5/19/2017 0 Comments Final essayPearce Reinsch
CST 373 5/18/2017 Ethics of NSA Data Collection The invention and adoption of the internet has had a revolutionary change on society, the effects of which are still ongoing. The average person is now more connected and conducts much of their life activities through the internet. This transition to the digital age began with simple communication through email and message boards and has grown to include banking transactions, business and social interactions, and many new forms of entertainment. A result of this migration to a digital lifestyle is that there are many situations where new grounds are being broken which need to be considered from an ethical perspective. One such case is the mass collection and surveillance of internet communication data being conducted by the National Security Agency (NSA). There are many ways the NSA is collecting the various transmissions that are conducted through the internet. One such operation the NSA uses in their endeavour of data collection is called SECONDDATE. According to technology reporter Sam Biddle, “SECONDDATE is a tool designed to intercept web requests and redirect browsers on target computers” (2016). Essentially, SECONDDATE enables the NSA to directly monitor the activities of a target and potentially send malware which would enable the NSA to conduct more invasive monitoring of internet activity. Another operation which is closely related to SECONDDATE is called BULLRUN. World events reporters James Ball, Julian Borger, and Glenn Greenwald quote the NSA’s own contractor guide book when describing this operation; “Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies” (2013). On top of being able to directly intercept a targeted person’s internet traffic, the NSA has the potential ability to decrypt messages which have been encrypted through popular encryption algorithms. One method used by the NSA to maintain this decryption ability was to take part in the development of the standards behind the mainstream encryption methods, effectively holding the keys to reverse engineer the encryption method used to encrypt the target message (Numberphile 2013). One hopes that the messages being decrypted and stored by the NSA are those being transmitted by criminals and terrorists, but the potential for abuse of this powerful tool exists. Because of the amount of resources involved in the previously mentioned operations, it is likely that the NSA primarily uses those particular strategies for very targeted applications. A more cost effective operation conducted by the NSA allows them to collect the internet communications of nearly all global internet traffic that is routed through the United States. This NSA catchall operation is called PRISM. According to a review of internal NSA training slides by the Washington Post, “the top-secret PRISM program allows the U.S. intelligence community to gain access from nine Internet companies to a wide range of digital information” (2013). The NSA, through unknown means, has gained access to the internet transmissions of the top internet and technology companies. It is unknown if these companies are willingly and knowingly allowing access to the NSA or if the NSA has obtained this level of access covertly. Because the vast majority of the internet traffic from around the world is ultimately routed through the United States and nearly all of that traffic is processed by a select few large technology companies, the NSA has access to a high percentage of internet communications through this one program. A companion operation, whose name is unknown and may be included in the PRISM operation, is believed to target the interception of internet communication before it is routed through the United States technology companies. The American Civil Liberties Union (ACLU) states “the military spying agency has extended its tentacles into much of the U.S. civilian communications infrastructure, including, it appears, the “switches” through which international and some domestic communications are routed” (2006). From this information it can be gathered that the the NSA has operations in action that provide access to internet traffic both before and after the traffic is routed through the major technology companies based in the United States. Aside from the process of collecting the massive amounts of data being transmitted through the internet, the NSA also has means of storing large amounts of data that is deemed of note to ongoing investigations. There is likely small amounts of information gathered through the NSA’s various operations that is stored at any of the various NSA locations throughout the world, but the bulk of the collected data is stored at a main storage facility located at an extensive compound located in Utah. There have been many projections on the storage capacity of this NSA data center, but the most detailed analysis and estimation has come from the privacy and technology reporter Kashmir Hill. According to Hill’s report on the subject, “the facility could hold up to 12,000 petabytes, or 12 exabytes” (2013). This is a number that can be difficult to digest for the average person as it is not comparable in size to media used in everyday life. To help put this amount of data into perspective, approximately 1 exabyte is equivalent to the data used by streaming all of the shows on Netflix 3,000 times over (Dutcher 2013). The NSA can store at least twelve times