NSA snooping bolsters opponents of U.S. Internet control

The National Security Agency's massive data gathering from the world's largest Internet companies could bolster arguments that the United States should have less control over the Internet, an expert says.

The NSA has obtained direct access to the systems of Google, Facebook, Apple and at least six other U.S. Internet companies, collecting search history, the content of emails, file transfers, live chats and more, The Guardian and Washington Post reported Thursday, based on a top secret document. The data gathered is to try to spot terrorist activity in communications between people in and outside the U.S.

The NSA data-collecting program, called PRISM, started in 2007 and was enabled by changes in U.S. surveillance law that were introduced by President Bush and renewed under President Obama late last year. While acknowledging they abide by legal requests for information from the government, many of the Internet companies denied giving the NSA direct access to their computer systems.

Privacy groups have ripped into the program as a huge privacy threat to U.S. citizens, and have called for changes in the law to provide better protection of personal information from snooping. However, with court approval and congressional oversight, the PRISM program appears to be legal.

"The way I understand PRISM, it is designed to collect only against foreigners. Collateral American collections are suppose to be eliminated and minimized," Paul Rosenzweig, founder of Red Branch Law & Consulting and a former deputy assistant secretary for policy in the Department of Homeland Security (DHS), told CSO on Friday. "That sounds right to me."

[Also see: Privacy groups, some lawmakers rip into NSA surveillance | U.S. intelligence chief defends surveillance programs | Verizon, others have no choice but to hand over customer data]

However, being legal does not necessarily mean it is good public policy. If the government is gathering huge amounts of information from Internet companies then it could play into the arguments of China, Russia and Saudi Arabia that U.S. control over the Internet should go to the United Nations.

U.S. influence over the Web is the result of its control over the system for numbering and naming sites through the Internet Corporation for Assigned Names and Numbers (ICANN).

"[PRISM] might not be advisable because it will play into the international perception that the U.S. uses the Internet as its own little toy," Rosenzweig said.

Reports on the program surfaced one day after The Guardian reported that the NSA was gathering from Verizon millions of phone records that included the numbers of both parties on a call, location data and the time and duration of all calls. Experts believe similar data has likely been collected from other telephone companies.

The intelligence community's need to gather large amounts of data were outlined in March by Ira "Gus" Hunt, chief technology officer for the Central Intelligence Agency. "It really helps us understand what's going on in the world to know what we know, so we know where the gaps are, so we can do our job much more effectively," Hunt said, during a talk at the GigaOM's Structure:Data 2013 conference.

The CIA uses "massive computational engines" that enable the agency "to acquire, federate and position and securely exploit huge volumes of data," Hunt said.

"We fundamentally try to collect everything and hang onto it forever. Forever being in quotes, or course," he said.

In March, Wired magazine reported that the NSA is building a $2 billion data center in Utah. Its purpose is to intercept, decipher, analyze and store the world's communications from satellites and underground and undersea cables of international, foreign and domestic networks.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security Agencyapplicationsdigital surveillancewashington postdata protectionfbiprivacyData Protection | Data PrivacyFacebookAppleGooglesecurityNSA PRISMsoftware

More about AppleBushCSOFacebookFBIGoogleICANNInternet Corporation for Assigned Names and NumbersNational Security AgencyNSAUnited NationsVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place