Late last week and continuing through the weekend, users of cellphones and the internet had a privacy wakeup call. First, we learn of a significant cellphone privacy breech in which the US government was handed call data from a large number of Verizon customers without prior notification or probable cause. Days later, it was reported that other cellphone providers had also handed over equally large amounts of call data also.
Then several newspapers print a claim that the NSA has a program called PRISM which now has backdoor access to almost every major American internet company. Since the release of information dealing with PRISM the companies alleged to have been complicit in this breech of privacy have attempted to distance themselves from the controversy and lay blame on faulty reporting and strict governmental laws on information dissemination.
What is really going on?
I will just pass right on by the cellphone privacy issue. The ACLU is already filing lawsuits and the people and organizations who overstepped their authority will be crucified in the media, if not in front of the people who told them to do it in congress and the judicial systems as well. To me, the cellphone privacy debate is like trying to tell me that its okay for the government to walk up to me on the street, put their hands in my back pocket, and rummage through my wallet.
Sure, they aren’t stealing anything, but, it’s a violation all the same and a damn bit uncomfortable. However, the idea that my online information, or even my online identity, is subject to warrantless search and seizure is like having the keys to your car and your house and your bank account all in the hands of a recently paroled thief. Sure, the person may be trying to walk the straight-and-narrow now, but it will be hard for him to not take what he needs when times get tough or when the situation seems to warrant it.
PRISM is sort of like that and not like that at all. Try to forget all the bluster and fear mongering that has taken place in the last 48 to 72 hours. Right now, PRISM looks to be an accelerated process for requesting information from internet companies, which, in the case of Google, are then transmitted by secure FTP or hand delivered to the appropriate location.
Hell, the program that we are all scared of runs on a $20 million a year budget and that is only 1% of the cost of the NSA’s new data center in Utah. The more that comes out about PRISM the less I am worried about what the program really does and more about what could happen and the repercussions of this privacy scare.
There are the two things that have me concerned in the wake of the PRISM issue. First, the PowerPoint slides that broke the PRISM story aren’t really about what PRISM does now, but what they want PRISM to do in the future. Don’t kid yourself. The idea that the government has a backdoor directly into the servers of all major American internet companies may sounds like tin-foil-hat time, but it will happen as long as we do not hold our elected officials accountable and demand more transparency in the government.
Second, now that I KNOW the government wants this access and is working with major internet companies how will I ever trust my data with these companies again. The cat is out of the bag on this one. Think of it this way, if you are an American consumer and right now you are concerned about the security and privacy of your data stored on American cloud services, how do you think a foreign national or company feels.
In all honesty, there may be nothing but smoke and mirrors and a lot of improper reporting behind the PRISM story, but the damage is already done.
Ultimately, we are dealing with trust issues. With more and more data and services becoming “cloud” based, consumers are being asked to trust their lives to the security of these systems. When that trust is shaken, where can these consumers turn?