The ripples from Edward Snowden's whistleblowing on NSA surveillance tactics continue to be felt. What are the biggest takeaways for those in the technology field?
Despite the deep indignation that many people feel in the IT industry and even in the general population, things would have been a lot harder for the NSA if people fought them every step of the way. But the truth is that in most cases, people and companies preferred complying rather than fighting a costly and potentially dangerous battle. Two senators revealed that phone companies like Verizon and AT&T were willingly giving away phone records for over seven years before things became public. Most executives faced with a gag order and special secret orders prefer to give in rather than risk their careers. And any large company based in the US would have to be very brave or have a lot of political clout to challenge these orders.
But it's not just the companies that were trapped, it's also individuals. The NSA and other spy agencies employ thousands of people to create the technologies and processes that allow them to accomplish this unprecedented intrusion into our daily lives. For every Edward Snowden, there are many others who said nothing and kept working. Now this isn't a stab at anyone in particular; a number of people, especially in the government, believe Snowden is a traitor and want to see him imprisoned, but to many, he is a hero. The only thing that stops secrecy is openness.
I won't try to debate whether the NSA or any other government agency broke the law, since this will continue to be an ongoing discussion. Lawsuits may be launched, but the fact remains that the government construed what they did as legal, an argument more easily made due to post-9/11 laws like the Patriot Act, which gave broad powers to carry out surveillance. If companies were complying with what they perceived to be legal requests, resistance from executives or IT would be an extremely difficult path to follow.
The NSA is storing over a billion emails every day, to say nothing about phone calls and instant messages. And in this case, technology is their ally. As storage becomes cheaper and network pipes become bigger, the governments will gather more and more data. They are building massive buildings whose sole purpose will be to analyze and store this data. Already we have indications that they aren't just focusing on several individuals or sites, but instead using broad strokes to get as much as they can, in order to have the data for future use.
Many have started to draw parallels to the pre-crime concept from the movies, where someone is deemed risky, or perhaps even guilty, based solely on patterns from their online usage. Spend too much time in particular Facebook groups or on suspect sites? Better remove you from society, just in case. These are chilling thoughts that many may believe will not come to pass, but already people are denied from flying or have had their visas revoked by arbitrary government decision based on data analysis.
This isn't an American problem, and it isn't a foreigner issue either. Time and again it's been shown that these programs target a large amount of individuals. And if one agency isn't going after a particular group, like the NSA assurance that they are never purposelessly targeting Americans on US soil, we know they communicate constantly with the GCHQ in Britain and other organizations all around the world. The chips continue to fall now in other countries as disclosures about Australia's spy agency activity and Brazil's are just hitting the news.
Many believe that NSA spying can only be affected by massive responses, or that it will be settled through hearings and law changes in the House and Senate. But something like this requires both a political discussion AND a technology response. The Internet was created by IT pros like you, and the next decade will be shaped by people like you as well. If you believe massive secret surveillance shouldn't be enabled by inaction, insecurity or lax privacy policies, then there are things you can do to influence those areas.
Already things are changing based on the Snowden leaks. Google has started encrypting more data between its servers and users and many sites are now using Perfect Forward Secrecy so that even if SSL keys are forcibly disclosed, none of the past conversations can be unencrypted. This may be a problem in need of a political solution, but technology will always have a much faster impact than legislation.
What do you think the far-reaching consequences of these stories will be for technology?