4 min read
Based on recent reports, it sounds like the NSA is regularly collecting data from major phone companies, nine major tech companies, and from credit card companies and ISPs (although it's not clear whether the credit card/ISP data collection is ongoing or intermittent).
The list of companies participating includes many major players within the States; it's difficult to imagine anyone using any technology within the States not using at least two of these companies on a daily basis. Most people likely use more. The list includes:
Many of the companies involved have issued carefully worded denials, generally including the phrasing that says that the companies never gave "direct access" to servers, and only shared information when "required by law." However, the phrase "direct access" is so vague as to be meaningless, and the program that allows the data grab could be legal under some interpretations of the 2008 FISA update (pdf download).
Even small amounts of data can have incredible predictive power. A blunt data point such as Facebook "likes" can predict politics, sexual orientation, and be indicative of IQ. Some initial research suggests that "likes" can be indicative of health issues. Anonymized search data can reveal incredibly detailed, troubling information. Small amounts of anonymized data can be used to pinpoint individuals. Access to past location information can lead to precise predictions of where a person will be at any time. The details that companies store - and can therefore share - is pretty amazing.
And, of course, with the data the US government has been collecting, they have an incredible trove of information. From the phone carriers, they have the time and duration of all phone calls. They have the location where these calls were made (possibly from the phone's GPS, and certainly from cell towers). They have the list of who talked with whom. They likely have comparable data from Skype.
A variety of these companies give the government access to friend lists, search histories, browsing histories (think Facebook ads; login "services" from a company on websites), productivity work (Google apps suite, MS productivity tools). From Apple, there is a range of buying patterns and services; if you used the "find my iPhone" service, you've given them some very accurate location data. I'd also imagine App Store browsing habits could be interesting. Getting all of these data points in a single location, where they can be cross referenced, provides an incredibly detailed look at the data footprint created by individuals.
For schools who are teaching media literacy and safe online browsing habits: how do you teach online safety and privacy in a world where there is effectively no privacy setting?
For schools that are launching 1:1 iPad initiatives along with Google Apps: how do you talk about the privacy of student data when the company responsible for safeguarding your student's information could be handing it over to the government? The move to hosted services - such as Google Apps for Education or Microsoft EDU - has been a steady move toward convenience at the cost of privacy. At what point does that cost become too high, or too unpredictable?
The details are still coming out on this story, but the outlines that we have now show that any notion of online privacy needs to be rethought.
On a closing note, why is it that our government and our tech companies can work together to assemble the technology to spy on our entire citizenry, but can't work together to get benefits to the veterans who fought to protect the freedoms our government and corporations are now trampling? Priorities, people. Priorities.
For those wanting to learn more, Bruce Schneier has a good writeup on the details of the spying program, and its implications.