Does this mean that your records have been looked at?
There Is No Such Thing as Online Privacy
Do you make phone calls over the AT&T, Sprint or Verizon networks? Do you participate in popular online services such as those provided by Google, Facebook, Microsoft, Yahoo, AOL or Apple? If you’ve answered yes to any of these there is a good chance some of your data resides in a NSA database.
Does this mean that someone is reading your chats or emails right now?
I’m not going to get into whether or not what the government is doing is right or wrong, but I hope to shed some light on this sensitive topic by talking about the real-world implications and realities of what these types of data collection programs mean.
How It Works
It all starts with two main acts of Congress – the Patriot Act signed in 2001 and the FISA Amendments Act of 2008. As part of these acts, the NSA is able to submit requests to various public companies requesting sets of data such as phone records, email content, chat and voice over IP conversations. This data is stored in several different but interconnected systems with fancy names like Prism, Mainway, Marina and Nucleon.
Intelligence analysts are then able to perform searches in these various systems for information they may deem a threat to the nation. Initially, analysts were required to be 51% certain that their target is not from the United States. The likelihood of an analyst performing searches against a U.S. citizen (whether intentional or not) is probably pretty good and thus according to another of Snowden’s leaked documents the NSA allows for “contact chaining.” Essentially, analysts can use the data collected from Americans to analyze the social networks of foreign targets.
So what data is being collected and by whom?
Besides the several tech companies listed in the leaked documents, we don’t know. Some companies such as Facebook and Google have come forward denying accusations that the NSA has direct access to their servers. If direct access isn’t allowed, how is the government getting this data? The first and easiest way is public data. A lot of people on social networks don’t use any of the built in privacy protection companies like Facebook provide.
Another way of retrieving data is by making formal requests. Facebook came out and stated in June, 2013 that they’ve received between 9,000 and 10,000 requests affecting 18,000 to 19,000 accounts in the six month period between June and December 2012. Although Facebook isn’t able to give any more specific information, you can make some inferences from these numbers regarding just the sheer number of requests tech companies are receiving.
Although a lot of information was leaked, there are still many aspects of these government programs we don’t know. How much data does the NSA have? How long does it keep the data? Controls are in place to protect U.S. citizen information, but how do they work in the real-world? How can you protect yourself from government snooping?
Although nothing can promise you complete privacy, there are some things you can do to increase your chances:
- Understand and use the privacy controls that tech companies offer.
- Stay off the radar. If you are concerned about privacy, utilize smaller companies. There are thousands of email providers out there – avoid likely government targets like Microsoft, Google and Yahoo. Consider a paid subscription to an email provider that offers more privacy and security.
- Consider the trade-off between practicality and privacy. If you don’t really care about Facebook but you have a profile, why not delete it? If you can’t live without Facebook, consider what you post and what privacy settings you are using and whether the potential privacy violation is worth the risk.
Your personal data may be very important to you, but to the NSA yours is just a tiny spec of data in an enormous ocean of files and records they have access to. Although it’s very unlikely someone is pouring over your personal information, you should pay attention to the information you make readily available and think about the risks of doing so.