The NSA is thought to analyse around 1.6% of all global internet traffic every single day. That may not sound like much, but when you consider the scale of the web, that equates to around 30 petabytes (or 30 million gigabytes) of data. There’s a not only a question of ethicality at play here, but legality.
SECTION 215
Section 215 of the Patriot Act allows the government to require businesses to hand over records of “any tangible things, including books, records, papers, documents, and other items”. The one prerequisite is that it must be for an investigation to protect against international terrorism.
However, the keyword there is ‘protect’, because it essentially turns Section 215 into a blank cheque. Among the leaked documents was an NSA slide unveiling the companies that provided user data to the PRISM program and when they began doing so. Despite the fact that an aptitude for charting is clearly not a requirement for NSA employees, the information that has been revealed is quite unsettling. Naturally, the government stance is that just because they have the capability to analyse the data a user may provide to these companies, it doesn’t necessarily mean that they will. Furthermore, it is regulated by a secret intelligence court known as the FISA court, which is responsible for approving requests for foreign surveillance.
However, the FISA court have interpreted the contents of Section 215 to mean that the government can collect and store phone records for every citizen, the vast majority of whom have no connection to terrorism. Consequently, the percentage of which an application for foreign surveillance is rejected by the FISA court stands at just 0.03%
The Patriot Act was written just after 9/11 and for years it was extended and reauthorized without a passing thought, but all of that was before the public was made aware of what the government’s surveillance capabilities actually were. It all ended with Edward Snowden.
PUBLIC PERCEPTION
In recent years, we’ve seen computing power shifting to the cloud. However, with the activities of the PRISM program brought to light, there is a concern as to what impact it has had on commercial cloud computing services. According to a survey conducted by the Cloud Security Alliance, it is estimated that 56% of people outside of the US are now less likely to use US-based cloud providers. 10% cancelled their contracts with US-based cloud providers altogether.
Companies have geared towards consumer privacy in an attempt to placate security concerns of a post-Snowden public. We’ve seen growing popularity of search engines like DuckDuckGo geared toward anonymous browsing that advertises the fact that it does not track you across the internet. Mobile operating systems such as iOS8 and various Android iterations institute a ‘zero knowledge’ encryption policy that makes it impossible for the company to comply with disclosure orders, since only the end user is able to unlock the information.
Snowden’s actions have sparked a public debate over the subject of data privacy worldwide. In the UK, we’re seeing much discussion over the controversial new surveillance law dubbed the “snooper’s charter“. It is a bill that is believed to write into law a huge invasion of privacy whereby the government can collect internet browsing data on a user. Contrastingly, Home Secretary Theresa May insists that critics have blown the capabilities of the new law out of proportion, citing that it is simply a modern equivalent of an itemised phone bill.
Naturally, we all want perfect privacy and perfect safety, but those two things cannot coexist. We live in a world where the government can analyse your personal data, legally.
However you see him, hero or traitor, the fact is that the only reason why there is a debate over privacy concerns at all is down to the actions of one, Edward Snowden.
Nobody has time to read through a circa 20,000-word document of capitalised text each time a company updates its policy. Signing a mortgage agreement requires less paperwork, it begs a profound and somewhat troubling question:
What if privacy policies were not so much about protecting privacy at all, but instead relinquishing it?