

Ask HN: Non-US citizen. Why should I care about NSA/PRISM? - mattquiros

Hacker News has been full of links about NSA and PRISM lately but I don&#x27;t understand how that&#x27;s relevant to me. I&#x27;m not a US citizen and live outside the US--I&#x27;m just a developer with some startup dreams and a lot of curiosity to learn new stuff, which is why I&#x27;m (sometimes) here.<p>So I read the article from Wired that explains why &quot;I have nothing to hide&quot; is the wrong way to think about surveillance, hoping to get some answers:<p>http:&#x2F;&#x2F;www.wired.com&#x2F;opinion&#x2F;2013&#x2F;06&#x2F;why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance&#x2F;<p>But the points raised still don&#x27;t seem to concern me. Even if I had something to hide and American police can be abusive, I live outside the US and are bound&#x2F;protected by different laws, and a different police. The only potential problem I see is that the suspect US-born companies store my online footprints in their servers and I can&#x27;t download them for myself. However, I&#x27;m not even sure that&#x27;s a problem because what can they do to me with it?<p>Any thoughts? I was expecting this question to pop up much earlier in HN but it seems no one else was asking this themselves.<p>UPDATE: I&#x27;m from a developing country in southeast Asia that used to be a US colony, but I very, very highly doubt that we even have access to all that NSA&#x2F;PRISM data, let alone that we have an espionage program. Murderers can just get away with their crimes here even if they left hair or fingerprints, because they don&#x27;t even have those data to match against.
======
yen223
As a non-US citizen, the whole PRISM scandal is actually _more_ relevant to us
than to Americans, since Obama (and disappointingly, a lot of commentators
here) basically decided that its perfectly fine for the NSA to spy on
foreigners. The scandal blew up only because the NSA decided to spy on
_Americans_.

Other than that, the risks are the same as before. You have to trust that some
unknown entity (in this case, the US government) will not misuse your private
data.

------
shawn-furyan
In many ways, this is an inherently unanswerable question, and it's just about
as unanswerable for US citizens as well. At it's root, the problem is that
you've left information scattered around the internet, much of this
information is possibly stored indefinitely in various US intelligence agency
databases and that this information can be used to make inferences (correct or
not) and judgments (fair or not) about you and your actions. It is also
possible that information may be framed in a manner so as to give a misleading
impression of you and your actions.

Being outside the US is both an advantage and disadvantage with regard to
these programs. The advantage is that you are in a bigger pool that is likely
less interconnected with those who have access to this data, and so are less
likely to be targeted by abuse of the information that has been gathered
around you. The disadvantage is that it appears that if you did end up being
targeted, it seems less likely that such targeting would rouse suspicion since
the privacy rights of non-US citizens do not seem to be getting any
consideration from US officials at all.

The difficulty with these questions is that people try to think of scenarios
by which information can be used against them. This isn't really a productive
exercise since failure to come up with a reasonable scenario in no way proves
that one doesn't exist.

Perhaps a better question is "Could anyone with access to this data ever want
to hurt me, my relations or our respective reputations?". Implicit in the
question is the assumption that anyone with said access is capable of hurting
you or your reputation by releasing it strategically. Some may argue with this
assumption, but I would challenge that few, if any of us really have a handle
on just how much data we leave laying around on web servers outside of our
control, and so are ill equipped to make judgements about how it might or
might not be used against us. This question too is very difficult to answer
with a reasonable level of certainty, but it at least leads us to some more
productive questions that get at the breadth of the problem:

"Do I, or any of my relations ever openly or privately (in channels controlled
by US intelligence programs) make strong political statements?"

"Do I, or any of my relations play a visible role in any company or
organization that someone with access to this data might find morally or
politically disagreeable or inconvenient?"

"Have I, or any of my relations injured, spurned, rejected, humiliated, or
otherwise hurt, physically or emotionally, anyone with access to this data?"

"Will there ever be a scenario where I, or any of my relations are put into
direct or indirect competition with anyone with access to this data?"

"Could someone with access to this data ever want to randomly target me or my
relations for kicks?"

"Could a malicious 3rd party ever gain broad access to this data and use it in
a way that hurts me or my relations?"

