“The mobile surge.” – Time for a little paranoia?

This Bird is Angry

So GCHQ and NSA have been spying on Angry Birds, have they? I am gutted. I love Angry Birds. As, apparently, does David Cameron, the British Prime Minister. Oh dear, I have something in common with that man – who would have thought? Well, I guess Evil Overlords enjoy the distraction of smartphone games too. 

Anyway, don’t get me wrong; I wasn’t exactly surprised.  And I assume people familiar with the subject matter of either app technology or surveillance or both weren’t either.

I am also quite aware that my footprint on the internet is probably rather big and that it must be easy enough for someone to trace all sorts of stuff about me, if they are interested.

So far, I admit that I have mostly shrugged this off. I know that I am putting a lot of my data out there willingly: I enjoy Facebook and I use it a lot, I am active on Twitter, I shop online and yes, I play Angry Birds. I know that I leave traces everywhere, as do most of us. So far, I haven’t really felt the need to do anything about it. Despite the Snowden revelations and my healthy obsession with them, I didn’t really feel threatened.

My objections to NSA and GSHQ surveillance practices are of a more abstract nature; I am shocked and dismayed by the attitude towards civil liberties, human rights, democracy, and also freedom of speech, a free press and democratic accountability displayed by the spy agencies, the governments and some of the media. This, to me, is evident both in the surveillance and in the demonizing of Edward Snowden. I believe that both the kind of surveillance that has been revealed and the reaction to the persons that have revealed it (Mr Snowden himself as much as his “accomplices“) is evidence that something is going fundamentally wrong in our democracies. That is what I object to, that is what worries me but I am more concerned with what that means for the fundamental principles that our societies have been built on than with my personal digital footprint.

So yes, sure, I was spooked and dismayed by the extent and potential evident in programmes like Boundless Informant. Stuff like that makes my skin crawl. I take seriously what Edward Snowden said about how the spooks can go back over your data and make you look suspicious in retrospect if they want to, but – and this may be naive – at the end of the day, I sleep soundly in the knowledge that I am hardly interesting enough to become a target.

Or so I think.

As more programmes continue to come to light, however, my trepidation slowly rises.

For example, it has emerged this week that NSA and GCHQ can apparently follow our movements when we are using Google Maps. Again, not necessarily surprising – we are all constantly traceable in the age of GPS-enabled mobile phones anyway. I have always found mobile phone masts slightly daunting, to be honest.

But for some reason, for me the news about Google Maps brought the magnitude of the intrusion home once again with force.

I use Google Maps quite a lot to find my way around and I increasingly had to rely on it recently.

I had never thought much of it but then, this week, suddenly, there it was: the nagging feeling at the back back of my mind that, in theory, someone could be tracking my movements as I was trying to find my way from the station to my destination. That there was a fat, fiery eye at the top of a tower somewhere, following my every move. Well, perhaps not quite as Peter Jackson as that but you get the idea: Frodo was only able to make it as far as Mount Doom because Sam insisted that he keep his phone switched the ring off and still Frodo’s (and Gollum’s) obsession with it almost jeopardized the entire enterprise. Pippin’s curiosity about Saruman’s personal Skyping device certainly made him a victim of fiery-eyed surveillance. So there.

On Monday night, my old friend Google Maps suddenly started to seem untrustworthy and then, as I was out on Tuesday for my run, it also occurred to me the GPS I am using to map my runs could, in theory, be used to spy on me and my preferred routes, my training schedules, my habits. After all, “[t]wo top-secret flow charts produced by the British agency in 2012 showed incoming streams of information skimmed from smartphone traffic by the Americans and the British” and apart from the now all-too-familiar metadata, these streams provide information from “social apps,” “geo apps,” “http linking,” webmail, MMS and traffic associated with mobile ads, among others.”

