The NSA surveillance scandal is rooted in the Bay Area. Who was involved, when did it start -- and how can you protect your privacy?
About 500 people packed into Berkeley's St. John's Presbyterian Church on June 11, days after revelations of a massive National Security Agency electronic surveillance program had hit the news.
They were there for panel talk titled "Our Vanishing Civil Liberties," and the discussion revolved around Edward Snowden, the 29-year-old former employee of NSA contractor Booz Allen Hamilton who leaked top-secret documents to reveal the scope of the massive NSA spying infrastructure, triggering a firestorm of public debate internationally.
The panel featured Daniel Ellsberg, a Berkeley resident famous for leaking the Pentagon Papers in 1971, and Birgitta Jónsdóttir, an Icelandic member of parliament whose Twitter account records were sought by the U.S. Justice Department several years ago due to her connection to Wikileaks, the whistleblower organization that published secret U.S. government cables leaked by Pfc. Bradley Manning.
"I have no doubt at all that Snowden did the right thing in revealing it," Ellsberg later told the Guardian in an interview, "at whatever cost he pay himself. He shouldn't have to pay any, very simply. In his case, given what he's revealing, he should not be prosecuted. But he will be, almost surely."
Within days of the revelations, a number of public responses had already sprung up, many originating in the Bay Area. The ACLU filed suit challenging the surveillance program as illegal, arguing that it "violates the First Amendment rights of free speech and association as well as the right of privacy protected by the Fourth Amendment. Online communities mobilized too. As of June 17, more than 200,000 had signed onto an online petition launched by Stop Watching Us, a coalition of 86 civil liberties organizations who drafted an open letter to Congress and decried the surveillance operation as "a stunning abuse of our basic rights."
Mozilla, which has an office in San Francisco, played a key role in launching Stop Watching Us and called for greater transparency. "In the US, these companies are required to respect a court order to share our information with the government, whether they like it or not," the organization pointed out in a press statement. "Mozilla hasn't received any such order to date, but it could happen to us as we build new server-based services in the future." It also pointed out that "the Internet is making it much easier" for intelligence agencies to conduct electronic surveillance, because "There's a lot more data to be had," "the laws are written broadly," and "it's all happening behind closed doors."
Stop Watching Us coalition membership includes the Electronic Frontier Foundation, the American Civil Liberties Union of California, Boing Boing, the Center for Democracy and Technology, reddit, The Utility Reform Network, and other organizations with a presence in San Francisco.
Meanwhile, news of the NSA's massive spying endeavor sent shockwaves throughout Silicon Valley, catching some tech company employees off guard. Google CEO Larry Page, Facebook CEO Mark Zuckerberg and the heads of other tech companies issued statements vigorously denying voluntary participation in PRISM, the program that vacuums up massive communications content flowing between the U.S. and foreign nations via the servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple.
The question of whether leading tech companies were participating voluntarily, or were secretly compelled to do so, or if this data was being collected without their knowledge or cooperation altogether still seems far from settled. "I have my own suspicions — which I won't go into here — about what PRISM was actually about," Google+ Chief Architect Yonatan Zunger noted in a G+ thread the following day. "I'll just say that there are ways to intercept people's Google, Facebook, etc., traffic in bulk without sticking any moles into the org — or directly tapping their lines."
Meanwhile, nearly 40,000 individuals had signed an online thank-you note to Snowden, "for his principled and courageous actions as a whistleblower, informing the public about vast surveillance by the National Security Agency that undermines our civil liberties." That website, SupportEdwardSnowden.org, was set up by Roots Action, co-founded by Marin County resident Norman Solomon, author and president of the Institute for Public Accuracy.
Solomon was also a panelist at the June 11 forum, where he sharply criticized Sen. Dianne Feinstein, chair of the Senate Intelligence Committee and former mayor of San Francisco, for publicly characterizing Snowden's leak as "an act of treason." When Feinstein's name came up during the panel talk on civil liberties, the crowd responded with boos and hisses.
"Where are the progressives of the Bay Area — beginning with San Francisco?" Solomon wondered later in a telephone call with the Guardian. "We should be insisting that she leave that job as chair of the Intelligence Committee. ... In the court of public opinion, she should be condemned. Because really. It's democracy at stake. To hear her talk and examine her behavior, you would think that the Fourth Amendment was ... mere advisory."
Meanwhile, activists who were already organizing in support of Manning had begun investigating what options might be available to Snowden, who, as of press time, was still believed to be in Hong Kong and hadn't yet been formally charged. Birgitta Jónsdóttir told the Bay Guardian that her organization, International Modern Media Institute, was ready to respond to Snowden's reported interest in seeking political asylum in Iceland.
"I'm quite concerned, because there are no direct flights to Iceland," she explained. "I'm just worried about the extradition process in other countries — if he needs to do a layover, or if we're not quick enough to grant him asylum. And, frankly speaking, one of the parties in the government in Iceland is never going to agree to support it. So, it's tricky."
Ellsberg, the Pentagon Papers whistleblower, highlighted the similarities between himself, Manning, and Snowden. "The question that each of us faced was: Was it worth our lives, our freedom, and possibly our physical existence to reveal these secrets, which were wrongly held from the American public, in order to inform the public?" he said. "And each of us decided that it was worth, essentially, a life in prison and possibly death. And I think the decisions were right in each case."