These questions get at just how broadly the effects of abuses of this data
could reach. Will you be targeted for abuse? It's extremely unlikely, there
are 6 Billion people in the world, and there are certainly bounds on the
amount of harassment that can be done secretly. But nobody is really immune
from being effected by abuses of this kind of data. There are innumerable
strong personal incentives for abusing data such as this, and the more of it
that's out there, and the more connected, organized and searchable it is, the
more likely it is that abuses will happen.

[edited to improve formatting]

------
trevelyan
In most cases no-one will want to blackmail you. But people do blackmail
journalists, judges and/or political figures with power. There is a track
record of this sort of thing having been done even in countries like Canada
(where the wife of a former PM was illegally monitored to try and get dirt on
the guy). Or look at Nixon and Hoover.

In any environment where mass surveillance is technically possible and hidden
from effective and comprehensive public oversight, abuse becomes permitted and
hidden.

So standing up for privacy is not just a matter of protecting your own
identity (although that is frankly reason enough). It is about protecting the
conditions under which a free press and democratic society can survive, and in
which individuals can act according to their moral conscience even when such
conscience leads them to oppose entrenched power structures. And you should
care about what happens in the United States not only because God knows how
its security apparatus will use this data against your own country and elected
leaders, but because American discourse influences global perceptions of what
is seen as an acceptable level of state surveillance in other countries.

~~~
e3pi
> But people do blackmail journalists, ...

It's been like ten days since Guardian/Greenberg made public the four
powerpoints as authentic evidence. We had the Q&A this morning, but offers
nothing new from the supposed existence of all the data leaked we've been
teased with.

I get the strategic timed-release explanation, but on the other hand, could it
be, with the US-UK tightly coupled intelligence agencies, that the Guardian
has now a gag order?

If so, and after the Wasington Post waffling, does ES have a plan C?

~~~
mryan
The Ministry of Defence has issued a D notice preventing the UK media from
'publish[ing] information that may "jeopardise both national security and
possibly UK personnel"'.

[http://www.guardian.co.uk/world/2013/jun/17/defence-d-bbc-
me...](http://www.guardian.co.uk/world/2013/jun/17/defence-d-bbc-media-censor-
surveillance-security)

~~~
e3pi
PLAN C: what's left-- pastebin, that New Yorker thing(no, gag order),
Anonymous posting onto defaced sites, wikileaks, ... more?

------
Sealy
Why is it relevant to you? Here's a handful you should consider:

Do you use Facebook? Do you use Apple products? Have you used Skype?

~~~
anigbrowl
I don't think you read his post carefully.

 _The only potential problem I see is that the suspect US-born companies store
my online footprints in their servers and I can 't download them for myself.
However, I'm not even sure that's a problem because what can they do to me
with it?_

~~~
Sealy
Apologies, I missed your original point.

What jurisdiction do you live in? I ask because in the UK, individuals are
protected by the Data Protection Act.

[http://en.wikipedia.org/wiki/Data_Protection_Act_1998](http://en.wikipedia.org/wiki/Data_Protection_Act_1998)

On the wikipedia page, on principal #7: Appropriate technical and
organisational measures shall be taken against unauthorised or unlawful
processing of personal data and against accidental loss or destruction of, or
damage to, personal data.

Many UK citizens would consider the NSA's actions of snooping around our
personal data as a breach of this act. Unless of course we added them as
friends on our facebook page. Last time I checked, I didn't.

The other principals of the act include the upload of personal information,
that it may only be used for the purposes intended. When I upload details on
my facebook, I'm not intending its purpose to fulfill matters relating to US
security.

~~~
yareally
Just an educated guess, but I believe he lives in the Philippines as it
matches his description.

------
jdietrich
Espionage is a global business. Your government probably has a reciprocal
intelligence agreement with the US. There's a good chance that your version of
the NSA has access to PRISM data and the NSA has access to data gathered by
your government's intelligence agency.

~~~
mattquiros
I highly doubt that chance. Please see update, thanks.

~~~
yareally
You should care because even if it doesn't affect you right now, one cannot
say that with certainty in the future.