So, in theory, anyone could be watching, anytime, and should we ever fall under suspicion, the spooks could put a tap on us, they could familiarize themselves with our usual patterns of behaviour, and they could grab us off the street. Creepy enough yet? If not, then consider that it doesn’t even have to be the spooks. Any prowling lunatic with enough technical knowledge could, in theory, do that.

I know it sounds paranoid and it’s probably not going to happen. Perhaps it’s got to do with reading American Psycho which is, I would say, quite conducive to paranoia but I am a bit more frightened now than I was before. Yes, I am only half serious. Patrick Bateman does not stalk his victims by smartphone. Neither does Sauron. But still.

Coming at it from a different perspective, even if the news isn’t that astonishing, there is still a difference between suspecting something (and thus not being surprised when it turns out to be true) and seeing it written down in black and white.

For one thing, there is proof now and hopefully there will be consequences.

For another, it is extremely embarrassing for the spooks.

Why? Because it brings home, once again, and I would argue more clearly than ever at least to a lay audience (myself included), what NSA and GCHQ can really do. That is, what exactly they have access to and how they use it. And that isn’t – as they keep claiming – *only* our metadata.

And even if we go along with that narrow definition of spying that “does not include the ingestion of tens of trillions of records about the telephone calls, e-mails, locations and relationships of people for whom there is no suspicion of relevance to any threat”, then it still isn’t clear how blameless the agencies really are.


Lying – spying; a difference in consonants?

Importantly, to claim that what the agencies do isn’t spying because they only hoover up metadata and not content, is to rely on too narrow a definition of spying. You could also call it lying by omission.

And anyway. We are no longer talking “just” metadata.

Granted, “[t]he documents do not detail whether the agencies actually collect the potentially sensitive details some apps are capable of storing or transmitting, but any such information would likely qualify as content, rather than metadata.”

However, I cannot be the only one who has little hope that the agencies actually refrain from collecting those sensitive details.

Given the revelations of the past couple of months and NSA chief Keith Alexander’s objective to “collect it all”, I would be surprised if they passed up that opportunity.


“Probably unlawful”

Both NSA and GCHQ keep insisting that their operations keep strictly within legal frameworks.

However, in the UK this week “the leading public law barrister Jemima Stratford QC raise[d] a series of concerns about the legality and proportionality of GCHQ’s work, warning that much of what GCHQ does is “probably illegal and […] in breach of human rights”  and that the “British spy agency is ‘using gaps in regulation to commit serious crime with impunity’”.

As an example, this could include “intelligence used for US drone strikes against “non-combatants” [being] passed on or supplied by the British before being used in a missile attack.”

Notes Ms Stratford’s advice: “An individual involved in passing that information is likely to be an accessory to murder. It is well arguable, on a variety of different bases, that the government is obliged to take reasonable steps to investigate that possibility.”

“[The advice also] makes clear the Regulation of Investigatory Powers Act 2000 (Ripa), the British law used to sanction much of GCHQ’s activity, has been left behind by advances in technology.”

For example, there is an “issue with Ripa’s distinction between metadata and content of messages; when Ripa was passed this was analogous to the difference between the address on an envelope and the letter within it.”

Now what was that definition of spying again? Spying is only looking only at content? Collecting metadata isn’t spying?


But we don’t even need to go that far. Interestingly, the advice also states very clearly that “Ripa does not allow mass interception of contents of communications between two people in the UK, even if messages are routed via a transatlantic cable” (emphasis added) – i.e. the spooks are not allowed to scrape together every envelope they can get their hands on, even if they don’t open them and never read the letters.

So much for Operation Tempora, that “GCHQ programme that harvests vast amounts of information by tapping into the undersea cables that carry internet and phone traffic passing in and out of the UK.”

Contrary to what GCHQ and foreign secretary William Hague have been telling us, GCHQ is probably not acting within the law when it makes use of Tempora’s capabilities.

In fact, the words “probably unlawful” crop up an awful lot in Ms Stratford’s advice which, finally, also suggests that

“[i]f GCHQ is not entitled to hold onto data itself, it might transfer it to the NSA. In time, and if relevant, that data might be transferred back to GCHQ. Without strong guidelines and scrutiny, the two services might support each other to (in effect) circumvent the requirements of their domestic legislation.”

