The US government has being spying on our online activities. That comes as no surprise, we’ve all seen the Patriot Act and the Foreign Intelligence Surveillance Act Amendments Act (FISA), but what is surprising is that it now appears some companies including Facebook and Google have been allowing the National Security Authority (NSA) of the US government direct access to their data via something called Prism.
Facebook, Google, and now Yahoo have issued public statements stating that they are not working with NSA, but complying with legal requests. In an Orwellian twist the FISA prevents any discussion of any requests made under the act, including whether such requests exist.
Facebook and Google both use the phrase “no direct access to our servers”, which is not the same as “NSA doesn’t get our data”, which they can’t say because (a) they can’t discuss anything around an FISA request and (b) they are obliged to pass on data within legal constraints.
The New York Times article talks about some of the technical changes that have been discussed;
one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.
Which makes it sound like a technical solution developed to comply with a legal requirement, and certainly far less scary than the “direct access to servers” statement that raised concerns.
Mashable takes a similar view, calling Prism a “data integration API” which the NSA would need to analyse and use the data released. Mashable also suggests that the term “direct access” is used incorrectly in the original slide deck, for the simple reason that it’s difficult – which means expensive – to do.
In many articles these technical solutions, and the fact that the servers to host them belong to the companies are cited as evidence that the companies are somehow collaborating with the NSA making it easy for them to get the data. I suspect it’s the other way around; The companies are building these solutions to make it easy for themselves to comply with the law.
So possibly, probably Facebook et al have been acting legally; but perhaps that’s the scary part.
The underlying laws, the Patriot Act and the FISA, raised concerns when they were passed, with cities opting out of the Patriot act, but now that the connection, and the scale of data requested/shared the concern level has gone up a notch. With commentators raising real concerns about the collection, use and safeguarding of personal data in an increasingly monitored nation. As the Guardian revealed the source of the leaked information as Edward Snowdon yesterday they also published his motives; safeguarding internet freedom.
Cyber security is a real issue, and it needs addressing. The global nature of the internet, and the huge potential unleashed by analysis of big data, make the online world a source of genuine crime-stopping information. But the right to privacy is upheld in the laws and constitutions of many countries and it is being eroded.
It would be easy to dismiss that as an “American problem” but it specifically targets foreigners, and our own governments show worrying tendencies to trample over privacy rights online including the Dutch proposal to give police the right to hack as a cybercrime prevention measure. Despite playing up their “Digital Agenda” in recent months the EU has been strangely silent.