?

So, now you know this, you may still ask: who cares that there are a couple of spooks somewhere reading the latest cupcake recipe User A sends to User B? This didn’t come as a big surprise to anyone, did it? Perhaps not. After all, as Richard Chirgwin writes in The Register, “a lot of [that] stuff […] was already either on the record, or at least strongly suspected.”

But then, the actual news isn’t the spying as such. It is the extent to which surveillance is possible, namely – let this sink in properly – “the absolute surveillance of a country’s people and foreign citizens without any kind of effective controls or supervision.” Knock, knock, Mr Orwell, the Matrix has you and all that.

Metadata

And it’s not just that they’re potentially accessing our content. “What do you mean, ‘not just that’?” I hear you ask. “Isn’t it bad enough that the spooks are listening in on my phone calls?” Sorry, but nope. You see, what is in fact just as, or even more, valuable than content is the so-called metadata. This can include for example telephone numbers, IP addresses and connection times and it allows the people in possession of it to know who you have communicated with, when and for how long.

So actually the spooks know that I sent a cupcake recipe to my mum, from my home computer at 7.17 a.m. on a Sunday morning (and, by the way, they can also see that she then passed it on to her friend in Austria who passed in on to her friend in Canada and so on). This is pretty scary and I’ll tell you why: what metadata collection really allows the people in possession of that data to do is create a map of every single person’s networks. They can theoretically draw up a map of all networks in a given society and basically the entire world. Imagine this: a map with you at its centre, showing every single link you have with anyone in your network. And the links they have with everyone in their  networks and the links their friends have, and the friends of their friends have, and so on.

Don’t get me wrong, I don’t just mean online social networks either, so simply deleting your Facebook and Twitter accounts won’t help you. I mean, who you make phone calls to, who you send emails to, who you instant message, who you speak to via Skype, WhatsApp, MSN, you name it. And it doesn’t stop there. According to Der Spiegel, metadata “shows not only contact networks, but also enables the creation of movement profiles and even predictions about the possible behaviour of the people participating in the communication under surveillance.”

So take a moment to imagine this map. Imagine it as one of those maps you sometimes see in movies where the main character marks all the places she has been to with tiny flags and then connects them with pieces of string. So you have a map of the world full of little flags that represent you and me and everyone we know and everyone we don’t know. And there is the string (lots of it) representing the communication between them.

Do you see it? Good. This map shows all communication being carried out in the world. That map actually exists. Not with flags and strings as such but it gets pretty close. You see, that map “allows users to select a country […] and view the metadata volume and select details about the collections against that country.” If you want to check out how much metadata the spooks get from your country, take a look at that map here (and, by the way, the programme that allows for the generation of that map is called Boundless Informant).

So, while this map may not give you the content of the communication, it gives you what the Guardian, for the sake of clarity, calls “the envelope”. To take up the metaphor, the map allows you to see how many letters are being sent in a given country and who receives them. So, you see who communicates with whom, where and how often. And as you are observing your map, networks emerge – for example of people with shared interests.

Now imagine you are living for example in a totalitarian state. And that state has this map. I know it sounds a bit conspiracy-theory but humour me – for the sake of the argument.

Now imagine this:

A friend of a friend of a friend of yours is suspected of planning a revolution against the totalitarian regime. You yourself are a perfectly law-abiding citizen. You have taken care to toe the line and never got on the wrong side of the powers that be. But now, all of a sudden, you have a connection, however, distant, with this individual that the state considers suspicious.

Or what if a revolution was underway? Remember, the totalitarian government of our hypothetical state has access to vast storages (a “haystack”) of metadata and it is looking for the people who are organizing opposition to it (the proverbial needle). They would be able to tell – from the communication that was going on between the citizens of their state – who the key players within their society were. If they suspected someone of not toeing the line, they could theoretically check the content of that person’s communication and not only find out what they were planning, but also identify (by aid of their little map) who was fundamental to the revolution effort. They could identify and target these dissidents, predict their movements and….

By the way, the US use precisely that needle-in-the-haystack metaphor for their dragnet collection of data. They are compiling a vast haystack in which they hope to find the needles that are the world’s terrorists.

This may seem fair enough but we need to ask ourselves this: is the hypothetical threat of a terrorist attack justification to infringe the privacy of every single one of the world’s citizens? (Consider what Edward Snowden says to that: “Bathtub falls and police officers kill more Americans than terrorism, yet we’ve been asked to sacrifice our most sacred rights for fear of falling victim to it.”)