that and with the ever increasing amount of data density this number is likely to be higher each passing year. With this astounding amount of storage capacity, the NSA has the ability to easily maintain its mass collection and storage of internet communications. A result of the data collection en masse performed by the NSA and the pervasive reach of the internet, the individuals involved in the data collection operations amount to nearly half of the global population. To narrow down the analysis the involved parties in this case will be considered as those in the following groups: the NSA and affiliated intelligence agencies, the citizens of the United States, and the targets of the NSA data collection operations. The NSA operates on the duty of providing securing the safety of the nation of the United States and by extension the citizens thereof. Because the NSA is a United States institution it must follow the regulations set forth by the legislators of the United States. The leaders of the NSA believe that the collection and analysis of data at a large scale is necessary to gain advanced knowledge of any impending threat to the nation it serves. In the scope of the ethical analysis of the internet data collection performed by the NSA, the citizens of the United States retain the rights expected by all humans and, in the eyes of the NSA, any rights granted by the Constitution and its amendments. The most notable amendment which applies to this case is the fourth amendment which guarantees a citizen’s right to be secure in their person and against unwarranted search and seizure. Also in the scope of this case, the targets of the NSA data collection operations retain the rights expected by all humans, but not any of the additional protections afforded by the Constitution of the United States or its amendments. There are many arguments about what should be considered a universal human right; the United Nations has declared that freedom, life, and liberty are a right among many other attributes including the right to not have one’s privacy be arbitrarily interfered (The United Nations 1948). Because the data collection operations of the NSA is performed in order to ensure the security of the United States and its people, it could be viewed that the interference of privacy in this instance is not arbitrary and therefore this case does not explicitly violate the right to privacy. There are several actions that can be considered in the case of mass data collection of internet communications. One such possible action is to seek an increase in the amount of data collected, stored, and analysed by the NSA. Another possible action to place restrictions through legislation on the currently active data collection operations. The last option being considered in this case is the action of simply maintaining the current operation levels of the NSA. To review the possible actions in this case certain ethical frameworks will be applied to each possibility to analyze its standing as an ethical action when compared to the other actions. In order to provide an unbiased comparison, each action will be applied to a consequentialist and a non-consequentialist ethical framework. While there are many ethical frameworks that could be used, the two most applicable frameworks appear to be Utilitarianism and Kantianism. Utilitarianism is a consequentialist ethical framework which classifies which action in a collection of possible actions is the most ethical by discovering which action would bring about the most good and the least bad for those involved in the proposed actions (Bonde, S., & Firenze, P. 2011). Kantianism is a non-consequentialist ethical framework which classifies if a specific action is ethical or not based on if the action could be considered a categorical imperative, that is if the action is one that could and should be taken by all people in the same situation. Each of the three options mentioned above will be applied to these two ethical frameworks to determine which of the three options is the most ethical action to be taken for this case. Currently the coverage for the process of internet data collection for the NSA operations is not all reaching, it only covers the majority of the internet. A possible action in this case is for the NSA to increase the amount and reach of data collection both domestically and internationally. When approaching this potential action from a utilitarian point of view both the positive and negative consequences must be considered. An increased level of surveillance could violate the right to privacy, even that of the NSA’s intended targets, but there is a cultural acceptance that “the expectation of Internet privacy does not...extend to spies, terrorist and criminals” (Gallington, 2013). This concept is integral to nearly any criminal investigation and is the basis for the warrant system used in many legal systems. A potential positive result of increased surveillance is that “terrorists, offenders and wrongdoers [would] find it more difficult to plan and organize their attacks and crimes” ("Mass government surveillance", 2014). With an increased level of internet data collection, the NSA would potentially have the ability to monitor and deter attacks on the United Stated and its citizens at an increased effectiveness when compared to current operation standards. While this is a positive outcome for the citizens of the United States, there is a potential negative result