This report analyzes privacy issues surrounding the NSA, how they appear similar to those found in other sectors, and how lessons learned in one area may potentially benefit, or at least inform, other areas in pursuit of an equitable balance between the need to know and the right to privacy.
The National Security Agency/Central Security Service of the United States, or NSA/CSS, has inserted itself into the realm of Big Data. The intent of this report is to discuss how it has done so, and to analyze the issues and impacts resulting from its actions, both on the populace at large and specifically on Big Data. The report’s main conclusions and takeaways are as follows:
1. The NSA/CSS (referred to hereafter in this report simply as the NSA) now has access to detailed information about much of the electronic communication in the U.S. This includes virtually all mobile communications, virtually all online communications, whether mobile or computer-based, and some landline business communications. It includes phone and data traffic originating inside the U.S. and terminating either inside or outside the U.S. The NSA also has access to most of the credit card transactions occurring in the U.S.; and, as an add- on to its 24/7 surveillance of U.S.-based mobile communications, the NSA is also tapping into the most popular mobile phone applications, including Angry Birds.
2. The NSA is collecting data from these sources as a result of agreements it has specifically imposed on mobile operators and Internet infrastructure providers—through electronic “back doors” it has persuaded providers to insert in their software and systems, and through its own ability to troll communications highways and collect data at will. Providers such as Google have angrily denounced the NSA’s actions, and claim to have agreed to no such thing; but whatever the case, the end result is the same.
3. The NSA claims to simply be interested in, and collecting, metadata, a term that is roughly equivalent to “data about the data.” In the case of what the NSA is claiming, this means information such as call origination and destination points, call duration, where someone accessed the Web and how much time they spent online; not the content of calls or emails. Yet, the NSA is hard at work cracking the code, so to speak, of Secure Sockets Layer (SSL), the protocol that, until now, has kept the content of online communications and transactions hidden from prying eyes. The NSA has also now set its sights on the Advanced Encryption Standard (AES), which is an encryption algorithm for securing sensitive but unclassified material by U.S. government agencies, and is being used more and more for commercial transactions. The NSA’s actions with regard to SSL and AES have “content inspection” written all over them.
4. The NSA is far from the only entity that appears to be trampling on the notion of personal privacy in pursuit of information it believes it needs to achieve its ends. The private sector, too, is teeming with examples of companies obtaining personal user data through questionable means, and deploying it in even more questionable ways.
5. Concepts and technologies currently in use or development, such as Harvard University’s extensive work on Differential Privacy, are predicated on the point raised in the previous bullet: threats to privacy occur in the private sector and academia as well. Differential Privacy leverages the commonalities across sectors to point the way to solutions. However, implementing helpful technologies is one thing; getting industries and governments to overcome their desire for information control, and actually implement solutions is another.
6. The upshot of all of this is that, while privacy is already threatened or extinct in a growing number of places, the NSA’s actions are accelerating and expanding this phenomenon. That is already sufficiently concerning in terms of quality of life; but further, since electronic communications are the lifeblood of a great deal of commercial activity, the NSA may also begin to have a chilling effect on the U.S. economy.
Executive Summaries for reports in the Big Data & Analytics (BDA) growth partnership practice normally contain a brief listing of roles and teams for which the report is designed. Since the NSA’s actions have the potential to impact every person without regard to roles, teams, or national boundaries, Stratecast is foregoing that convention for this report.
Table Of Contents
Stratecast Confidential: The Impact of the NSA on the Big Data Market -- and Global Communications Table of Contents
Executive Summary . 3 Introduction .. 4 When You Communicate Electronically in the U.S., Are You Handing Your Data Over to the NSA? Quite Possibly: Yes 5 NSA Taps into Communications Networks 5 NSA Monitors Online Activity Including Credit Card Transactions 7 NSA Data Snoops Even Flock to Angry Birds 7 âNot Content; Just Metadataâ? NSA Encryption-cracking Suggests Otherwise 8 Google May Be Protecting Users from the NSA, but Not from Itself 8 Users Face Law of Unintended Data-sharing Consequences among Google Apps 8 On the Other Hand: Google Enhances Email Encryption, which Could Thwart the NSA 9 U S Legislative Action Could Curb the NSA's Actionsâ¦but When? 9 Differential Privacy May Hold Answers to Keeping the Peace and Privacy, Too 9 Technology May Hold the Keyâor Run Aground on Government Control 11 Could Clamping Down on Threats Squeeze the Life Out of the U S Economy? 12 The Last Word 13
List of Figures Figure 1: The NSA Now Has Access to Most Electronic Communications in the U S 6 Figure 2: Competing Interests Threaten Privacy in Various Contexts 10