Why we should stay away from PRISM

June 26, 2013

The recent surveillance scandal where US basically monitors all data through routers in the US is one of the most important events this century. It also scares me when I hear the "I have nothing to hide"-argument frequently that I ask myself "Did we even learn anything from the cold war?". In this post, I will discuss some of the key aspects of why PRISM is a bad thing for society and why we should stay away from it as good as we can.

#1: Having a system designed for surveillance breaks its security model

It was a decision I even had to make myself a while ago. Should I distribute software with a built in backdoor which only I know of in case my software gets in the wrong hands? FBI already does something familiar which I got aware of during infosec-class last year. They often make software distributors such as Apple or Microsoft to distribute software updates which has built in backdoors FBI can use in order to track people where Windows is a good example. When I considered distributing software with backdoors to users I trust, I made the decision that it could also work the other way. Imagine if a hacker gets access to the software, reverse engineers the code and finds all the backdoors. It could have a devastating affect if I where to be unavailable once the attack occurred. There are also ethical questions such as "If I don't trust my users, how can I expect them to trust me?", but I will get back to that point later.

#2: Doing something out of the ordinary? You could be a terrorist!

Getting bored of doing the same crap every day? Tired of being one of the masses? (Hipsters?) Be careful, some systems might interpret you as a terrorist. The documentary Naked Citizens tells us how an individual wearing winter clothes on a summer day triggered a terrorist algorithm which then led to an arrest and a search through all his stuff. There was nothing which indicated that he was an terrorist, he was a free citizen doing something out of the ordinary and as an affect of that, he has no longer any privacy, he is constantly monitored by feds and is not allowed to obtain a visa.

#3: Is it a good idea to say everyone is a criminal?

Let us say you are Barack Obama. You are going to have to earn the trust of the United States to function as the president, or else the system just does not work. But by monitoring every single citizen, logging every single bit going out from their computer through the internet by not giving them any privacy at all, you are implicitly saying that those individuals are potential terrorists. And that is everyone, including yourself. Think about it. You are the president, and you are going to get the trust of your people. How can you get the trust of your people when you don't even trust your people?

#4: What if anyone gets their hands on their data

Imagine if a part of the PRISM database where to be published on the Internet. That would have been the greatest security breach in the history of mankind. The information stored there - everything from user credentials to meaningless update checks from iTunes would be exposed. By analyzing this data, you can learn a lot about the person who just got their entire private life exposed to the public. Their bank balance, who they are, where they are, where they have been, what they have been doing, basically all the online activity. The online activity reflects who the user is as an individual, a bit like DNA. So the user who just got all of their privacy exposed had some pretty graphical conversation about his/hers boss through Facebook? Whopes!

#5: Data manipulation to spread propaganda

One large concern is manipulation of data on the Internet. The government could suddenly decide that The Guardian has posted some really "inappropriate" news regarding data monitoring about US citizens and that their citizens should not see this information. Or even worse, make it look like it is the EU monitoring their citizens. This can also be used as a weapon to manipulate conversations between corporations or even nations! Sure, you got cryptography today but the NSA has even said that it stores encrypted data to be decoded later once they know how to decode it.

#6: Abuse against democratic actions

If someone arranges a protest, or maybe they believe in other social values than what the government approves, this may even trigger the alarm to make the government think they are terrorists. What are they? Citizens who has done nothing illegal who has a right to free speech, maybe we even have something to learn from them? This has already happened several times in the US and the UK. Once a surveillance algorithm thinks a person does anything wrong, everything which that person has done is "theoretically wrong" and is used against that individual. And once they are in this "evil ring of surveillance", there is no way of getting out. You have some signs you COULD be a terrorist, we haven't found anything but you could still be a terrorist, so we will watch you more closely! Government blaming other groups as terrorist could be an easy way to blame them and eventually get rid of them.

#7: Human rights

We all want our right to free speech. PRISM is violating this right by not letting is say what we want. If you say something out of the ordinary, you could be a terrorist and you would require more surveillance. It is in fact a human right to have out freedom to write in our book that our boss is a fag and be able to communicate with our girlfriend/boyfriend without having anyone read what we have written. If I want this post to be just on my PC, I want it to stay there, not being treated as public property. I do not want to be monitored when I am on the bathroom. But why lock the bathroom door? I have nothing to hide! People actually want to stay anonymous in many situations. Want to complain about the large amount of shit the neighbours cats keeps leaving outside your entrance without destroying your relationship with your neighbours? Why are teachers not allowed to tell other people about the stupid things Jim said in class yesterday? Why don't we let other people read our diary? Why do we like to be by ourselves while showering? Why on earth do we hate when other people watch our phone while we are texting?

#8: Terrorists in 2013 is smarter than using Facebook or Skype

It is a sad fact that PRISM doesn't catch the really bad guys. To be honest, I do not believe Osama Binladen would have had a Twitter account or a Facebook group for Al Quaida. Just as every organism on earth, terrorists also adapts, just like humans. They also realized they could use heavily encrypted connections through the Internet to not be detected by anyone. By using VPN and Tor, you get pretty much close to having a perfect anonymous identity on the Internet as possible. So are those who use those terrorists then? No. What about people who sit on networks who could be monitored. Example: You are out on vacation and are connected to a open wireless network. On this network anyone can listen to the data you send. Solution: VPN. Norwegian and want to watch shit on NRK in Spain? VPN. Being haunted by some bad guys who might monitor your data to get your passwords? VPN. Want to post a complaint anonymously about your company without having your boss fire you? VPN. Terrorists today just doesn't post on their Facebook wall what they are gonna do, thanks Obama.

#9: Where do we end up?

A good question is where do we end up. Government secretly spying on each other not even trusting each other or their citizens, Obama not keeping his promises and lying governments. One of my deepest concerns is how the society will develop for the next generation coming after mine. My freedom to post what I want online without any consequences might be what the next generation looks at as luxurious or dangerous if the development of this continues. Government secretly spying on their citizens is not a good sign. Did we even learn anything from the cold war? STASI anyone? I admit I slept through most of my history classes as other things (like computers) where way more interesting. But when they say the point of history is to "not let the same mistakes happen again", I scratch my head when I see people with A's not understand how this is even related to the cold war.

The recent leaks which Snowden has presented is one of the most important events in this century. He should get the Nobel's prize for showing that a lying government is spying on its innocent citizens without even letting them know. Many people call him a traitor, but I hope in the future they will realize what the US is doing is wrong and how PRISM is a good example on how democracy works against itself. This is one of the most important discussions of this century, where should the boarder go between privacy and the fight against terrorism. But what is the cause of terrorism? Why do they do what they do? Terrorists does what they do mostly to get heard, to cause panic, to get a message out and spread their ideas. A lack of free speech which I believe could be a factor to cause even more terrorism in the future. I'm glad Norway doesn't have a program like this (yet), but it is coming. And if there where, the probability that I would be raided next day by feds because I could potentially be a terrorist given the fact that nobody knew about PRISM yet, would be quite high. So in conclusion, thanks Obama.