Thursday, June 13, 2013

More than Metadata? A Review of the Technology

The President said the NSA just collects metadata about our phone and email correspondences, but that doesn't comport with Snowden's claim that he could read private emails and phone conversations. What are the facts?
The other day when I first checked, the Wikipedia page on the NSA's new Utah Data Center said it's supposed to have a data capacity of 5 exabytes. Now it says "on the scale of yottabytes." NPR reported the other day that it's 5 zettabytes. In reality I think all that is just inference based on the size of the center and the 65 megawatts of power it is supposed to draw.
Whether it's exabytes, zettabytes, or yottabytes, it seems like way more data storage than necessary for just metadata, which for a single call or email might only be a few dozen bytes.
This is conspicuous because you wouldn't build data capacity for future use; you would surf Moore's Law and add capacity as it becomes needed. I think the data center corroborates Snowden's claim that the NSA collects content, not just metadata.
If that's the case, then does the UDC scan for keywords and phrases that might trigger an investigation, or does it merely compress and archive until there's a search warrant?
And are they collecting location data from our phones, too?
Facial recognition technology is already pretty well developed. More cutting edge research involves face detection that can interpret your mood and even work as a lie detector. The camera on the upcoming Xbox One is supposedly going to be able to measure your pulse! When this technology is more fully developed, will the NSA be using it to analyze security footage?
I don't know whether these things are legally feasible, but they're certainly technologically feasible - if not now, then in a few years. With gigantic multi-billion dollar data facilities, it's hard to imagine the NSA not putting them to use.
If terrorists suspect the government is doing these things, I expect they will adjust their behavior accordingly. So I don't see a big downside to the government being more transparent about this stuff. 
Ultimately I think the tradeoff between privacy and security should not be made in secret, but should be open to our input. This is such a difficult issue because we don't really know the scope of the threat to our safety. If the threat is another Boston Bombing, then I don't see a huge need for such invasive security. But just as technology enhances the government's ability to spy, it correspondingly enhances the power of terrorists. I'm not scared of pipebombs and machine guns; I'm scared of bio-terrorism and the like.
So how do we strike the right balance? I have no idea. My own suspicion is that the NSA will tend to exaggerate the threat and expand its own capabilities. Maybe the best we can do is preserve a strong legal check on the state's surveillance power and hope that the good outweighs the bad.
Regarding Snowden, a lot of people say he is self-aggrandizing, but I wonder whether these people watched the interview or read a transcript. In print, his words do seem dramatic, but in his interview he struck me as a very reasonable, intelligent, thoughtful guy. I like him!