In the high-strung years after 9/11, I’m reminded of a running joke that would accompany many e-mails that crossed my screen touching on terrorism – and in those years, there were quite a few of them. At the end of the e-mail, we’d add “Hello, John Ashcroft!,” on the premise that America’s intelligence agencies were scanning every e-mail in the world and sending them to the attorney-genera l’s desk for review. We wanted him to feel at home in our mail.
It was a joke then. The vast security apparatus it would take to implement that kind of monitoring would take a decade to build. And here we are, twelve-odd years later: It seems like they’ve built it.
On Thursday, the Washington Post and the Guardian published a series of leaked court orders and top-secret U.S. security-agency documents which revealed that in a massive scheme known as PRISM, some of the biggest Internet companies, including Google, Microsoft, Apple, Skype and Facebook have partnered with the National Security Agency to secretly collect data from targeted foreign users, potentially including their searches, e-mails and Skype calls. One leaked document suggests that the NSA even has direct access to these companies’ servers, though the companies stringently deny it.
And in a less-flashy, but perhaps more disturbing disclosure, Verizon, AT&T and Sprint – the three largest cellphone providers – were ordered to hand over information about all of their customers’ cellphone calls (though not the contents of the calls themselves). Not just records for certain calls, mind you, or calls from people who are being investigated, but for every single domestic or international call any customer makes. This gives the U.S. government a full picture of who people call; who people know; who people associate with; and quite possibly where they are while doing all of the above.
These leaks finally confirmed in black and white what observers have been alleging for years: the U.S. has turned the security apparatus built to defend itself from foreign threats on its own citizens – and has been listening in to online activities from around the world.
Welcome, then, to our paranoid future.
The Obama administration maintains that both programs are legal: The PRISM data-collection program is meant to be used only on foreigners associated with terrorism. Meanwhile, the cellphone-record procurement follows orders issued by a secret court (a court, ironically enough, that was set up in reaction to Richard Nixon’s excesses). Critics, like the Electronic Frontier Foundation, say it’s out and out unconstitutional, a breach of the right to anonymous assembly and search-and-seizure laws.
It’s likely that what’s been disclosed this week is still only the tip of the iceberg. Back in 2006, a whistleblower at AT&T named Mark Klein came forward and said that he’d helped install equipment that would let the NSA simply siphon all the Internet traffic that passed through the company’s network. Last spring, Wired magazine reported that the project has since blossomed into an America-wide Internet-tapping operation converging on an enormous top-secret data centre presently being constructed in the wilds of Utah, wherein the NSA, their underlings, and possibly their military bosses, can dial up pieces of Internet correspondence at will.
Canadians can in no way pretend to be above this. We very nearly let privacy-weakening legislation of our own pass without protest last year, until Public Safety Minister Vic Toews pronounced that critics were siding with child pornographers, which nobody seemed to like. We have our very own shadowy intelligence agency – the Communication Security Establishment Canada, or CSEC, whose first line of defence is that hardly anyone has heard of it. CSEC has a broad and vaguely defined mandate, and very little public oversight, that leaves privacy-minded observers worried.
Perhaps more to the point, the telecommunications infrastructures of Canada and the United States are almost inextricable: An e-mail going from one end of Toronto to another – perhaps the very e-mail I used to file this article – is quite likely to pop through the United States en route. And since I use Gmail, part of it will stay there. (Hi, Chuck Hagel!)
In broad strokes, the move we’re seeing here is away from targeted surveillance, in which law enforcement or a national security agency justifies an operation to a judge, and is then granted limited powers to investigate, to the dragnet model: Collect all the data first, sort through it, and discard the irrelevant bits later – if ever.
As University of Toronto professor Ron Deibert points out, the perceived intelligence shortcoming of 9/11 was a “failure to connect the dots.” So for the past decade, the imperative of cyber-intelligence has been the acquisition and correlation of as many dots as possible.
The nature of digital communications makes copying, storing and mining massive amounts of data relatively easy. (The technology is complicated, but many companies will be happy to supply you with it.) The nature of the security establishment is to aggressively try to acquire and retain every tool it can to fight threats. This is an unfortunate synergy. Politicians might be fond of deleting e-mails, but security agencies and police forces have every incentive to retain as much data as they can. And without aggressive civilian oversight, that’s exactly what they’ll do.
It is perhaps most dispiriting to observe that the Obama administration went right on building the security state that George W. Bush advocated so enthusiastically. It suggests that the centralization of surveillance power might be America’s last great point of bipartisan agreement: No government wants to loosen its grip on threats, or the power to address them, especially in a time when national borders mean less and less. The political will it would take to break out of this cycle seems to have gone the way of the telegraph.
Paranoia is unbecoming. But your vaguely dystopian worries about where your data is going? It’s getting time to heed them.
Ivor Tossell writes regularly about technology and politics for The Globe and Mail.