NSA surveillance controversy: Much ado about nothing new?

The only thing new about last week's "explosive" stories about telephone and Internet surveillance of American citizens by the National Security Agency (NSA) is that it made official what everybody has known, or should have known, for years.

Word of increasing government surveillance of its citizens by electronic means has been reported for more than a decade.

Edward Snowden, who outed himself over the weekend as the principal source for stories about the surveillance in The Guardian and the Washington Post, is just the most recent.

[FAQ: 5 things known and alleged about NSA surveillance]

Snowden, a former undercover CIA employee who now works for consulting firm Booz Allen Hamilton, which contracts with the NSA, apparently leaked one set of documents showing an order from the secret Foreign Intelligence Surveillance Court (FISC) to telecom provider Verizon to turn over all of its telephone data to the NSA on a daily basis. Another set showed that the NSA had access to the servers of nine major Internet providers, ranging from Google to Microsoft, Yahoo! Skype, Facebook, YouTube, AOL and Apple.

But long before Snowden, William Binney, who worked for the NSA for 32 years, resigned from the agency in protest in 2001 after the Bush administration launched a top-secret surveillance program to spy on U.S. citizens without warrants. It was code named Stellar Wind or just "The Program."

CSO reported last December that Binney had been saying for more than a decade that the NSA is collecting every electronic activity of its citizens -- not just so-called "telephony metadata." In an interview late last year with RT, he estimated the number of electronic documents now being stored at "probably close to 20 trillion."

He said the scandal involving former CIA Director David Petraeus' extramarital affair offered evidence of that, since the FBI collected thousands of pages of emails from presumably private accounts, even though Petraeus had not been charged with a crime. "What probable cause did they have?" Binney asked. "There was no crime."

[How to keep the feds from snooping on your cloud data]

James Bamford, writing in Wired magazine, reported more than a year ago, on the construction of the NSA's new data center due to open this September in Bluffdale, Utah, south of Salt Lake City.

That center, which will be capable of storing almost unimaginable amounts of data, will be able to intercept, store and analyze, "all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails --parking receipts, travel itineraries, bookstore purchases, and other digital 'pocket litter,'" Bamford wrote. And according to both Binney and now Snowden, the center will be collecting data from American citizens.

And once last week's stories broke, Democratic and Republican members of Congress who defended the surveillance, said it had been going on for the past seven years, beginning under the Bush administration and continuing (and expanding) under President Obama.

Indeed, the order to Verizon, first reported by Glenn Greenwald in The Guardian, was simply a reauthorization of an ongoing program, which is required every three months.

Those who opposed it had been dropping not-so-subtle hints about it for years as well. In May 2011, Sen. Ron Wyden, D-Ore., said in a debate about reauthorizing Section 215, the section of the Patriot Act that the government says permits untargeted surveillance, "I want to deliver a warning this afternoon: when the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry."

Richard Forno, writing on the blog for the Center for Internet and Society at Stanford Law School, said, "It's a good bet similar orders were issued to the other American telephone and/or Internet providers as well. I'm not surprised at this revelation, mind you: however it's both refreshing --and disturbing -- to see official proof come into public view after all these years."

Still, some experts say the news of last week, combined with slippery semi-denials from those involved, take the matter to a new level.

A number of commenters noted that the Internet service providers named said they did not provide the government with "direct" access to their servers. That, of course, doesnt mean the government didnt get it, since the data could be turned over to a contractor, who would then turn it over to the government.

Jody Westby, an attorney and CEO of Global Cyber Risk, who has written several blog posts for Forbes on the matter -- the -- in an interview called the recent disclosures, "a national crisis that is as serious as Watergate. Our country's leaders have been providing false and deceiving statements to Congress and the American people. They (the NSA) are looking at everything --not just phone calls. We barely know the details."

Rebecca Herold, CEO of The Privacy Professor, said one major problem is that the government has understated the reach of the surveillance.

"I think most of the public has believed that the capability existed to look at such data, when necessary for specific individuals or locations," she said, "But that the collection was not a full collection of all data. This changes the implications, because now everyone, in effect, becomes a suspect."

She and others also say that the semantic games being played by government officials are undermining the confidence of the public as well. Clapper, for example, said that the government has no interest in reading the emails of average citizens. But that is not the point. The point is that it is storing them, so it would have the capability to do so if it wished. That is what exposed the Petraeus affair.

"Government leaders are playing a syntax game with the public," Herold said. "Even though the actual conversation/communications content is not being recorded --at least as far as we know at this point --the metadata associated with the conversation can provide insights that can go far beyond the recordings and content anyway: Locations, times, days, frequencies, the parties involved. "

"Sophisticated analytics can match this type of data with other databases to clarify and illuminate the context of the communications, and also to put the parties involved in specific locations at specific days and times, and reveal associations and collaborations between different individuals, groups," she said.

That is the point the Electronic Frontier Foundation made in its statement on the matter last week. In a post by staff attorneys Cindy Cohn and Mark Rumold said the recent revelations, "should end, once and for all, the government's long-discredited secrecy claims about its dragnet domestic surveillance programs. It should spur Congress and the American people to make the president finally tell the truth about the government's spying on innocent Americans."

The outrage is not universal, however. Stewart Baker, former first assistant secretary for policy at the Department of Homeland Security (DHS) and now a partner at Steptoe & Johnson, wrote in a post on his blog, "Skating on Stilts,"that, "the only way to make the system work, and the only way to identify and monitor the one American who is plotting with al Qaedas operatives in Yemen, is to pool all the carriers' data on U.S. calls to and from Yemen and to search it all together -- and for the costs to be borne by all of us, not by the carriers. In short, the government has to do it."

And Joel Harding, a retired military intelligence officer and now information operations expert and consultant, said while he believes the government is operating in good faith to maintain the balance between privacy and security, "all too often we have seen examples of abuse. If we take our leaders at their word, these programs are for our good. I only pray our trust is well placed."

Join the CSO newsletter!

Error: Please check your email address.

Tags securitygovernmentprivacy

More about AOLAppleApple.BushCSOElectronic Frontier FoundationFacebookFBIGoogleMicrosoftNational Security AgencyNSASkypeStanford Law SchoolStrategy&VerizonVerizonYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place