Should I be worried about PRISM?

Cyber Politics, Privacy

You have all heard about PRISM, maybe the most significant spying machine in the world’s history. And certainly one of the most significant disclosures about the United States’ intelligence operations. But how does this affect us ordinary netizens?

Let’s look at PRISM from a couple of different angles. The PRISM system is a gigantic intelligence network that gives NSA access to data in Google (Gmail, YouTube etc.), Facebook, Microsoft (Skydrive, Live, Skype etc.), Yahoo!, PalTalk, AOL and Apple. These companies are naturally denying it all, but it means nothing as that is what they would say anyway. The PRISM disclosure is backed up by leaked documents, and whistleblower Edward Snowden’s brave decision to come out under his own name makes it even more credible.

The disclosure of PRISM is hardly surprising for people familiar with IT security and privacy issues. It is not the only known intelligence program, data about Internet traffic is gathered in many other ways too. But it is still significant in many ways. It should first of all act as an eye-opener for ordinary people and politicians. It is no longer possible to dismiss people who talk about spying governments as paranoid tin foil hats.

US is not the worst country on earth when it comes to freedom on the net. But it is however a country that has made a strong promise about democracy, freedom of speech and integrity. It also aggressively fights many other countries that don’t live up to western ideals. The disclosure of a spying network that would make Stasi green of envy is of course much bigger news in a country like this.

And last but not least. US has a central role in the Internet of today. This makes PRISM a global issue and not just a local privacy threat in US. Many popular services, like Facebook, are US-based and your only options are to participate and live with PRISM, or quit. The authorities claim that they aren’t targeting US citizens, just communications involving foreigners. But that is about 95% of the world’s population. And can we believe them about not spying on the remaining 5%? So PRISM is really an issue for all of us, US citizen or not.

OK, but should I be worried? I’m no terrorist and not even criminal. I have nothing to hide. Will this really affect me?

Yes and no.

The immediate impact on your life is probably zero. These intelligence systems sift through and store huge amounts of data and it is impossible to read every single message. They use automatic filters that trigger on certain secret keywords, and flag these messages for closer examination. A message to or from you may trigger a filter once in a while, but its harmless nature will be apparent in the manual examination. There are of course a lot of private secrets that shouldn’t leak to others, but they are of no interest to authorities. The risk that such secrets leak through PRISM is close to zero. Most ordinary people fly under the radar of these systems and will not really notice them at all. What’s more scary is the stored data. We have no clue about how it will be used in the future and who will have access to it. To cite Snowden: “Even if you are not doing anything wrong, you are being watched and recorded. … You don’t have to have done anything wrong. You just have to eventually fall under suspicion from somebody. Even by a wrong call.  And then they can use this system to go back in time and scrutinize every decision you ever made.  Every friend you ever discussed something with and attack you on that basis to sort of derive suspicion from an innocent life and paint anyone in the context f a wrongdoer.”

So you should be very worried on a principal level. Have you ever thrown away something, just to later realize how much you would have needed it? This is what’s happening to privacy today. Many claim that they have nothing to hide and that the loss of privacy is a fair price for security. There are however two fundamental problems with that reasoning. Very few have any idea about what price we really pay, i.e. what impact the loss of privacy may have on our future lives. And nobody knows what security we get in return, if we get any at all.

The price. Today we live in a world where Internet still isn’t fully integrated in our lives. The development is fast but the net is still often seen as an alternative to handling your business in the traditional way. Any privacy issue will naturally be magnified by the day Internet is our mainstream way to communicate with other people and businesses. The intelligence systems of today are also fully capable of collecting data for any purpose, even if the official reason for building them is the fight against crime and terrorism. Today we are building more and more capable systems that tap into something that is becoming the backbone in our society. And all this with a blatant lack of openness and very rudimentary control of the purpose and use of these systems. I call this a recipe for disaster. Future misuse is inevitable, unless we change direction.

Can there for example be fair democratic elections in a country where one of the parties control the intelligence agencies, which in turn can intercept all electronic communications, including those of their political enemies?

And the upside, the benefit? Security? Sure, it sounds nice and easy to tap into the mail traffic between terrorists, wait until you have enough evidence and then bust in to arrest them all before they strike. But it’s not that easy. You can defeat these systems by using encryption, like PGP. This will still leave metadata about the communication and does not protect your identity. But you can use anonymity networks like TOR to access a webmail account. The groups that pose a real threat is no doubt competent enough to do this, so PRISM won’t catch them.  Anders Behring Breivik killed 77 in Norway in July 2011. He acted alone and didn’t need to plan the attack with anybody else. Here again, nothing to catch for PRISM. So what are we left with? A couple of lunatics who work together but aren’t skilled enough to protect their communications. The authorities will catch some of these every now and then, and proudly present the catch to prove how necessary their intelligence system is. We will never know if these lunatics really were capable to perform the strikes they were detained for. So it all boils down to something that won’t catch the real threats, but still is a privacy problem for ordinary people who aren’t motivated to use all the countermeasures.

