The Edward Snowden Affair (42 page)

Unlike a first-party cookie, which initiates a discussion between a user’s computer and a specific website, a third-party cookie is equivalent to someone eavesdropping on a person’s power lunch conversation and selling the transcript to a competitor. One method software designers use to hide third-party cookies is by embedding them in advertisements. When an individual enters a website with an ad, a third-person cookie is set. If the user moseys over to another website with an ad by the same company, a notice of the individual’s continued interest—including the time, date and computer’s IP address—is sent to the business. By this time, the third-party cookie is controlling a person’s computer. When someone looks at shoes on a retailer’s website and then checks the local news, only to eerily find an ad of the footwear in a sidebar, a third-party cookie is at work. Third-party cookies essentially track and stalk Internet users.

Aside from the invasive privacy violations, there are drastic, long-term psychological effects which result from the repetition of third-party cookies’ advertising. Many were confused by Snowden’s objection to surveillance on grounds that it stifled creativity and free thought. When an ad is designed to reappear time and again, it is reinforcing an idea or brand image in a potential consumer’s mind. The Familiarity Principle states a person becomes more comfortable and accepting of an image the more frequently it is encountered. This is basic biology. Familiarity instills trust, often at a subconscious level. Though customers believe they are expressing freedom of choice by picking Brand X over Brand Y, they may be unaware they saw Brand X in a sidebar while browsing online recipes the week before. They purchase Brand X without realizing the subconscious motivations for doing so. They have literally been brainwashed.

Data brokers take their information, organize it into concise little profiles, and offer it to anyone with an open checkbook. This includes the obvious customers, U.S. government and corporations, but they have other steadfast clients. Many “people locator” websites purchase data mining profiles and resell them to the general public. For a nominal fee, anyone can access a person’s birthday, place of birth, current and past residences, family relations, social security and phone number, educational background, email address, place of current and former employment, and medical, property and court records. Medical insurance firms are curious whether a potential client prints Internet coupons for over-the-counter headache medicine and pays in cash to avoid a rate-hiking paper trail.
⁶⁰
Employment agencies want to know an applicant’s hobbies and proclivities without having to ask. Loan companies are interested in a candidate’s choice of recreational locales, be it a casino, truck rally or library. Once this data is combined with receipts from many of the major corporations, buying habits are then merged with wants and desires. The result is a very concise, detailed picture of an individual’s possessions, activities and goals. This is then compared to established buying patterns. The end result is daunting. The owner of an analyzed profile knows who a person was, is, and is going to be. Corporations refer to this as market research. Privacy advocates consider the process an infringement upon the Fourth Amendment and argue third-party cookie usage violates the last sanctuary of privacy, one’s thoughts. Orwell’s prophecy is modestly conservative by 21
^st
-century standards. The main character in
Nineteen Eighty-Four
believes, “Nothing was your own except the few cubic centimetres inside your skull.”

The surveillance debate has intensified since June 5 and lent new perspectives upon the concept of the safety technology can provide. The underlying political issue is who has the right to particular varieties of information.

The public believes there are two types of conversations, public and private. The intelligence community doesn’t agree. In the Internet Age, a person can “Like” the activity of fishing enough to let the world know by making it public knowledge on one’s Facebook profile. The individual can also choose to obtain a vanity Facebook URL by confidentially submitting one’s telephone number to the social networking site. The phone number is used for authorization purposes to verify the request is coming from the Facebook account holder. Though it is not placed online, the number is nonetheless (questionably) stored on the company’s servers. David Omand, former head of GCHQ, has no problem with collecting the publicly-known fact Bob likes fishing along with his cell number via Facebook’s FISC order permitting the U.S. government access to the information.
⁶¹
For the watchers, there is no line dividing what an individual puts on the Internet and what people have privately entrusted to another party, be it a website, bank, doctor or telephone company.

