With all the recently light put on the NSA and the various government agencies, it's hard to look away. Somewhat like a digital car crash, everyone has passed these articles in random browsing, pulling bits and pieces from what seems to be a extremely big problem. I've heard a lot of people say, "Hey, if they want to spy on me, let them. I have nothing to hide!" The issues with this, however, is that this isn't just a case of gathering data, but the means to do so.
Being in IT, the idea of the "government" watching you at all hours of the day, everything you do is pretty far fetched. Granted, they can or do collect metadata on the things you may do, such as snippets of code and tracking data, but the idea that all communication is watched is near impossible. There are several technological feats you'd have to overcome to do so. One, being the ability to store this information would require massive amounts of storage, and the server architecture to support it. Second, you'd need massive amounts of processing power to filter these pieces of information. No easy feat, even for a large government entity.
Here's where the scary information comes in. Several private companies that are major players in the technology field have publicly released the amount of requests of information received by government entities under pressure from the public. These requests, for the big companies like Google, Microsoft, Facebook, Apple and others are in the thousands within a few months. Yahoo's request total was 12,000 for the last six months. What's troubling is under FISA (Foreign Intelligence Surveillance Act ), companies aren't allowed to disclosed who exactly requested what and at what rate were they actually given data. Furthermore, the checks and balances of these agencies requesting this information is incredibly unchecked, and under current law require no warrant or approval needed to eavesdrop on foreign communications. All requests are pushed through a FISA court, of which no requests have been declined. This is incredibly troubling, given the fact that Americans can communicate with foreign entities, and have their communication watched in error.
What really brought this to heart for me was recent news from Microsoft. I support, along with most IT professionals, predominantly windows-based networks. Windows Server and Windows Desktop/Laptop clients are the bread and butter of most of the IT world. What's worrying is Microsoft recently admitted to giving the government "first dibs" at zero-day threats, security holes and bugs in their software. This gives a group the power to possibly exploit machines and steal data. Several other security firms, such as McAfee, have given critical data on their findings as well as bugs in their own software to aid in thwarting attacks, but may have given them the keys to the kingdom. With the recent uses of malicious code such as Stuxnet and Flame, often tied with the DoD and NSA programs, this is especially troublesome. It says that not only are these pieces of critical security information being used to protect government networks, but also to attack others.
So, with all these issues with transparency and the possibility of major over use of power, it's simply no longer acceptable to condone this practice. I can tell you, from a IT person, this scares me. Not that I'm afraid that they think I'm participating in nefarious activities (I can assure you I have plenty to worry about, such as bathing two kids!), but the implications of this policy. It's been stated that these programs stop terrorist plans and attacks from materializing, yet, we seem to keep going further down the rabbit hole of surveillance. Why isn't it proposed that we stop behaving in ways that make use targets, so that a lot of this isn't necessary. Granted, governments like China and other Hacking groups would make that hard, but taking a look at how our policy affects the world wouldn't hurt. History has shown that whatever we give the government, it never gives back. Safety is hardly a good sale for essential freedoms, and when it comes to the never ending need for more and more private information, it should not be handed over without just reason.
Sources:
