The revelations about the extent of the NSA spying are extremely worrying for anyone who cares deeply about their digital rights. In an age where most affluent people in the world use email, social networking, chat, internet telephony, and cellular telephones, the collection of digital information about people’s communications becomes a very invasive way to monitor and potentially control people. The digitalization of communications means that governments can now keep track of our activities in ways that the STASI could have never dreamed. The US government now knows who we communicate with and for how often and how long. With access to our social networking and metadata from our emails, chats and phone calls, they can recreate our web of relations and figure out if we are engaging in any activities which governments would like to suppress.
Allow me to give a few examples of government surveillance from my personal life and from the dissidents whom I know. These examples make clear the potential dangers that NSA surveillance poses to our civil rights.
In the late 1990s, I spent a year of my life volunteering at Annunciation House, which is an organization in El Paso, Texas which provides shelter to undocumented immigrants and refugees. When I started working there, I was informed that the FBI might open a file on anyone who worked there. Ruben García, the founder of Annunciation House, told us that he once filed a Freedom of Information request for his FBI file, and received 20 pages, which were mostly blacked-out. Ruben García is a very spiritual man, who tries to live up to the ideals of Catholic liberation theology, by offering houses of hospitality and living in solidarity with the undocumented. Ruben did not help anyone cross the border illegally, he just gave shelter to people after they had crossed. He made it very clear to us as volunteers, that he would never ask us as volunteers to do anything which could get us arrested. One can understand why the FBI might have investigated Ruben García when Annunciation House first opened, but after 2 decades of operation, it was very clear that the organization didn’t intend to break the law.
I suspect that Annunciation House was considered a threat by the US government because it was formed originally to help refugees fleeing the wars in Central America during the 1980s. Many of those refugees were considered “communists” by the Reagan Administration, thus the Americans who aided them were also considered subversives. Hence, Annunciation House was surveilled.
Because I spent a year at Annunciation House, I assume that I will never be able to get a job which involves a security clearance. For me this is no great burden, since I would find most jobs which demand a security clearance to be morally reprehensible anyway. Nonetheless, some potential volunteers to Annunciation House may avoid the organization if they thought that it would limit their career options later in life.
After Annunciation House, I worked a year at Casa Marianella in Austin, Texas, another organization that gives short-term shelter to undocumented immigrants and refugees. Nobody mentioned that volunteers at the Casa might be surveilled by the US government. Nonetheless, Jennifer Long, the director of the Casa, told me that she had probably been surveilled by one of the government agencies when she was a member of a group protesting the the wars in Central America during the 1980s. Jennifer told me that she was certain that the group was being surveilled because a strange man and woman suddenly appeared and got involved the group. Then, the man suddenly disappeared without informing anyone. When Jennifer mentioned her suspicions that the man probably was a government informant, the woman got a funny look on her face and then also disappeared. Jennifer recounts another incident about getting on a plane with a briefcase that contained the membership list for the organization and placing the briefcase under the seat in front of her. When she arrived at her destination, the briefcase had mysteriously disappeared. Jennifer never filed a Freedom of Information request to verify her suspicions, but she is convinced that she was under surveillance during the 1980s for her work on behalf of Central American refugees.
In 2004 when I was a student at Indiana University, I helped cofound an antiwar group named Against the War in Iraq. At that point, the initial protests against the war had died down, so we tried to reactivate the protests, but we were very ineffective as an activist groups. We only had a handful of dedicated members, and the largest rally we organized against the war only attracted 80 people. No member of our group was ever arrested and we didn’t even have enough activists to try blocking traffic during our protests. The organization fizzled out after 2 years.
Nonetheless, I recall one day during one of our protests when two large men approached me and asked how to join our organization. It was just strange, because they looked to be in their late 30s or early 40s with very short hair and that clean-cut cop look about them. Unlike most people who wanted to join our group, they didn’t express any outrage about the illegal war or make any of the other comments that most people interested in an anti-war activism would make. They just asked straight up how to join and I handed them one of our flyers with with instructions on how to join our open email list and mentioned that we met every Tuesday night. The two men gave each other a meaningful look and then thanked me and turned abruptly and walked away. I had given out our flyers to hundreds of people, but those two men acted differently than I can remember anyone else reacting and it struck me as very odd at the time.
