Civil Defence today

The NSA, GCHQ & Snowden

I have recently finished reading the book The Snowden Files by Luke Harding. It is an excellent insight into the events surrounding the publication of some of the most explosive documents released from America's intelligence Community. This page is designed to give an overview of some of the key points for discussion. Please feel free to use the comments box below!

Edward Snowden

Edward Snowden was a contractor with America's National Security Agency - the NSA. He became aware that following the events of 9/11 and behind the backs of the relevant bodies, the NSA started hoovering up people's internet metadata.

Metadata is the internet equivalent of your letter's envelope. In fact the internet works by sending "packets" of data and the envelopes tell the internet technologies where and how to process the "packets" of data. An email header (metadata) tells you quite a bit such as the time it was sent, from whom, to whom, what country the sender / recipient are in and the subject line to name just a bit.

With a vast collection of Meta data it is the NSA's project to build up a picture of who is connected with who. However what happened after 9/11 was that the White House gave permission for the NSA (outside of the legal framework) to begin the data collection.

Edward Snowden became disgruntled at what he saw as abuse of the internet and so decided to approach various journalists to reveal exactly what the NSA was up to. His revelations had international significance but the question does remain, how much has actually changed as a result?

What are the NSA and GCHQ doing?

The NSA and GCHQ have a number of programs for gathering different types of internet metadata. Obviously many we don't yet know of, but some of those contained in Luke Harding's book are contained below:

  • Stellar Wind - liaison with US internet and telephone companies to provide metadata information. This was the first of the major mass surveillance projects and was given the official green light in a secret ruling in 2006.
  • Prism - Apparently the NSA has secret access to the servers (core data hubs) of big US internet companies such as Google, Facebook and others.
  • Boundless informant - NSA mapping of all secret data to specific countries.
  • Tempora - Joint GCHQ/NSA project in based in the Cornish town of Bude to listen into international undersea cables and grab metadata. The cable owners such as BT are referred too as "intercept partners" by the program.
  • Upstream - As much of the global internet traffic passes across the United States, this program, similar to tempora catches this passing metadata traffic. It is also contributed too by various listening posts around the world.
  • Bullrun/Edgehill - as much of the worlds data is encrypted the NSA and GCHQ needed to try and decrypt it. The more troubling part of this program was the creation of backdoors into commonly used data encryption standards such as Dual_EC_DRBG random number generation used by RSA Security. The potential NSA change was found back in 2007. These were designed to weaken the strength of the encryption so that should the NSA need to, it was able to read securely encrypted data.

This is meant purely as a summary but is a fascinating insight into how our security agencies wanted to "master the internet". A fascinating list of the various monitoring techniques employed in the UK can be found on this wikipedia link. Additionally a couple of interesting BBC articles can be found and here.

So is it wrong?

The clear arguements used in favour of mass surveillance is the threat from terrorists and criminals. So it looks like a debate of privacy v security. Do you want security - to know criminals are being stopped or do you want privacy? Many in Europe want the latter having had years of Soviet oppression and those in the US see privacy as their constitutional right. Those of us in the UK are often more retisant.

Under Labour - according to the BBC article above - the previous government tried to introduce a database of all phone calls, and emails but it never happened due to widespread disagreement it. So if something like this was to receive official support it should get parliamentary agreement. Without it the policies are somewhat dubious.

In the UK if the government believes someone needs to be monitored then the Home Secretary must issue a warrant for the intelligence services to monitor them. Mass surveillance runs counter to this and has the potential for innocent people to be labelled as criminals or terrorists.

But clearly we don't want many of the internet crimes of abusive images and propaganda being spread around. The intelligence agency heads tell us that due to the Snowden revelations their work is harder as we turn to securer internet options which don't give out metadata so easily. The agencies also advise us that they weren't monitoring individual people or looking at yours or mine internet activity ... that is unless we were unfortunately connected with someone of suspicion.

So what is the balance? Share your thoughts below:

comments powered by Disqus