
What are the implications of NSA surveillance on the average Internet user? - Otiel
http://security.stackexchange.com/questions/37076/what-are-the-implications-of-nsa-surveillance-on-the-average-internet-user
======
dylangs1030
There are both clear and subtle implications for widespread surveillance.
Whether they will practically impact your life and rights depends on chance
and your private habits.

Here's a broad list of consequences that is by no means exhaustive:

1\. You can be indicted and charged with a number of felonies, most notably
treason and violating national security, for your private correspondence and
electronic habits.

2\. Incidental to an existing charge, you can have your private interests and
communications leveraged against you as evidence not directly relevant to what
you're being tried for.

3\. You can be implicated in crimes for communicating with known criminals or
having any demonstrable (reasonable or otherwise) association with "people of
interest." Corollary to this, you could be harassed and pursued and made to
act against such people in the interests of national security.

4\. You could be blackmailed or slandered in the public eye, effecticely
crucifying you in the media, by taking your private life out of context in the
name of the legal process.

5\. You would be effectively "nude" in the virtual sense - every thing you do
is and could be an actionable offense or interpreted as one, despite the fact
that it's not in direct offense to anyone else and despite the fact that it's
private. Your every interest, hobby and habit could be dissected and
questioned as though an Orwellian thought police agent were ever vigilant in
your room.

6\. Innocent until proven guilty would be effectively null and void. You could
be presumed guilty for all of the aforementioned reasons and due process would
be extremely hard for the average individual to utilize to their advantage.

All of these would scale (against you) in a situation involving mass media.
You might believe that on a cursory inspection these are justified if it
prevents terrorism. That is a fear response, to which I reply that our
government, and the rule of law it represents, is lost if we walk down this
path.

Sacrificing liberty for the _sake of liberty_ is both absurd and fundamentally
objectionable.

~~~
straight_talk
The biggest implication - it makes opposition impossible. In a few years there
will be nobody to defend the average person rights. "Power corrupts and
absolute power corrupts absolutely"

~~~
stephengillie
_All governments suffer a recurring problem: Power attracts pathological
personalities. It is not that power corrupts but that it is magnetic to the
corruptable. Such people have a tendency to become drunk on violence, a
condition to which they are quickly addicted._ \- Frank Herbert, Chapterhouse
Dune, Missionaria Protectiva

~~~
straight_talk
Nice sounding statement, but power does corrupt. Quite a few experiments
proofing it.

------
mtgx
Let's just say this: have you at least pirated a song or a movie, smoked
marijuana and bragged about it online, or done anything at all that you know
could be seen as a crime, or even stuff that you think is "moral" but probably
illegal?

Okay. Then in a surveillance state you better not ever try to piss off the
national leaders, or even the local ones (depends how far this gets), and you
better not complain to your friends and neighbors either.

Because that's how they'll get you. Not with the last part - but with the
first one. You'll just be another "pot smoker" or "pirate" and they'll
demonize you as a dirty criminal who deserves prison.

~~~
RivieraKid
This is what how it could impact avg people in the future. But it very
probably won't.

~~~
nitrogen
It's not about affecting everybody. The vast majority will likely be left
alone. It's about having the _ability_ to affect everyone.

------
grey-area
The danger as I see it is negligible to the average Internet user, _until_
they become a person of interest to someone with the power to use these
programs - a journalist say might pursue their work for decades without being
interfered with, but with all their correspondence stored, only to find
themselves undermined fatally by their actions at the age of 19 when they
broke a story which the administration didn't like, decades later. In the same
way that Nixon abused surveillance powers to undermine reporters, someone high
up in the chain of command could redirect the NSA for their own purposes - if
there is no open judicial oversight and no respect for the rule of law, this
is inevitable. I wouldn't want to live in a world where that is possible.

What I find disturbing about these tools is that they are far more suited to
retrospective analysis, and therefore to discovering dirt on ordinary people
and undermining the rule of law, than suited to tracking terrorists (the
ostensible aim). They'd be far more useful to someone like Nixon than to
someone genuinely concerned with promoting America's interests in the world
and stopping terrorist attacks, because those planning serious attacks will
simply use other means of communication (as in Bin Laden's use of paper and
messengers). In addition to that they are so wide-ranging that the damage and
danger caused by them far outweighs any possible benefit.

Also this sort of powerful bureaucracy has a way of ensuring its own survival
after it reaches a certain size and power - after all if the NSA hears
politicians are planning to shut them down, they might have to take steps to
stay in business - a very easy task with tame secret courts rubber-stamping
requests and a culture of little respect for the rights of those surveilled.
Just a matter of digging up their surveillance on most of congress (who of
course have all had contact with foreigners, so fair game), and deciding where
to apply leverage. Imagine then someone truly evil in charge of the NSA, and
the power they could wield, unfettered by quaint notions of international law
or oversight by other branches of government.