of this option. There is a fear that “the increasing capacity of the government to spy on our private lives can contribute to a society in which there is no room for privacy and governments control even the minds of citizens” ("Mass government surveillance", 2014). There is a risk that the ability to access or intercept all internet communications would eventually lead to complete control of the general public, leaving the decisions of what is an acceptable statement at the whims of government officials. Although increased surveillance and data collection levels in the pursuit of national security has a positive effect in some aspect, this option unfortunately decreases the level of freedoms the citizens of the United States and even of those around the world currently retain to the point where the NSA and its government are no longer serving the people. It seems in order to increase security, privacy and freedom must be decreased. When applying the potential action of increasing the level of internet data collection by the NSA to the kantian ethical framework the action must viewed as though it were a categorical imperative. In a situation where all governments have all encompassing access to the data transmitted through the internet there is the very real potential for abuse by any one of the many governments around the world. There are already reports of “aggressive governments [using] intercepted information to intimidate or control their citizens,” (Stray, 2013). There have been many governments that use their power to subject the ill will of corrupt government officials on their unfortunate citizens. If it is expected of all governments to have all reaching surveillance programs, but not all governments act in the best interest of their constituents, then it can be expected that some of the governments will use the power of the collected data to oppress their citizens. According to journalist David Francis, “we have no assurance that the harvested information will not be misappropriated, like we see with Patriot Act laws being used against drug offenders, and government officials using the justification of 'national security' to monitor anti-war demonstrators” (2013). If there are preexisting examples of governmental misuse of intelligence at current levels of surveillance from a country which is supposed to be a bastion of freedom, then how can it be expected that other governments with less reputable histories will not abuse the power that comes with such levels of intelligence. The next option being considered in the case of internet data collection is the enactment of restrictions on the operations that involve the collection, analysis, and storage of internet communications. This action will first be considered through the utilitarian ethical framework, namely the potential positive and negative outcomes of this action. A positive result of this possible action is that the United States “government develops a know-how that could be very important in terms of future security” ("Mass government surveillance", 2014). While the reach of the NSA would be curtailed, the intelligence institution would still retain the ability to monitor and learn about the activities and strategies of those who threaten the security of the United States. In addition to this, the citizens of the United States would have an increased confidence in the privacy and freedom of expression they hold while communicating through the internet. Unfortunately, this comes with the downside that “any “civil-liberties and privacy” officer installed in NSA would...have to impede intelligence activities — a burden we do not need in our already difficult war on terrorism” (Walpin, 2013). Although there would be a positive effect on public rights and perceptions, there is the downside that the NSA and other intelligence agencies would have a more difficult time in achieving their goal of national security. This could ultimately lead to the loss of life of United States citizens as a result of restrictions preventing the NSA from intercepting planned attacks on United States soil. In order to apply the option of restricting current levels of internet data collection by the NSA to the kantian ethical framework, the universal application of the option must be considered. According to Ashley Gorski, a staff attorney on the ACLU's National Security Project, the current levels of NSA’s “spying violates our...constitutional rights to privacy, freedom of expression, and freedom of association” (2017). And, according to Patrick Toomey, also a staff attorney on the ACLU's National Security Project, “there are mounting calls for transparency and reform” (2015) regarding the NSA’s data collection operations. One of the largest issues raised about the current policies regarding the NSA’s data collection operations is that the current policies do not take the privacy and freedoms of untargeted individuals into consideration. If the United States government along with the governments around the world were to enact regulations regarding the collection of internet communications data with respect to the privacy of untargeted citizens then one of the largest issues regarding these policies would be laid to rest. This action also allows the NSA to continue in its mission of securing the safety of the Unites States and its citizens. The last option being considered is to maintain the current levels of internet data collection as currently