Posts about spying

The technologists’ Hippocratic oath

The Guardian asked me for commentary on the letter to the White House and Congress from eight tech giants about NSA spying:

Whose side are you on?

That is the question MP Keith Vaz asked Alan Rusbridger last week when he challenged the Guardian editor’s patriotism over publishing Edward Snowden’s NSA and GCHQ leaks.

And that is the question answered today by eight tech giants in their letter to the White House and Congress, seeking reform of government surveillance practices worldwide. The companies came down at last on the side of citizens over spies.

Of course, they are also acting in their own economic (albeit enlightened) self-interest, for mass spying via the internet is degrading the publics’, clients’, and other nations’ trust in the cloud and its frequently American proprietors. Spying is bad for the internet; what’s bad for the internet is bad for Silicon Valley; and — to reverse the old General Motors saw — what’s bad for Silicon Valley is bad for America.

But in their letter, the companies stand first and firmly on principle. They propose that government limit its own authority, ending bulk collection of our communication. They urge transparency and oversight of surveillance, which has obviously failed thus far. And they argue against the balkanization of the net and the notion that countries may insist that data respect national borders.

Bravo to all that. I have been waiting for Silicon Valley to establish whether it collectively is a victim or a collaborator in the NSA’s web. I have wondered whether government had commandeered these companies to its ends. I have hoped they would use their power to lobby for our rights. And now I hope government — from Silicon Valley’s senator, NSA fan Dianne Feinstein, to President Obama — will listen.

This is a critical step in sparking real debate over surveillance and civil rights. It was nice that technology companies banded together once before to battle against the overreaching copyright regime known as SOPA and for our ability to watch Batman online. Now they must fight for our fundamental — in America, our Constitutional — rights of speech and assembly and against unreasonable search and seizure. ’Tis a pity it takes eight companies with silly names to do that.

Please note who is missing off this list of signators: Google, Facebook, Twitter, Yahoo, Microsoft, Aol, Apple, LinkedIn. I see no telecom company there — Verizon, AT&T, Level 3, the companies allegedly in a position to hand over our communications data and enable governments to tap straight into internet traffic. Where is Amazon, another leader in the cloud whose founder, Jeff Bezos, now owns the Washington Post? Where are Cisco and other companies whose equipment is used to connect the net and by some governments to disconnect it? Where are the finance companies — eBay, Visa, American Express — that also know much about what we do?

Where is the letter to David Cameron, who has threatened prior restraint of the Guardian’s revelations, and to the members of the Parliament committee who last week grilled Rusbridger, some of them painting acts of journalism — informing citizens of their governments’ acts against them — as criminal or disloyal? Since they urge worldwide reform, I wish the tech companies would address the world’s governments, starting with GCHQ’s overseers in London.

And where are technologists as a tribe? I long for them to begin serious discussion about the principles they stand for and the limits of their considerable power. Upon learning that government had tapped into communications lines between their own servers, two Google engineers responded with a hearty “fuck these guys.” But anger is insufficient. It is not a pillar to build on.

Computer and data scientists are the nuclear scientists of our age, proprietors of technology that can be used for good or ill. They must write their own set of principles, governing not the actions of government’s spies but their own use of power when they are asked by those spies and governments — as well as their own employers — to violate our privacy or use our own information against our best interests or hamper and chill our speech. They must decide what goes too far. They must answer that question above — whose side are you on? I suggest a technologists’ Hippocratic oath: First, harm no users.

NSA by the numbers

Fear not, says the NSA, we “touch” only 1.6% of daily internet traffic. If, as they say, the net carries 1,826 petabytes of information per day, then the NSA “touches” about 29 petabytes a day. They don’t say what “touch” means. Ingest? Store? Analyze? Inquiring minds want to know.

ATTNSA

For context, Google in 2010 said it had indexed only 0.004% of the data on the net. So by inference from the percentages, does that mean that the NSA is equal to 400 Googles? Better math minds than mine will correct me if I’m wrong.

Seven petabytes of photos are added to Facebook each month. That’s .23 petabytes per day. So that means the NSA is 126 Facebooks.

Keep in mind that most of the data passing on the net is not email or web pages. It’s media. According to Sandvine data for the U.S. fixed net from 2013, real-time entertainment accounted for 62% of net traffic, P2P file-sharing for 10.5%. The NSA needn’t watch all those episodes of Homeland (or maybe they should) or listen to all that Cold Play — though I’m sure the RIAA and MPAA are dying to know what the NSA knows about who’s “stealing” what since that “stealing” allegedly accounts for 23.8% of net traffic.

HTTP — the web — accounts for only 11.8% of aggregated up- and download traffic in the U.S., Sandvine says. Communications — the part of the net the NSA really cares about — accounts for 2.9% in the U.S.

So by very rough, beer-soaked-napkin numbers, the NSA’s 1.6% of net traffic would be half of the communication on the net. That’s a fuckuvalota “touching.”

And keep in mind that by one estimate 68.8% of email is spam.

Screenshot 2013-08-10 at 8.02.09 PM

sandvine-top-traffic-apps

And, of course, metadata doesn’t add up to much data at all; it’s just a few bits per file — who sent what to whom — and that’s where the NSA finds much of its incriminating information. So these numbers are meaningless when it comes to looking at how much the NSA knows about who’s talking to whom. A few weeks ago on Twitter, I showed that with the NSA’s clearance to go three hops out from a suspect, it doesn’t take very long at all before this law of large numbers encompasses us all and our cats.

If you have better data (and better math) than I have, please do share it.

* “Reach out and touch someone” art inspired by Josh Stearns