About a year later, news was leaked that the Defense Department was investigating anti-war groups in the US. I have no idea whether I met two intelligence agents from the Defense Department on that day. If they were, they weren’t very subtle about it and were very poorly trained to blend in with a crowd of anti-war activists. What I don’t doubt, however, is that the Defense Department had us in their database. It is highly likely that every message we sent out in the group email list and every newspaper article about us in the student paper got filed away by someone in the Defense Department.
Because of my involvement in Annunciation House, Casa Marianella and Against the War in Iraq, there is a high probability that I have a file in at least one of the government intelligence agencies. The strange thing is that I have never done anything that noteworthy that should worry a state which wants to prevent unlawful activities. I have never been arrested in my life. I have never even gotten a traffic ticket. In other words, I’m just one of millions of Americans who happens to disagree with some government policies, but I have never done anything illegal (as far as I know) to express my disagreement with those policies. In fact, expressing disagreement non-violently with government policies is supposed to be the essence of democracy.
As should be clear, the US government has a long history of surveilling its own citizens. The scary part, however, is how the NSA surveillance revealed by Edward Snowden heightens that spying in ways that were previously impossible.
In the 1980s, when the US government wanted to get a list of the activists against the wars in Central America, it had to sent an agent to steal a piece of paper containing the membership list. It took a lot of time and money to steal that membership list from underneath Jennifer Long’s plane seat. In order to check up on what those activists were doing, agents had to subscribe to newsletters that came in the mail and clip articles with scissors or place them on a scanner in order to file them away in a database. It took a lot of time and energy to intercept personal correspondence, and was rarely done. When the US government wanted to know what Ruben Garcia was doing in the 1980s to help those “commie” refugees from Central America, they had to send an agent to El Paso to infiltrate Annunciation House and observe his activities.
By 2004, when I was organizing against the war in Iraq, it was much easier to observe our activities. Maybe the Defense Department sent two agents to ask how to get on our email list, but they probably just looked up our group’s web page and followed the instructions online to subscribe to our email list. In any case, it was much easier to survey an activist group two decades later, when email had replaced snail mail. While the Defense Department was probably paying someone to read the emails from the national anti-war organizations, I doubt that it was worth the time to read the messages from a handful of college activists, so the Defense Department probably had a computer algorithm scanning our messages for key words. In the age of snail mail, it wasn’t worth the resources to read the correspondence of a handful of college activists, but the use of digital communication made it much cheaper.
We purposely made it very easy for anyone to join our email list, but didn’t allow the public to see who was subscribed to that email list. Of course, an intelligence agent in the Defense Department could figure out pretty easily who was active in the group by looking at who sent messages to the mail list. Most people used their university email accounts, so anyone could figure out the real identity of the person writing the emails. Nonetheless, if the Defense Department wanted to figure out everyone receiving our email, they would have had to hack the Indiana University email server, but that would have been much cheaper than sending agents to infiltrate an organization and steal a briefcase under Jennifer Long’s seat on a plane ride.
In other words, a decade ago, it was much easier for the government to survey its citizens than it was 3 decades ago. Now let’s look at what is happening today with NSA surveillance. The NSA no longer has to worry about trying to get on an activist email list or hacking into an email server to figure out who is on the email list. Today, the NSA has direct access to most email under its PRIZM program, because it has direct access to the Hotmail, Google and Yahoo servers. Even if the sender, receiver and list server doesn’t use one of those 3 email providers, the NSA probably has direct access to the traffic flowing through the internet service providers, so it can easily figure out who is receiving that activist email.
Not only that, the NSA now has access to all the text chats and has metadata about all the Skype calls and cellular phone calls between the activists, so it can see who is talking to whom and how often. Even more worrying is that the NSA can now under its XKeyscore program can look at all the web pages that those activists have been visiting. Through its direct access to the Facebook server, it can map out who are the friends of those activists.
Frankly, it is very hard to keep communications secret when most people use services which share their data with the NSA like Hotmail, Yahoo, Google, Skype, Apple, Facebook, AT&T and Verizon, but even if activists avoid using those services, they still aren’t safe because the NSA has tapped into the internet backbones to watch the traffic. Activists can turn to encryption, but the NSA has been paying companies which make encryption software to provide backdoors and to use seeds with a smaller range so the encryption is easier to crack. More disturbing are the reports that the NSA has convinced some certificate provides to provide it access to private keys, so that encrypted SSL and TLS traffic can be easily decrypted.
The geeks and the businesses who fought the government during the 90s for the right to encrypt their data thought that they had won that battle (as Steven Levy’s book so lovingly recounts), but the Bush and Obama administration have spent the last decade trying to undermine the right to secure digital communications.
