By assuming that it was OK, the US government has moved the goalpost in its fight against terrorist from one where it went after specific data about certain suspected individuals to pattern matching of potential profile against every individual in the country. So if you use a cellphone or spend any time on the internet, you can safely assume that your data is being analyzed in an NSA or FBI facility. This is a new approach to intelligence gathering that has a major impact on civil liberties and may redefine the dialogue around an individual’s right to privacy for generations to come.
The right to privacy is an interesting one because it is not one that is clearly stated in the US constitution. There is nothing in the bill of rights or any legal framework established by the US founding fathers to cover privacy issues. Privacy rights are largely born out of a set of decisions that were made throughout the 20th and 21st century. However, certain rights against government overreach can be gathered from the 4th and 6th amendments of the US constitution.
The fourth amendment protects you against unreasonable searches, which seems to be a valid issue here as searches related to your calling patterns would be considered unreasonable if they yield a negative response but in searching for terror-related information against every phone that is attached to a US-based service provider, one can safely assume that such searches are happening routinely.
The sixth amendment is actually a more dangerous one to the cause of keeping us safe. By keeping programs like PRISM secret and keeping the data gathering or the court orders related to that data gathering secret, with no legal way to access the data (rules around FISA and the Patriot Act have created a tangle of secretly picked up information gathered from a variety of networks, including financials networks (any time you make a transaction with a bank of over $5,000, the data has to be reported to the federal government and whenever the government asks for data about a financial transaction, the company that was asked is not allowed to tell the customer) to social networks and more. This lack of legal review could become an issue in future cases as the way evidence was gathered against a suspect could be challenged based on this. This could lead to terrorist actually walking free, the exact opposite of the stated goals of the programs.
A moral challenge
While technical discussion of the legal viability of such programs are interesting, a bigger challenge is what it does to our credibility on the global stage. When the program was revealed, Obama’s answer included this point:
I agree with Obama here but where I may depart is in whether we are making the right choice as a society. Either way, it is a choice that has to be made as a society, not secretly in the back rooms of our government. An open and fair dialogue as to what society we want to build moving forward is an important element of what need to happen in light of those revelations. Truth is, we will never have 100% security (if such programs are meant to give us 100% security, explain the Boston bombing, which happened after the program had been put in place).
In Europe, that decision has been made: For France and the UK, two countries with long histories of terrorism, the choice has been to admit that terrorism can be dealt with but will still happen from time to time. The choice has been not to close down the society or make it more big-brotherish, leading to the ironic fact that UK spies have more information on American citizens than they do on British ones, but to treat terrorism as a criminal matter, one that warrants investigation but cannot be stopped 100% of tie time.
The US could be dangerously veering into the direction of becoming increasingly closed, something that started happening after the 9/11 attacks on the Twin Towers and the Pentagon. While many on the left have denounced the Bush administration for the expansion of spy powers, it is time to be fair and denounce the Obama White House for similar efforts. There is an interesting superimposition in the fact that Obama was meeting with the Chinese prime minister as this story was starting to unfold. How do you think the Chinese leadership would react if Obama were to bring up any questions relating to spying on its own people or on pursuing information about non-Chinese on overseas servers? How much ground have we lost, due to the existence of programs like PRISM, when one looks at the broader discuss around online hacking?
A personal responsibility
As an entrepreneur, when faced with news like this, the first thing that comes to my mind is “how do we fix this?” This is then followed by “what can I do?” as in what personal action can I take to help improve the system. As a naturalized citizen, I’ve also sworn to protect the constitution against all enemies, foreign or domestic. But what can I do within the existing legal framework to help this state of affair. As a citizen, it is my duty to protect my information but also to ensure that the government does not over-reach and misuse that information. So what should we do?
If you’re an American, call the people in the US Congress representing you. That means both senators and your representative. Ask them to open hearings about the PRISM and similar program, with the goal to identify if such program protect us 100% of the time (they don’t) and what kind of tradeoffs we are making in exchange for that false promise.
But that is not enough. To just do so is passing off the responsibility about your own data to Congress. And, as an American, you know that you can make an individual impact: so go an get your data!
Get data from the NSA
It is clear that either the NSA or the FBI has gathered, either wittingly or unwittingly, information on you. If you use an online service that was part of PRISM or use a mobile operator, the metadata around you, your calls, where you’ve been, who you’ve chatted with or emailed, is sitting in some database. This means it’s time for you to ask what’s in your file.
Here, there are two laws that are working to your advantage, the Freedom of Information Act (also known as FOIA), and the Privacy Act. When combined, those two laws allow you to retrieve a lot of information about yourself from the government’s vault.
Let’s start with FOIA. In the case of FOIA, personally identifiable information is generally excluded because FOIA request also mean releasing data into the public. So here, we have to focus on more general information, such as how a particular program works. The NSA provides a FOIA form online (click on the link to get there) and include the following in the description field:
Monthly statistical data as to the number of chat, email, and phone records of US-based citizens and non-citizens, as well as non-US based US citizens analyzed over the period between 9/11/2001 and the time of this request.
Monthly statistical data as to the number of chat, email, and phone records of US-based citizens and non-citizens, as well as non-US based US citizens gathered over the period between 9/11/2001 and the time of this request.
Description of the systems gathering data about US and non-US citizens on American soil, as well as US citizens on non-US soil.
Description of the systems analyzing data about US and non-US citizens on American soil, as well as US citizens on non-US soil.
