Last week I avoided talking about Prism, the supposed NSA wiretapping issue that has been all over the news.
However, in the past week I've read or heard 3 different highly insightful analyses and I'd like to comment on them.
First, on the possible techniques used. Major data collection organizations including Facebook and Google have denied providing any information to the US Feds as has been alleged. But the NSA is getting information.
I've been a long time fan of the Steve Gibson/Leo Laporte podcast Security Now. In episode 407, Steve speculates on how he thinks this is all accomplished. As is often the case, Steve provides insightful analysis and a plausible explanation of how this might all work. I recommend you listen to the podcast to get the full details, but essentially he describes a method by which the NSA can tap major fiber connections upstream of the major data aggregators. This makes sense and time will tell if this is the method being used.
Not to spend too much space on the TWIT world, though these are among my favorite podcasts!... This past week on the flagship show, TWIT episode 409, Leo drew parallels to the collection of connection and metadata on the internet to the similar work the credit card providers use. Most people have had the experience of having fraudulent credit card charges reported to us, and removed, by credit card providers. They are able to detect this potential fraud through their analysis of transaction data and anomaly detection based on our buying habits. They know our habits because every transaction is stored and analyzed. This is how anomalies are found. We appreciate this when our money is protected. But we may not appreciate it when this analysis spills into other parts of our lives.
Finally, a number of sources published aspects of an analysis of what might have happened had connection and metadata analysis been used to examine the activities of Paul Revere and other American Revolutionaries. Had these kinds of analyses been available in the latter half of the 18th century, could US history have been radically altered? Or not exist at all? It is critical to consider the context!
Benjamin Franklin is credited with writing "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety". Is fed tapping of the majority of US net traffic for safety or security appropriate? Is the issue that it is happening or that there was no disclosure? There will be more detail about what is really happening in the coming days and weeks. I think the immediate issue is lack of disclosure. Law enforcement does have the right to make a lawful request for information. But collecting everything seems like overkill at best, and potentially an abuse of power. But we don't have all the facts yet. Once we do then the real debates can begin!