The top 3 myths about the recent surveillance revelations

The recent–and still ongoing–revelations in the Guardian by their columnist Glenn Greenwald and his colleagues have already given rise to a number of dismissive myths.

Here are three of them, and my responses.

1. “It’s nothing new. We’ve known about this for a long time.”

For example, Senator Chambliss, ranking member of the Senate Intelligence Committee: “Everyone’s been aware of it for years.”

This is a common human reaction to any information that is presented as being important. It’s healthy and reflects a critical attitude. You may remember  similar responses to the WikiLeaks cables. But the latter turned out to be incredibly useful. So it’s worth recognizing what is new here, and what we’ve already known. (And there is a difference between “known” in the sense of known as a undisputed fact and “suspected.”)

In 2005 the New York Times revealed (after sitting on the story until George Bush was re-elected) that the NSA had been performing “warrantless wiretaps” in a program known as “Stellar Wind.” The story was reported by James Risen and Eric Lichtblau (see super-useful EFF timeline here) who later won a Pulitzer prize for their reporting. This was–and remains–genuinely new information, not least because it was not something rogue going on, but was done under the full direction of the Bush White House. It was a central plank in liberals’ opposition to Bush’s war on terror as it applied domestically (the Iraq war was the other, as it applied overseas). Risen was subpoenaed twice by the government as part of their still-ongoing investigation into one of his alleged sources (Jeffrey Sterling, a former CIA employee) for a separate story (see case files here).

When President Obama took office he reportedly closed down this program. But note that it refers to “warrantless” wiretapping, or interception. What if you could get access without needing a warrant? And do so legally? This is, in large part, what is significant about the recent revelations. Yes, Sens. Udall and Wyden have been trying to publicly put on record information about this, as the latter tweeted yesterday:

But now this is confirmed by the Guardian’s Verizon story, rather than hinted or speculated at. So what is new is that we now know that:

The Guardian for the first time published an actual FISA Court order. This order revealed that the US is collecting information (specifically, metadata) on all communications by customers, both foreign and domestic, of the country’s biggest telecom provider. Specifically, Verizon’s business customers. Senator Feinstein, who is on the Senate Intelligence Oversight Committee, said in a press conference on June 6, 2013, that as far as she was aware this was a routine 3-month extension of a program going back at least to 2006.

It was previously speculated or thought that this was going on (eg., see this USAToday story from 2006). But now we know.

As recently as March, 2013, DNI Director Clapper, when asked a direct question on whether the US was collecting information on millions of Americans, said “no.” Glenn Greenwald directly called this a “lie” on “Democracy Now” this morning.

Second, the Guardian and the Washington Post both revealed the existence of another program, known as Prism, that collects the actual content of communications from Yahoo, Google, Apple, Facebook and so on, of people (including Americans) overseas. According to the document, which the Guardian has authenticated, the NSA has had “direct access” into the servers of these companies on an ongoing basis since 2007.

2. “It’s just metadata, not content.”

This is a serious misunderstanding. The secret FISA court order published by the Guardian gives the FBI and the NSA access to all “transactional metadata” which defenders of the program immediately characterized as akin to reading the outside of an envelope, rather than your letter inside. But to conclude that your personal privacy has not been violated is to be ignorant of what you can do with metadata. Note that the metadata  includes phone numbers, location, length of the call, and who called who. From this, it is easy enough to build a pretty complete picture of what’s going on (and it may therefore be even more valuable than the actual content!). After all, according to the Wall Street Journal, it was metadata that revealed former CIA Director GEN. David Petraeus’ affair with his Mistress Paula Broadwell. Investigators were able to note her location and contacts in order to build a case against her before reading any of her messages’ content. Investigators then used the metadata as probable cause to obtain a warrant to read her emails, which led them to Petraeus. It is in the nature of “big data” that it can be extensively mined for significant patterns and findings, and can be leveraged against ancillary data (Crampton et al. 2013).