This is more fundamental than it might seem because it beckons the question of what our idea of a citizen is, of what our idea of a free human being is. Is privacy – the ability to have your little secrets like, for example, that secret crush on that colleague – a fundamental part of what makes us a free person, a human being, a free citizen of a democratic society?

So, you see, when government officials try to ease our minds by telling us that they are “only” looking at our metadata and not the content of the stuff we send, they are really not telling us the full truth.

Shop till you drop; data collection in commercial environments

Mind you, this collection and analysis of data and the prediction of future movements is happening to you every day; every time you type something into Google, that information gets stored (I am wondering if my recent frequent searches for keywords like “Snowden”, “NSA”, “Prism” and so on have already raised a number of red flags with our friends the spooks).

Every time you go to a shop to buy groceries and pay for them by credit card, registering the purchase on your club card for points, that information gets stored. Your local retailer might then send you offers and vouchers based on that information.

But surely that’s not so bad, you say, great customer service? Besides, it happens online all the time; we barely notice the ads tailored to our preferences based on our previous searches anymore. It might seem that way, I’ll give you that.

Let me cast it in a different light. How about I tell you that marketers can figure out not only what you buy but also what you will want to buy in the future?

Here’s another funny anecdote: One retailer made the mistake of being a little too prescient and sent its customers vouchers that predicted their future shopping habits before the customers themselves knew about them. It freaked people out. Did that stop the retailers? No. Instead, they optimized their voucher booklets, adding vouchers for products that customers would never buy to those the customer would definitely buy so that the selection of useful vouchers seemed random. You can read more about this – and about how a father found out that his 16-year-old daughter was pregnant because she was sent promotional material based on what she had bought at the start of her as yet undisclosed pregnancy.

Stories of our lives

What this implies is what German journalist Frank Schirrmacher recently explained in a discussion on the topic: the data that is collected about us on a daily basis not only tells the recipient more about us than we might want anyone to know (like that I have accidentally got pregnant – which I haven’t by the way). It also allows whoever is in possession of the data to construct a “story” about us and thus predict what we might do in the future or what might happen in our lives. The spooks might gather that you are going to do something naughty before you actually do it. And if that still doesn’t get you shivering, consider that potentially the spooks are looking at user data from everyone who uses Facebook, Twitter, Instagram – children and teenagers included. Do we really want to live in a world where our children are being monitored by members of the NSA, GSHQ and BND?

So who else is in on it? Corporations and the T&C problem

The documents leaked by Edward Snowden reveal NSA “alliances with over 80 major global corporations”, including telecommunications firms, producers of network infrastructure, software companies and security firms. Apparently, “the NSA really can’t do that much spying domestically or internationally without the ongoing cooperation of these private corporations.”

Obviously, that doesn’t fit in very well at all with the promises these companies have made to their customers about data confidentiality in their terms and conditions, but then no one (except perhaps Bilbo Baggins) has ever read those properly anyway, right?

To be fair, Yahoo, Microsoft and others are now lobbying the US government to declassify information on how willingly (or not) they complied with surveillance requests. If we ever get to see these documents it might turn out that Microsoft et al were not actually as willing about the “cooperation” as it has been alleged – or it might just turn out that they were.

But what about the law?

So, are there no rules, then? Yes, in theory, there are. In principle, foreign intelligence agencies do not monitor the citizens of their own country. US law states that only communications outside the US and from non-US nationals can be monitored. Similarly, GCHQ cannot spy on British nationals, and Germans can never spy on Germans. If they do want to target their own citizens, they need a court order. Such is the theory.

In reality, I am afraid, things don’t look that promising. The FISA order I mentioned above has enough loopholes to allow the NSA to observe their own nationals without a warrant (Ironically, FISA – the Foreign Intelligence Surveillance Act – was “a response to President Richard Nixon’s usage of federal resources to spy on political and activist groups, which violates the Fourth Amendment.”). I suggest you read the recent Q&A Salon did with Glenn Greenwald to get a better idea of how problematic and potentially unconstitutional the FISA order is. Greenwald also points out a massive catch; a lot of the information surrounding these programmes is classified. According to the US administration, the top-secret nature of it all not only forbids a ruling on it, it also takes away the possibility of a valid lawsuit because no one can prove that they have been spied on. (If this interests you, I suggest you read the commitment made by General Donald B. Verrilli Jr. on 29th October 2012. Verrilli is the Obama administration’s top appellate lawyer, and the case was Clapper versus Amnesty International – it is quite enlightening. Here are some further informative links on the subject: the 2008 FISA amendment, an article in the NY Times on the case and a transcript of Verrilli’s Q&A with the judges.)

