• United States



Contributing writer

NSA surveillance controversy: Much ado about nothing new?

Jun 10, 20137 mins
Data and Information SecurityGovernmentIT Leadership

Privacy experts say the recent top-secret disclosures about the NSA's PRISM program make it official, but that the U.S. government has been spying on civilians for years, and it's reached a new, dangerous level

The only thing new about last weeks “explosive” stories about telephone and Internet surveillance of American citizens by the National Security Agency (NSA) is that it made official what everybody has known, or should have known, for years.

Word of increasing government surveillance of its citizens by electronic means has been reported for more than a decade.

Edward Snowden, who outed himself over the weekend as the principal source for stories about the surveillance in The Guardian and the Washington Post, is just the most recent.

[FAQ: 5 things known and alleged about NSA surveillance]

Snowden, a former undercover CIA employee who now works for consulting firm Booz Allen Hamilton, which contracts with the NSA, apparently leaked one set of documents showing an order from the secret Foreign Intelligence Surveillance Court (FISC) to telecom provider Verizon to turn over all of its telephone data to the NSA on a daily basis. Another set showed that the NSA had access to the servers of nine major Internet providers, ranging from Google to Microsoft, Yahoo! Skype, Facebook, YouTube, AOL and Apple.

But long before Snowden, William Binney, who worked for the NSA for 32 years, resigned from the agency in protest in 2001 after the Bush administration launched a top-secret surveillance program to spy on U.S. citizens without warrants. It was code named Stellar Wind or just “The Program.”

CSO reported last December that Binney had been saying for more than a decade that the NSA is collecting every electronic activity of its citizens — not just so-called “telephony metadata.” In an interview late last year with RT, he estimated the number of electronic documents now being stored at “probably close to 20 trillion.”

He said the scandal involving former CIA Director David Petraeus’ extramarital affair offered evidence of that, since the FBI collected thousands of pages of emails from presumably private accounts, even though Petraeus had not been charged with a crime. “What probable cause did they have?” Binney asked. “There was no crime.”

[How to keep the feds from snooping on your cloud data]

James Bamford, writing in Wired magazine, reported more than a year ago, on the construction of the NSA’s new data center due to open this September in Bluffdale, Utah, south of Salt Lake City.

That center, which will be capable of storing almost unimaginable amounts of data, will be able to intercept, store and analyze, “all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails —parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter,'” Bamford wrote. And according to both Binney and now Snowden, the center will be collecting data from American citizens.

And once last week’s stories broke, Democratic and Republican members of Congress who defended the surveillance, said it had been going on for the past seven years, beginning under the Bush administration and continuing (and expanding) under President Obama.

Indeed, the order to Verizon, first reported by Glenn Greenwald in The Guardian, was simply a reauthorization of an ongoing program, which is required every three months.

Those who opposed it had been dropping not-so-subtle hints about it for years as well. In May 2011, Sen. Ron Wyden, D-Ore., said in a debate about reauthorizing Section 215, the section of the Patriot Act that the government says permits untargeted surveillance, “I want to deliver a warning this afternoon: when the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry.”

Richard Forno, writing on the blog for the Center for Internet and Society at Stanford Law School, said, “It’s a good bet similar orders were issued to the other American telephone and/or Internet providers as well. I’m not surprised at this revelation, mind you: however it’s both refreshing —and disturbing — to see official proof come into public view after all these years.”

Still, some experts say the news of last week, combined with slippery semi-denials from those involved, take the matter to a new level.

A number of commenters noted that the Internet service providers named said they did not provide the government with “direct” access to their servers. That, of course, doesnt mean the government didnt get it, since the data could be turned over to a contractor, who would then turn it over to the government.

Jody Westby, an attorney and CEO of Global Cyber Risk, who has written several blog posts for Forbes on the matter — the most recent calling for the resignation of Director of National Intelligence James Clapper — in an interview called the recent disclosures, “a national crisis that is as serious as Watergate. Our country’s leaders have been providing false and deceiving statements to Congress and the American people. They (the NSA) are looking at everything —not just phone calls. We barely know the details.”

Rebecca Herold, CEO of The Privacy Professor, said one major problem is that the government has understated the reach of the surveillance.

“I think most of the public has believed that the capability existed to look at such data, when necessary for specific individuals or locations,” she said, “But that the collection was not a full collection of all data. This changes the implications, because now everyone, in effect, becomes a suspect.”

She and others also say that the semantic games being played by government officials are undermining the confidence of the public as well. Clapper, for example, said that the government has no interest in reading the emails of average citizens. But that is not the point. The point is that it is storing them, so it would have the capability to do so if it wished. That is what exposed the Petraeus affair.

“Government leaders are playing a syntax game with the public,” Herold said. “Even though the actual conversation/communications content is not being recorded —at least as far as we know at this point —the metadata associated with the conversation can provide insights that can go far beyond the recordings and content anyway: Locations, times, days, frequencies, the parties involved. “

“Sophisticated analytics can match this type of data with other databases to clarify and illuminate the context of the communications, and also to put the parties involved in specific locations at specific days and times, and reveal associations and collaborations between different individuals, groups,” she said.

That is the point the Electronic Frontier Foundation made in its statement on the matter last week. In a post by staff attorneys Cindy Cohn and Mark Rumold said the recent revelations, “should end, once and for all, the government’s long-discredited secrecy claims about its dragnet domestic surveillance programs. It should spur Congress and the American people to make the president finally tell the truth about the government’s spying on innocent Americans.”

The outrage is not universal, however. Stewart Baker, former first assistant secretary for policy at the Department of Homeland Security (DHS) and now a partner at Steptoe & Johnson, wrote in a post on his blog, “Skating on Stilts,”that, “the only way to make the system work, and the only way to identify and monitor the one American who is plotting with al Qaedas operatives in Yemen, is to pool all the carriers’ data on U.S. calls to and from Yemen and to search it all together — and for the costs to be borne by all of us, not by the carriers. In short, the government has to do it.”

And Joel Harding, a retired military intelligence officer and now information operations expert and consultant, said while he believes the government is operating in good faith to maintain the balance between privacy and security, “all too often we have seen examples of abuse. If we take our leaders at their word, these programs are for our good. I only pray our trust is well placed.”