There are both clear and subtle implications for widespread surveillance. Whether they will practically impact your life and rights depends on chance and your private habits.
Here's a broad list of consequences that is by no means exhaustive:
1. You can be indicted and charged with a number of felonies, most notably treason and violating national security, for your private correspondence and electronic habits.
2. Incidental to an existing charge, you can have your private interests and communications leveraged against you as evidence not directly relevant to what you're being tried for.
3. You can be implicated in crimes for communicating with known criminals or having any demonstrable (reasonable or otherwise) association with "people of interest." Corollary to this, you could be harassed and pursued and made to act against such people in the interests of national security.
4. You could be blackmailed or slandered in the public eye, effecticely crucifying you in the media, by taking your private life out of context in the name of the legal process.
5. You would be effectively "nude" in the virtual sense - every thing you do is and could be an actionable offense or interpreted as one, despite the fact that it's not in direct offense to anyone else and despite the fact that it's private. Your every interest, hobby and habit could be dissected and questioned as though an Orwellian thought police agent were ever vigilant in your room.
6. Innocent until proven guilty would be effectively null and void. You could be presumed guilty for all of the aforementioned reasons and due process would be extremely hard for the average individual to utilize to their advantage.
All of these would scale (against you) in a situation involving mass media. You might believe that on a cursory inspection these are justified if it prevents terrorism. That is a fear response, to which I reply that our government, and the rule of law it represents, is lost if we walk down this path.
Sacrificing liberty for the sake of liberty is both absurd and fundamentally objectionable.
The biggest implication - it makes opposition impossible. In a few years there will be nobody to defend the average person rights. "Power corrupts and absolute power corrupts absolutely"
All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptable. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted. - Frank Herbert, Chapterhouse Dune, Missionaria Protectiva
Let's just say this: have you at least pirated a song or a movie, smoked marijuana and bragged about it online, or done anything at all that you know could be seen as a crime, or even stuff that you think is "moral" but probably illegal?
Okay. Then in a surveillance state you better not ever try to piss off the national leaders, or even the local ones (depends how far this gets), and you better not complain to your friends and neighbors either.
Because that's how they'll get you. Not with the last part - but with the first one. You'll just be another "pot smoker" or "pirate" and they'll demonize you as a dirty criminal who deserves prison.
The danger as I see it is negligible to the average Internet user, until they become a person of interest to someone with the power to use these programs - a journalist say might pursue their work for decades without being interfered with, but with all their correspondence stored, only to find themselves undermined fatally by their actions at the age of 19 when they broke a story which the administration didn't like, decades later. In the same way that Nixon abused surveillance powers to undermine reporters, someone high up in the chain of command could redirect the NSA for their own purposes - if there is no open judicial oversight and no respect for the rule of law, this is inevitable. I wouldn't want to live in a world where that is possible.
What I find disturbing about these tools is that they are far more suited to retrospective analysis, and therefore to discovering dirt on ordinary people and undermining the rule of law, than suited to tracking terrorists (the ostensible aim). They'd be far more useful to someone like Nixon than to someone genuinely concerned with promoting America's interests in the world and stopping terrorist attacks, because those planning serious attacks will simply use other means of communication (as in Bin Laden's use of paper and messengers). In addition to that they are so wide-ranging that the damage and danger caused by them far outweighs any possible benefit.
Also this sort of powerful bureaucracy has a way of ensuring its own survival after it reaches a certain size and power - after all if the NSA hears politicians are planning to shut them down, they might have to take steps to stay in business - a very easy task with tame secret courts rubber-stamping requests and a culture of little respect for the rights of those surveilled. Just a matter of digging up their surveillance on most of congress (who of course have all had contact with foreigners, so fair game), and deciding where to apply leverage. Imagine then someone truly evil in charge of the NSA, and the power they could wield, unfettered by quaint notions of international law or oversight by other branches of government.
> What I find disturbing about these tools is that they are far more suited to retrospective analysis, and therefore to discovering dirt on ordinary people and undermining the rule of law,
Aha yes. Access this kind of system would be Stalin's or any other brutal dictator's wet dream. This is what they'd get a hard on thinking about. "Oh, I wish I had a system where everyone would input their hobbies, interests, connections, all they messages (Facebook, GMail, Skype, etc) and then I would be able to read and access those things, all the phone calls, shopping habits, text messages, what kind of porn they like, who they like to joke about, what they eat,...mmm". Well guess what we have that here and now.
Retrospective analysis is the key here. I have mentioned in the past how the formula for a successful brutal dictatorship is this:
1) Complicated, ambiguous and broad laws (disobedience, being suspicious, obstruction of justice, obstruction of business, disorderly conduct, etc etc)
2) Total monitoring and control & archiving
Just those 2) are enough. With enough background material to scare anyone with jail, a criminal record, disclosure of shameful information ("I see you like foot fetishes, how would you like if your church friends found out about that?... Are you sure you should keep participating in this Occupy movement, think twice about it...") they can control and manipulate anyone.
If someone lies to your face for years and, only when caught red-handed, claims that what he/she is doing isn't all that bad, would you believe them?
It's worse than that. Not only does the U.S. government expect us to believe the content of our communications are safe from their eyes unless we "have something to hide", they're about to come down hard on the whistle-blowers that made them admit as much as they have. It's as if that red-handed thief were quietly shoving the person who caught them out a window while telling us a story about how it's not what it looks like!
Tomorrow: Insurance companies, your competitors and your employer.
There is nothing wrong with surveillance per se, however it requires a transparent and accessible legal system to keep it in check - right now that is not happening.
People will increasingly censor themselves. Not everyone, maybe, but those with non-mainstream views will increasingly learn they need to guard what they say on the internet.
And slowly, the greatest meeting place we've ever had will lose its potential.
... that's my biggest fear, anyway.
On a straw poll amongst my friends many of us are already self censoring to some degree. And we don't have extreme views, either, we're just cautious about how things that we thought might be anonymous no longer are, how jokes might be taken out of context in the future or links made between accounts that are meant to be separate.
We are essentially moving towards the Panopticon Internet:
> the essential elements of Bentham's design were not only that the custodians should be able to view the prisoners at all times (including times when they were in their cells), but also that the prisoners should be unable to see the custodians, and so could never be sure whether they were under surveillance or not.
Since starting Lahana[1] I've become much more aware of the information we leak and the information that can be intercepted. In terms of counteracting the average Internet user, provided that Amazon isn't in the prism list (and I'm referring to Amazon outside of country) A private Lahana node may be sufficient, but I'm not making promises and would welcome ideas both to the contrary and ways of making Lahana better while still accessible.
Lahana was designed to be accessible by lowest common denominator non-technical people on closed hardware. At the moment as an experiment I'm building supporting infrastructure for Lahana, starting with StaTorsNet[2], an Anonymous/Pseudonymous twitter implementation based on Statusnet. Again, I welcome comments positive and negative especially if they can be used to improve the deployment or convince me to pull the service based on risks.
I've been looking at Mumble for calls, but am interested in alternatives with working mobile clients. If anyone wants to get together and turn this into a proper project, please get in touch from my profile page. I'm game if you are.
I'd say it weakens you if you ever ever go up against the powers that be.
Say you want to protest or challenge the government about something like chemicals on farms, child mortality, racism, legalising pot, or some other abuse. As soon as you do, the government will rake though their data on you, and use anything they can find to rubbish you, over an above the point you are trying to make. It means millions of people will not longer have an effective voice.
Imagine an e-petition with a million names on it. A fairly quick database scan, matching signatories with information will enable a government to deal with the lot of them in one go.
For the average person - not much impact. However, once this data exists in a central, searchable format, you can bet that it will get used for purposes other than national defense.
It'll start off with being used to locate missing & kidnapped children. Then it'll be used to locate spouses who haven't been making their child support payments. Then it'll be used to locate tax cheats (what can be more un-American than not paying your taxes?) And then people for whom there are outstanding warrants - both felonies and misdemeanors. Like unpaid traffic tickets.
There are broadly two types of innocent victims. Those who feel violated if they found someone had broken into their house and gone through their underwear and those who would be dismissive because their underwear was all clean and no real harm was done. Rather than trying to decide which victim reaction is correct by trying to assess if any real harm was done or not perhaps we could ask what possible justification there was for a stranger to be in their underwear drawer in the first place.
Except nothing has changed. This has been going on for enough time that if the average Internet user hasn't been effected by it yet then they don't have much to worry about in the near future. So for the immediate future there are absolutely no implications on users other than being aware that someone can look at your communications, which you should have assumed already. Because if the NSA didn't already have your information than Google, Facebook and every other social network certainly did, something that we have been well aware of for a long time.
>Except nothing has changed. This has been going on for enough time that if the average Internet user hasn't been effected by it yet then they don't have much to worry about in the near future
That's from the things you CAN see (I don't see ordinary people being harmed directly by this program). What about the things you can't directly see or measure?
Some issues that come to mind:
1) This kind of privacy abuse opens wide open the Overton window about surveillance. Today it's the secret services. Tomorrow the general government (from IRS to the FDA). The day after tomorrow insurance companies, corporations, etc.
2) This kind of privacy abuse harms directly people that the government, men in power, lobbies with heavy clout, etc, consider dangerous. Dissidents, activists, whistleblowers, investigative journalists, hackers, etc. To draw an historical analogy, people like MLK, Aaron Swartz, Mother Jones, Howard Zinn, Phil Zimmerman, EFF, Timothy Leary, I.F. Stone, and thousands more. People that make society better, or push certain aspects of it forward.
Those people ARE constantly monitored by the government, are harassed regularly, are being blackmailed or even made to shut up or disappear, are threatened with legal action for bogus charges, etc. It's difficult to measure the harm on a society's future caused by enabling the government to keep tabs and better control these kind of people.
3) It shows a huge moral, political and judicial decline that Nixon got punished and yelled at, by the media, for Watergate (eavesdropping on the opposite party), and in 2013 American accepts it's government eavesdropping, keeping tabs, etc, on virtually ALL Americans.
While these are all valid reasons to be concerned about future abuses, none of them are implications on the average internet user resulting from the uncovering of PRISM.
Going forward don't store your bitcoin wallet on gmail or other cloud provider because you might help some analyst pay off their gambling debts.
Also if you are working with a foreign company that is competing with a major US company don't use cloud providers since the NSA has engaged in industrial espionage.
"The first came from a Baltimore Sun report which said the European consortium Airbus lost a $6bn contract with Saudi Arabia after NSA found Airbus officials were offering kickbacks to a Saudi official.
'The paper said the agency "lifted all the faxes and phone-calls between Airbus, the Saudi national airline and the Saudi Government" to gain this information' http://news.bbc.co.uk/2/hi/europe/820758.stm
A question which is overlooked in this kind of answers is, how do you circumvent your mistrust of your own OS?
It's a foregone conclusion that Microsoft OSes have backdoors for the NSA, and it's not unlikely that they also know some exploits, which grant them access to many distributions of open-source OSes. If my OS reports everything to the NSA whenever I access it, encrypted cloud storage won't help that much; it will only make super-wide surveillance harder to scale.
There are no implications for an average netizen, since an average netizen doesn't use strong end-to-end crypto nor does he/she avoid cloud-like-storage/services (it doesn't matter which).
Average individuals aren't opposing her/his government or committing a felony.
They simply can't anymore because they would provide their own evidence/leverage against them or simply because there is nothing left to hide anymore.
The basic idea is build web applications that only store encrypted data on the server. All data is encrypted and decrypted on the client using JavaScript.
I'm just going to repost a comment I made during an HN thread on trolling here:
----
"....However, on a general note, I think it is important to realize that every text message you send, every cell phone conversation you have, every post to the CNN forum you make, every tweet you send ... is directly attributable to your IP whether you use your own name or not. With Facebook and Google tracking everything you do, whether you are logged in or not, I would go one step further, and say all of these things are directly attributable to you personally.
I would strongly urge young people to really think about what they are putting out there. Consider this, the military was doing the equivalent of credit checks for sensitive positions during the 60s. No one else typically had to have credit checks back then. [Today...] you need a credit check to do ANYTHING, even things that don't require credit. How long before an internet and phone background check is standard in the background checks organizations do before offering jobs? [Saying that it won't happen is naive.]
I can tell you the military is doing this sort of screening right now for sensitive positions, but at least you are confronted about it. It still basically ends your career, but they will give you a chance to explain your posts. In the private sector in the future, they will just deep six your application and you won't know what happened. Or they'll let you in at entry level, maybe, and subsequently you'll start running up against an invisible barrier as you try to advance beyond the first or second layer of management. Or you will find resistance to you advancing into management at all.
Also be mindful, it can affect more than your professional life. Think about what the background [and credit] checks for apartments will look like in the 2020s. Or what 'dating sites' will be like in the 2020s [perhaps with Google Glass]..."
----
That comment was made in a thread on trolling... but the principle is apropos here as well. Back in the 60's credit and background checks were not commonplace because only security agencies had incentive enough run that information down and collate it for a given person. Security Agencies like... say... National ones. Eventually the process was smoothed out so much that today even a rinky dink property manager in Rochester MN, or Santa Clara CA can run that information down. So they do! Whenever you want to rent an apartment. And employers do as well... whenever you want to get a job. etc. etc.
Now think about that in the context of a theoretical "internet and mobile phone profile check".
For an apartment?
For a job?
For a date?
For a lawsuit? or for a divorce?
or even...
Just for the hell of it! Why not? I never liked that lady anyway.
So people ask... what are the implications?
Well... consider "scope creep".
With information of this nature... the number of methods to command your conformity that the government and military can dream up is legion.
Now think about that in the context of a theoretical "internet and mobile phone profile check".
If you're a marketer you can already buy this data from various vendors. The way it works is since everyone signs up for various services with the same email address, they just figure out what your email address is, then scrape out your data from all the services you've signed up for.
what are the implications .. you can't have a conversation with someone without thinking that your thoughts and opinions right now won't be tied and assigned to you forever ..
Imagine a highschool student who liked some band or political movement on facebook or talked about it on skype that is somehow tied to a imbalanced person who shot up a school or committed a crime? how could this effect his applications to state universities or grants or whatever? who knows...
do you trust the goverment that feels the need to spy on everyone behind their back to make a decent decision?
I've been keeping all of my work notes/journals/thoughts in OneNote which is synced and stored on Microsoft's servers ... who has access to those?
I don't want the bureaucracy to use my private thoughts, my private information or my private feelings to make decisions about me for whatever reason .. what happened to having rights and liberty?
tl;dr the implications are that you don't have the freedom to be yourself as long as this is going on
Here's a broad list of consequences that is by no means exhaustive:
1. You can be indicted and charged with a number of felonies, most notably treason and violating national security, for your private correspondence and electronic habits.
2. Incidental to an existing charge, you can have your private interests and communications leveraged against you as evidence not directly relevant to what you're being tried for.
3. You can be implicated in crimes for communicating with known criminals or having any demonstrable (reasonable or otherwise) association with "people of interest." Corollary to this, you could be harassed and pursued and made to act against such people in the interests of national security.
4. You could be blackmailed or slandered in the public eye, effecticely crucifying you in the media, by taking your private life out of context in the name of the legal process.
5. You would be effectively "nude" in the virtual sense - every thing you do is and could be an actionable offense or interpreted as one, despite the fact that it's not in direct offense to anyone else and despite the fact that it's private. Your every interest, hobby and habit could be dissected and questioned as though an Orwellian thought police agent were ever vigilant in your room.
6. Innocent until proven guilty would be effectively null and void. You could be presumed guilty for all of the aforementioned reasons and due process would be extremely hard for the average individual to utilize to their advantage.
All of these would scale (against you) in a situation involving mass media. You might believe that on a cursory inspection these are justified if it prevents terrorism. That is a fear response, to which I reply that our government, and the rule of law it represents, is lost if we walk down this path.
Sacrificing liberty for the sake of liberty is both absurd and fundamentally objectionable.