It’s been a while since Edward Snowden started revealing details about the global surveillance operations of the NSA. I’ve been meaning to write down a few thoughts for a long time, but didn’t quite find the time; however they still seem interesting enough now, so let’s go.
1. Insulting the whole world
It hardly makes sense to begin without stating that these actions are insulting, disrespectful and abusive to every human being (who uses a phone, or the Internet) on the planet.
How dare the American government think they are entitled to listen in on everyone’s phone conversations, read everyone’s emails and track all other online activities.
This also goes for everyone defending these actions. How dare you?!
The reporting from the American side often makes distinctions between surveillance of American citizens, and surveillance of those who are not such citizens. Sometimes it sounds as if American citizens are more worthy of some kind of better treatment. That is of course also insulting, disrespectful and abusive.
When I first heared of the extensive surveillance systems, I thought, well, if they really have this much equipment and so many resources, it would be nice if they could solve a real problem: namely email spam, blog post spam, and similar.
However, they do not occur to be working on that.
One concludes that this is not high on their priorities.
Early on, one could read that the NSA stayed away from analyzing Bittorrent traffic. Which makes a lot of sense, since there is so much of it.
On the other hand, this leaves quite a gap to set up communication channels.
4. Pair programming
Within the first few weeks there were reports that the NSA switched to Pair-programming, pair administration, etc. Basically, don’t let anyone touch the systems without someone else watching. Take turns. Call it “Access Control Layer 1?”
The reports I read, didn’t point out how natural such a policy is. It is also not necessarily more expensive, some software companies use pair programming to avoid costly mistakes, programming bugs, etc.
So one wonders whether the original access control did not have this additional layer in order to actually allow unauthorized access. After all, Mr. Snowden did not access the system for personal gain; how many others with access were not that noble? How much easier to avoid laws and cut corners without such a layer.
Also, has this policy been reverted in the mean time? It would be possible to do so without issuing a press release, of course.
5. An extra button
Also early on, it was reported that the data that passes through the NSA’s system is enormous. On the other hand, if you look at any particular person, the data traffic they generate will most of the time be quite managable.
So I am guessing that if anyone shows up in manual surveillance (an operator inspects certain communications), they will have a button within their user interface, “Track this individual closely”. Save all that traffic for later viewing. I would estimate that adding 100 people per day would be easy to manage in terms of traffic.
I follow German news of course. When it was first revealed that the NSA was listening in on phone calls of the German chancellor, I thought, well at least governments have the resources to set up communications based on One-time pad encryption. Also, Germany has local chip factories to make sure the chip does what is desired by the owner, and not what the NSA desires.
(I find the response of European governments quite weak, I think it is underestimated how easy it is to argue with Americans)
In the wider context of privacy on the Internet (user profiling using cookies, etc), it had occurred to me a long time ago, that such policies should also cover web server logs. After all, such logs capture some information about individuals, sometimes not too much, but in the aggregate, I think it would be useful to look into stronger protection. Such protection, in one of my thoughts, would consist in having people, and organizations, be granted a “License to Log”. Such a license would be lost in the case of illegal activities, irresponsible behaviour, and so on.
These kinds of thoughts seem to be totally useless now.
It hadn’t occurred to me that what they call “metadata” is useful, but now it does seem intuitive that it is very helpful. Basically every person is placed in a circle of their acquaintances, in circles of similarities according to many different categories.
This is similar to Facebook asking users to list their favourite books and music, etc. Facebook will also benefit from this as similar metadata of its users (Who to show which ads, as the most basic example).
One can only feel sorry for the average American. Basically these surveillance systems cost each tax payer a few hundred dollars a year. Without any benefit to them, it would seem.
10. Balance of powers
I often hear praise for the American democracy and how there is a balance of powers.
Cannot be spotted here. It’s rather obvious that there is no supervision of the NSA. Last week it was reported that a senator inquired whether they as senators are also covered by the systems. Asking the question itself was already revealing, needless to say the answer was disappointing.
One can make the case for secret courts in democracies, but I think it is obvious that these should be only used extremely sparingly. That is not the case here.
Ok, that’s all for now. You probably have your own thoughts about this. I’m sorry I couldn’t include links everwhere. Please share below, add corrections or other comments, if you could!