But is there anything we can do? Some claim that we have lost the battle and privacy is dead. I disagree. Privacy is fatally wounded but not dead. It needs CPR to survive, but there is a chance if enough people realize that we shouldn’t throw privacy away.

Here’s tree concrete advices about how you can deal with government intelligence and the privacy threat it poses.

  1. The fight for our future privacy is not about technology, it’s about politics. Prerequisites for privacy are a strong protection in the legislation as well as openness and clear rules for the inevitable cases where privacy must be breached to fight crime. Vote for candidates who share the concern about privacy and are motivated to join the fight. Get familiar with EFF.
  2. Should I avoid services that participate in PRISM? You can if you like, but it may not make much difference. And some PRISM-systems are hard to avoid. But as mentioned above, we don’t know how the PRISM-data will be (mis)used in the future. If you want to minimize your exposure to intelligence, prefer cloud services located in your own country. They are not perfectly safe either, but you do at least know what legislation applies to them. Things always get complicated when you communicate over borders. The legislation and secret practices in other countries may differ significantly from your own country, and a cloud service provider must naturally obey the authorities in the country where their server farm is located.
  3. You can safely assume that if a government wants your unprotected data, they will get it. No matter where you live and whom you communicate with. And no matter if it’s your own government or some other. There are numerous known intelligence programs that target both stored data and data in transit, and even more that have remained secret. You really need to use strong cryptography and other means of protection if you have secrets that is of interest to authorities. You need to pay attention to a lot of different factors so go through your case with a trustworthy expert. Remember that intelligence systems can be used for industrial espionage as well, so relevant business secrets should be protected too. Criminals and terrorist are not the only ones who have a reason to hide.

Safe surfing,
Micke

17 Comments

The future with systems like PRISM in place is indeed worrying. Writing as someone in the UK and I’m not worried about the current government nor am I likely to worry about the next one; after that though? No one can predict with any great accuracy what they’ll be like. I am however very worried about the rise of some very nationalistic and sometimes fascist political parties in Europe at the moment. I believe governments formed by such parties to be the most likely to use such systems negatively.

I think we should be worried about the current UK government. The Bilderberg meetings the Prime Minister, George Osborne and Ed Balls attended this year in June. The former 2 breaking their ministerial code by doing so. GMO that they are trying to push onto ordinary UK people while they won’t allow it to be used in the restaurants at Westminster. Cutting peoples benefits to pay off bankers debts. Poor people didn’t cause that debt rich people did and the poorest people in society are having to pay for it.

Intelligence is a tricky bastard, especially while talking about massive data collection.. I’ll open it a bit while trying to detail what lies back.

What PRISM is – is not actually that clear for now. Being it intelligence network
or system would mean it combines collection/direction, analysis, processing and dissemination.
WHile IS PRISM as a “system” doing actually all those procedures, is unclear.

The question does PRISM actually give “access” to the target data collection subjects is unclear as well – OR is it being implemented on wire-tapping the comms.

So what comes to comparing STASI and NSA in SIGINT is like comparing 100 high school girls with instant messaging capability with mid size corporation managing corporate firewall snooping data; – you get the (HUMINT) details and rumors extremely fast, but it lacks context, accuracy and continuation which constant capability delivers.

Its just not possible to push 2 very different approach on intel tradecraft in parallel and compare their “goodness” directly. WHILE YES – thinking on “human side” of the cake, a STASI guts feeling may be seen in procedures NSA maintains for the sake of national security.

Indeed – PRISM is a global issue, certainly not only one from B:s carage. Referenced Facebook etc. has little or even less value except in marketing for businesses and solid organizations. The areas where organizations should be careful are outsourced services, cloudified security services and pushing valuable assets towards clouds.

Again – what we out-Americans call as espionage, is actually, in many levels of detail a major strategical and political model of super power functioning as it should do. The emulation of “lawful interception” just makes things sound very bad.

Basically; have your data somewhere else than in places where it can be singled out and secure it well enough. Distribute it.

Its always 3 tiers: You, Me and the folks whom maintain the assets and running infra (including wiretapping).

The key thing for dealing with FIS (foreign intel services) is they have the money, you don’t. Just don’t forget it when preparing solutions to come alive.

🙂 Isn’t that idea illegal as I’m sure they have covered all areas, and all areas covered are to broaden the feds powers and reduce the public knowledge and participation?

However, I wonder how such an approach might backfire – with new laws prohibiting the use of many words – those so-called “meta data” info bits.

I agree the goverment is taking all of our freedoms away from us completely. The other countries are taking over China owns 2/3 of the United States right now soon it will not be called the land of the free.