Technologists explain how to protect your communications from government surveillance
The bad news: You cannot effectively counter the government's ability to snoop on your communications unless you live out the rest of your existence under a rock (i.e., give up your cell phone altogether). The good news: There are some free software programs that can help you to shield the contents of your communications, should you feel the need to shield your privacy.
The domestic telecom surveillance program doesn't grant intelligence agencies automatic access to what's being said over the phone, but it requires major carriers, including Verizon, Sprint, and AT&T, to forward all "metadata" to the NSA. Metadata can be quite revealing. It can show that an elected official communicated with a powerful CEO just before casting a key vote, or whom a reporter spoke with just before breaking a significant national news story.
"The laws of physics do not let you lie about cell phone location," explains Chris Soghoian, principal technologist with the American Civil Liberties Union's speech, privacy and technology project.
Eleanor Saitta is a systems analyst with the Open Internet Tools Project and the International Modern Media Institute, working on an encrypted communications project called the Briar communications tool. "What's not clear yet, is whether [the NSA] is extracting full-time location information," Saitta notes, spotlighting a looming question about the domestic spying program with serious implications. This full-time information is automatically logged by telecoms anytime a mobile device is on.
PRISM is understood to be able to sweep in the contents of vast amounts of communication between the U.S. and foreign nations. However, Soghoian and Saitta note that some tools can provide a higher degree of privacy.
For web browsing, Tor (torproject.org) is free software that provides online anonymity by bouncing communications through a randomly distributed network. (Caution: Read up on it for some important do's and don'ts, like why you shouldn't log into your bank account while you're running Tor.)
Tor doesn't hide the content, only the location that a message is being sent from. But it can be run in conjunction with CryptoCat (crypto.cat), a web plug-in that supports encrypted instant messaging. There's also the option of using Off The Record (OTR) messaging with either Jitsi (jitsi.org) or Adium (adium.im), both IM clients.
For mobile devices, Saitta suggests looking into TextSecure for SMS messaging, and RedPhone for voice calls. For other ideas, visit the resource guide compiled by the Tactical Technology Collective (alternatives.tacticaltech.org). It features detailed information on alternatives that afford a higher degree of privacy, such as Duck Duck Go, a search tool that won't aggregate data about your queries; RiseUp, an alternative email provider run by a collective dedicated to security; Gibberbot, an open-source Android application that helps you manage IM accounts and uses OTR software; ChatSecure for iPhones and other iOs devices; Orbot and Orweb, to facilitate anonymous browsing on Android devices, and other programs.
It's important to remember that with any of these software options, as Saitta says, "There are no guarantees. This comes as close as we know how to get."
Nor do any of these options effectively shield mobile users from the collection of metadata. "The domestic program that is affecting most Americans is something that no one can effectively hide from," Soghoian notes. "And that sucks." (Bowe)
Timeline: NSA spying in Silicon Valley and SF
Mark Klein, a technician at AT&T, learns of the existence of a secret room being built in cooperation with the National Security Agency at AT&T's San Francisco facility on Folsom Street.
The New York Times breaks the news that the NSA "has gained the cooperation of American telecommunications companies to obtain backdoor access to streams of domestic and international communications."
January 31, 2006
Civil liberties organizations, including the San Francisco-based Electronic Frontier Foundation, file suit against AT&T for collaborating with the NSA, including technical documents provided by Klein as part of the complaint.
March 12, 2008
NSA collection of Yahoo data begins under PRISM, according to a top-secret slide leaked by Edward Snowden to The Guardian UK and the Washington Post. (Yahoo is based in Sunnyvale.)
June 20, 2008
The Foreign Intelligence Surveillance Act (FISA) Amendments Act passes in the U.S. House of Representatives, retroactively granting AT&T and other telecoms immunity from being sued for cooperating with the NSA.
January 14, 2009
NSA collection of Google data begins under PRISM, according to a top-secret slide Edward Snowden leaked to The Guardian UK and the Washington Post. (Google is based in Mountain View.)
June 3, 2009
NSA collection of Facebook data begins under PRISM, according to a top-secret slide Snowden leaked to The Guardian UK and the Washington Post. (Facebook is based in Menlo Park.)
September 24, 2010
NSA collection of YouTube data begins under PRISM, according to a top-secret slide Snowden leaked to The Guardian UK and the Washington Post. (YouTube is owned by Google, and based in Mountain View.)
NSA collection of Apple data begins under PRISM, according to a top-secret slide Snowden leaked to The Guardian UK and the Washington Post. (Apple is based in Cupertino.)
June 6, 2013
The Guardian UK breaks the news that the NSA has access to the contents of communications flowing through the servers of Silicon Valley tech giants, through PRISM.
June 7, 2013
Google CEO Larry Page and Chief Legal Officer David Drummond release a statement saying Google has "not joined any program that would give the U.S. government—or any other government—direct access to our servers. ... We had not heard of a program called PRISM until yesterday." The same day, Facebook CEO Mark Zuckerberg releases a statement saying, "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. ... We hadn't even heard of PRISM before yesterday." Other tech companies issue similar denials over following days.
June 11, 2013
The Stop Watching Us campaign kicks off as more than 80 civil liberties organizations, many of them based in the Bay Area, set up an online petition and open letter to Congress.
June 14-17, 2013
In separate statements, Microsoft, Facebook, and Apple reveal that they had received 4,000-10,000 requests each from US government and law enforcement agencies in 2012 for information regarding up to 30,000 devices and accounts.
(Information from eff.org, optin.stopwatching.us, and guardian.co.uk.)