Don’t Believe What Tech Firms Say About Surveillance

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Follow on: Google +

Tech firms can’t tell you if they are snooping for the government. Wayne Rash asks what you can do about it

When the revelations about surveillance by the National Security Agency and other services including the Federal Bureau of Investigation came to light early in June, the companies singled out denied that they’d been providing information.

Initially, the companies said that they didn’t provide any data at all under PRISM. Then they said they only provided information on their customers that was legally required. Likewise, when leaks revealed the delivery of phone call metadata to the NSA, Verizon simply didn’t want to talk about it.

But if you read the statements from each of the technology companies singled out, what was more interesting wasn’t what they said, but what they didn’t say. What they didn’t say was that they were delivering data under secret court orders to government investigators.

They can’t tell you

sPrivacy security gagging order hush retro © Everett Collection ShutterstockThe reason for their silence on this issue was that the orders that directed them to deliver the data also ordered them to maintain secrecy regarding the request. Considering that violation of the order of the intelligence community’s secret Foreign Intelligence Surveillance Act (FISA) court is a serious felony, you can understand why these companies tended to respond as if they’d never heard of a court order.

But, of course, they had. Facebook was the first to admit that it had, indeed, been ordered to turn over customer records and the content of their Facebook communications in thousands of instances since the beginning of the year. Then Microsoft admitted the same thing and now Apple has admitted to getting such government requests.

But it’s important to realise that these are data requests by any government agency for any number of reasons. For example, Apple revealed that these included helping to recover stolen iPhones, helping to find lost children and elderly people who had wandered off.

What’s not in the numbers given by the technology companies is how many of the requests were for the purpose of gathering intelligence. They didn’t reveal how much data of what type went to the NSA and how much to other agencies. Chances are that they won’t say unless their requests to the court to allow them to release more information are granted. Don’t hold your breath on this.

You’ll notice that these three companies were first to admit to providing data to law enforcement or the intelligence community. Since this article appeared on eWEEK, Yahoo has admitted to receiving surveillance requests and Google, by appealing against the gagging order, has made it pretty clear that it too received requests (as everyone surely knew).

What can you do about it?

So the next obvious question that needs to be answered is whether your emails and phone calls are being monitored, whether your metadata is being harvested and if you can do anything about it. The short answer is that there isn’t much you can do about it right now. But there’s a longer answer.

The intelligence community is doing what it’s allowed to do under the Patriot Act and some additional enabling legislation. This means that the relevant federal court has ruled that what’s happening is legal. In addition, it’s pretty clear from the strong support for the surveillance from both sides of the aisle in Congress that the Patriot Act isn’t going to be repealed in the immediate future.

Outside the US, there’s not much anyone can do. For US citizens, the only way you’re going to change this is to elect lawmakers who don’t think that the Patriot Act is a good idea. While it is the democratic solution, it’s not immediate.

But what you can do now is decide just what your risk actually is. Because the primary focus of the monitoring is metadata supported by keyword monitoring, then you have to know that your relationships may be studied if they reveal (or hint at) specific kinds of activity such as terrorism.

But metadata is a very powerful way to reveal relationships, so if you’re a government official taking bribes or having an illicit affair, somebody might find out. Unfortunately, if you’re leaking secrets to the media, the government might find out about that, too. But the metadata is supposedly limited to foreign contacts and to terror suspects, so US citizens are protected, right?

Probably not. While the law is pretty clear that the NSA can only track foreign suspects, they have the data. And while it’s not supposed to be used for domestic reasons, such as to see who is leaking sensitive data to a reporter, you have to trust that it’s not being used for that. I’m not convinced that the Department of Justice, given its track record, can be trusted to that extent.

But what can you do? Apple has revealed that Facetime uses end-to-end encryption that Apple can’t decrypt. BlackBerry says the same thing about BlackBerry Messenger. Even the connection information is supposed to be encrypted with those services. Is it? Perhaps, or there wouldn’t be so many intelligence services trying to shut down BlackBerry. But even then, the only safe assumption is that someone is always listening.

What do you know about Internet security? Find out with our quiz!