Could we be getting “NSA fatigue”? No, I’m not talking about the obvious weariness that we have about the National Security Agency’s actions. I’m talking about the news. Has there simply been so much that has come out about their activities over the past few months that blockbuster news doesn’t even grab our attention anymore?
The latest and most nefarious activity is actually one that most would see as a repeat of the news. Google and Yahoo data centers and the lines that connect them have been tapped by the NSA. It sounds like everything else that we’ve heard so far, but this is far worse than the previous mentions of Google, Yahoo, and everything else that they’ve done. In the hand-drawn diagram above, you can see how the NSA simplified the Google hacking process, smiley faces and all.
This isn’t PRISM. That is court-ordered “front door” access to the data, but it’s limited in most cases to metadata which is annoying but not really exposing of the bulk of data (such as email messages themselves) that could do full-blown harm to our privacy. MUSCULAR, a joint project between the NSA and the UK’s GCHQ, is much more dangerous. It does not need the legal protection that PRISM needed because it deals with connections between data centers on foreign soil. In other words, communications with anyone outside of the United States falls under a completely different category and does not need to be authorized under Section 702 of FISA.
They didn’t go to Google or Yahoo and compel them to open their data. They didn’t have to. They hacked their way in. Unlike with PRISM, Google and Yahoo claim that they were unaware of the activity of MUSCULAR and they’re probably telling the truth. The NSA and GCHQ would not have wanted to let them know that their encrypted internal lines were being tapped.
Regardless of who the intended recipient of the communication was, MUSCULAR is protected. Unfortunately, that means that communications between US citizens can fall under this collection of data legally because of one very important component of Google, Yahoo, and just about every other major tech company in the country. This affects the cloud.
To maintain integrity of large systems, data is constantly transferred from one data center to another to have backups of the backups. You could email your wife’s computer 4 feet away and that data will likely find its way crossing international lines at some point, thus being subject to the scrutiny and data collection of MUSCULAR.
One of the scariest parts of all of this is that the tapping of these lines was considered nearly impossible until now. Both companies use gold-standard security measures and complex encryption that shouldn’t be able to be tapped. To get one is amazing. To get more than one was considered virtually impossible. They may have done this to dozens of large communications companies, which would make the NSA the most talented (and dangerous) hacking unit known to man.
Then again, with enough funding, even common hacks can find a way around any system.
The side-effect of the Snowden revelations
While most would admit that having this information and all of the other revelations about the NSA’s activities that have been leaked in the past several months is a good thing for the sake of the world, there are two things that are suffering tremendously as a result. One is obvious: US relations with enemies and allies around the world is being taxed to the extreme. The world didn’t trust the United States before Edward Snowden showed how untrustworthy the US government was. Now, it’s even worse.
The other side-effect is less obvious and more dangerous. The reason that MUSCULAR and similar programs are able to succeed is because there is not enough of a unified front when it comes to how communications are handled around the world. FISA handled domestic programs but has no jurisdiction over international programs. The world needs to be heading towards a more unified communications infrastructure, not into isolation mode.
As strange as it might seem, organizations like the NSA and GCHQ do not want worldwide standards. Those standards would mean watchdogs. They would mean more powerful protections. By encouraging countries to become isolated in how they handle their communications, it becomes easier for the powers that be to tap into any and all of them. From this perspective, one might even make an absurd assertion that Edward Snowden did them a favor. It may not have been the result that they wanted, but now that it’s here, it’s a silver lining to an embarrassing and damaging situation.