This Is Why You Should Care That the Government Can Know Everything About You
The following is an excerpt from The Rise of the American Corporate Security State: Six Reasons to be Afraid by Beatrice Edwards. Copyright © 2014. Reprinted with the permission of Berrett-Koehler Publishers.
Halfway across the ornate sitting room, Julian Assange stands with his back to the door, drinking a bottle of beer. It is early on a summer evening, June 22, 2013, and the Embassy of Ecuador in London is hosting a small party to acknowledge the one-year anniversary of his arrival in need of asylum. While Assange stands chatting calmly about the future of his anti-secrecy enterprise, Wikileaks, few people in the room know that he is worried. Sarah Harrison, his principal researcher and confidant, is only hours away from slipping out of Hong Kong with Edward Snowden, who, at that moment, is fast becoming the most hunted man in the world.
Close friends and supporters of Assange mill around the room, helping themselves to the buffet and arguing about software and the state of the world - in that order. Assange himself, with his longish white hair and black jeans, looks slightly out of place in the scene, bordered as it is by stiff-legged, gilt-painted settees. After a year, however, he's completely at home here, laughing and joking with the security guys, lawyers, and hacker guests, talking thoughtfully about the escalating struggle for control of electronic information.
"There's a completely new creation in the world," he says. "And the battle is on for access to it."
He's talking about the electronic "pocket litter" that each of us collects as we cruise the Internet and use our cell phones each day. Behind us, we leave a digital trail that reveals our interests, our politics, our friends, their friends, our health worries, our finances and fears. As he speaks, Assange is thinking of Snowden and what he had recently revealed about the practices of the National Security Agency (NSA) in the United States.
In the course of his highly classified contract work for the NSA, the US intelligence agency, Snowden uncovered unconstitutional surveillance programs that trace and store the electronic pathways etched across the Internet by hundreds of millions of Americans. NSA surveillance also sweeps up and archives the metadata associated with phone calls. Snowden discovered that Americans are subject to dragnet electronic domestic surveillance and have been for years.
His disclosure of NSA domestic surveillance caused a Washington tailspin, and the search for the source was on. After he identified himself in a video filmed in a nondescript Hong Kong hotel room, US political pressure ramped up on the Chinese government. The White House, the NSA, and the FBI closed in, and as a Chinese diplomat later confided, "You don't know what pressure is until you have those sons-of-bitches breathing down your neck."
Even if everything else the Chinese government said about its role in the Snowden affair was calculated, that statement was unquestionably spontaneous and true. Snowden had the secrets to the Corporate Security State that was quietly metastasizing through US federal agencies and corporate management suites after 9/11, and he was telling them to the world. He had to be stopped.
In the world of national security and surveillance, the evening of June 5, 2013, two weeks earlier, was frankly horrible. At about 9:30 Eastern Daylight Time, a story by Glenn Greenwald appeared on the Guardian website, linked to an order from the Foreign Intelligence Surveillance Court (FISC) of the United States. In black and white, the document showed that, at the request of the FBI, the FISC ordered Verizon Business Network Services to submit all telephony metadata in its systems to the NSA. Only the data for calls originating and terminating abroad were exempted from the order, which, until the Guardian posted it, was secret. The order would not declassify until April 2038, twenty-five years in the future.
Telephony metadata, an unknown phrase for many of us until that night, includes the phone number called, number calling, routing of call, phone number identifiers, time of call, and duration. Subsequently, we learned that the FBI gave similar orders to Sprint Nextel and AT&T. Through a secret and tortured interpretation of the Patriot Act, Section 215, the court allowed this data collection.
Moreover, Greenwald wrote the next day that the NSA used a program called PRISM to collect customers' data from Microsoft, Yahoo, Google, Facebook, and other online corporations.
Two months later, a new Greenwald article appeared, also on the Guardian website: "XKeyscore - NSA tool collects 'nearly everything a user does on the Internet.'" The article explained that the XKeyscore program sucks into its maw almost every electronic datum on the Internet about everyone in the United States. And more than that: analysts need no prior authorization to inspect the emails, Facebook pages and postings, tweets, and Internet browsing history of ordinary citizens suspected of nothing. Via XKeycore, analysts at the NSA:
[L]isten to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."
