straight on the risks.
checkit: Falkvinge
centralised
files
This
night, news broke that the USA’s security agencies have been wiretapping
essentially every major centralized social service for private data. Photos,
video conferences, text chats, and voice calls – everything. We have been
saying this for years and been declared tinfoil hat and conspiracy nuts; it’s
good to finally see the documents in black on white.
This
night, European time, the news broke that the USA’s National Security Agency (NSA)
has had direct access to pretty much every social network for the past several
years, dating back to 2007, under a program named PRISM. Under the program, a
number of social services voluntarily feed people’s private data to the NSA. In
short, if you have been using/uploading
e-mail
video or voice chat
videos
photos
stored data
VoIP calls
file transfers
video conferencing
(and more)
…from
any of…
Microsoft (incl. Hotmail et al), since Sep
11, 2007
Google, since Jan 14, 2009
Yahoo, since Mar 12, 2008
Facebook, since June 3, 2009
PalTalk, since Dec 7, 2009
YouTube, since Sep 24, 2010
Skype, since Feb 6, 2011
AOL, since Mar 31, 2011
Apple, since Oct 2012
…then
you have been wiretapped, and still are.
This
piece of news broke just after it was revealed that the same NSA is demanding
phone records from one of the major telco operators in the USA, and presumably
all of them.
In
short, practically every single service you have ever been using that has
operated under the “trust us” principle has fed your private data directly to
STASI-equivalent security agencies. Practically every single one. The one
exception notably missing from the list is Twitter (but Twitter uses broadcast
messages – you shouldn’t write anything secret on Twitter in the first place).
Carefully
note that this PRISM program is not unique to the USA: Several European nations
have the same wiretapping in place,
Sweden among them. Also, these agencies share raw data freely between them,
trivially circumventing any restrictions against wiretapping the own population
(“I’ll wiretap yours if you’ll wiretap mine”).
This
piece of news practically detonated when it hit this night. We have been saying
that this is the probable state of things for years – it’s good to finally get
rid of those tinfoil hats, with facts on the table. Predictably, the social
comms companies named in the NSA slides are out scrambling with statements and
comments.
Google,
for example, said in a statement to the Guardian: “Google cares deeply about
the security of our users’ data. We disclose user data to government in
accordance with the law, and we review all such requests carefully. From time
to time, people allege that we have created a government ‘back door’ into our
systems, but Google does not have a back door for the government to access
private user data.”
As a
politician, what strikes me is how carefully crafted this statement is to give
the appearance of denying the allegations, without doing so. It stops exactly
short of saying “the presented allegations are lies”.
For
example, a system could be in place that continuously fed the NSA data from
Google servers in accordance with the NSA documents, and the above Google
statement would still be true (if Google feeds data to the NSA, rather than the
NSA fetching it from Google).
Microsoft
– whose motto is “Privacy is our priority”, the Guardian notes – was the first
to join the PRISM program in 2007. On the other hand, that company was never
trusted much, so I don’t see a lot of surprise.
