David Livingstone
Associate Fellow, International Security

Nobody should be overly surprised about this past week's revelations about the US National Security Agency’s use of internet and communications data in its enduring mission of counterterrorism (and perhaps against organized crime, state-sponsored espionage and other campaigns).

The amount of information that is being generated by global society through the production of 'metadata', that is, the Who, When, How, and Where – but perhaps not the What – latched to each and every web-based communication and mobile call is vast and, hypothetically, extremely useful in making intelligence-based linkages behind criminal groups that confront society.

Users of social networking systems for example are no doubt aware of the plethora of personal data that is constantly being streamed back to the parent servers from their individual devices, such as identity, location, contacts, phone calls, texts, browsing history and so on; the permissions for the applications' providers to do this are embedded in various places in the Terms and Conditions (which no doubt have been read with care by device owners). A recent study showed that 40 per cent of mobile device data traffic consists of applications simply 'phoning home' to various host servers even when the devices were not actually in active use.  Once the data is captured it is not deleted without good reason; it is, for social networks at least, the lifeblood of those organizations and lies at the very centre of their commercial values. 

Reports around the Prism programme seem to suggest, however, that the NSA has so-called 'fat pipes' that allow constant access to various data centres, so that information can be drawn from them as required without the laborious need for legal norms, such as warrants or subpoenas relating to particular operations. The US administration states that that this access is legal and proportionate, and has proper supervision through Congress. 

Meanwhile, organizations such as Facebook deny that they have given the US authorities permission to have such access to the data centres, which seems to suggest that either these denials are false, or that the NSA is substantively hacking into the various systems in a strategic way (which is by implication an illegal process in itself). There may also be some legal nuances at play, such as internet companies making denials about parts of a company over which they have authority, but not referring specifically to other components of their respective enterprises. To admit to complicity with the NSA would affect share price, as disaffected netizens start upshipping their Facebook apps, and, as far as Google and Yahoo are concerned, start looking for alternatives to their offerings that are readily available.

However, there is a higher context to the Prism affair, in that once again, things are being done in the name of the so-called 'War on Terror' or (the Obama-preferred term) 'Overseas Contingency Operations' which lie at the very edge of moral tolerability. Although there is no accepted international definition of terrorism, everyone knows what terrorism seeks, generally: the achievement of a change in the nature of the relationship between states and citizens caused by the threat or use of non-military violence. We continue to witness the short circuiting of due process by the need to 'defeat' terrorism – extraordinary rendition, extra-judicial killing via drone, and now the wholesale interception, without warrant, of internet and communications data which betrays individuals' location, conversations, personal information about friends, and online browsing and purchasing behaviour, among other things.

This is the sort of information about which people have a reasonable expectation of privacy. These are the sorts of things that the East German Stasi used to collect about every single citizen. Is the war on terror really stooping that low? If it is, then terrorism, as a globalized concept, appears to be achieving its aims, as the Prism project seems to suggest that there has been a rebalancing of the relationship between those who declare themselves to be protectors, and the protected.

And if the war on terror is suddenly and dramatically won, would the fat pipes be closed off as a peace dividend?

Further resources

Cyber Security and Global Interdependence: What Is Critical?
Programme Report
Dave Clemente, February 2013

Conference: Cyber Security: Balancing Risks, Responsibilities and Returns
10-11 June 2013

Project on Cyber Security.