Bruce Shneider, who is one of the foremost digital security experts, has reviewed the Edward Snowden documents and concludes that data encryption is still the best bet for maintain digital privacy. Shneider outlines a number of steps we can take to maintain our privacy, but it is clear that those steps are beyond the ken of most activists, who don’t have the technical expertise to use Tails, GPG, TOR, etc.
At first we were told that the SNA surveillance was only used against terrorists (a category which is defined so broadly as to include anyone from Osama bin Laden to a teenage boy gathering firewood in Pakistan to animal rights activists in the US) and only targets foreign communications. The fact of the matter, however, is foreign communications include any caller or receiver which happens to be outside of the country or when the traffic passes through a foreign server. For example, I am an American citizen, but I am currently living abroad, so all my communications are subject to monitoring. Even when I am in the US, all of my communications which pass through my server which is located in Germany is subject to monitoring. Frankly in the internet, the distinction between foreign and domestic is virtually meaningless, because many of the services we regularly use are located in servers abroad.
These supposed restrictions, however, are a legal fig leaf which does little to cover the naked illegality of the NSA’s surveillance, as more revelations have come to light. The NSA data is not just being used to surveil terrorists, but is also being used by the DEA to prosecute drug dealers and the IRS to prosecute tax cheats. Once the information is obtained through NSA surveillance, then legal warrants are issued to make it appear as if it was legally obtained.
Furthermore, the Edward Snowden leaks have revealed that intelligent agents regularly surveil domestic communications without a warrant and the software doesn’t require a warrant when conducting a search. Furthermore, the excuse that metadata isn’t the same as the content of communications is meaningless when the metadata can tell almost as much as the actual content. At any rate, there doesn’t seem to be any real restriction to prevent an intelligence agent like Snowden from also examining the content after looking at the metadata.
Even the distinction between foreign and domestic seems to be meaningless, when it is reported that the NSA stores and analyzes data if it is encrypted. In other words, domestic communications which the sender wants to keep private are treated just like foreign communications and are subject to surveillance.
The NSA can build profiles on the communications of virtually anyone in the world who uses the internet (or an AT&T phone or Verizon cell phone in the US). While the current use of this surveillance to conduct the war on terror, such as illegal drone strikes, secret no-flight lists and prosecution of humanitarian groups sending aid to the MiddleEast, is very worrisome, it is far more worrisome how this surveillance is starting to be used to prosecute drug dealers and catch tax dodgers, since the information is filtering out to other government agencies. Just as worrisome is the way that the information is being shared with US allies, such as Great Britain. The undeclared war that the US government is conducting against whistle-blowers and journalists who reveal the scope of the NSA surveillance is similarly disturbing, because it shows how far the state is willing to go to protect its illegal activities.
Although most Americans don’t currently believe that NSA surveillance will encroach on their civil liberties, we only need to think about the example of anti-war activism. First of all, many activists may feel afraid to send an email or make a call on their cell phone, knowing that the NSA might be scanning the text of the email or keeping a record of who they called. Many activists might not worry about being put on a list, but they may worry about all their Facebook friends also being put on a list and decide that it simply isn’t worth sending out that anti-war missive or calling to plan the next rally. The amount of classified information has multiplied so dramatically in recent years that more and more of our acquaintances work in jobs that require security clearances. For example, my sister used to work in a firm which manufactures missiles. At one point, I found myself wondering if my anti-war activism would effect my sister’s ability to get a security clearance to do her job.
Yes, there are ways to maintain privacy online, but the steps that need to be taken are daunting even for me–a computer programmer who has given classes to activists about how to stay anonymous online. Just figuring out how to install and use GPG and Tor-browser and then dealing with the hassle of getting people’s public keys so I can send them secure emails is a hassle that many activists won’t bother doing. Just the change from Yahoo! to Riseup as an email provider left me wondering if it was worth the hassle. Microsoft more than any other software company is known to actively collaborate with the NSA and is reputed to have included a backdoor in Windows, yet the transition from Windows to Linux is too time-consuming and frustrating for most activists to even attempt it.
Activists, who are cognizant of the risks of NSA surveillance, may read the articles about how to protect oneself, but will throw up their hands at the time to implement all these arcane counter-measures and decide that that latest cause can wait. Many will procrastinate, and say that they will send out that email once they get GPG working, which is often never.