And things don’t stop there (do they ever?)

Last week “judges at the European court of human rights […] fast-tracked a case brought by privacy and human rights campaigners” ordering the UK government “to provide submissions by the beginning of May about whether GCHQ’s spying activities could be a violation of the right to privacy under article 8 of the European convention.”

Ms Stratford’s advice suggests that it could be.

Excuse me if I am not particularly reassured by, well, reassurances from the spy agencies, Mr Hague or Mr Obama that they are operating within the law.


Supporting the spooks

 “Documents, shared by The New York Times, The Guardian and ProPublica, show that the N.S.A. and the British agency routinely obtain information from certain apps, particularly those introduced earliest to cellphones. With some newer apps, including Angry Birds, the agencies have a similar ability, the documents show, but they do not make explicit whether the spies have put that into practice.

“Some personal data,” that can be obtained in this way, the New York Times reports, “could be particularly sensitive: A secret British intelligence document from 2012 said that spies can scrub smartphone apps to collect details like a user’s “political alignment” and sexual orientation.”

So, in theory, the spooks don’t just watch you as you use Google Maps to find your way from your home to your nearest polling station. They also know who you vote for and who you’ve slept with the night before. Wow, talk about transparent.

So perhaps I wasn’t wrong to be spontaneously spooked by Google Maps this week after reading that NSA and GCHQ “displayed a particular interest in Google Maps, which is accurate to within a few yards or better in some locations. Intelligence agencies collected so much data from the app that […] [i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system.”

You are welcome, GCHQ.

Except no, you aren’t.This isn’t Big Brother.

Yes, I may upload a lot of stuff to Facebook. I tweet, I shop online, I play Angry Birds – but that is me giving my data to someone else more or less out of my own free will.

GCHQ enlisting me into its services without my knowledge simply because I have no sense of direction and need Google Maps for support…? No, sorry, I don’t think that’s on.

It’s also not on that GHCQ accesses data about our sexual orientation and even less that they potentially look into our political affiliations. None of us ever agreed to be on the bloody Truman Show. I think hardly any of us would readily move into the Big Brother house either.

Yet, “[d]epending on what profile information a user had supplied,” the Guardian reports, “the agency would be able to collect almost every key detail of a user’s life: including home country, current location (through geolocation), age, gender, zip code, marital status – options included “single”, “married”, “divorced”, “swinger” and more – income, ethnicity, sexual orientation, education level, and number of children.”

Remember when I first wrote about how dangerous such capabilities could be, for example, to dissenters living under totalitarian regimes?

Just because we still seem to be living in something that works hard to resemble a democracy doesn’t mean that in theory, in the future, information like that could not come in handy for someone trying to make a case against us. Even if we were completely innocent.

I mean, do consider that, amongst other things, the spooks can access your (or your friends’) “buddy lists” and “a host of other social working data”. In short, they can – and do – trace all sorts of connections between yourself an others. I have said before how easy it is, in theory, to be connected to someone who looks dodgy and then to be set up as dodgy-looking yourself in retrospect.


Cookie with your tea?

A few more words on metadata and its sheer volume: “One GCHQ document from 2010 notes that cookie data – which generally qualifies as metadata – has become just as important to the spies. In fact, the agencies were sweeping it up in such high volumes that their [sic] were struggling to store it.

That’s a lot of information. And if it’s that important to the spies, then show of hands who agrees that to insist that metadata collection isn’t spying makes you look as if you have or facts wrong or as if you are “relying on an unusually narrow definition” of the term.


