When news broke last week that Verizon was handing over information about all of its calls to the National Security Administration, things were bad enough. In the week since then, however, things have only gotten worse for our personal security.
A program called PRISM was outed by the Washington Post. According to the top-secret document obtained by the Washington Post, the NSA and FBI have been "tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets." How big is PRISM, you ask? Massive. The document states that the collection comes "directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple."
Basically, anything you've ever shared with anyone about anything on the internet has (maybe) already been seen by the government.
Blow That Whistle At Your Own Peril
The reason any of this information came to light in the first place is because a 29-year-old former technical assistant for the CIA had enough. Edward Snowden decided that he "[didn't] want to live in a society that does these sort of things," so he worked with The Guardian to produce the original report. (You can also see the full court ruling of Verizon being forced to hand over telephone data here.)
With "no intention of hiding who I am because I know I have done nothing wrong," Snowden asked the Guardian to reveal his identity. The Guardian posits that Snowden will go down as one of the United States' "most consequential whistleblowers, alongside Daniel Ellsberg [the Pentagon Papers] and Bradley Manning [Wikileaks]."
Snowden felt so wronged by what the government was doing that he was willing to give up the comfortable life he led with his girlfriend, which included a $200,000/year salary and a home in Hawaii, just to bring the government's privacy breaches to light. Snowden said:
"I'm willing to sacrifice all of that because I can't, in good conscience, allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."
After deciding to leak this classified information, Snowden traveled to Hong Kong - a city he believes has a "spirited commitment to free speech and the right of political dissent." He is living in what some may call a state of paranoia, according to the Guardian: "He lines the door of his hotel room with pillows to prevent eavesdropping. He puts a large red hood over his head and laptop when entering his passwords to prevent any hidden cameras from detecting them."
What's Happened Since?
President Obama has come out to defend the PRISM, saying that "every member of Congress has been briefed on the program" and that "what you've got is two programs that were originally authorized by Congress and repeatedly authorized by Congress." Obama acknowledged, "modest encroachments on privacy" and said "there are some tradeoffs involved," but that our "duly elected representatives have been consistently informed on exactly what we're doing."
Essentially, as Gizmodo puts it, Obama said, "Deal with it."
As far as the companies that are implicated go, they all acted in PRPM (Public Relations Panic Mode). Several of the companies implicated in PRISM issued public statements denying all knowledge of the program, and claiming no participation.
Google"s CEO Larry Page said his company has "not joined any program that would give the U.S. government--or any other government--direct access to our servers. Indeed, the U.S. government does not have direct access or a 'back door' to the information stored in our data centers. We had not heard of a program called PRISM until yesterday." Page called for "a more transparent approach" and said Google had "never heard of the broad type of order that Verizon received--an order that appears to have required them to hand over millions of users' call records. We were very surprised to learn that such broad orders exist."
Facebook"s CEO Mark Zuckerberg quickly followed suit, saying, "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before [Thursday, June 6]."
These types of blanket statements led sites like TechCrunch to wonder, "If PRISM Is Real, Why Are All These Tech Companies Denying Participation?" In addition to the statements issued by Page and Zuckerberg, TechCrunch said:
"We contacted every single one of the companies implicated on these slides, though, and all of them either denied having ever heard of the program and virtually all of them claim that they would never give any government "direct access" to their servers. The one line virtually all of them use is some variation of "we do not provide the government with direct access to our servers." They all, however, say that they comply with court orders after scrutinizing the request."
When you have a top-secret government data-mining project like PRISM, which the government has acknowledged is real, yet every tech company implicated denies involvement, where do you stand? Who can you trust?
A Public Display of Information Requests
In the time since it denied any involvement in PRISM, Google announced it wants permission to disclose how many information requests it gets from federal agencies under the Foreign Intelligence Surveillance Act (FISA). Google's Chief Legal Officer, David Drummond, published a letter on the company's corporate blog that was written to U.S. Attorney General Eric Holder and FBI Director Robert Mueller, which sought clearance "to add data on FISA requests that Google receives to its Transparency Report." This would mark a significant shift in how companies like Google are able to treat FISA requests, because "under the rules of FISA, simply disclosing the fact that you've been served with a FISA request is by itself illegal. And, like so much else that's considered too secret to discuss in this matter, it's difficult to have an informed discussion about any of it if disclosure of even the most basic facts about it is illegal."
Like it did when denying involvement with PRISM in the first place, Facebook followed Google's lead and asked to disclose the information requests it receives under FISA. Ted Ullyot, Facebook's general counsel, issued a statement encouraging "all governments to be much more transparent about all programs aimed at keeping the public safe" and "[welcoming] the opportunity to provide a transparency report that allows us to share [...] a complete picture of the government requests we receive and how we respond."
Microsoft also issued a similar statement, asking for permission for "greater transparency on the aggregate volume and scope of national security requests" as this "would help the community understand and debate these important issues."
Can't I Get Some Privacy Around Here???
With the looming back-and-forth between the federal government and the companies implicated in PRISM, it doesn't seem likely that a resolution is coming any time soon.
Being an active member of a social networking community - whether it's Facebook, Twitter, or anything else - means ceding a fair amount of privacy. The information, photos and check-ins you share are already public information (to an extent), even if your security settings are maxed out. Nothing you do on the Internet is truly private, and nothing you put on the Internet will ever really be deleted. Surrendering your right to privacy is the price of living an Internet-based "connected" life.
However, when it comes to phone calls, there's an easy way to fly under the radar... use disposable cell phones. Disposable cell phones (or no contract phones, prepaid cell phones or "burners") can be purchased at just about any store that carries cell phones. Best Buy carries them, as does Walmart, Staples and more. Best Buy's site says the benefits of no-contract phones include no long-term contracts, no activation fees and no credit checks.
But, more importantly when it comes to security and privacy, prepaid cell phones will make you harder to track as they don't make you sign up for a calling plan and hand over the personal information that entails. You can pay cash for one of these phones (as well as the minutes and data you need to fill it with), and be in and out of a store without ever even showing an ID.
This isn't completely foolproof, though, as these phones' calls are generally transmitted over existing networks - prepaid phone carriers use chunks of space on existing wireless networks (including Verizon's). If your call is run through Verizon, it's still being logged - albeit without your personal information attached. And if the government really wants to keep tabs on you, they will - disposable cell phone or not.
Which begs for the question, why collect the telephone metadata of law-abiding citizens, when the "bad guys" aren't even on the grid?
I wish this issue were as simple as, "privacy" or "safety" -- pick one. It isn't. There is no sound bite or 140 character answer for this. It is a complicated issue and it needs to be discussed.
Is this the America you want to live in? You get to make the choice. Contact your elected leaders and tell them how you feel about privacy, the 4th Amendment, hunting bad guys and technology. Make yourself heard! As you know, we don't live in a democracy, we live in a Republic -- our elected leaders make our decisions for us. If you don't like the decisions... you're entitled to the peaceful transition of power on Election Day. In this case, it's all up to you.