performed by the NSA. The potential positive and negative results of this action will be weighed in the process of applying this option the the utilitarian ethical framework. A good example of the current levels of NSA data collection operations is outlined by ACLU’s Ashley Gorski, It’s as if the NSA sent agents to the U.S. Postal Service’s major processing centers to conduct continuous searches of everyone’s international mail. The agents would open, copy, and read each letter, and would keep a copy of any letter that mentioned specific items of interest despite the fact that the government had no reason to suspect the letter’s sender or recipient beforehand. (2017) There currently exists a level of expectation of privacy when it comes to mailed correspondence, whether that be of domestic of international origin, so it is not out of the realm of possibility to have that same expectation applied to digital correspondence. A positive trait of this option is that “the capacity to trace and check the communication of suspected criminals and terrorist may help avoid crimes and save lives” ("Mass government surveillance", 2014). The end goal of the NSA is to ensure the security of the United States and its citizens. By maintaining the current levels of surveillance the NSA is able to achieve its stated mission, which is apparent by the lack of major life threatening attacks on United States soil for over fifteen years. While there is the positive result of prevented loss of life, there remains a loss of privacy and freedom of expression to the citizens of the United States. The application of the option of maintaining the current levels of internet data collection of the NSA to the kantian ethical framework will involve the consideration of that action being accepted as a universally acceptable action. Due to the activities of the NSA and affiliated intelligence agencies being covert in nature, it is difficult to accurately portray the magnitude of their operations. Because of this, the known actions of the NSA must be used to make estimations of their potential actions. In a known NSA operation, “programmers at the National Security Agency and in the Israeli military created a series of worms to attack the computers that control Iran’s nuclear enrichment center” (Gates, 2012). This is an example of the level of offensive action the NSA is willing to take in their mission for the security of the United States. If this type of activity was to be performed by any and every country in addition to the United States, then there would eventually be an all out war as a result of each country attempting to sabotage each other through cyber warfare. The current levels of unregulated access to internet communications cannot reasonably be considered a categorical imperative as it can lead to potential abuse similar to the situations outlined in the option for an increase in surveillance levels. Each the options outlined have positive and negative aspects to them when considered through the consequentialist utilitarian ethical framework. If surveillance was increased then the NSA could be more effective, but rights to privacy and freedom of expression would be further violated or even removed. If the NSA data collection operations are restricted then the NSA could be less effective, but rights to privacy and freedom of expression would be upheld. If the NSA is allowed to continue their operations as is then the NSA retains its effectiveness, but rights to privacy and freedom of expression would continue to be violated. In this particular case, when applied to a utilitarian ethical framework, it is apparent that increasing surveillance is the least ethical option, but it is unclear at to which of the other two options is more ethical than the other. When it comes to the application of the non-consequentialist kantian ethical framework to this case it becomes clear which option is most ethical. The only option that can be applied universally and be considered the duty of any governmental intelligence agency is to practice data collection with regulatory oversight. As this option is the only action that can be categorized as ethical when applied through these two ethical frameworks, I propose that this should be considered the appropriate action to ethically perform in this case. References Biddle, S. (2016, August 19). The NSA Leak Is Real, Snowden Documents Confirm. Retrieved March 8, 2017, from https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ Bonde, S., & Firenze, P. (2011). Brown University. Retrieved April 10, 2017, from https://www.brown.edu/academics/science-and-technology-studies/framework-making-ethical-decisions Borger, J., Ball, J., & Greenwald, G. (2013, September 06). Revealed: how US and UK spy agencies defeat internet privacy and security. Retrieved March 8, 2017, from https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Dutcher, J. (2013, November 06). Data Size Matters [Infographic]. Retrieved May 3, 2017, from https://datascience.berkeley.edu/big-data-infographic/ Eavesdropping 101: What Can The NSA Do? (2006, January 31). Retrieved March 8, 2017, from https://www.aclu.org/other/eavesdropping-101-what-can-nsa-do Francis, D. (2013, June 11). 