Just like the great firewall of China, there are ways to get around NSA surveillance, especially if you are just an activist who the NSA don’t care enough about to expend the resources to crack your encryption. Nonetheless, that surveillance has a chilling effect on dissent in America, because the vast majority aren’t willing to expend the time and energy to implement the security countermeasures and enough will worry about being put on some government list or their friends being put on that list, that they will think twice before engaging in activism.
Right now the only ones who really need to worry are the terrorists, drug dealers, tax cheats, whistle-blowers, journalists who report on the security state, and the geeks who maintain the Tor project. It is also likely that governments allied with the US might want access to that same NSA information so that they can suppress their own undesirables, which might be a much more expansive list than in the US. However, we can’t know whether people who engage in activism against drone strikes, climate change, feminine rights, etc. are being targeted for surveillance, or whether those people will ever be effected if they ever have to apply for a security clearance.
The prospects may be even more alarming in the future. There is no guarantee that future US administrations might take a harder line against its enemies. Nobody would have thought that people giving money to Islamic charities would be treated as terrorists until it happened under the Bush administration. Nobody ever imagined that a security researcher like Jacob Applebaum or a documentary film maker like Laura Poitras would be apprehended at the border and their property searched and seized until it happened under the Obama administration. If future administrations decide that climate change activists or anti-abortion activists are the enemy, then NSA surveillance will give the state the power to know who they talk to and what they are planning. NSA surveillance could have a very chilling effect on dissidents who dare to speak up in the future.
The question is what to do about the NSA surveillance. There is a good chance that we can stop many of the most egregious types of NSA surveillance, if enough Americans scream at congress and mobilize opposition. Many congresspeople are already skeptical and raising questions, but the movement against NSA surveillance doesn’t yet have enough momentum to stop the blanket collection of data without a warrant. Without a more concerted public outcry, the issue will fester, but it won’t come to a boil, unless citizens get organized in new and aggressive ways. Some of the best allies in this fight are the libertarians; progressive activists on the left need to work together with the right on this issue.
While mobilization against government surveillance is our best hope, we also need to recognize that any measures to curtail government surveillance are unlikely to be effective for more than a generation. It was widely thought that the commission headed by Frank Church and the laws passed after that commission which set up the FISA court had solved the problems with government surveillance. Three decades later government surveillance reemerged even more pervasive than before. The lure to conduct surveillance will only grow more seductive for governments as our lives become increasingly digitalized. The urge to become Big Brother looking over our shoulders will not go away, which is why we need to establish firm laws outlawing any surveillance without a warrant for specific persons or places.
Just as important as new laws, we need to engage in widespread encryption so that government surveillance of digital media becomes increasingly costly and unfeasible for governments, businesses and any other entity. If everything digital is encrypted, then it will simply become too expensive to crack everything and not worth trying. Then, the government will have to go back to the old-fashioned types of investigation, meaning sending agents to investigate in the physical realm rather than the digital realm. Only after they have pinpointed a specific person or group will they bother to expend the resources to crack the digital content or obtain a traditional warrant to gain access to private keys for decryption. At present we can’t trust the large providers of internet services (like Microsoft, Google and Yahoo!) and the telephony provided by AT&T and Verizon, since they have a financial incentive to cooperate with governments, yet they may be convinced if they loose enough customers. For example, Google may decide that it should stop giving the NSA access to its servers if enough businesses drop their accounts with Google due to privacy concerns. Nonetheless, any email and data service provider which grows large will be financially pressured to give the NSA what it wants (in addition to the legal pressure within the US under the Homeland Security bill which seems to have cowed all the major US internet companies except Twitter).
The problem is that encryption of everything by millions of people means that it is not just harder for activists to avoid being profiled by governments, it also makes it that much harder for governments to prevent child pornography, money laundering and many other illegal activities. We want the government to be able to catch criminals, we just don’t want the government to do it through mass surveillance that violates everyone’s right to digital privacy. So if we resist the surveillance by encrypting everything, we also have to accept that we are making it easier for criminals to hide their illegal activity online in massive streams of encrypted data. We may judge that the civil liberties of the many are more important than the criminal convictions of the few, but it still doesn’t let us off the moral hook for helping foment that criminality.
If we are going encrypt everything, we also need to accept we can no longer use free internet services. No more free email (Hotmail, Yahoo! and Gmail) and free search services (Google, Yahoo! and MSN), because companies can’t target their advertising when they can’t profile our preferences. In the short term we can continue using anonymous search services like startpage.com from ixquick because they do the searches for us, while maintaining our privacy, but if Google looses too much business, it will start taking steps to block the anonymous searches, because its advertising is much less effective when it doesn’t know who is conducting the searches. Remember that even an admirable organization like the Mozilla Foundation which fights for our digital rights online gets most of its revenue from Google advertising in its FireFox search bar.