~~~
rdtsc
> What I find disturbing about these tools is that they are far more suited to
> retrospective analysis, and therefore to discovering dirt on ordinary people
> and undermining the rule of law,

Aha yes. Access this kind of system would be Stalin's or any other brutal
dictator's wet dream. This is what they'd get a hard on thinking about. "Oh, I
wish I had a system where everyone would input their hobbies, interests,
connections, all they messages (Facebook, GMail, Skype, etc) and then I would
be able to read and access those things, all the phone calls, shopping habits,
text messages, what kind of porn they like, who they like to joke about, what
they eat,...mmm". Well guess what we have that here and now.

Retrospective analysis is the key here. I have mentioned in the past how the
formula for a successful brutal dictatorship is this:

1) Complicated, ambiguous and broad laws (disobedience, being suspicious,
obstruction of justice, obstruction of business, disorderly conduct, etc etc)

2) Total monitoring and control & archiving

Just those 2) are enough. With enough background material to scare anyone with
jail, a criminal record, disclosure of shameful information ("I see you like
foot fetishes, how would you like if your church friends found out about
that?... Are you sure you should keep participating in this Occupy movement,
think twice about it...") they can control and manipulate anyone.

------
beloch
If someone lies to your face for years and, only when caught red-handed,
claims that what he/she is doing isn't all that bad, would you believe them?

It's worse than that. Not only does the U.S. government expect us to believe
the content of our communications are safe from their eyes unless we "have
something to hide", they're about to come down hard on the whistle-blowers
that made them admit as much as they have. It's as if that red-handed thief
were quietly shoving the person who caught them out a window while telling us
a story about how it's not what it looks like!

What a crock.

------
SeanDav
Today: The Government

Tomorrow: Insurance companies, your competitors and your employer.

There is nothing wrong with surveillance per se, however it requires a
transparent and accessible legal system to keep it in check - right now that
is not happening.

------
summerdown2
People will increasingly censor themselves. Not everyone, maybe, but those
with non-mainstream views will increasingly learn they need to guard what they
say on the internet.

And slowly, the greatest meeting place we've ever had will lose its potential.

... that's my biggest fear, anyway.

On a straw poll amongst my friends many of us are already self censoring to
some degree. And we don't have extreme views, either, we're just cautious
about how things that we thought might be anonymous no longer are, how jokes
might be taken out of context in the future or links made between accounts
that are meant to be separate.

We are essentially moving towards the Panopticon Internet:

[https://en.wikipedia.org/wiki/Panopticon](https://en.wikipedia.org/wiki/Panopticon)

> the essential elements of Bentham's design were not only that the custodians
> should be able to view the prisoners at all times (including times when they
> were in their cells), but also that the prisoners should be unable to see
> the custodians, and so could never be sure whether they were under
> surveillance or not.

------
iuguy
Since starting Lahana[1] I've become much more aware of the information we
leak and the information that can be intercepted. In terms of counteracting
the average Internet user, provided that Amazon isn't in the prism list (and
I'm referring to Amazon outside of country) A private Lahana node may be
sufficient, but I'm not making promises and would welcome ideas both to the
contrary and ways of making Lahana better while still accessible.

Lahana was designed to be accessible by lowest common denominator non-
technical people on closed hardware. At the moment as an experiment I'm
building supporting infrastructure for Lahana, starting with StaTorsNet[2], an
Anonymous/Pseudonymous twitter implementation based on Statusnet. Again, I
welcome comments positive and negative especially if they can be used to
improve the deployment or convince me to pull the service based on risks.

I've been looking at Mumble for calls, but am interested in alternatives with
working mobile clients. If anyone wants to get together and turn this into a
proper project, please get in touch from my profile page. I'm game if you are.

[1] - [http://lahana.dreamcats.org/](http://lahana.dreamcats.org/)

[2] - [http://r5c2ch4h5rogigqi.onion/](http://r5c2ch4h5rogigqi.onion/)

------
alan_cx
I'd say it weakens you if you ever ever go up against the powers that be.

Say you want to protest or challenge the government about something like
chemicals on farms, child mortality, racism, legalising pot, or some other
abuse. As soon as you do, the government will rake though their data on you,
and use anything they can find to rubbish you, over an above the point you are
trying to make. It means millions of people will not longer have an effective
voice.

