In the wake of 9/11, the USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) was passed after less than 2 months of consideration by Congress. The wide-ranging legislation was intended “to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes.” The vagueness of the very title was an issue for many legislators at the time, but the perceived need to deal with the new forms of terrorism propelled the legislation—and lack of concern for any real checks and balances—through passage and in public opinion. Designed to “sunset” in 2005 and with many of the act’s provisions lapsing, the major aspects of the act were extended in 2005 and again in 2011 by Congress with presidential approval.

The provisions allow more widespread collection of data with little justification. For example, Section 215 allows the FBI to apply for an order to produce “tangible things” that might assist in an investigation undertaken to protect against international terrorism or clandestine intelligence activities. The definition is so broad as to include “books, records, papers, documents, and other items,” which resulted in major protests from the American Library Association (ALA) and other rights advocates. Since no public reports of these data-gathering or surveillance activities is ever required, most people have had no idea of the depth or extent of the growing surveillance efforts by the U.S. government, until Snowden began to release purloined documents to the press.

Snowden Blows the Whistle

Snowden has had many connections with intelligence services in his short career, beginning as a Special Forces recruit in the U.S. Army in 2004, then as a security guard for the National Security Agency (NSA) Center for Advanced Study of Language, and as an IT security worker at the CIA. He later left CIA employment to work as a private contractor for an NSA facility in Japan and then joined the Booz Allen Hamilton consulting firm as a contractor at an NSA center in Hawaii. From there and with documents in hand, he left the U.S. for Hong Kong and then Moscow, releasing data to reporters with the two newspapers. He gave The Guardian permission to reveal his identity on June 9, 2013. In a second installment of documents, a released memo outlines how the U.S. is increasingly developing cyberwarfare capability.

PRISM (which stands for Planning tool for Resource Integration, Synchronization and Management) is a secret program designed to collect and process indicators, based on data passing through American servers, that might point to illegal, dangerous, or terroristic activities. It was only after Snowden’s releases that the Obama administration admitted that such a program even existed. Data is collected and stored from companies such as AOL, Apple, Facebook, Google, Microsoft, Skype, Yahoo!, and YouTube. An estimated 98% of the data is from Google, Microsoft, and Yahoo! alone. This data consists of nearly anything sent over the internet: email, chat, photos, videos, stored data, VoIP, file transfers, video conferences, logins, etc. Additionally, phone information from Verizon (at least) is collected, but this is apparently only data that focuses on when/who is being called and not the content of the conversations.

Snowden follows a long line of whistleblowers from Daniel Ellsberg and the Pentagon Papers to Julian Assange and his WikiLeaks organization and to Bradley Manning who passed information on the U.S. Iraqi mission to WikiLeaks. Most politicians and military/intelligence personnel condemn Snowden’s actions; however, Michael Hayden, former CIA and NSA director, believes that even greater transparency would be welcomed. “I am convinced the more the American people know exactly what it is we are doing in this balance between privacy and security, the more they know the more comfortable they will feel,” he stated on CBS News.

A petition on the White House “We the People” site has gathered more than 130,000 signatures asking that Snowden be pardoned for “any crimes he has committed or may have committed related to blowing the whistle on secret NSA surveillance programs.” Polls seem to show a divided public opinion in the U.S. on Snowden’s revelations and its positive or negative impacts. As another indicator, Amazon noted that in the first week after the scandal broke, sales of George Orwell’s 1984 rose 9,500% over the second week in June.

Surveillance in America and the World

Snowden’s guilt/innocence and eventual destination has overwhelmed any discourse or public examination of the core issues inherent in the surveillance program. We still don’t know the extent or depth of the surveillance programs of the U.S. government, but enough information has been released to give us an idea of the astounding scope and reach of these programs.

Surveillance has been defined as “the systematic collection, classification, and sorting of information about subject populations for the purposes of behavioral adjustment or control.” After the surprise attacks on 9/11, there was much understandable fear of unexpected, unknown enemies that could inflict such horrific damage. With the rise of computing power, cheap storage, and other technological advances, we have created the possibility of what expert Michel Foucault has called a “control society.”

In a recent Forbes blog post, Dave Thier noted that “With PRISM, the NSA is just following the tech industry’s lead” in data collection and mining. He compares PRISM with consumer products “licensed” but not “owned” over the internet: “When we gave up our ability, or even desire, to own the products we bought, it was as if the people selling those products thought that now they owned us ... That’s how the NSA appears to see America—a series of moments flickering with diagnostic blinks. Like a Google, or a Microsoft, or an Apple, they seem to think that if they could just read the data, they could find the bad nodes and turn them off. If data is leaking at the bottom, use software restrictions to plug the holes. If you want more revenue, simply draw up more data or close off a piece of free access. If you want to find the terrorists, make a better algorithm.”

