PRISM Is Not The Problem

Recent news and excellent reporting have shown the public what many of us have long known: governments are collecting all our communication and compelling companies to help.

In the immediate aftermath of the initial NSA revelations (and there are more to come), some people are pushing for judicial or legislative restraints on further privacy violations. This is a noble effort, and I hope those people succeed. But let’s be real for a moment: those efforts are mostly symbolic.

Does anybody believe our government is going to stop spying on us just because it’s against the law? We already know PRISM is unconstitutional. If that isn’t enough to stop the Obama administration from spying on Americans, tinkering with the margins of the Patriot Act isn’t going to make a difference.

The problem isn’t the law. Fortunately, neither is the solution. Once we centralized all our communications and metadata on just a handful of servers, we made inevitable the use of that massive data trove by people who don’t share our interests or values. Today we know this includes the NSA, but it also includes the marketers, the insurance profilers, and your ex-future employers. It is impossible to centralize massive amounts of information and then dictate what that information is used for. Once you collect it, people are going to use it. And share it. And you have no control over what happens next.

The solution is to stop giving all your data to the same handful of services. Migrate off cloud services for things like email. Use old tech like IRC and email, which are too decentralized to spy on at mass scale. Build your own servers if you’re able. And when you do use cloud services, demand those services let you access them with your own clients that can encrypt your communication.

If we keep making giant piles of data, governments and corporations will continue to paw through our personal lives at will and for their own purposes. The conversations we have on Facebook and Google feel private, but they occur in public spaces. If we want privacy, we need to take those conversations to truly private infrastructure or encrypt them so the snoops have nothing to listen to.

RSS feed


Comment by Lincoln DeCoursey
2013-06-13 15:24:16

I agree that calling for a policy-based solution is naive. The news story will fade and only marginal opposition will remain. And even if we are assured otherwise, we must assume the government will continue monitoring in secret.

Running your own servers where possible is probably a good idea provided you know how, but I’m not sure it’s a robust solution. You can’t run your own Facebook server or your own Twitter server. Being absent from the popular cloud platforms will make it difficult to find and interact with others in the normal ways. If you run your own email domain, your messages are still slurped at the other end as most everybody else is hosted at Google.

For those who do come under federal scrutiny, their defense is unlikely to stand up regardless. There is a whole industry for delivering 0-day exploits and the process of remotely compromising a network has been automated. Even with an air gap and full disk encryption, these are very strong adversaries. They can physically come in and tinker while you’re away.

Comment by James Vasile
2013-06-13 17:22:24

Those are all good points. Without federated social platforms, we’re going to have to choose between talking to our peers without privacy and becoming safety hermits.

Comment by Justin Breithaupt
2013-06-14 19:49:21

This is what I think about PRISM


Sorry, the comment form is closed at this time.