Your Wonkette Surveillance Explainer: Why All Your Metadata Are Belong To The NSA
By now Wonketeers are probably aware that the NSA (which stands for No Such Agency) has not only been collecting "metadata" from Verizon for oh, about seven years now, but also that it has been directly accessing servers from Skype, Yahoo, Google, Microsoft, Apple, and Skype in a program called PRISM in a gigantic effort to "Keep America Safe™."
Here, let us explain at you about what the NSA is doing, why they say they are doing it, and why we should give a good goddamn.
What is the NSA anyway?
Sorry, we can't tell you. It's a secret.
No, seriously, what IS the NSA?
No, seriously, we can't tell you--it's a secret. There have been some books about it. It has a secret budget . It is technically part of the military, but is presided over by the director of national intelligence and employs anywhere from 35,000 - 55,000 people --no one is sure exactly how many, because that is a secret. Its main facility is at Fort Meade but it is building another enormous (and really ugly) facility in Utah that will open in the fall, and there is speculation that this Utah facility will be a storage site for all those petabytes of data re: your embarrassing Facebook photos and calls to Grandma. This is just speculation though because the exact purpose of the Utah location is a secret.
So the NSA is a post-9/11 thing?
No actually! Turns out, we were paranoid about the exercise of First Amendment rights long before 9/11, if you can believe that! It was founded in 1952 by Harry Truman to "gather information that America's adversaries wish to keep secret." Apparently America's adversaries are really into keeping secrets about hippies and peaceniks, because the NSA was used soon after its establishment tospy on anti-Vietnam war activists and during the Iraq war to spy on the losers who thought we shouldn't invade Iraq for no reason .
What's this about "metadata"?
The Guardian reported a couple days ago that it had obtained a top - secret court order wherein Verizon wireless was compelled to turn over customer metadata to the government on an ongoing basis. As the Guardian explains :
[Metadata includes] the phone number of every caller and recipient; the unique serial number of the phones involved; the time and duration of each phone call; and potentially the location of each of the participants when the call happened.
All of this information is being collected on millions of calls every day – every conversation taking place within the US, or between the US and a foreign country is collected.
The government can use this data to gather a very detailed picture of Americans' lives: where they go, when they go there, who they see when they go there, what their regular travel patterns are, etc etc.
OK, but you said something about Skype and Gmail and whatnot.
Indeed we did! The Guardian obtained a top secret 41-slide PowerPoint presentation detailing the depth and breadth of the NSA'ssurveillancedatamining capabilities. The NSA claims to have direct access to the servers of Google, Yahoo, Facebook, Skype, Paltalk, AOL, and Microsoft. This access is part of a previously undisclosed program called PRISM, which allows the NSA to collect almost everything you might conceivably do online: emails, photos, Google searches, Google docs, chat logs, and file transfers. They can "quite literally see your ideas form as you type," so HI NSA!!!! HIIIIIIII!!!!
So wait, the NSA made an easily digestible, easily sharable Power Point presentation about one of its most secret programs?
It sure did, isn't that nice of them?
What are Google, Facebook, Skype, Apple, Microsoft, Yahoo, and AOL saying about all this?
They are shocked , SHOCKED that someone has implied that they participated in such a program, and all have issued denials claiming either that they would never do such a thing, or have never heard of PRISM or both. So there are two choices, neither of which are particularly appealing: 1) they are giving your information to the government and lying about it to your face or 2) their servers are so insecure that the NSA is able to simply access your information without their knowledge.
Twitter isn't on there though. Why aren't they on there?
At this point, it's clear that Verizon turned over use metadata because a court ordered them to do so. It's less clear , however, if PRISM participation was compulsory or voluntary. Again, neither choice is particularly appealing: either the government forced Google et al to turn over data and then didn't bother to tell any of us, or alternatively, Google et al just gave them the data for no real reason and didn't bother to tell any of us.
Isn't this illegal?
HA! HA! HA! We are in a post 9/11 world. If torture isn't illegal, then reading your emails is probably no big deal. This is because in the post 9/11 legal framework, it isn't illegal for the government to know what you are doing; if you want to know what the government is doing, well, that's a different story.
Seriously though. Is this legal?
These are interesting questions. The Obama Administration is using Section 702 of FISA (the Foreign Intelligence Surveillance Act) to justify the broadening of its surveillance powers. As Business Insider explains :
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States," [Director of Intelligence James] Clapper said [last night]. "It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States."
The Washington Post similarly writes that:
[PRISM] facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
But we still don't know exactly how this is being interpreted. For example, if I contacted an EBay seller in England with questions about a given item, do my communications "include people outside the U.S."? What if I call Citibank for help and they route me to a call center in India? What if one of my Facebook friends lives in France and I "like" some of his posts?
So basically, no one really cares about the law anymore.
Yes and no. Your Wonkette finds it fascinating that both the Bush and Obama administrations---along with Congress, who apparently approved this program in 2007 and again in 2012--still turned to the law as a source of authority. So it matters as a source of authority and credibility apparently, but that's about it. Welcome to 2013! It's like 1984, or Bladerunner, but without the cool soundtrack or awesome dystopian design aesthetics.
It doesn't take much to imagine how this metadata could be used to pursue whistle blowers.
Uh, this is basically completely inaccurate. Yes, essentially all older ciphers and ciphers with keys of, say, 64 bits or shorter should be regarded as badly broken. But properly implemented ciphers in current use with keys of 128 bits or longer are still for the most part secure, even in cases like RC4 which have been partially broken. Problems arise mostly from weaknesses in cryptosystem design, as in, e.g., 128-bit WEP, which can be trivially broken in less than a minute, even though it is effectively using a 104-bit key. But, as we increasingly move to 256-bit keys, and the flaws in existing designs are addressed, "breaking" ciphers in the traditional sense becomes less and less an issue.
Which is why places like NSA increasingly are not going that route. After all, what is the point in trying to break an SSL connection to a Gmail server, when I can just go to Google and tap into the contents after they've been transmitted?