This lecture is the one primer you need on NSA surveillance technology
Eric Barker stashed this in Tech
Ed Felten's talk starts at 6:33 ... Here are some notes:
He begins by talking about how the NSA is only gathering what's called "metadata" on US citizens' phone calls. Metadata includes three basic things: who made the call, who received the call, and when (also, how long they talked). That sounds relatively innocuous, because you have no idea what the conversation was about, but Felton offers a couple of examples of how revealing metadata can be. For example, if you receive a call from a medical office appointment number, obviously you have a doctor's appointment. If you call a suicide hotline and talk to them for 45 minutes, that reveals a lot about your mental health. And of course, if you are making repeated, lengthy calls to somebody late at night that can easily reveal a personal relationship.
Those are just a few ways that metadata reveals a lot about you, and Felten notes that when your whole network of calls is analyzed, it's easy to create a fairly accurate profile that reveals how old you are, where you work, and a lot of other things.
Felten has a great slide which lists the two things we know that the NSA does with metadata. It reads:
1. contact chaining
He notes that the second one has to do with tradecraft, or what those of us who watch a lot of bad movies would call "spy shit." Contact chainingis the practice of looking at who your contacts are — in this case, who you called over the past five years — and trying to figure out whether you're a terrorist based on them.
Felten walks you through how exactly the NSA might try to figure out whether a suspect named Bob is a terrorist. Let's say the NSA already thinks Bob has a 20 percent chance of being a terrrorist, which is why they are tracking Bob. If Bob is a few hops away on the chain of a known Bad Guy, then the likelihood of him being a terrorist goes up to about 37 percent. Felton notes that this isn't really a helpful number that we've gotten from contact chaining all that data. There isn't even a fifty/fifty chance that Bob is a terrorist.
So, Felton points out, we should either pull Bob in based on the information we already have about him — or we should get a subpoena to gather more specific information on him, rather than using all that data gathered by the NSA. Crucially, Felton says that contact chaining is a terrible way to determine whether Bob is innocent. Data-gathering techniques should be able to help the NSA find suspects, but it should help them eliminate suspects too. Currently, their system is terrible at detecting false positives.
It's important to note here that Felten isn't against the NSA spying on people. He just thinks that their current methods are ineffective, and needlessly violate innocent people's privacy to boot. In the next part of his talk, he describes how the NSA could be doing their spying in a much more effective, targeted manner. He also offers some suggestions about how innocent people's data could be protected while still helping the NSA in their data analysis of social networks.
Ultimately, he argues, we don't have to trade off our privacy for security. We have the technical tools that will make it possible to protect the privacy of the vast majority of US citizens, while still targeting suspects who could threaten violence.
He also recommends reading a set of recommendations that technologists have made to the government, to reform the current NSA practices, called Liberty and Security in a Changing World.
Now think about the data and metadata Facebook and WhatsApp have about half a billion people.
This is a great vid! I have not gotten to the the Ed Felten piece, but I just watched the first hour which is the keynote, and this is highly informative. Take some time, adjust your tinfoil hat, settle in with some hot cocoa and watch this.