Government spies also scoff at the notion of intellectual property rights. Bought-and-sold politicians agree. If something is publicly or privately posted online, it automatically becomes the property of the website’s owner. (This is also why most businesses permit and encourage employees to use their company-issued phones and email accounts for personal communications—the firms have legal license to review an employee’s private network and communications, because they own the devices and programs and therefore the data on them.) It is an absurd proposition analogous to stating an individual surrenders rightful ownership of a vehicle to a bank when it is parked on property whose tenant has yet to pay the mortgage in full. This policy refuses to acknowledge the resources and labor provided by the Facebook account holder, i.e., the computer used to access the social networking site, time it took to create a profile and mental ingenuity in deciding how and what to say about oneself. It is understood that the website has issued the venue which, in turn, makes the information available worldwide but the skewed exchange undermines the statement that profiles are “free.” No profit sharing is offered the user. Without account holders, social networking sites would be empty voids on lonely servers and not multinational corporate affairs.

In the surveillance communities’ opinion, everything is public domain and no one has the right to ask “Do you mind?” to someone eavesdropping on a conversation. Their argument is that if a person doesn’t want what is being said to be known (by whomever), the individual best not speak at all. In the cloakand-dagger world of data mining, the person having a discussion cannot reasonably expect privacy, because the individual is voicing one’s thoughts, period. It does not matter whether they are spoken in confidence and directed to a particular person, much like an email is addressed “To: Bob” and not “To: Bob; Bcc: The NSA.” If the speaker is naïve enough to say something at a volume where a microphone can detect it, it is
de facto
public knowledge. Whereas government surveillance only exchanges the recorded conversation with its own kind, corporate surveillance broadcasts the discussion to anyone who is willing to pay to hear it. In the surveillance world, the only guarantee of privacy is dead silence.

The U.S. government knows the difference but deliberately ignores it. It does not want a distinction to be made, because it would restrict its power and the power of those who fund political campaigns: defense contractors, telecoms, Internet companies, corporate retailers, fast food enterprises and multimillion-dollar data mining firms. The last thing the U.S. government or private business wants is account holders to have control over their own information.

Snowden’s skepticism of political solutions is understandable. The people who were hired to watch the watchmen did a poor job. American citizens were told their rights were being protected as a secret oversight court rubberstamped itself into extraneousness while never bothering to see what the NSA might be hiding. Regardless whether a new law is created or a task force is assigned, it can be expected that parties in possession of private information will continue to swear a consumer’s data is sacrosanct and they would never dream of violating a client’s privacy; all the while information is being steadily placed on the open market, swapped and surveilled. Every data mining opt-out form absolves itself by including the clause that the representative business cannot guarantee a person’s information will not conveniently fall into the company’s lap at a later date. If a causal web search produces an individual’s home address alongside the resident’s place of employment, a robber can look up the employer’s hours of operation and know when the house will likely be vacant. When situations like these are presented to those in power, the ball of accountability is bounced back and forth as witnessed when the U.S. government and telecoms pointed the finger of blame at one another after Greenwald exposed Verizon. No one is held accountable, violations continue and people are put at risk. Snowden was correct once again. Current surveillance practices make us less safe.

Regardless of how futile a circumstance may appear, it is instinct to try to defend oneself from perceived harm. Both businesses and private citizens reacted to the disclosures, some rather violently.

The NSA leaker’s influence upon world economics has already been felt. Two months after the first disclosure reports showed cloud services’ security had been compromised, 10 percent of network-based services and storage units provided by U.S. companies had been lost.
⁶³
It is estimated American businesses will lose $35 million over three years to foreign cloud enterprises.
⁶⁴
Simon Wardley, an executive at the Leading Edge Forum think tank, loved the surveillance revelations, because he knew the end result, “Do I like Prism? Yes, and God bless America and the NSA for handing this golden opportunity to us. Do I think we should be prepared to go the whole hog, ban U.S. services and create a 100 billon euro investment fund for small tech startups in Europe to boost the market? Oh yes, without hesitation.”
⁶⁵
One American business that ironically failed to suffer as a result of the Snowden affair was Booz Allen Hamilton. It renewed its contract with the U.S. government two months after Snowden went public. Along with 16 other companies, the intelligence contractor signed a six billion-dollar deal good for five years.
⁶⁶
Each company will average $75 million per year.