So, one problem is that what is happening is so secret that no one can easily prove that they have legal standing without touching “pretty quickly” on classified information.  Another is that the spooks are “free to go to any of these Internet companies or just simply take off the cables and fiber-optic wires that they have access to, whatever communications they want of anybody outside the United States who’s not a U.S. person.” Tough luck if these people happen to be “speaking to American citizens. The NSA is free to invade those communications without having to go into a FISA court and get a specific warrant,” so the law itself practically asks to be abused (I refer you, again, to the Salon Q&A).

“Remember that just because you are not the target of a surveillance program does not make it okay.” – Edward Snowden

Why, I still hear some of you say, should that interest the rest of us? I’ll tell you. Take Germany for example. Germany’s data protection laws are considered to be comparatively good. However, “Internet companies are [only] obliged to follow the laws of the countries in which they do business”, so any company registered outside of Germany would not be subject to these laws. Hence, German chancellor Angela Merkel’s call for tougher EU data protection laws.

The problem with that is, of course, that European countries will have to agree to these laws. The UK, for one, is already poised to reject them, which is unsurprising, given that GCHQ seems to benefit greatly from the NSA’s Prism programme. According to the Washington Post, “PRISM would appear to allow GCHQ to circumvent the formal legal process required in Britain to seek personal material such as emails, photos and videos from an internet company based outside of the country”.

So, where does this leave us – the potential targets of these schemes? Outraged, I should think, as many of us clearly are, helpless perhaps in the face of a systematic violation of our right to privacy – even more when considering our governments’ reactions to the information and the messenger. Others again, I assume, shrugged, said “so what?” and moved on.

Snowden’s revelations initially created a storm of outrage in the international media and, according to the man himself, this was precisely what he had hoped for: “I don’t want public attention because I don’t want the story to be about me. I want it to be about what the US government is doing.”

He is right of course, but as it turns out, this is not just about what the US government is doing; it’s about what our governments are doing as well. Governments we elected – or not, but governments that have been elected democratically because we, the electorate, trusted them to defend our interests (or, again, not, but you know what I mean). And I think this should leave us questioning and discussing not only these governments, but also the world we live in – and the world we want to live in.

“I don’t want to live in a society that does these sorts of things,” says Edward Snowden. For that, and for doing little else but to document a clandestine system of surveillance, he has been smeared, ridiculed, persecuted and isolated in an extraterritorial area – the transit area of Moscow’s Sheremetyevo airport. I will soon be discussing Snowden’s situation and why the reaction to him is just as worrying as the NSA scandal itself.

But to conclude this post, the basic question I am asking myself and all of you is: do we want to live in a society that does these sorts of things? And if the answer is no, what do we do to change it? As German journalist Frank Schirrmacher says, we have to face the now certain knowledge that we are the targets of mass surveillance, that this is a new game with new rules. We must demand that our governments stop talking in empty phrases, demonstrating helplessness, if not complicity. As I write this, letting the discussion subside in favour of heat waves, babies and horses in McDonald’s does not seem the greatest idea.

If you want to read on:

For further information, I suggest you take a look at the following links:

A collection of information on the NSA scandal from the Guardian, called “The NSA Files”.

If you’re German, I suggest you watch the recent edition of Beckmann on the topic – there is a lot of important information, explanations and interesting discussions of what all of this means for us as people, citizens, users of the internet and so on. Glenn Greenwald also makes an appearance.

6 thoughts on “Yeah, all right, it’s a scandal – but what does it all *mean*?!

  1. Lots of very thorough thinking. I don’t know where you get the time to absorb all this information, because I’m following this pretty closely myself but simply don’t have the level of detail that you have. Check out my own blog about Snowden and related matters.

    • Thanks for your kind comments! You make time – I only sleep four hours a night – no, just kidding. The subject just really interests me, nicely put. I shall check out your blog. I’ve had a quick look and I see that there are also posts about writing novels and watching movies – two major interests of mine.

  2. Pingback: A study in Hubris: the shenanigans of one Keith Alexander (also starring James Clapper and the Senate Intelligence Committee) | Notes from Self

  3. Pingback: Mobile phone tracking, social networks and total information dominance; a round-up of recent NSA revelations. | Notes from Self

  4. Pingback: Doomsday, discussions, resolutions and porn: surveillance-related developments this week | Notes from Self

  5. Pingback: “The mobile surge.” – Time for a little paranoia? | Notes from Self

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s