List of companies that have provided data, either directly or indirectly (through a third party agency), to help in data gathering efforts on US on non-US citizens on American soil.
List of companies that have provided data, either directly or indirectly (through a third party agency), to help in data gathering efforts on US citizens on non-American soil.
List of agencies that have contributed data to any NSA data gathering efforts on either US or non-US citizens on American soil.
List of agencies that have contributed data to any NSA data gathering efforts on either US citizens on non American soil.
List of companies that have provided equipment, either in the form of software or hardware, to data gathering on either US on non-US citizens on American soil and/or US citizens on non-American soil.
List of companies that have provided equipment, either in the form of software or hardware, to data analysis on either US on non-US citizens on American soil and/or US citizens on non-American soil.
List of companies that have provided services, on a consulting basis, to data gathering on either US on non-US citizens on American soil and/or US citizens on non-American soil.
List of companies that have provided services, on a consulting, to data analysis on either US on non-US citizens on American soil and/or US citizens on non-American soil.
I’ve tried to craft the language here in such a fashion that it does expose clear details about existing investigations (it’s all summary metadata), which may be covered under national security blankets. It will only take you a few minutes to fill out the form and may help release more public information about what may or may not have happened here. It will also provide us with some insights into who are the private actors in this matter. The riskiest part of the request may be the description of the systems.
Next up is your own data. To get to the data and metadata the NSA may (or may not) have about you, you will need to file a Privacy Act request. Fortunately, the NSA provides you with information about how you do so but here they do not provide a form, create a few extra hurdles to jump through. First of all, there is a list of items they want you to provide. You should cut and paste the following (with a few edits on my part, including the addition of Email address):
Full name:
Company/Organization: Self
Address:
City:
State:
Zip Code:
Country: United States
Email:
Home Phone:
Work Phone:
Mobile Phone:
SSN:
Description of the records you seek: Any and all records including data or metadata about the individual listed in Full name, the address listed in Adress/City/State/Zip Code, the email address list in Email, the phones numbers listed in Home Phone/Work Phone/Mobile Phone, and the Social Security Number listed in SSN.
The next challenge here is how you submit your request. If you only have a casual interest and believe that there will be less than 20 pages of information about you there, the best road may be to fax the request in. If you’re a fairly technical person or already have a digital certificate installed on your email (you will know if you do), then email may be the best approach. Last, but not least, is the old reliable way of sending a paper letter. Either way, the NSA now has to reply to you on what record they may have about you.
Get your data from the FBI
But remember that the NSA is not the only part of this story. Based on what we know, the NSA is not chartered for national surveillance so the data being analyzed by the NSA was actually gathered by the FBI. This means that you probably have an FBI file now.
The FBI is actually quite helpful when it comes to getting one’s own file. For example, they have pre-formatted Privacy Act request and a sample FOIA request on their site. There are a few things to know when filing those letters, though:
- Date range of request: Here I would put from your birthday (or the time you first got to the US) until the date of filing.
- Description of record:
I request copies of all files, correspondence, or other records concerning myself. To assist you with this search I am providing the following information about myself:
Full name:
Company/Organization: Self
Address:
City:
State:
Zip Code:
Country: United States
Email:
Home Phone:
Work Phone:
Mobile Phone:
SSN:
Description of the records you seek: Any and all records including data or metadata about the individual listed in Full name, the address listed in Adress/City/State/Zip Code, the email address list in Email, the phones numbers listed in Home Phone/Work Phone/Mobile Phone, and the Social Security Number listed in SSN. - The fee: The US government has the right to charge you 10 cents a copy for any document they send you. Generally speaking, a fee of $25-30 should be listed as most files will fall under that range. The agency will notify you if it costs more but setting in a number will expedite things. It shows you’re not just sending a frivolous request. The government will not pre-bill you but by including a number there, you will agree to paying a bill of up to that amount.
The FBI actually allows you to file those requests over email but remember that you can only request information about yourself. Then, within 60-90 days, you will receive a reply with possibly some interesting information.
Conclusion
The balance between combatting terrorism and maintaining a free society is always a hard one to strike. There are a number of legal methods to gather data from the government when its abuses are uncovered. Use the tools at your disposal to demonstrate your willingness in engaging in the democratic process. One of the best ways to understand what happens is to see what data is being gathered about you. Doing so as an individual is your right as a citizen or resident of the US. But realize that those offices are small and that doing it on a massive basis could overflow them. Choose your approach carefully and together we might be able to bring more light as to what really is happening behind the veil of secrecy surrounding our anti-terrorism efforts. Some of its may appear abusive today because we don’t fully understand it and may seem more benign once we do.
At first blush, the massive data analysis that the NSA seems to be doing strikes me as not that different from what Google, Facebook, and others are doing around your data and metadata. It falls under the umbrella of big data and may actually be a great tool to ensure our safety. But keeping the information secret will only breed more distrust and worries about over-reach. The NSA is a traditionally very secret agency (the joke used to be that it’s acronym stood for “No Such Agency”) but in order to adapt to the 21st century, it must be willing to open up a little more to the general public: its data gathering or data analysis efforts may get more complicated as a result but the well being of a democracy is not on always making it easier for those who want secrecy but on ensuring that all voices are represented and the potential for abuse (or even the appearance of abuse) is dealt with swiftly.
The issue is not whether data was gathered but transparency and the right of every citizen or resident to review their own personal data. That ability will continue to maintain our reputation as a a beacon of freedom and a country of personal choice, not an Orwellian nightmare standing side by side with more repressive governments.