Was it Leonard Cohen that said …”the rich have their cameras in the bedrooms of the poor”?

It’s interesting that if one were to encrypt emails, they become a bigger target for big brother. And assume that because a person encrypts their emails, they are hiding something ergo they must be guilty. The governments use the line ‘if they can save just one life…’ and the sheeple lumber on like lemmings.

Compare our privacy of today to that of just 25 years ago – huge difference. With all of the tracking tools available now; from tracking cells, location of a browser, what we purchase each day and where, what we say and to whom, how good or bad our driving is, what meds we are taking… is all monitored, either for marketing or security purposes.

Still, I don’t know what the uproar over Prism is about since the US has been monitoring world-wide communication for many years. It’s just news to those whose memory of 20 years ago is their first day in kindergarten. They think the Internet and spying is routine. Imagine our privacy, if any, will be like in 2 years, no, I mean two, not 20.

I

PRISM is a new system used by the government that replaced those that were discovered and used many years ago before our need for reviewing large amounts of data from all sources was conceived to reduce the threat to the US and save our citizens from a horrible death. Too many media investigations take into account the negative of PRISM but it is a cost of freedom. Would it be abused? A lack of checks and balances to any system that reduces what is private is a concern but we have to track pieces of information from those that want to do harm to the US.. The problem is that some of the last failed attempts of bombing in the US was contributed to our systems and how they place scattered pieces of information to find the source and stop the act. Our traitor that divulged NSA confidential information should be shot as a traitor. A firing squad would be appropriate. For a high school drop out he acts in a way that is a concerned perhaps bi polar. Whatever country he chooses for his exile will probably take the information and kill him. He will just disappear. Life is not important in the countries that he has focused his interest upon. He has weakened the US and may open us up to other attacks. That is what the media should be concerned about as an impact on our way of life. I hope the CIA finds him hiding and makes him disappear before he sends out more information that is putting our agents in harms way. He should be charged for murder for each person killed. Oh, if convicted he will go to the military federal prison and the Marines will be taking care of him. The same Marines that probably have lost friends in war because of this traitor. Outcome? A good one.

I use your software, I want to think of you guys as being the kind of company with integrity- a company with a mission statement that I can trust is real. And here your headline sounds awesome ( its ABOUT TIME a security firm stepped forward to DENOUNCE the outrageous, systemic criminal overreach of the US security network. corporate sanctioned espionage,
But you guys go soft on the message. There is no “there” there. Nothing actionable.
Start with disclosing how Fsecure embeds itself invisibly in your operating system, how you keep us safe by employing a methodology that is in practice, remarkably similar to what the NSA is accused of doing. Respect your customers intelligence enough to trust that we will reward you for being open, for telling us UP FRONT, that our paid subscription means Fsecure will have startup GUI access, full log access, basically cert signing and root priviledges that enable Fsecure to do anything you care to do – including, bit not limited to examine, store, alter, delete, and basically do whatever you damn well please and look at whatever you feel like.
Its a good thing you are the good guys.
I, for one, would love to have read an article about how to deal with the letter services that had some balls. The guvmt security services have been revealed to be in confederation with the gobal corporate thugs like Fb, goggles and so forth, all of them apparently perfectly comfortable to lie about their appallingly ruthless, calculating, amoral, unethical practices, and all you can say is well try to use a cloud service based in your own country.
Makes me wonder about you guys. Seriously.

open strong, you had me at hello with your endorsement of Snowden

I am thinking about changing my email provider from the US services. The trouble is there aren’t too many services that I”ve been able to find that aren’t in US-friendly countries and with services that are equivalent to Yahoo, Gmail, etc, and of course in English for anglophones. Can anyone suggest some other email services in other countries (such as Finland or Sweden) that have equivalent services to the US providers at zero cost?

Thanks.

Since those people want info maybe a couple billion people should start uploading as much neutral safe data each to those cloud servers for free and see just how much useless data they really want to sift through. Combine that with being encrypted and they can have something for their grandkids kids to try and work on. No one seems to be embarrassed or ashamed at all in those agencys is amazing. There isnt any way to measure what society does after a breach in trust as the trickle down effect wont be seen for some time. Not sure what anyones looking for on Facebook now everyone self censors to be politically correct anyway. Nice to see this newsletter F-Secure . I use Ixquick for search instead of google now but thats based on them telling the truth about their privacy also lol.( And no i have nothing to hide but i just dont like gettin perved by Government people who do )

Cardinal Richelieu quote: Give me six lines from the pen of an honest man and I’ll find something in it to hang him.

This is why we should all worry …

[…] to start using cloud services should do some reading first. I have written an article about this related to the PRISM affair. I’m not saying that you should avoid them, just that there is a hidden downside that you should […]

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like