In 2007, the NSA created PRISM with the Protect America Act of 2007 and FISA Amendments Act of 2008. The U.S. Department of Justice website asserts that “in passing the USPATRIOT Act, Congress provided for only modest, incremental changes in the law. Congress simply took existing legal principles and retrofitted them to preserve the lives and liberty of the American people from the challenges posed by a global terrorist network.” The revelations from the Snowden documents released so far paint a very different picture.

Snowden presented the two newspapers with a 41-slide presentation on PRISM; however, the papers only published five of the slides, feeling that some of the others contained information on methods or other issues they were choosing not to disclose, at least at that time. However, the slides shown portray a network based on the fact that the majority of global telecom travels through the U.S. and that the agency has arrangements with major communications and internet service providers to gather their data.

Unpresidented Data Stores

On a military base just outside of Salt Lake City, Utah, sits the $1.7 billion Utah Data Center, the NSA’s largest storage center (in the U.S. at least; see the photograph below). The supercomputing facility includes huge data stores that the NSA itself describes as being “measured in ‘zettabytes’. What exactly is a zettabyte? There are a thousand gigabytes in a terabyte; a thousand terabytes in a petabyte; a thousand petabytes in an exabyte; and a thousand exabytes in a zettabyte.” The computing power is based on “the massively parallel Cray XC30 supercomputer which is capable of scaling high performance computing (HPC) workloads of more than 100 petaflops or 100,000 trillion calculations each second.”

A recent Salt Lake City Tribune article noted that “according to sociobiologist E.O. Wilson and others, that kind of brute-force computing power could conceivably simulate the behavior of every active molecule in complex human cell mechanics. Or every cell in a human body. Or track the movements of every human on Earth, in real time.” Rep. Brad Sherman (D-Calif.) noted in a Congressional meeting that “a billion records a day were coming under the control of the federal executive branch” with this program.

Clearly, the government has devised a technical infrastructure of hitherto unimaginable size and power.  It also now has, by law, access to data at extremely finite levels of detail on virtually any person in the world. The Foreign Intelligence Surveillance Court is the appointed authority to determine if requests for data are appropriate and legal; however, it has turned down only 11 applications in the more than 30,000 cases it has considered since it was founded in 1979.

President Barack Obama noted on June 7, 2013, that “you can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience. You know, we’re going to have to make some choices as a society.” I think that most of us would agree; however, we will need transparency before we can make any intelligent decisions. And, today, we are still operating out of the dark.

Of course, the government and NSA appear to still be operating out of the dark. NSA chief General Alexander, speaking before a Congressional committee, appeared to never have heard of Julian Assange, an amazing admission from a spy organization given the number of significant leaks that WikiLeaks has uncovered. Further, when asked how Snowden was able to avoid the NSA’s security web, Alexander guessed that he must have taken the data out on a flash drive. This type of response doesn’t befit a supposedly well-designed and carefully monitored security plan. Given the extensive data that NSA holds, everyone should be concerned about the integrity and safety of the data they have gathered, let alone the interpretations being made from that data.

Haystacks and Needles

Beyond the gathering, storing, and security of information issues, there are important issues related to exactly what types of patterns NSA profilers are seeking and the assumptions underlying them. Former U.S. Sen. Joe McCarthy feared a dangerous communist conspiracy in the 1950s, which seemed to be centered in Hollywood. The country’s leaders were sure of a domino theory for communism in the 1950s and 1960s that gave credence to the Vietnam War. Former president Richard Nixon had his enemies list. Former president George W. Bush was sure there were weapons of mass destruction in Iraq. Whether they are the darkest of motives or the lack of clear thinking, just having access to data doesn’t guarantee success in protecting security. And under the cover of secrecy, how can these theories or assumptions be tested, studied, or verified?

Reg Whitaker, professor of political science at Canada’s University of Victoria, explains that “the problem with the ‘balance’ between security and freedom is that it can’t be set reasonably without reference to the underlying philosophical assumptions of those making the arguments. Where you end up reflects where you start from. Technology has undermined Orwell’s 1940s vision. Information collection is ubiquitous and multidirectional rather than top-down and state-exclusive. The watchers are themselves watched (as per Manning, Snowden, et al.). Moreover the Facebook generation is divesting privacy and opening itself to universal scrutiny on a voluntary basis as much as individuals are being invaded from outside. Moreover most of the information collected is for commercial exploitation (the Little Brothers & Sisters of the corporations) rather than the political intelligence gathered by the state. We need a new 21st century Orwell.”

Governments in Germany and Japan are also setting up their own NSA-types of surveillance programs, though publicly claiming they also seek greater transparency around surveillance practices. In NSA documents reviewed by The Guardian, the paper alleges a British governmental role in PRISM as well.