Imagine that.
Many Americans can't, really. "I'm not a terrorist," they shrug. "So why should I care?" Then they laugh at the absurdity of highly skilled intelligence agents reading their dopey emails. "Go ahead, but it's pretty boring" is the typical reaction.
I work for a small nonprofit organization law firm in Washington, DC, that defends whistleblowers: the Government Accountability Project (GAP). Ordinary people come to us after they report appalling things in the places where they work and are dismissed, disciplined, or demoted in retaliation. They're hoping we can tell the world what they told us (at the very least) and get them their jobs back (at best). Most of our clients are federal government employees. We work with food inspectors, for example, who report animal cruelty in processing plants and toxic chemical additives to your food. Our clients are UN police officers who witness and report rape and sexual abuse by peacekeeping forces. Office workers and agents at the FBI and the NSA come to us to document gross waste and abuse. As do traders and risk managers who see pervasive fraud at multinational banks and FDA officials who report drug trials faked by pharmaceutical companies. At truly repressive institutions such as the World Bank, our sources remain anonymous, but they also contact us by phone and email.
As a result, at GAP, our emails are not boring, and we do not want the NSA collecting them, much less reading them. Since the Snowden disclosures, we ask our clients to meet us outside the office, downstairs, and around the corner at Starbucks. We have to talk face to face as if we were subversives. To be safe, whistleblowers facing retaliation must provide their evidence on paper now, not by email.
Journalists must do the same with their sources. Or they need complex, user-hostile encryption programs. The loss of freedom from unreasonable search and seizure that Snowden exposed means the loss of a free press and free speech, as well as a loss of freedom of association.
Those who shrug about all this are right in a sense. Most calls and Internet habits are attracting nothing more than routine attention. It is also true, however, that innocent behaviors can drop you into the NSA's net. You are suspect if you're communicating over email in a language other than the one of the region you're in or if you're using encryption (in other words, trying to protect your privacy). Dissenting actions will also attract attention: writing a critical blog, or book; becoming a vocal whistleblower, whether wittingly or otherwise; contacting someone who contacts someone else who appears to be suspect. And then you must consider that US intelligence agencies have on record virtually everything you have done for five years past.
You should know that whatever information about you the government lacks, private corporations probably can provide. Your bank, of course, controls your financial data: number of bank accounts, balance, history of deposits, how much and when, cash withdrawals, bills paid, and checks written. Everything you bought with your debit card is also on record. Of course, if your bank issued your credit cards, then your purchases and payments every day, every month, are collected there, too.
You may also have noticed that whenever you shop online for, say, a how-to book or a garden tool, however specialized, you begin to get emails advertizing different versions of these things. Pop-up ads seem especially tailored for you. That's because they are. Commercial websites use cookies that record the ads you click on so that targeting is extremely precise.
Then there's the new industry of data aggregation led by corporations like Acxiom and ChoicePoint. In her book Spying on Democracy, Heidi Boghosian describes this growing enterprise, which collects information about you available from municipal service providers, voter registration lists, property files, and court records. Clients of these companies include financial institutions, telecommunications companies, and insurance companies, which buy profiles and records for direct marketing purposes.
The US government also contracts data aggregators. According to Bogoshian:
Consumers are largely in the dark about the extent to which their personal data is being shared among different industries and government agencies and for what purpose. What is known, however, is that businesses and other organizations expend more than $2 billion annually to purchase personal information on individuals.
This is what Julian Assange meant when he said that there is a new creation in the world, and the struggle is on for access to it and control of it.
