Monday, July 1, 2013

My Thoughts On PRISM

Front page of The Guardian on June 10
The British newspaper The Guardian published for the first time on June 7, 2013 information about a large-scale data surveillance program called PRISM. Based on the information obtained from the former CIA employee Edward Snowden, the US government has been collecting vast volumes of personal data from cloud based services provided by US companies that represent the who-is-who of the high-tech world: Google, Apple, Facebook, Microsoft, etc. Based on the recent news updates, it looks like other governments have been doing the same.

This is very worrisome.

I am not surprised that the government is collecting all this data. It is too easy and too tempting. With the USA PATRIOT Act of 2001, it is probably even legal - at least based on the intelligence agencies’ interpretation of the law. Comparisons of how the government respects our paper mail while snooping our email are complete nonsense. The government respects the paper mail because it has no ability to snoop it. US Mail is a highly distributed system that handles data that is hard to duplicate - paper letters. Intercepting them all is practically impossible and copying them is difficult. Even if they did, they would end up with warehouses full of paper that would be highly impractical to search through.

Compared to that, collecting our electronic data is rather easy. The data is highly centralized and accessible through a few central choke points called Google, Facebook, etc. It is very easy to copy, and when stored, it is relatively easy to search through - just search for your name on Google and you get the idea of what the government has to do. Sure, storage and organization of all that data represents a challenge - a real “Big Data” challenge - but nothing that can’t be solved today.

As for privacy, let’s not kid ourselves. The government, the intelligence agencies, and the law enforcement don’t have much regard for our privacy. Have you flown on a plane in the last decade? They make you take off your shoes, your sweater, and your belt. They capture a picture of your naked body. They look through your luggage and make you bare your toiletries. They have an extensive data profile on you with all the info from your passport and often also your fingerprints and retina scan. They keep a record of all your flights and border crossings. If they like, they give you a thorough pat down. What makes you think that they would hesitate to search through your email - your data that you are not even keeping on your own premises?

Now, let’s consider the other side of this coin. So, the government has a copy of all our emails, Facebook posts, tweets, and then some. That’s billions and billions of data records. There is no way that human eyes could possibly review all these records. In fact, when a human review is  needed, it can become pretty daunting - I wrote about this type of big challenge in my article The Only Hope for Privacy? The point is that only computer algorithms are looking at your personal data and they will only raise a flag if your data pattern suggests a behavior of interest - terrorist related activities, tax evasion, drug trafficking, etc. You could argue that if you are engaged in any such activity, the feds should be looking at your data. Right?

Well, no. This is exactly the type of an orwellian surveillance state that knows too much about its citizens and it doesn’t take long to start flagging any behavior the state deems adverse. It takes a frighteningly small step from snooping your data to killing your freedom of speech. That leads to the state telling citizens what to do and how to behave which is called dictatorship. That’s not what the US Constitution is about. That’s not what freedom, liberty, and justice are about. This is not the ideal upon which the United States have been founded. We must not allow this to happen. That’s what Edward Snowden was thinking when he decided to blow the whistle.

Now let’s be clear, there are some concerning questions about Edward Snowden that should be answered. I don’t blame him that he went public with classified information. While that is against the rules (against the law), he obviously didn’t have the option of blowing the whistle the proper way - by informing to his supervisor, HR department or Chief Legal Counsel. Those are the guys behind the mass surveillance. But he did have the option to disclose the information anonymously and I wonder why he didn’t. I also wonder why he ended up hiding in China and Russia which are officially friendly nations but, honestly, I’d feel better if he was hiding in the United Arab Emirates or Indonesia which are also non-extradition countries. Going public in his own name and doing it in China rings a little alarm bell for me. But still, Edward Snowden appears to have done the honorable thing, albeit illegal.

So, where do we go from here? Well, this is a tough one. Our technology has created a monster by making all of our data readily available to snooping. We have also created a climate of public paranoia that places security above privacy. At least perceived security as there is no real evidence that all those security measures such as airport security controls or cameras on city streets yielded any tangible security increase for the citizens. The number of terrorists that the TSA caught in the last 10+ years is exactly zero while the annual TSA budget is $8 billion (source: BusinessWeek). Both of these things are a genie that won’t easily go back into the bottle.

In the end, I hope that we will educate ourselves enough to better understand how to handle our information to keep at least some of it private. Maybe, not all the data should end up in the Cloud after all! I also hope that the security vs privacy pendulum swings back and finds some point of equilibrium that will make our lives more pleasurable. The excessive security that has become part of our daily lives is the kind of asymmetric response that I wrote about two years ago. Because every time I get a thorough pat down at the airport, I can’t help thinking that the bad guys might have won when they set out to make our lives miserable.


  1. Excellent points. On the other hand, how much of our privacy do we willingly give up in order to save a few dollars. Our free Gmail account, our myriad bonus programs, the store programs that keep track of every item we consume and the frequency at which we consume it. I'm not advocating a Big Brother state, but while we complain about the government scanning, skimming and collecting metadata, we are giving the body content to commercial enterprises for free - ok, for a few dollars worth of savings.

    1. Thank you for your comments, Dan! I absolutely agree with your point. Indeed, the privacy and security education that we all need has to include the concerns of surrendering our privacy to for-profit enterprises. Sometimes, free is not really free and certainly not the best choice.

    2. I think the difference (at least for me) is that we have the choice to give away our privacy to companies in most cases. Personally, I believe that the tradeoff for FaceBook is too great and I don't use it. I give my data to some supermarkets in return for loyalty cards, but mess with their data periodically by giving my account to other people to break their pattern analysis.

      The whole thing that bothers me most is the secrecy of the spying. If the government truly believed in it they would announce it - but they didn't (don't) because they know it's not right - it is not what a democracy looks like. If the people sign up for this, good luck to them, I'll be looking for another place to live; but I believe that Snowden (and others) have exposed this evil behaviour to public sight and now the electorate will demand change.

  2. Good points, Lubor. In regards to monitoring US Mail NYT just reported that U.S. Postal Service is logging all mail for law enforcement: So, I am afraid it's not really an option to go back to just using paper mail. ;-)