Blanket Surveillance. Total Secrecy. What Could Possibly Go Wrong?

Imagine that one day you came home to find a shiny little bubble of one-way glass in an upper corner of every single room, and a notice left on your kitchen table: “As required by the Safe Society Act, we have installed remotely controlled cameras throughout your home. (Also your office.) But don’t worry! They’ll probably only be activated if the government believes that a non-US citizen might have entered this building.” Would that give you warm fuzzy feelings of safety and security?

I ask because that’s a pretty good metaphor for what happened this week. I refer of course to PRISM. You may have noticed the flurry of reports followed by a flurry of denials regarding the “top-secret National Security Administration data-mining program that taps directly into the Google, Facebook, Microsoft and Apple servers among others.”

Meanwhile, with (surprisingly) much less furore, the Wall Street Journal took the previous revelation that the NSA “is secretly collecting phone record information for all U.S. calls on the Verizon network,” and expanded it considerably:

The National Security Agency’s monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency’s activities.

At first nobody knew what PRISM was. Both Larry Page and Mark Zuckerberg personally and strongly denied the initial allegations, and the Washington Post backed away from its initial claim that the tech companies “participate knowingly.” So who could say what was really going on, given the doublespeak that the NSA uses when discussing surveillance, and the weird way that Page, Zuck, and every other accused tech company (except, oddly, Microsoft) all kept chanting the strange mantra “no direct access” in their denials?

The New York Times, apparently. Hats off to them, and to Twitter; and shame on all the PRISM companies. The NYT’s report on PRISM — which you should all click through to and read — says that:

Twitter declined to make it easier for the government. But other companies were more compliant… The companies were legally required to share the data under the Foreign Intelligence Surveillance Act… they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence… FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms… employees whose job it is to comply with FISA requests are not allowed to discuss the details even with others at the company…

Which is appalling enough right there: but let’s not lose sight of the even bigger and uglier picture, one which includes the WSJ’s claims. Going back to my cameras-in-the-home metaphor, until this week we all knew that the government could break in and install cameras in every home if they wanted to … but now we know they’ve actually done it. Oh, the ones in your home probably haven’t been turned on yet, but they’re there. They’ve been there for years.

And how has the government responded to these revelations? Mostly with frothing fury. Senator Dianne Feinstein immediately called for an investigation….into the leak. Director of National Intelligence James Clapper called this “unauthorized disclosure of information” “reprehensible.”

That’s what really gets my blood boiling. There is no reasonable justification for keeping even the existence of FISA requests and programs like PRISM secret. Does the NSA really think that its targets currently believe that all their online activity is perfectly safe and secure? Well, in the extremely unlikely and idiotic case that that was the reason for total secrecy, then hey, that barn has sure burned down now, hasn’t it?

The powers that be can shout “national security!” and “terrorism!” as stridently as they like, but it seems patently obvious to me that they’re just afraid that the American public might not like it if they find out how much they’re being spied on — and that their blanket surveillance programs might not be legal.

As Bruce Schneier points out, what we don’t know is far scarier than what we do. And to quote the EFF:

The specifics remain shrouded in secrecy, but Senators Ron Wyden, Mark Udall, Rand Paul, and Jeff Merkley, among others, have indicated repeatedly that Americans would be “stunned” to find out how the government is interpreting and using these provisions.


The sad thing is, this is typical of the Obama administration, which has already prosecuted twice as many whistleblowers as all previous presidential administrations combined. “I welcome this debate. And I think it’s healthy for our democracy… I think that’s good that we’re having this discussion,” Obama said yesterday. Hours later, Reuters reported: “President Barack Obama’s administration is likely to open a criminal investigation into the leaking of highly classified documents that revealed the secret surveillance of Americans’ telephone and email traffic.”

Page and Zuckerberg say “There needs to be a more transparent approach … the level of secrecy around the current legal procedures undermines the freedoms we all cherish” and “We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe,” respectively. Too right. But the current administration has shown no real interest in greater openness, much less twoway transparency.

So the only other solution is for the tech world to do what it can to normalize end-to-end encryption of all online activity. Right now HTTPS can (probably) protect your data while it’s in transit between your apps and the Apple/Google/Microsoft/Yahoo servers; but if your government insists on star-chamber surveillance, then that’s no longer enough.

Instead we’ll need to start encrypting our communications all the way from sender to recipient. Security is hard, and there aren’t many good tools for this, yet. What’s more, this would be bad for Google’s business model. But if governments continue to pass and then stretch the bounds of outrageous and draconian laws like FISA, then it’s only a matter of time before angry techies make end-to-end encryption easier to use, and its use becomes widespread.

If there’s any thin silver lining to this debacle, it’s that by insisting on secrecy, and clandestine so-called “accountability,” governments are actually hastening how fast and how thoroughly the online data they so badly want will become unreadable. Given the contempt with which they’re currently treating the populace, I for one can’t wait.