On a Wednesday afternoon in the fall of 2011, Jesselyn Radack (GAP's National Security and Human Rights program director), Kathleen McClellan (GAP's National Security counsel), and attorneys from three nongovernmental organizations (NGOs) convene in the conference room at GAP. It is decorated with the customary law firm props: the long oval table, the speaker phone, and shelves of matching leather-bound law books that no one has opened since the advent of electronic communication. GAP's national security program clients (Tom Drake, Bill Binney, and Kirk Wiebe) are there, too. Like Snowden, they're NSA whistleblowers, but they preceded him and used internal reporting channels, all of which failed them and left them exposed to devastating reprisal.
This afternoon, at Radack's and McClellan's behest, they are explaining what has been happening to all Americans since 9/11. The lawyers sit along one side of the table, and the NSA guys sit along the other. Radack opens the meeting: GAP is making the NSA whistleblowers available to the group because their knowledge about the US government's invasion of Americans' privacy is fundamental to any meaningful overall defense of the civil rights of US citizens. Bill is the mathematician of the trio, she explains. Tom knows IT and NSA management, and Kirk translates the math into the programming.
As the NGOs take notes, Bill and Kirk explain how NSA eavesdropping has evolved and what the government can do now. The US government, they say quietly, can collect every website visit, every phone call, and every email of anyone in the country. All of this information can be recorded wholesale and stored in massive databases, to be queried if and when needed.
Binney, looking the part of a bemused mathematician over his glasses, explains in lay terms the capabilities of the NSA. He names an apparatus the NSA operates: the Narus Insight equipment. It can process 1.25 million 1,000-character emails a second. The NSA has ten of them.
All web information is collected, regardless of whether the transmitters are of US origin, and all information is stored for a period of years by the government.
NGO lawyer X protests softly. "But that's illegal," she says. "They've testified in Congress that they're not doing anything illegal."
"They're lying," Drake answers, looking at her as if she's new on the intelligence beat.
"To Congress?" asks the NGO lawyer Y.
Wiebe laughs softly and nods.
"Yes," says Drake. "To Congress."
"Jesus," from NGO lawyer Z.
NGO lawyer Y comes back: "But the FISA court would never approve that."
Wiebe looks down at his hands and says no more.
The audience for this presentation is not made up of novices. These are lawyers who are not naïve about official commitment to respect for the Bill of Rights. Still, they're stunned, and as the shock wears off, Binney delivers the coup de grace: although the programs are both illegal and intrusive, they are not especially useful for purposes of counterterrorism.
It's clear to everyone in the room that Bill Binney knows what he's talking about. He and Wiebe, with their colleague, Ed Loomis, and others on the signals intelligence (SIGINT) team recognize a worthless program when they see it. In contrast, they designed a valuable one: Thin Thread. A miracle of signals intelligence, Thin Thread could scan through the metadata on calls and messages, identify suspect connections based on past intelligence and current contacts, and throw the rest of the data away. Besides its economy, Thin Thread had one other compelling feature: it was legal. In developing the program, Binney and his team solved one of the NSA's most sensitive and difficult problems. They structured Thin Thread to separate US calls and emails from the rest of the digital heap and automatically encrypt the data to avoid warrantless spying on US citizens. If Thin Thread found that a US-based phone number or IP address contacted a known terrorist suspect, the agency could go to the FISC for a warrant.
When the NSA tested Thin Thread, the program immediately identified targets for investigation and encrypted the identities of US callers.
"And then you know what happened?" Drake asked during the meeting at GAP.
"What?"
"They shut it down."
There was silence in the room.
"But why?" asked NGO lawyer X.
The three NSA whistleblowers looked at one another. Finally, Drake cocked his head, and a pained expression crossed his face. "Too many careers and contracts were tied to a different program."
Given the fact that 9/11 happened less than one year after the NSA shut down Thin Thread, there was nothing more to say. For his part, Binney was extremely disturbed about the NSA's failure to deploy the program. Thin Thread was ready to go months before 9/11, and he planned to apply it in Afghanistan and Pakistan, where it would be most effective: he was (and is) convinced that if the NSA had put Thin Thread online when it was ready, 9/11 would not have happened.
Documents Edward Snowden began to disclose in June 2013 tell the whole sorry saga of the NSA and its corporate partners in the years after 9/11. Both what they have and have not done.