Does PRISM Really Change our View on Privacy?
by Jon-Louis Heimerl
As part of their PRISM program, the National Security Agency (NSA) reportedly uses data from a variety of sources in attempts to track threats to the United States. The fact that some of the sources are U.S. based providers who are otherwise widely respected and used has helped elevate public concern and outcry over what is generally perceived to be new violations of our privacy rights. This is on top of the dramatic changes we have already seen in the way we treat our own privacy, and the role of information technology and social media in our day-to-day lives. There may be an illusion of privacy from days gone by, but we should, by now, know perfectly well that we no longer have the same level of privacy that we use to.
We reveal our secrets to Facebook and other social media. We allow ourselves to be tracked by cookies, or through our Amazon purchases. These companies have built massive data stores that identify both meta and detailed information about us, down to the size of the pants we wear and what kind of deodorant we like, as well as more “interesting” things, like where we travel, who our friends are and who we talk with. These companies have a business to make that information consumable, then use it themselves or resell this information to other organizations so that those organizations can, in turn, try to sell us something. Many of these same companies have, in the past, responded to appropriate legal requests for information, whether warrants or subpoenas, and will likely continue to do so when compelled by law. General Petraeus’ fall from grace resulted largely from a subpoena served on a provider for email information.
Combine this with the basic mission of the NSA – intelligence gathering and distribution. Part of the equation in this is that Internet laws have really not kept up with the way the world uses this information. Such electronic information has mostly replaced paper records, or older electronic information that is not as well formatted. The information is easier to obtain, organize, and manipulate. If the NSA can gain access to these vast stores of information they can mine this data for all the treasures it holds. The failed Cyber Intelligence Sharing and Protection Act (H.R. 624), also known as CISPA, was designed, more than anything else, to make it easier for organizations like the NSA to gather this information with the goal of working to protect U.S. interests.
Under the Foreign Intelligence Surveillance Act (FISA) and the Patriot Act, metadata can be gathered at any time, for any reason, without subpoena, and without suspicion of any crime. If the FBI or other investigative body finds information that they deem interesting, and can claim it is potentially related to international terrorism or spying, they can then get a court order without showing any additional probable cause. There is a ton of case law that says that basic phone call information is not protected under any privacy laws – “unreasonable search and seizure” does not apply to a list of phone numbers. The same goes for a variety of other information that most people would assume is private, like the location information in your phone’s GPS, information about where you browse when you use your computer, as well as geographic and time data from any cell phone pictures that you make publicly available are all relatively fair game, and can be obtained by law enforcement without showing probable cause.
Somehow, the age of an email or a text message makes a difference in how it is handled. If an email or text message is new, a warrant is needed. But if the email or text message is older than 180 days, there is no legal need for probable cause; the information can simply be subpoenaed. The same is true for email drafts. (This is a common tactic for nefarious evil-doers - to share a single email account in which they leave emails in draft folders. They can just read the drafts and delete them without ever sending anything. This is, by the way, what General Petraeus was doing in his email exchanges with his mistress). They can also be accessed with a lower level of legal “proof” requiring a subpoena instead of a warrant.
FISA and the Patriot Act give U.S. government data gathering and investigative organizations a lot of freedom over what they decide to gather and enables the gathering of that data through simplified legal means. The government has enacted this various legislation for years, all with the purpose of making this information more accessible.
Should we be so surprised that some agencies are now taking advantage of the information available to them?