Of all of the responses to the Snowden affair by the American public, the most interesting and distinctive was its approach to technology. People quickly set to slaying the 21
^st
-century Argus, the all-seeing Greek god with 100 eyes for which the panopticon was named. Many fled from the U.S. government’s “architecture of oppression,” starting with the companies and products named in the disclosures. Google was replaced by search engines which allow users to surf the Internet anonymously.
⁶⁷
Likewise, Google Chrome and Microsoft Internet Explorer were traded for proxy browsers. The proceeding weeks would reveal this was one of the NSA’s greatest fears. Even though XKeyscore was shown to be able to reveal and decrypt information traveling through these pathways, the intelligence agency was reported to have difficulty tracking randomly rerouted, encrypted communications.
⁶⁸
Others understood Snowden’s logic as it was relayed to Appelbaum, “As a general rule, U.S.-based multinationals should not be trusted until they prove otherwise.” Aside from the 11 cited Internet companies, at least 69 international corporations have yet to be named. After quoting American novelist William S. Burroughs, “A paranoid man is a man who knows a little about what’s going on,”
⁶⁹
IT professionals suggested swapping Windows operating system with programs run by independent distributors. Security experts pointed out free, open-source software lets people see for themselves that a backdoor hasn’t been installed. Some found smartphone camera apps which do not log a picture’s GPS. Many reluctantly gave up Facebook, Twitter, LinkedIn, Instagram and Pinterest.
⁷⁰

The truly worried encrypted their home computers. They found similar technology for texting and calls. But they were aware this was a speed bump at best. Though one of the godfathers of encryption technology, Phil Zimmermann, observed, “The fact that they [intelligence agencies] use PGP [Pretty Good Privacy] for government users indicates that they haven’t broken it, otherwise they’d have stopped using it,”
⁷¹
Snowden had made one thing abundantly clear. When asked by MacAskill, “Is it possible to put security in place to protect against state surveillance?” the whistleblower responded, “You are not even aware of what is possible. The extent of their capabilities is horrifying. [ … ] Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place.”
⁷²
Even though he reported “encryption works” and suggested financially rewarding software and hardware designers which prove their privacy reliability, Snowden was aware the NSA’s budget is outpacing the whole of civilian technology. It is only a matter of time before Jaguar-cum-Titan peels back encryption as if it was a candy wrapper.

But one of the lessons learned from the disclosures is email is a damned-if-you-do, damned-if-you-don’t privacy conundrum. It had been shown that, left open, the NSA can easily read an email’s metadata and contents. If encrypted, it is NSA policy to capture, decrypt, read and store the communication. There was also the problem of location. Though Levison urged Internet businesses to operate offshore to evade unmerited NSL orders, it left no quarter for people wanting a secure email provider. An email service residing outside the Five Eyes’ domain generates a foreign communication signature and the NSA and GCHQ make of hobby of snatching up third-party and “foreign” data. Levinson opted to go without email.
⁷³
Most reluctantly admitted they couldn’t afford this luxury. They chose encrypted email accounts whose files were regularly dumped to dissuade potential court orders. Their argument is if American intelligence is going to surveil any and all electronic correspondence, the users could at least make it worth the spies’ time. Some even accentuated the point by mocking the NSA. Various pundits urged users to copy the intelligence agency into every email to save it the effort of having to track the communication.
⁷⁴
The outcome is referred to as a denialof-service attack, which slows or shuts down a server. These protestors are aware this wouldn’t stop the surveillance state, but content themselves knowing that it will at least consume NSA agents’ time and energy.
⁷⁵