Total information awareness?, Understanding Society: I'm finding myself increasingly distressed at this week's revelations about government surveillance of citizens' communications and Internet activity. First was the revelation in the Guardian of a wholesale FISA court order to Verizon to provide all customer "meta-data" for a three-month period -- and the clarification that this order is simply a renewal of orders that have been in place since 2007. (One would certainly assume that there are similar orders for other communications providers.) And commentators are now spelling out how comprehensive this data is about each of us -- who we call, who those people call, when, where, … This comprehensive data collection permits the mother of all social network analysis projects -- to reconstruct the widening circles of persons with whom person X is associated. This is its value from an intelligence point of view; but it is also a dark, brooding risk to the constitutional rights and liberties of all of us.
Second is the even more shocking disclosure -- also in the Guardian -- of an NSA program called PRISM that claims (based on the secret powerpoint training document published by the Guardian) to have reached agreements with the major Internet companies to permit direct government access to their servers, without the intermediary of warrants and requests for specific information. (The companies have denied knowledge of such a program; but it's hard to see how the Guardian document could be a simple fake.) And the document claims that the program gives the intelligence agencies direct access to users' emails, videos, chats, search histories, and other forms of Internet activity.
Among the political rights that we hold most basic are the rights of political expression and association. It doesn't matter much if a government agency is able to work out the network graph of people with whom I am associated around the project of youth soccer in my neighborhood. But if I were an Occupy Wall Street organizer, I would be VERY concerned about the fact that government is able to work out the full graph of my associates, their associates, and times and place of communication. At the least this fact has a chilling effect on political organization and protest -- both of which are constitutionally protected rights of US citizens. At the worst it makes possible police intervention and suppression based on the "intelligence" that is gathered. And the activities of the FBI in the 1960s against legal Civil Rights organizations make it clear that agencies are fully capable of undertaking actions in excess of their legal mandate. For that matter, the rogue activities of an IRS office with respect to the tax-exempt status of conservative political organizations illustrates the same point in the same news cycle!
The whole point of a constitution is to express clearly and publicly what rights citizens have, and to place bright-line limits on the scope of government action. But the revelations of this week make one doubt whether a constitutional limitation has any meaning anymore. These data collection and surveillance programs are wrapped in tight secrecy -- providers are not permitted to make public the requests that have been presented to them. So the public has no legitimate way of knowing what kind of information collection, surveillance, and intelligence activity is being undertaken with respect to their activities. In the name of homeland security, the evidence says that government is prepared to transgress what we thought of as "rights" with abandon, and with massive force. (The NSA data center under construction in Utah gives some sense of the massiveness of these data collection efforts.)
We are assured by government spokespersons that appropriate safeguards are in place to ensure and preserve the constitutional rights of all of us. But there are two problems with those assurances, both having to do with secrecy. Citizens are not provided with any account by government about how these programs are designed to work, and what safeguards are incorporated. And citizens are prevented from knowing what the exercise and effects of these programs are -- by the prohibition against telecom providers of giving any public information about the nature of requests that are being made under these programs. So secrecy prevents the very possibility of citizen knowledge and believable judicial oversight. By design there is no transparency about these crucial new tools and data collection methods.
All of this makes one think that the science and technology of encryption is politically crucial in the Internet age, for preserving some of our most basic rights of legal political activity. Being able to securely encrypt one's communications so only the intended recipients can gain access to them sounds like a crucial right of self-protection against the surveillance state. And being able to anonymize one's location and IP address -- through services like TOR router systems -- also seems like an important ability that everyone ought to consider making use of. Voice services like Skype seem to be fully compromised -- Microsoft, the owner of Skype, was the first company to accept the PRISM program, according to the secret powerpoint. But perhaps new Internet-based voice technologies using "trust no one" encryption and TOR routers will return the balance to the user. Intelligence and law enforcement agencies sometimes suggest that only people with something to hide would use an anonymizer in their interactions on the Web. But given the MASSIVE personalized data collection that government is engaged in, it would seem that every citizen has an interest in preserving his or her privacy to whatever extent possible. Privacy is an important human value in general; and it is a crucial value when it comes to the exercise of our constitutional rights of expression and association.
Government has surely overstepped through creation of these programs of data collection and surveillance; and it is hard to see how to put the genie back in the bottle. One step would be the creation of much more stringent legal limits on the data collection capacity of agencies like NSA (and commercial agencies, for that matter). But how can we trust that those limits will be respected by agencies that are accustomed to working in the dark?