Partnership between NSA and telecoms pose both security and privacy risk, experts say
Recently revealed documents from former government contractor Edward Snowden, and investigated by The New York Times and ProPublica, indicate that the National Security Agency (NSA) held intimate ties with major telecommunications companies until at least 2013.
The news confirmed what many foreign governments and privacy advocates already knew; the NSA partnered with some of the world's biggest telecommunication companies, including AT&T and Verizon, to collect tons of information on foreigners and some Americans without warrants.
“I think that for us, the thing that is the most striking is how consistent this evidence is with what we already knew,” said Cindy Cohn, executive director at the Electronic Frontier Foundation (EFF), in an interview with this publication. “For people who have been watching this, this is just confirmation and an important confirmation.”
She went on to say these documents, which include slideshow presentations and budgetary information, have implications for Americans beyond their freedom and privacy. She views massive data collection as a security issue, as well, considering that one agency might be holding billions of people's personal information.
“There have been enough government leaks of information that we ought to not assume that if the NSA has custody [of data], it won't go anywhere else,” she said.
This round of Snowden leaks demonstrate that AT&T, and to a lesser extent Verizon, provided internet communications of users whose data went through their U.S. cables.
Speculation remains as to whether the programs still exist, but as Cohn said: “The story that [these documents] tell is [the NSA is] just grabbing more, and more, and more, and more. Nothing in this six-year span is of them getting anything less. [So our] best guess is that trajectory continued.”
Christopher Parsons, postdoctoral fellow, Citizen Lab at the Munk School of Global Affairs, seconded Cohn's thoughts and expressed surprise that no documents have indicated any change in programs.
For its part, an AT&T spokesperson said in a comment to SCMagazine.com that it does not “provide information to any investigating authorities without a court order or other mandatory process other than if a person's life is in danger and time is of the essence.”
The company cites a kidnapping situation as one example situation where it would assist law enforcement without a warrant.
Verizon declined to comment.
Both AT&T and Verizon issue transparency reports as a way to maintain some openness with their users. Even still, these transparency reports mainly account for smaller law enforcement efforts with warrants, as opposed to greater national security requests.
The federal government bars companies from reporting these national security requests in large bands. So, for instance, AT&T said during the first half of 2015 it received somewhere between 500 and 900 National Security Letters (NSLs), which concerned between 2,500 and 2,999 customers. That's as specific as it can legally get.
Even if Americans aren't exactly concerned about their data, per se, Parsons reminded that beyond losing its citizens' trust, the U.S. government loses diplomatic credibility through these leaked documents. The government can't argue for a free and open internet if it monitors foreigners and its own citizens, he said.
“If you use the internet, and the data goes through the U.S., the government is spying on it,” he said.
This article was first published in our sister publication SC Magazine.