Moreover, we can’t expect to use free online storage of our files in services such as Google Docs and Dropbox, which the NSA currently looks at under its PRIZM program. We can employ strategies such as using lesser-known services hosted abroad, but the providers of these internet services will face the same financial incentives and legal coercions from their own governments. In the long term, it is highly likely that allied governments will collaborate to share data from their surveillance, so the geographical location of the servers in a foreign country will no longer protect us. Ideally, we would set up distributed systems run on thousands of hosts, where all the data is encrypted and anonymous, but we would have to figure out some way to financially compensate the thousands of hosts, since it will cost billions of dollars. Furthermore, nobody knows at this point how to efficiently run email, social networking and search services over a distributed network, so it may prove to be too slow and cumbersome. Our best hope is not distributed anonymous networks, but non-profit organizations which can centralize their data in the same way that Google, Twitter, Yahoo! and Facebook do, but they charge for their services, so they have no financial incentive to examine the content hosted on their servers.
If we want anonymity and privacy of our data online, we have to accept that we will have to pay for that right, since advertising and data mining will no longer be a sustainable business model for the providers of these internet services. The cost probably won’t be much, say 5 dollars a month, but the vast majority of people aren’t willing to pay that cost when they can get that same service for free with better features. Yahoo! and Gmail provide virtually unlimited email storage, whereas an email service like Riseup which relies on the donations of its members has to parsimoniously allot storage space, forcing its members to constantly delete their old email. Trying to use Riseup takes me back to the old days when I used university email accounts and was constantly overrunning my disk quota.
There is a price for liberty, and very few people are willing to pay that price at this point. Still, the number of people who want privacy and anonymity online will keep growing, so the tools will undoubtedly get better and easier to use. Tor-Browser is no harder for me to use than FireFox, although the web is a tad slower. Likewise, search through startpage.com is just as easy to use, but is a little slower than Google. Riseup makes it very easy to gather your friend’s public keys and use them to send encrypted email. I have been running Debian GNU/Linux for so long that I now find it much easier to use than Windows, but I’m also a computer programmer so I don’t mind learning a new operating system.
For most people, however, they want to buy a computer which just works. If we want the public to use encryption on a massive scale, we need to support companies which sell secure Linux or BSD computers with Tor-Browser and GPG already installed and configured to work with an email client like Thunderbird. It needs to have an option to run those services inside a virtual machine like Tails, and to purposely hide all the details about the computer and user agent information, so it is harder to identify the machine. In other words, it needs to be “user friendly”, but at this point, you can’t walk down to Best Buy or even search online to get a computer like that.
Facebook, which is where people spend more time than any other site in the world, is almost impossible to replace, since it has an enormous network effect. You might be willing to pay for social networking which respects your privacy, but it is highly unlikely that your 100 Facebook friends are willing to do the same. You either become antisocial and stop using social networking, or you set up a Facebook account with an account from a email provider which doesn’t share your information, so you can at least use Facebook without revealing your true identity, but who wants to be friends with someone who they don’t know? If you value keeping abreast of the crazy antics of your old classmates and childhood friends, you can’t be anonymous since those people won’t accept your friendship requests if they don’t know who you are.
To resolve this conflict, I started juggling two identities on Facebook. One is an anonymous identity for activism whereas the other is a real identity to maintain friendships. Likewise, I now have two emails, One I use for activism and the other I use for my personal relationships. The dissonance I feel as I switch between these two different accounts is disturbing, since they remind me that I can’t act as a whole citizen who expresses my civil rights to protest without engaging in subterfuge.
As we increasingly commit our lives and our communication to the digital realm, we open up the possibility that almost everything that we do can be monitored by governments. This invasion of our privacy went largely unreported until Edward Snowden began talking to Glenn Greenwald at the Guardian. Now, we as citizens are forced to confront the chilling reality about how much our government can know about ourselves and how much that threatens our ability to act as free citizens within a democracy. The technological tools are now in the hands of the government to become George Orwell’s Big Brother.
There are all sorts of reasons why we shouldn’t fear a dark Orwellian future, because we as citizens have the power to prevent it. The question is whether we will mobilize ourselves to forestall the government from going down that dark path or we will passively accept blanket surveillance that allows the government to monitor our every activity, no matter how much it undermines our civil liberties and threatens the democratic right to protest.