The Smurfs are in on it too

I’d almost find this amusing if the information wasn’t so harrowing:

“GCHQ’s targeted tools against individual smartphones are named after characters in the TV series The Smurfs. An ability to make the phone’s microphone ‘hot’, to listen in to conversations, is named “Nosey Smurf”. High-precision geolocation is called “Tracker Smurf”, power management – an ability to stealthily activate a phone that is apparently turned off – is “Dreamy Smurf”, while the spyware’s self-hiding capabilities are codenamed “Paranoid Smurf”.

So what this is saying is that behind the funny-sounding names given to these tools, what they can do is listen to your phone conversations, geolocate you, turn your phone on and off for you (apparently placing it in a freezer will stop them listening) and then hide everything they can do in case you are – like I am getting by now – a little bit paranoid.


Squeaky Dolphin

But okay. For the sake of the argument, say that you are not, like me or Mr Cameron, an avid player of Angry Birds or a GPS-reliant runner or clueless about directions. Say you are a couch potato without a smartphone and that you still use good old-fashioned cardboard maps to find your way around when you do go out.

Unless you are a computer-free hermit with no access to the internet, chances are that you still won’t stay unobserved.

The British government can tap into the cables carrying the world’s web traffic at will and spy on what people are doing on some of the world’s most popular social media sites, including YouTube, all without the knowledge or consent of the companies.” 

The monitoring program is called “Squeaky Dolphin” and “psychology” is apparently a whole “new kind of SIGDEV”. Have a look at the fill document leaked by Edward Snowden here.

Why is this a problem? Well, apart from the obvious, that it’s “[i]t’s one thing to spy on a particular person who has done something to warrant a government investigation but governments have no business monitoring the Facebook likes or YouTube views of hundreds of millions of people,” one particular instance also makes it quite clear that perhaps my concerns about what these kinds of capabilities can mean for political dissent aren’t very far off the mark:

More than a year prior to the demonstration, in a 2012 annual report, members of Parliament had complained that the U.K.’s intelligence agencies had missed the warning signs of the uprisings that became the Arab Spring of 2011, and had expressed the wish to improve “global” intelligence collection.

I mean, just let this sink in: “Psychology” – the “new kind of SIGDEV”. Am I the only one who is creeped out by the idea that the spooks are now working their way into our heads and souls?


So, what have we got?

We’ve got at least two spy agencies – NSA and GCHQ – gathering metadata from all sorts of sources, including popular apps, YouTube and Google Maps on a massive scale.

Evidence has it that they feel quite chuffed about how much they can gather, which potentially includes highly sensitive personal data.

We’ve got spooks with very frightening tracking capabilities.

We’ve got a top lawyer’s advice that a lot of what GCHQ gets up to is “probably unlawful”.

We’ve got evidence that there is, in fact, not really any room for probability here – in all likelihood many of these practices are unlawful.

We have a UK Prime Minister whose recreational pastimes are now a matter of national security.

I tell you what we haven’t got.

Systems of appropriate oversight, for one thing.

Adequate protection for whistleblowers for another.

And here is something else we haven’t got: reform.

Quite the contrary. In the UK, we have PM Cameron who as recently as this week said that “he was unhappy that newspapers were still publishing sensitive information leaked by former US intelligence operative Edward Snowden and urged them to stop.

Fat chance of reforms there. I am sure that, if he could, the PM would order the Guardian to destroy the documents the paper received from Edward Snowden. Oh hang on! He has already done that.
A video of that particular incident has now been released by the Guardian.

In the US, we have a director of national intelligence who – after allegedly lying to Congress last year – still condemns the Snowden reporting and who, despite allegedly committing a felony, has not been investigated or charged and still has his job (in that he is luckier than NSA chiefs Inglis and Alexander and – most recently – GCHQ chief Lobban who are all “resigning”).

I have commented previously on why I am not impressed with the NSA reforms announced by president Obama. Not much actual reform there either.

So, in light of all that, perhaps it is no wonder that I am turning into a bit of a paranoid Smurf.

It may be time for us all to step up our security.

Or perhaps I should just start tagging all my posts #justjokingnsa

Except I am not. Joking.

#StopWatchingUs. Now.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s