Looking through the Prism
17 Jun 2013|

Headquarters of the National Security Agency at Fort Meade, Maryland.Coming at a time when the US has been increasingly turning the screw on China about its persistent hacking of US computer networks, the revelation that the US government itself has been gathering metadata on large swathes of its own population through a programme codenamed ‘Prism’ could have scarcely been more embarrassing. Having just finished his first round of Presidential talks with Xi Jinping where cyber intrusions were high on the agenda, Obama found himself having to defend one of the largest data collection programs ever established.

What is ‘Prism’, and what does it do that’s created such a heated reaction from the press and the public? According to the self-confessed whistle-blower, Ed Snowden, the National Security Agency has large-scale access to individual chat logs, stored data, voice traffic, file transfers and social networking data of individuals. Following the leaking of this information, the US government confirmed it had requested millions of phone records from Verizon, which had included call duration, location and the phone numbers of both parties on individual calls. Additionally Prism had allegedly enabled access to the servers of nine major technology companies, including Google, Microsoft, AOL, Apple, YouTube, Yahoo, Facebook, PalTalk and Skype.

These powers had been enabled in efforts to counter terrorism and serious crime, both of which were, and still do, utilise new internet-based communications methodologies. When appearing in front of US Senators last week, NSA Director General Keith Alexander claimed that having such surveillance powers had assisted in thwarting ‘dozens’ of terrorist attacks, including a planned suicide attack on the New York City subway system and a plot to attack a Danish newspaper by a Pakistani American. It’s expected that more details on how these plots and others were foiled using the surveillance powers enabled by Prism will be declassified in the coming weeks. This will be in an attempt to inform the public on what the capability is used for, and to counter the ‘1984’ Orwellian dystopian narrative that’s currently dominating.

The existence of such intrusive surveillance powers is clearly worrying on the surface for most members of the public, for whom the idea that anything they do online is monitored and stored is deeply troubling. Richard Lempert of the Brookings Institution, and previously of the Science and Technology Directorate at the Department of Homeland Security, believes that concerns over one’s online conversations are nothing to lose sleep over—unless you’re plotting a terrorist attack. Yet he feels there’s a broader concern about the level of power put into hands of few when you add the totality of surveillance powers together:

This does not mean, however, that the NSA programs and the capacities they reveal are of no concern. They should be regarded as canaries in the coal mine; they provide warning of dangers we may be confronting. These capacities, along with increasingly ubiquitous surveillance cameras, photo recognition software, the ongoing development rapid recognition DNA analysis, drones that spy or kill and DNA, fingerprint, photo and other searchable digital databases together relate what I have called the infrastructure of tyranny.

Interestingly, as concerned as the public may be about all of this, they unwittingly or otherwise give up huge quantities of data on a daily basis to the private sector. Companies are doing this type of data mining all the time—that’s how Amazon manages to create a selection of relevant titles for you. And Google isn’t altruistically providing you with a web-search capability; instead, it hoovers up your personal preferences in order to create individually shaped searches and advertising. Your metadata is their most powerful and profitable product.

That isn’t to say that we shouldn’t worry about this kind of data collection, but why is it that we don’t mind this transfer of data occurring when we have provided it using an online service such as Yahoo or Google, but the collection and use of this data by a government presents us with such distinct unease? The government has to jump through far more legal loopholes and regulations before accessing your metadata than private companies do. But that’s not to argue against regular legal and ethical reviews of the measures that a government implements to ensure the security of its population. As new technological advances take place and are exploited for both benign and malign purposes, there’s a need for governments to keep pace. And they also require appropriate capabilities to counter those breaking the law (or plotting to) utilising such means.

For security analysts examining such issues, the existence of Prism, or rather the kind of data access it allows has come as no real surprise. However, for the public it’s easy to understand how such a revelation makes them deeply uncomfortable. The situation highlights the importance of building public trust in matters of national security. This means that a degree of information needs to be shared so that, at the very least, the public understands the scope of the activities the state sanctions to ensure their security. Additionally, the authorities need to explain thoroughly to parliament and the public how they go about balancing our rights to security and privacy so that a clearer picture of intelligence work in the Internet age can be created. I suspect many members of the public and even politicians would be surprised at how many legal checks and balances there are within the current system before data can be accessed.

Within highly functioning liberal democracies, a public discussion of how governments go about balancing rights and responsibilities as they are try to keep the nation safe is important, especially as technology advances . All of this has to be achieved whilst maintaining a free and open society where privacy is respected and protected. This is an issue that Obama is going to have to grapple with extensively over the coming weeks as more data is leaked, and he’d be advised to tackle it head on rather than evade questioning.

Tobias Feakin is a senior analyst at ASPI. Image courtesy of Wikimedia Commons.