5 Reasons Why The NSA's Massive Surveillance Program Is No Big Deal (And 2 Reasons It Is). Retrieved April 6, 2017, from http://www.businessinsider.com/nsa-surveillance-prism-phone-nsa-big-deal-2013-6 Gallington, D. J. (2013, September 18). The Case for Internet Surveillance. Retrieved April 7, 2017, from https://www.usnews.com/opinion/blogs/world-report/2013/09/18/internet-surveillance-is-a-necessary-part-of-national-security Gates, G. (2012, May 31). How a Secret Cyberwar Program Worked. Retrieved March 31, 2017, from http://www.nytimes.com/interactive/2012/06/01/world/middleeast/how-a-secret-cyberwar-program-worked.html Gorski, A. (2017, January 18). Trying to Keep the Internet Safe From Warrantless NSA Surveillance. Retrieved April 6, 2017, from https://www.aclu.org/blog/speak-freely/trying-keep-internet-safe-warrantless-nsa-surveillance Hill, K. (2013, July 29). Blueprints Of NSA's Ridiculously Expensive Data Center In Utah Suggest It Holds Less Info Than Thought. Retrieved March 8, 2017, from https://www.forbes.com/sites/kashmirhill/2013/07/24/blueprints-of-nsa-data-center-in-utah-suggest-its-storage-capacity-is-less-impressive-than-thought/#280df94f7457 Mass government surveillance pros and cons: NSA spying. (2014, August). Retrieved April 6, 2017, from https://netivist.org/debate/government-surveillance-pros-and-cons-nsa-spying NSA Slides Explain the PRISM Data-collection Program. (2013, June 6). Retrieved April 13, 2017, from http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ Numberphile (2013, December 22). Retrieved March 8, 2017, from https://www.youtube.com/watch?v=ulg_AHBOIQU Stray, J. (2013, August 05). FAQ: What You Need to Know About the NSA’s Surveillance Programs. Retrieved April 4, 2017, from https://www.propublica.org/article/nsa-data-collection-faq The United Nations. (1948). Universal Declaration of Human Rights. Toomey, P. (2015, September 18). Caught In the Internet. Retrieved April 7, 2017, from https://www.aclu.org/blog/speak-freely/caught-internet Walpin, G. (2013, August 16). We Need NSA Surveillance. Retrieved April 7, 2017, from http://www.nationalreview.com/article/355959/we-need-nsa-surveillance-gerald-walpin
0 Comments
5/12/2017 7 Comments May 12th, 2017Blog 15
https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security This article discusses the NSA’s operations that target the circumvention of encrypted internet communication. One of the main topics that caught my attention in this article is the statement that the NSA actively works with leading technology companies in the attempt to set encryption standards which are ultimately adopted by the technology industry at large due to the powerful companies leading the trend. The NSA influences technology companies to use encryption protocols that the NSA either has the underlying keys to unlock or has the necessary information to brute force its way into decrypting the message. The ethical dilemma that I noticed in this situation is that of the technology companies. They are in an interesting position where a lot of care should be taken due to the amount of unknown consequences that come into play and the widespread use of technology in the day to day life of most people. If the technology companies do not work with the NSA they, in a way, are providing a safe haven for criminals that happen to use their platforms or services to communicate. But, if the technology companies do follow the instructions of the NSA they are not protecting the interests or the privacy of their law abiding customers. No matter the action taken by the technology companies they would be making some amount of compromise between the services they are providing in the area of security and the prevention of misuse of their services. I think that there should be some sort of system where the technology company has some sort of ability to decrypt any messages sent using their services if they are presented with a search warrant by the NSA. With the current system the NSA can simply decrypt any message they want without a warrant, which does not respect the rights of the customers involved. 5/5/2017 6 Comments May 05th, 2017Blog 14
https://www.aclu.org/blog/speak-freely/trying-keep-internet-safe-warrantless-nsa-surveillance Here is yet another article about the NSA internet surveillance operations. This particular article is from the American Civil Liberties Union (ACLU), an organization which states it is a guardian of liberty and civil rights of U.S. citizens. This article highlights some of the ethical issues that the mass collection of internet communication creates. In the article, the ACLU declares that they are trying to bring several cases to the federal court system regarding sensitive communications conducted by their clients, the type of sensitive information which does not have any connection to national security concerns. A problem with intercepting and possibly storing sensitive communication is the potential for the compromise of the data stores. The only reason the public knows so much about these NSA operations is because of a data leak in the past, so there is already a precedent for data insecurity within the intelligence community. If sensitive communications are leaked by nefarious individuals there is the potential for harm or loss of life in the extreme cases. This is a good example as to why the opposition to the mass collection of internet communication is not only due to the invasion of privacy. Because the internet has become ingrained into the everyday life of so many people, any actions taken which involve the internet must be weighed carefully and the utmost amount of oversight. |
AuthorPearce : CS-SE student Archives
May 2017
Categories |