Locational metadata is by itself a critical insight into activity. Indeed there is a whole field of intelligence analysis known as Activity-based Intelligence” or ABI, that is a key part of intelligence, including geographical intelligence (GEOINT) that relies on geolocational data. A recent paper (pdf) by a joint team of investigators from MIT, Harvard and Louvain recently showed that they could uniquely identify an individual 95 percent of the time from a large, anonymized dataset, knowing just four pieces of metadata. So if I know where you are just four times, I can almost certainly uniquely identify you even if personal identifiers are stripped (as there are not in the Verizon order). Then I can track you, see who you interact with, for how long, and build a pretty good picture that will at least get me a subpoena (which, remember, requires less evidence than a warrant).

Also note that metadata are deemed by US law to have been “given” by you to a third party and so are not subject to warrant having probable cause (a la the Fourth Amendment) but only a subpoena, which is much easier to get.

3. “The leaks (and the leakers) threaten legal, approved measures that are designed to ensure the safety of Americans. We should prosecute/investigate/stop leakers.”

For example, during the same press conference yesterday, Sen. Feinstein was asked if the Verizon leak should be investigated. She replied “Yes, I think so” (video).

There are several points to be made here. First, it is part of the problem, not the solution, that these programs (Verizon and PRISM, as well as others we sometimes hear about, such as “Ragtime” a codename revealed in Marc Ambinder’s book, Deep State) operate within the law. It indicates that the laws are wrong, overbroad, and unconstitutional. This includes the Patriot Act.

Second, to say that “Congress in fully briefed” as both President Obama and Sen. Feinstein did, is irrelevant and untrue. Only a very small group of Senators (typically either the “Gang of Four” [CRS pdf], or “Gang of Eight” [CRS pdf]) get anything like regular national security/intel briefings (there was a separate one yesterday, to 27 interested Senators), but, since they can’t tell the public what’s going on, and Intelligence committees rarely hold publicly accessible meetings, this is not much good to US citizens, nor even to other Senators and Congressmen and women not included.

To the point that these leaks damage operational programs and even cost lives, and therefore we need to investigate and prosecute leakers. First, there is a deficit of publicly available information that would provide a basis for a conversation about these matters. Second, according to one (fully briefed) Senator, Ron Wyden, who is on the intelligence committee, he said yesterday regarding this blanket surveillance that “Based on several years of oversight, I believe that its value and effectiveness remain unclear.”

Third, the investigation of leakers is not only wrong but counter-productive. These “leakers” are not acting for financial gain (just think how much money Bradley Manning could have made, or how much Thomas Drake has lost) but as whistleblowers. Whistleblowing, which candidate Obama praised in 2008, is an act carried out to alert to government waste, inefficiencies, or malfeasance.  Prosecutions of these whistleblowers, especially under the World War I-era Espionage Act ( a favorite of the Obama administration) will suppress future whistleblowers and hence the public’s ability to know about government waste, fraud and mismanagement.

These are my top 3 myths. There are others, and feel free to add your own.

6 responses to “The top 3 myths about the recent surveillance revelations

  1. Reblogged this on Progressive Geographies and commented:
    Jeremy Crampton discusses the recent surveillance stories.

  2. What you have, and has been, referred to as “metadata” because it does not specifically identify individuals, is actually data. A person’s location is a data point. A person’s phone number is a data point. For example, a phone call made by someone in the Bronx at 10am would have several categories of metadata on a spreadsheet. The time, 10 am, could be metadata. The location, the Bronx, could be metadata. But the phone number itself, would be DATA. Whatever fills up the spread sheet is data. You could also consider location and time to be data depending on how many calls and phone numbers were involved. I know you tried to point that out at the outset, but you lapsed back into collapsing metadata and data together. This slippage is important.

    • Karl, You are quite right. Certainly in geography, mapping and GIS, location is data, not metadata. But in the discussions I reference, location is lumped into the category “metadata.” I suspect there are two reasons for this. One, it makes it sound less objectionable if you say you are “only” collecting metadata. Second, the more things that “count” as metadata the better from a surveillance point of view, because you are deemed to have “given” these to a third party and can have no reasonable expectation of privacy. Similarly, if you wander outside, you have less privacy, even if what people are collecting on you (your image and behavior, say), would normally be considered as “data.” So there is some interesting conceptual slippage between these terms. Thanks for pointing that out.

  3. Pingback: Wielki Brat patrzy | cyberkultura UMK

  4. Pingback: New information on Prism | Open Geography

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s