It’s easy to become inured to the steady drip of revelations from Edward Snowden about the National Security Agency — this week we’ve had Spain, the Vatican, a little detour via Casablanca from Perjurer Clapper (to give the director of National Intelligence the description he’s been awarded by people such as Congressman Jim Sensenbrenner, the author of the Patriot Act, who is now planning to dramatically rein in the NSA).
But the revelations overnight that the NSA has secured access to the offshore data servers of Yahoo and Google have huge implications. Go straight to the source and see the write-up and NSA documents, complete with smiley face, from Barton Gellman at The Washington Post.
In short, not happy with securing the co-operation of Google and Yahoo via secret court orders that enabled the NSA to siphon off the data the companies were processing, the NSA decided to break into the companies’ systems to get the data the companies were moving around inside their operations offshore. The NSA has issued a carefully worded “denial” that does not specifically deny the central claims.
Why is this big? Because there may well now be a full-scale information war between the big IT companies, particularly Google, and US government agencies. Breaking into these companies’ systems when they’ve already given you access is a profound act of bad faith and remarkable stupidity by the NSA. As one former US official quoted in Foreign Policy noted, the NSA has now created a “Huawei problem” for the biggest US tech companies — the assumption that they can’t be trusted to not share data with their home government.
Google is already working to harden its encryption against government spying and considering territorialising its operations to keep data out of US government hands. It knows that every revelation like this is undermining the very business model on which it operates. It needs to be able to assure users that their information is not going to the US government.
The list of results from the NSA’s “all you can eat” approach to surveillance is now impressively long. It has:
- Alienated friendly governments like those of France and Germany;
- Undermined the business model of several of America’s most successful companies;
- Repeatedly embarrassed the US president;
- Undermined encryption standards and products;
- Sufficiently upset Congress that new limitations on NSA activity now appear inevitable, especially when even a signed-up apologist for and guardian of surveillance like Dianne Feinstein demands changes; and
- Exposed other spy agencies like the UK’s Government Communications Headquarters to embarrassing revelations.
What’s significantly shorter is the list of examples where NSA surveillance actually stopped any terrorist attacks. For a while the NSA peddled the claim that “54 different terrorist-related activities” had been thwarted by its surveillance, and the claim, often in exaggerated form, was echoed by surveillance apologists. But that claim has proven to be wildly overstated; the NSA itself has said the 54 were only cases where surveillance “contributed to the government’s understanding of terrorist activities”; the actual number of cases where a terrorist attack was thwarted using intelligence the NSA could only have gained through its surveillance programs and not by other means is unknown and may be zero.
So there’s a very real risk the NSA is damaging US national interests, foreign policy and its future capacity to gather intelligence for no actual benefit in terms of attacks prevented.
This is a global story. Unless you have never used a Google, Microsoft or Apple product, never used social media, never used the internet at all, in fact, your data has at the very least received an intelligence wash and rinse courtesy of the US government. The encryption you use, or your bank or business uses, has been undermined by the NSA, making it easier for criminals and everyone else to break it, not just the people at Fort Meade. The data your company stores in the cloud is vulnerable to theft by the NSA and anyone else who can exploit the backdoors it has into systems.
For the Australian media, however, it’s apparently not relevant unless they can fly an Australian flag on it. Thus today’s bizarre “story” from Fairfax about Australian Signals Directorate (oddly given its old “Defence Signals Directorate” name in the piece) engaging in electronic surveillance from Australian embassies, mocked up to look like it has come from Edward Snowden. This dramatic revelation that Australian spy agencies actually, um, spy is up there for shock value with earlier revelations that the Pine Gap communications facility engages in espionage.
Still, it allows Fairfax a precious local angle on a story that it assumes readers will be otherwise uninterested in, a bit like the desperate search for Australians caught up in major overseas disasters.
That would be fine if our media bothered to cover Australian surveillance issues when they cropped up. But they don’t. The entire data retention issue was debated at length and considered by a major parliamentary inquiry last year and this, with virtually no mainstream media coverage. Data retention is mass surveillance under a more innocuous name, and a major threat to a free press and privacy. The decision of the parliamentary Joint Committee on Intelligence and Security to refuse to recommend it was a signal moment in the battle to safeguard our basic rights, and one that was almost entirely ignored by the mainstream media. You would only have known any details about it if you read Crikey or tech industry outlets like Delimiter and ZDNet.
Memo to the media: there are plenty of surveillance issues to write about without having to state the bleeding obvious.
Some of the questions that arise for me as an Australian citizen that should I think be being asked by our MSM and others (such as relevant Parliamentary committees) are
– has the NSA been breaching Australian privacy law or espionage law by engaging in monitoring of Australian citizens’, governments’ or businesses’ data?
– has the ADS or any of the other Australian spy agencies received information illegally obtained by NSA either contrary to Australian law or contrary to other nations’ privacy law? If so does this amount to a conspiracy on their part with NSA to subvert those laws?
– what are the AFP and/or the Information Privacy Commissioner and/or relevant Parliamentary Committees doing to hold NSA and/or Australian spy agencies to account? If nothing does this represent a dereliction of their duties?
– Are the NSA and the Australian spy agencies effectively operating above the law?
If anyone has the answers to these questions I’d be very interested.
In response to @1, lalau66, I can provide unverified (and unverifiable) answers. They go like this:
– Yes
– Yes. And, yes, if by ‘subvert’, you mean ‘ignore’.
– Almost nothing. Or, only as much as they think is the minimum they need to be seen to be doing.
– Yes.
When Cheney’s “got your back” be very worried – ask Hank Whittington?
I thought “Perjurer Clapper”, in his TV appearance, looked uncommonly like the scene in The Bourne Identity, where Ward Abbott appears before a senate oversight committee and lies his ass off.
Pretty clever of the NSA though. Not a lot of companies use encryption on internal links…slows things down. Most of the emphasis from a security point of view is on the external gateways.
But I think that will change.