Mathis Lohaus

FAQ: The PRISM leak & Edward Snowden

PRISM slide 4

OK, now that some of the dust has settled: What exactly is this PRISM program? Apparently, the idea is to collect information on patterns of communication (who talked to whom), and then look at potentially interesting contents (who said what). For metadata you only need a subpoena, for the contents you need a court order. The features look very impressive / scary:

With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. (Washington Post)

What I don’t fully understand is the targeting: In theory, this is aimed at non-U.S. citizens suspected of terrorism, nuclear proliferation and the like. But “incidental” collection of information about Americans is tolerated. And what about data protection treaties with other nations? The EU and Germany are not amused – but might have been informed and compliant to some degree.

A piece by ProPublica suggests that a lot of details are “unclear”:

Has the NSA been collecting all Americans’ phone records, and for how long? It’s not entirely clear. (…)

What surveillance powers does the government believe it has under the Patriot Act? That’s classified. (…)

Has the NSA’s massive collection of metadata thwarted any terrorist attacks? It depends which senator you ask. And evidence that would help settle the matter is, yes, classified. (…)

How much information, and from whom, is the government sweeping up through Prism? It’s not clear. (…)

So, how does Prism work? (…) The Post quotes a classified NSA report saying that Prism allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” not the company servers themselves. So what does any of that mean? We don’t know.

Please do read the whole article. Dan Drezner’s initial response from last week puts the leaks in perspective: What the NSA does is probably legal and backed by both Republicans and Democrats. So what we should really worry about is the U.S. Congress, not the NSA: More and more secret laws have been created and cannot be publicly debated.

So much for legal details and party politics. But there are even broader things to consider: For one, (perceptions of a) surveillance state undermines trust in the government as a whole, which is an issue for leaders of any political affiliation. Second, secret organizations per definition work very differently from those that rely on accountability, transparency and oversight. Putting ever more competencies in the hands of, well, spies is problematic because these mechanisms don’t work for them. A functional equivalent might be “a strong organizational culture and powerful professional norms”, but in his latest post on the issue Dan Drezner suggests that we should not rely on these in the case of the NSA.

OK, enough of this complicated stuff – what about Edward Snowden, the PRISM whistle-blower? 

After seeing the Guardian’s video interview with Snowden, my first thought was: The only thing more powerful than a whistle-blower is an eloquent whistle-blower! While Snowden’s prose somewhat resembles “dime store political philosophy from the Wachowski brothers” (Josh Busby / Duck of Minerva), I think that the high-profile video might have a bigger impact – by motivating future generations of “leakers” – than the revelations themselves.

So, is the man a hero or a traitor? Apparently you can’t have an opinion on this without using vile ad-hominem attacks or amateur psychology? Personally, I like Jack Shafer’s approach best: If we compare Snowden’s leaking to what is routinely done in Washington for political reasons, it becomes evident that others got away with bigger leaks. What matters is political clout and timing, and thus things don’t look too bright for Snowden… (Links are from Busby’s post at the Duck.)

How did the PRISM story develop? There are some conflicting claims about who Snowden talked to first: The Washington Post or the Guardian, or maybe someone else? The WaPo apparently failed to publish the whole 40+ Powerpoint slides with information on PRISM (out of concerns for national security), which reminded me of the final scene from The Three Days of the Condor:

Why the hell did he flee to Hong Kong? It has been argued that this was a stupid choice, since he may be extradited to the U.S. or nabbed by Chinese secret police. To me it seems that there are two good reasons to go to HK. First, it allowed him to seek publicity and create a lot of attention to his personal well-being, which is quite different from an unglamorous arrest scenario à la Brad Manning. Second, he might be betting on a stalemate between the U.S. and China. With so much on the line (and a lot of information probably stored away somewhere else), would either side try to kidnap him? I’m not sure Snowden’s worries about a clandestine/”dirty” attempt on his life or freedom are entirely justified. But who am I to judge – he at least has some knowledge of the intelligence community. From this point of view it might make sense to choose a location that is closely monitored by the two players most interested in your assets.

Which brings us to the last question: Where exactly is Snowden now? Apparently he has left the hotel a few days ago… so your guess is as good as mine. Maybe Julian Assange has a spare bedroom in the Ecuadorian embassy in London?

One comment

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>