What Does The NSA Know About You?
All the talk about NSA spying makes people nervous. You may be wondering, 'What does the NSA really know about me?' The spy agency isn’t telling, of course. But we can look at what's know, what's possible and infer the extent of any dossier the NSA may or may not have on little old you...
NSA Spying - What We Know and Don't Know
Let's start with email and phone. The NSA has not been reading everyone’s email, or listening to every phone conversation. There are not enough human eyes and ears in the world for that, even if everyone (except you, of course) was on the NSA’s payroll.
It's doubtful that there's even enough storage and compute capability to stash every email and voice communication, then search them on demand.
What we do know is that the NSA has been collecting email “metadata” – information about who has been communicating with who, dates and times of communications, and the locations of the communicators. Remember, the NSA is authorized by law to spy only on foreign activities. There's been some chatter that if you email anyone outside the U.S., that may qualify as you as participating in "foreign activities." We just don't know the truth or possible extent of that.
To see what the NSA might infer from the metadata of your email, try M.I.T.’s “Immersion” Web app (https://immersion.media.mit.edu/) Immersion builds a diagram of your email network and activity. With circles of various sizes connected by lines, it shows you visually and numerically the person(s) with whom you have exchanged email most often. Immersion works only with Google Mail, Yahoo! Mail, or Microsoft Exchange email accounts. You will have to authorize Immersion to access your email, but after viewing the results you can control whether the information is saved on Immersion’s server or deleted forever. If you trust M.I.T more than the government, give it a whirl!
Likewise, the NSA does not record every phone call, let alone have live human beings listen to every call. What the NSA has done is demand phone companies’ records of what numbers called each other; how long they were connected; and perhaps the approximate locations of the phones to which the numbers were assigned. Courts have rules that these records are not protected by the 4th Amendment because they are not your property; they are business records that belong to the phone companies and which may be subpoenaed just like any other accounting records.
The problem that privacy advocates see here is that the spy agency is requesting ALL phone records, not just the records of suspected criminals. NSA promises that they would never misuse this information, but there are credible reports that NSA staffers with access to this information did use it to spy on spouses and ex-lovers.
What About Google, Yahoo and SSL?
The NSA has not “infiltrated” the data centers of Google or Yahoo to obtain users’ emails, documents, multimedia collections, etc., as too many rumors have said. The NSA has tapped the communication links that transmit data into and out of those data centers. The practical difference is negligible; the NSA does end up with staggering amounts of data that is stored in the data centers. But the agency claims that it discards captured data that does not concern “foreign intelligence targets,” just as a cod fishing boat discards any fish that are not cod. The NSA’s claim makes sense because, as I keep emphasizing, there simply isn’t enough manpower to study every YouTube video, email, and so on.
Yes, the NSA can probably crack the 1024-bit encryption used by security protocols HTTPS and SSL to scramble data as it whizzes across the Internet. But it requires lots of time and computing power to decrypt any given message. And as far as we know, the state of the art doesn't yet permit this to happen on a massive scale. Whether the agency has done so and what harm has resulted is unanswered. If it brings you any comfort, most secure online communications will soon be using 2048-bit encryption, which is supposed to take about 4 billion times longer to crack.
Yes, the NSA can intercept Windows crash reports on their way to Microsoft’s headquarters. Such reports can indicate vulnerabilities in the reporting machine and enable intrusion into the machine. It would be very surprising if such reports were protected by super-strong encryption; I don’t see how that would earn Microsoft a dime. The NSA studies only crash reports of specific Windows computers in which it has a significant mission interest: “foreign intelligence targets.” If you’re not one of those, the NSA is unaware of why your computer crashed.
Is Your Smartphone or Computer Vulnerable to Snooping?
Another distorted report is, “The NSA has backdoor access to the iPhone and many software programs.” The truth is that we don’t know if such back doors exist or not. All we know is that the agency worked on developing software that would open a secret passageway into the iPhone way back in 2008, a year after the iPhone debuted. Whether the work was successful is unknown. Apple strongly denies any such claims.
The NSA’s Office of Tailored Access Operations develops custom solutions to the problem of gaining access to specific computers; specifically, computers used by foreign operators. It has been reported that this operation has made it possible to install specialized spying hardware and/or software in computers that were shipped to suspected bad guys. It has nothing to do with hacking into your U.S. home or business computer, or wifi network.
In late December, 2013, news media published highly misleading reports that the NSA had “essentially” tapped undersea international data pipelines. The use of hedging words like “essentially” are a tip-off that someone is lying. Careful reading of reports from legitimate news media reveals that there is no evidence that the NSA intercepted any data carried by those undersea cables.
The leaked NSA documents upon which these reports and rumors are based reveal only that the NSA discovered vulnerabilities in the international data transmission system. This is no more surprising or alarming than security researchers discovering vulnerabilities in Windows; until it is shown that the NSA did something nefarious with its knowledge of such vulnerabilities, these stories remain in the realm of rumoe and speculation.
Is It Legal, and Should I Worry?
On January 17th, President Obama essentially gave the NSA the green light to continue all of its present activities, with the caveat that the NSA should not store the phone records they are granted permission to access. Some argue that all of these spying programs are essential to keeping Americans safe from terrorist threats. Others say that the government is going too far, and worry that the data could be used to target or harass citizens for reasons that have nothing to do with terrorism. It appears likely that some additional limits or safeguards will be placed on NSA by the courts or Congress.
I am not defending the NSA; I am defending the truth. The news media has been led (quite willingly) by people with their own ulterior motives to distort the truth and incite fear and panic among the population of the world. It’s time to cut the FUD (Fear, Uncertainty, and Doubt) and stick to the facts.
The facts as far as I can tell say that the NSA is not reading your emails, nor are they listening to your phone calls. They do have the capability to discern who is calling who, when and where. But the courts have ruled that this is permissible, and that this data should only be used to target suspected criminals. My opinion is that if you frequently communicate with people in Kazakhstan and Yemen, you might need to be worried. Otherwise, keep calm and carry on.
Your thoughts are welcome on this topic. Post your comment or question below...
This article was posted by Bob Rankin on 21 Jan 2014
|For Fun: Buy Bob a Snickers.|
Free Microsoft Security Tools
The Top Twenty
Geekly Update - 22 January 2014
There's more reader feedback... See all 23 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- What Does The NSA Know About You? (Posted: 21 Jan 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved