Why is the NSA spying on us?

Secretly collecting call data on millions of Americans won't do much to stop terror. So what is this data really being used for?

Here’s a news flash: You’re not just paranoid. Your government really is spying on you. And while the Guardian’s blockbuster scoop last night concerned the NSA collecting data on Verizon customers, it’s a reasonable assumption it has similar orders in place with AT&T, T-Mobile, Sprint, and any other carriers you can name.

Someone leaked a copy of a secret FISA court order approving NSA collection of three months worth of Verizon call detail records to the Guardian’s Glenn Greenwald, who proceeded to publish it. As the Washington Post's Ellen Nakamura notes, it has the look of boilerplate orders that have been issued since 2006 and get rubber stamped every three months.

The document proves what many have long suspected: That the wholesale surveillance of our phone, email, text messages and more that started under the Bush administration post 9/11 has continued unabated ever since.

What can the NSA learn about you, exactly, from this data?

It can learn who you called, when you called, how often, and how long you spoke. It can know exactly what device you used and your location when you did it, as well as the device and location of the person being called.

While the court order doesn’t allow Verizon to reveal personally identifying information, it wouldn’t be hard to get. It also doesn’t let the NSA know the content of the communications – it’s not a wiretap -- but it would be a convenient first step toward obtaining a warrant for that information, too.

The defense the government has used in these circumstances, the justification under the section of the Patriot Act the NSA was relying on for this order, is that such “call record” information isn’t private. It’s shared with a third party (the phone company) and thus has less protection under what is known as the “Third Party Doctrine.”

Per The Guardian’s James Bell:

The government has long argued that this information isn't private or personal. It is, they say, the equivalent of looking at the envelope of a letter: what's written on the outside is simple, functional information that's essentially already public.

That argument is incredibly lame for several reasons. For one thing, this isn’t a case of a letter falling out of a postal carrier’s bag; this is tens of millions of letters being culled and sifted every day, with the data recorded, stored, and analyzed.

You may be able to read the return address on the envelope, but you wouldn’t know my location when I mailed it, and you wouldn’t know the computer or pen I used to write it. Here, the government can glean all of those things.

The location data alone is particularly sensitive. A US Appeals Court justice wrote the following:

"A person who knows all of another travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups and not just one such fact about a person, but all such facts."

So the question becomes, why does the NSA feel the need to know whether we are all regular church goers or unfaithful husbands? Why, in order to allegedly thwart terrorists before they strike, does it need to gather up data about all of us?

Now there are good reasons for gathering data about who a terror suspect calls. If subject A regularly calls suspect B and C, and those two people each call four to six others apiece, then you have a network of 10 to 15 people who may or may not be involved in some kind of evil conspiracy. Hopefully you’re able to discard people who are totally unrelated to any kind of plot (like, say, the pizza joint that delivers them food) and concentrate on potential bad guys.

The problem with this kind of all-encompassing data gathering is that we’re all suspects until we’re discarded by the NSA. And not just for terror. Any other possible criminal conspiracies we might be involved in can also be detected in the same way. That is why more than 99 percent of cases where investigators have used the Patriot Act to obtain information have nothing whatsoever to do with terrorism.

Of course, to a computer, a terrorist hatching plans via phone probably doesn’t look all that different from a PTA mom running a calling tree to arrange afterschool pickups. That’s the problem with data mining; false positives can have deadly consequences.

But let’s look at this from another perspective. Say you’re a terrorist. You know the NSA or some other three-letter-agency is probably trying to locate you using your phone (since they’ve been doing that since at least 2005). What are the odds you’re going to use your phone to communicate with your fellow jihadists? Wouldn’t you find some other more secure way to communicate, the way spies have been communicating for centuries? Don’t you think they’re smarter than that?

So we’re back to the basic question: Why is the NSA collecting this information? How is it planning to use it? I doubt the answers are going to come easy. But we need to keep asking the question until they do.

Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blogeSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Web trackers are totally out of control

Further adventures in data mining, or welcome to my Lear Jet Lifestyle

Four reasons why Do Not Track turned into Do Not Trust

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon