Privacy vs Protection: A look at what the NSA PRISM impacts you

The following are my thoughts regarding the recent news of the NSA surveillance of their PRISM program. If you are not aware of what it is, or its full extent, you can read more about it at places like The Verge and Security Now! at GRC.

Update: I added a link to a post from The Verge about the number of terrorist attacks prevented.

Growing up, my dad raised horses. To keep the horses in he set up a very powerful electric fence around the back half of our property. Every other second 10,000+ volts surged across the line dissuading the animals to breach their perimeter.

My dad did this to protect the animals from getting lost and possibly injured by controlling where they could go. It also protected them from possible predators outside of the fence. Though it was a good thing to have, that fence has caused me more pain than anything else on our little ranch. Why? Because being a curious kid I touched it far too many times; sometimes accidental sometimes not. Just in case you were wondering, 10,000 volts hurts! Note: Yes it really was 10,000 volts, but the amps were nearly zero. Also, since it pulsed on and off it couldn't electrocute anyone.

Why bring this up? I've been reading various articles about the recent discovery of the NSA PRISM program. If you don't know what PRISM is, basically it has been discovered that the NSA has been gathering tons of data on US citizens from across various ISPs, cell companies (Verizon and AT&T), and tech companies. The tech industry and privacy concerned citizens have exploded with anger and concern about this invasion of privacy. Though I don't like the idea of my seemingly private conversations being logged for possible future review, I think there is a valid reason for such surveillance, assuming it is used for our good and not by people who are corrupted with power (which I'm sure some feel the US government is).

Protection vs Privacy

Why is the NSA gathering so much data about people, foreign and domestic alike? What is it they are looking for? Do they want to know about your friend who called to see if you want to go to lunch? How about the password to an account your spouse forgot? I got it, they want to know about that affair you are trying to keep secret... right?

If the reports are true, and the NSA is "spying" on Americans, it isn't to know what things you are hiding from your family, friends, or the world at large. They are looking for terrorist activity. They are looking for those predators that are trying to hurt us Americans. That begs the question, what do we want from our government; protection from those who wish to harm us, or for the government to ignore our "private" conversations on the public Internet?

Encryption Will Save Us?

So what is the solution? We can petition the government to stop but I have a feeling even if they say they will, they'll find new ways of doing it, our online communications is very valuable data. It isn't that we can't trust our government to follow through and obey their own laws, it just that the bulk of all Internet traffic flows through the US. If we want our government to filter terrorist from foreign sources they also have to filter through US communications. If regulating who they can watch won't work then what should we do as citizens, at least those who are concerned -- it seems the bulk of citizens aren't (66% agree with what PRISM does) -- is to encrypt all communications so even if the communication is captured at least the government won't know what was said.

Let’s say that the majority of citizens were concerned and did encrypt all communications, from IM to email to voice calls, all encrypted. What happens then? With an increased awareness of encryption systems among citizens means an increased awareness among criminals/terrorist. I'm pretty sure more sophisticated criminal outfits already use encryption end-to-end anyway. As more and more people take their seemingly private conversations on the public Internet and make them truly private with encryption the NSA and FBI have nothing to see but a lot of noise, though they will still know who sent what, when, and to whom; just not what was said. Well that is great and all, but the problem now arises that these agencies, whose mission is to protect US citizens, can't do their job in a timely fashion. Because once they see something suspicious in communication patterns they can't just look up the data to see what was said, they'll have to break the encryption first and that delay may cause the deaths of quite a few people depending on what attack they can't prevent.

And now we go back to the protection vs privacy argument again. If we all encrypt our data then we have our privacy but now we have little protection since the criminals will likely use encryption too. The NSA has stopped over 50 terrorist attacks around the world because of this surveillance program; such as a bomb plot at the New York Stock Exchange. How many terrorist attacks have they missed since 9/11, not nearly as many as they've thwarted. What that means is, if in a perfect world we could encrypt all of our data to assure our privacy or the government just stopped watching, there would likely be an increase in crime, terrorism, and casualties we haven't seen in the US before. Some people attack the US because they are crazy and don't care of dying. But if a criminal/terrorist thought they could attack without being caught because no one could see the preparation or thought no one was watching, a lot more people and groups will commit crimes. "While the cat is away, the mice will play."

Summary

Ultimately what matters is how this news impacts you and how it could impact others, including those whom you love. As I mentioned before, I don't really like the idea of being watched, but know that the NSA and FBI aren't watching you specifically. There is too much data for them to do that. They are watching for patterns and establishing a history of patterns. If you never do anything to trigger suspicion then I doubt anyone will even look at your online doings. Now if you feel there is something that you want to share with someone and you don't want the government to know or you just want to cover all your bases, encrypt it. If you don't want the government to know who originated or received said encrypted data there are ways to hide your identity as well.

Otherwise, know that your communication patterns are being recorded and possibly the data you send onto the public Internet is being captured too. This is the world we live in, even before the Internet. I'm sure growing up you've had parents, teachers, adult leaders who watched what you did just in case you got involved in something harmful to you or to others. Nothing has changed, we are still watched, just who is doing the watching changes. Fighting against this I don't think really does anything positive. What is better is how to adapt to it. Honestly, you've always figured the government was watching anyway right?

My last question to you is, do you trust your government, its checks and balances, to have you, as a US citizen, as the most important asset to protect?