Can you trust the NSA, the Internet giants, or your IT department?
In a world where privacy is fast becoming an illusion, pay attention to Benjamin Franklin's famous warning that "three may keep a secret, if two of them are dead."
The major consumer Internet companies accused of opening their systems to the NSA in the initial coverage of the Snowden leaksthat they would bow to legally questionable uses of Section 215, and are by allowing for disclosure of surveillance requests details.
Sen. Dianne Feinstein (D-Calif.), chairwoman of the Senate Intelligence Committee, stated that the "vast majority of the records in the database are never accessed and are deleted after a period of five years. To look at or use the content of a call, a court warrant must be obtained."
Following a classified briefing Wednesday about undisclosed NSA surveillance practices, Rep. Loretta Sanchez (D-Calif.) said, "What we learned in there is significantly more than what is out in the media today." She further said, "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too."
Alexander said on Thursday that he would disclose next week some further data about the NSA surveillance practices to give the public with a better sense of the value of the programs.
After the congressional testimony in open and closed sessions, it's still unclear exactly how much or what data the NSA has been vacuuming up from phone companies and the digital footprints of citizens, or precisely where the bar has been set for FISA courts to approve requests to access data on the servers of companies such as Google, Facebook, Microsoft, Apple, and Yahoo.
Whatever may be the actual level of NSA snooping, sucking in all the data from telephony and Internet services, or filling the sky with drones to watch everyone on the planet, isn't the most trust-inducing or efficient way to prevent terrorist attacks or even street crimes. Surely, the wizards of the NSA have less invasive techniques and can apply more precise targeting for finding the needles in the haystack than laying claim to the Internet.
At the same time, most U.S citizens seem less concerned about what they expose online, and how companies like Google, Facebook, Amazon, Microsoft, and Yahoo use their data.
Yahoo, for example, collects data on more than 800 million visitors per month. This activity is detailed in the site's Terms of Service policy, which few actually read or understand. Like Google and most Internet mail providers, Yahoo will "scan and analyze all incoming and outgoing communications content sent and received from your account" and use your account profile information to "match and serve targeted advertising" to you.
Yahoo's general policy states:
Yahoo! collects personal information when you register with Yahoo!, when you use Yahoo! products or services, when you visit Yahoo! pages or the pages of certain Yahoo! partners, and when you enter promotions or sweepstakes. Yahoo! may combine information about you that we have with information we obtain from business partners or other companies.
When you register we ask for information such as your name, email address, birth date, gender, ZIP code, occupation, industry, and personal interests. For some financial products and services we might also ask for your address, Social Security number, and information about your assets. When you register with Yahoo! and sign in to our services, you are not anonymous to us.
Yahoo! collects information about your transactions with us and with some of our business partners, including information about your use of financial products and services that we offer.
Yahoo! automatically receives and records information from your computer and browser, including your IP address, Yahoo! cookie information, software and hardware attributes, and the page you request.
Yahoo! uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.
Of course, the Internet services have Terms of Service about confidentiality and security pertaining to access by employees to user data. Yahoo, for example, states: We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs.
And, certainly it's in their best interest to maintain as much trust as possible with users. Nothing sours one more than a breach of trust, whether it's a bank with your money, a friend with your secrets, or Internet services at the center of your digital life.
So in a world where privacy is becoming an illusion for anyone on the grid, it comes down to a question of trust. If a low-level Booz Allen Hamilton consultant with a high-level security clearance can expose top-secret materials, your personal data living in Facebook's servers or your company's IT department could be compromised by a rogue employee with legitimate access to the data or a cunning cyberthief. As Benjamin Franklin famously said, "Three may keep a secret, if two of them are dead."