A Roundup of Recent Surveillance Revelations

The Washington Post and others have reported extensively on the now declassified secret court opinion from 2011, which claims that the National Security Administration (NSA) has been illegally gathering tens of thousands of electronically-based communications among American citizens for several years now. An internal NSA audit conducted in May 2012 reported 2,776 incidents of unauthorized collection, storage, access to and distribution of legally protected communications from April 2011 to March 2012.  

As part of their bulk surveillance program, the NSA has put pressure on numerous companies to release information about their customers. In early August, Lavabit, an email service used by Snowden and approximately 400,000 other people, shuttered its operations after rejecting to comply with a court order to help the US government spy on its clients. Founded in 2004 and owned by Ladar Levison, Lavabit email services used asymmetric encryption to provide a significant level of privacy and security for its users -significant enough that US intelligence agencies could not crack it. Under gag order, Levison was prevented from discussing in detail the reasoning behind his company’s shutdown. On the Lavabit website Levison left a cryptic message for users regarding his decision:

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise.”

Following the news of Lavabit’s shutdown, another secure communications provider, Silent Circle, decided to shutter its email services as well.  Technical operations manager Louis Kowolowski told the Guardian: "With the tapping of backbone internet providers, interested parties can now see all traffic on the internet. The days where it was possible for two people to have a truly private conversation over email, if they ever existed, are long over."

Silent Phone and Silent Text, two other Silent Circle products remain intact. Regarding future developments, Silent Circle CEO Michael Janke said in a recent interview, “Our team has been working on a true peer-to-peer [encrypted] email app that looks, feels, acts like normal email, but it's not." For now, however, Janke decided to preemptively shutdown Silent Mail to avoid being forced to hand over its clients’ private information (specifically metadata) to the NSA.

As Kowolowski told the Guardian, "If your goal is to not have metadata leakage in your otherwise secure communications, you may wish to avoid email altogether. Email leaks the information about who is communicating, and how often. This information may be just as damaging as the content of the email."

A few days after Lavabit and Silent Circle discontinued their email services, news came out about Google’s claim in a recent court filing that “people sending email to any of Google's 425 million Gmail users have no ‘reasonable expectation’ that their communications are confidential.”  According to Google, "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient's ECS [electronic communications service] provider in the course of delivery."

If you want to see what information can be found out about you based on your email metadata, check out Immersion, an online tool developed by people at the MIT Media Lab. Curious about just how much data flows are impacted by bulk surveillance? Take a look at Open Data City’s Prism map.