The Washington Post notes that British and American intelligence have devised systems where the “search terms … are designed to produce at least 51 percent confidence in a target’s ‘foreignness’. That is not a very stringent test. Training materials obtained by the Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that ‘it’s nothing to worry about.’” If commercial database search systems had a confidence of a mere 51%, they wouldn’t be in business. As Slate noted, “the problem goes deeper. We’re now talking about categorizing and treating people as foreigners, subject to extensive government surveillance of their communications, based on statistical correlations of various search terms. It’s verbal profiling.”

Many are seeking ways, through their own online behavior and software choices, to avoid what they feel is unwarranted observation and data collection. DuckDuckGo, a lesser known search engine that doesn't track users at all, claims it has seen “record-breaking traffic” since the story broke. PRISM Break is a new organization that provides specific advice on alternatives to proprietary software systems currently cooperating with PRISM. Of course, under law, these alternatives may also find themselves eventually involved in the data scooping.

Does It Matter?

Dealing with information and with our fiduciary responsibilities to our clients under the protective umbrella of the First Amendment in a democratic society, information professionals have a critical stake in these discussions. As citizens, we all have much to learn, much to consider about the quality of our future in the 21st century.

Michael Vonn, policy director for the British Columbia Civil Liberties Association, notes that he doesn’t see this as 1984, “but we are now at the place were must ask ourselves critical questions about what kind of society we want to live in. And this goes far beyond whether we as individuals think that we might ever be of interest to national security intelligence. It goes to the question of the role of the free press in a democratic society and the implications of never being able to safeguard journalistic sources; how we can discover governmental and corporate wrong-doing and abuses when whistleblowers can be tracked; how we conduct our economic affairs when the information gleaned from intelligence can leak into industrial espionage. What’s at stake with all-citizen global surveillance is much more than is generally conveyed with the language of ‘privacy’. It may not be 1984 precisely, but it does go to the heart of how we live, who we are and how we govern ourselves. Alongside of how we respond to environmental crises, it may be the most central question of our age.”

The New York City Police Department began a secret surveillance program in 2001 that has “mapped, monitored and analyzed American Muslim daily life throughout New York City and even its surrounding states.” Three rights-based organizations sponsored a major evaluation of the program done by the City University of New York School of Law. Released in March 2013, the report, “Mapping Muslims: NYPD Spying and its Impact on American Muslims,” provides damning evidence of the chilling effects of such programs: “We have found that surveillance of Muslim’ quotidian activities has created a pervasive climate of fear and suspicion, encroaching upon every aspect of individual and community life. Surveillance has chilled constitutionally protected rights—curtailing religious practice, censoring speech a stunting political organizing ... surveillance has severed the trust that should exist between the police department and the communities it is charged with protecting.” We all deserve better.

Alex Fowler, Mozilla’s chief privacy officer, is part of a group hoping to create a movement to force disclosure. The mission of Stop Watching Us is that “the revelations about the National Security Agency’s surveillance apparatus, if true, represent a stunning abuse of our basic rights. We demand the U.S. Congress reveal the full extent of the NSA’s spying programs.” Fowler explains that “we’ve mobilized over a hundred different organizations.” So far they have received more than 557,000 signatures “from people who are very concerned about this issue.” Members include the ALA, Internet Archive, American Civil Liberties Union, Association of Research Libraries, Electronic Frontier Foundation, World Wide Web Foundation, and about 100 others.

More than 100 organizations and professionals around the world have endorsed the 2009 Madrid Privacy Declaration: Global Privacy Standards for a Global World, which hopes to provide better oversight on a global scale for privacy in our networked world. This document affirms that “privacy is a fundamental human right set out in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other human rights instruments and national constitutions.”

Pablo Garcia Molina, Georgetown University law professor specializing in communications, culture, and technology, is sure that solutions can be found. “We should not settle for 25% security, 25% privacy, and 50% civil liberties. … Under the pretext of security, and using security theater tactics, we could justify that governments must keep track of everything that their citizens do. This may be appropriate in North Korea, but it should not be in the United States. Many European countries have been focused on stronger privacy legislation for its citizens. Civil society organizations like the Electronic Privacy Information Center fight relentlessly to inform the public about privacy issues and curtail abuses by government agencies and corporations.”

Once Snowden lands in some friendly country or decides to return to the U.S., we can hope that attention is again focused on PRISM and surveillance. So far, the responses from government officials have been less than stellar. According to Alexander, “The debates have fueled, as you noted, by incomplete and inaccurate information with little context provided on the purpose of these programs, their value to our national security, and that of our allies and the protections that are in place to preserve our  privacy and civil liberties.” As Sen. Mark Udall (D-Colo.), a member of the Senate intelligence committee noted on June 9, 2013, to ABC News, “let’s have the debate, let’s be transparent. Let’s open this up.” I think we’d all concur.