At a recent dinner with friends last month, some of whom were writers, I was asked for a developer’s opinion on the security of various cloud-based products. I told them that ultimately, they had no security at all. We were so thoroughly spied on, I suggested that “you have to regard yourself as potentially sharing every keystroke, every search, every message with the NSA. If you want security, encrypt. Or better still, buy untraceable clothes and while disguised send one time messages via disposable or public devices.”
My answer elicited a nervous laugh, but I meant it. And besides, who’s laughing now? Recent revelations have shown that the Obama administration is collecting traffic analysis data on Verizon’s customer base (and by implication has similar arrangements with every other provider) and is mining data straight from the servers of companies providing Internet services. The Washington Post reports on codename PRISM:
That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.
The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.
Dropbox , the cloud storage and synchronization service, is described as “coming soon.”
For those who don’t know what this means, it means that the administration is able to draw a graph (like a network chart) of who is talking to whom. It is able to say what are the key nodes through which any business passes, find all its Internet ‘friends’ and interlocutors and potentially drill down into the comms themselves — in time series.
This would pick up every organization of significance, whatever its purpose. Medical associations, pedophile rings, prayer groups, Tea Party groups, lesbian sororities, gay date swapping groups, business networks, professional networks, spy rings and terrorist cells. The works. It picks up the civilians more easily than the players, because the players use encryption, buy untraceable clothes and while disguised send one time messages via disposable or public devices.
The civilians don’t.
Your only safety lies in being overlooked, that is to say, in not being part of an affinity group of interest to the Obama administration. Otherwise you become part of the result set of a query, or search pattern. The reason everyone must sooner or later fall into the toils of the data mining operation is something called Dunbar’s Number. It holds that no cell can grow beyond 150 members in size without resorting to communications and hierarchies.
So unless your organization wants to doom itself to insignificance, you will use email. You will use cloud apps. You will use IM. And you will wind up on the administration’s database.
The fact that you belong to a large group, for example the 50% of the US population that is conservative or Republican, does not give you safety in numbers. Within this large group of millions are a much smaller number of key leadership nodes. They are the nodes that matter, the top of the hierarchy mandated by Dunbar’s Number.
If you can control, corrupt or even bait those nodes you can reduce the entire group to impotence. You can effectively decapitate it, a strategy applied not only to al-Qaeda but apparently also by the IRS in its hunt of Tea Party and Republican fundraising groups. The virtual world let’s you dominate the virtual high ground. You don’t have to clobber all Muslims and Republicans. You just have to clobber the key nodes and the rest will mill around like leaderless ants.
What the IRS and AP wiretapping scandals demonstrated was the administration’s intent in action. They want toclobber key nodes. What the FBI/NSA data mining operations show is capability. They can clobber key nodes. The Obama administration has demonstrated the intent to pick apart affinity groups with IRS. The Verizon and PRISM stories show how they have potentially been doing it.