Imagine an e-petition with a million names on it. A fairly quick database
scan, matching signatories with information will enable a government to deal
with the lot of them in one go.

------
chiph
For the average person - not much impact. However, once this data exists in a
central, searchable format, you can bet that it will get used for purposes
other than national defense.

It'll start off with being used to locate missing & kidnapped children. Then
it'll be used to locate spouses who haven't been making their child support
payments. Then it'll be used to locate tax cheats (what can be more un-
American than not paying your taxes?) And then people for whom there are
outstanding warrants - both felonies and misdemeanors. Like unpaid traffic
tickets.

------
shirro
There are broadly two types of innocent victims. Those who feel violated if
they found someone had broken into their house and gone through their
underwear and those who would be dismissive because their underwear was all
clean and no real harm was done. Rather than trying to decide which victim
reaction is correct by trying to assess if any real harm was done or not
perhaps we could ask what possible justification there was for a stranger to
be in their underwear drawer in the first place.

------
yekko
A global ban of US technologies might be coming.

------
achughes
Except nothing has changed. This has been going on for enough time that if the
average Internet user hasn't been effected by it yet then they don't have much
to worry about in the near future. So for the immediate future there are
absolutely no implications on users other than being aware that someone can
look at your communications, which you should have assumed already. Because if
the NSA didn't already have your information than Google, Facebook and every
other social network certainly did, something that we have been well aware of
for a long time.

~~~
coldtea
> _Except nothing has changed. This has been going on for enough time that if
> the average Internet user hasn 't been effected by it yet then they don't
> have much to worry about in the near future_

That's from the things you CAN see (I don't see ordinary people being harmed
directly by this program). What about the things you can't directly see or
measure?

Some issues that come to mind:

1) This kind of privacy abuse opens wide open the Overton window about
surveillance. Today it's the secret services. Tomorrow the general government
(from IRS to the FDA). The day after tomorrow insurance companies,
corporations, etc.

2) This kind of privacy abuse harms directly people that the government, men
in power, lobbies with heavy clout, etc, consider dangerous. Dissidents,
activists, whistleblowers, investigative journalists, hackers, etc. To draw an
historical analogy, people like MLK, Aaron Swartz, Mother Jones, Howard Zinn,
Phil Zimmerman, EFF, Timothy Leary, I.F. Stone, and thousands more. People
that make society better, or push certain aspects of it forward.

Those people ARE constantly monitored by the government, are harassed
regularly, are being blackmailed or even made to shut up or disappear, are
threatened with legal action for bogus charges, etc. It's difficult to measure
the harm on a society's future caused by enabling the government to keep tabs
and better control these kind of people.

3) It shows a huge moral, political and judicial decline that Nixon got
punished and yelled at, by the media, for Watergate (eavesdropping on the
opposite party), and in 2013 American accepts it's government eavesdropping,
keeping tabs, etc, on virtually ALL Americans.

~~~
achughes
While these are all valid reasons to be concerned about future abuses, none of
them are implications on the average internet user resulting from the
uncovering of PRISM.

------
fab13n
A question which is overlooked in this kind of answers is, how do you
circumvent your mistrust of your own OS?

It's a foregone conclusion that Microsoft OSes have backdoors for the NSA, and
it's not unlikely that they also know some exploits, which grant them access
to many distributions of open-source OSes. If my OS reports everything to the
NSA whenever I access it, encrypted cloud storage won't help that much; it
will only make super-wide surveillance harder to scale.

------
noerps
There are no implications for an average netizen, since an average netizen
doesn't use strong end-to-end crypto nor does he/she avoid cloud-like-
storage/services (it doesn't matter which).

Average individuals aren't opposing her/his government or committing a felony.

They simply can't anymore because they would provide their own
evidence/leverage against them or simply because there is nothing left to hide
anymore.

------
jhuckestein
I clicked through to a post on zero knowledge web applications and thought it
was pretty interesting:
[https://news.ycombinator.com/item?id=5853294](https://news.ycombinator.com/item?id=5853294)

The basic idea is build web applications that only store encrypted data on the
server. All data is encrypted and decrypted on the client using JavaScript.

------
bilbo0s
I'm just going to repost a comment I made during an HN thread on trolling
here:

\----

"....However, on a general note, I think it is important to realize that every
text message you send, every cell phone conversation you have, every post to
the CNN forum you make, every tweet you send ... is directly attributable to
your IP whether you use your own name or not. With Facebook and Google
tracking everything you do, whether you are logged in or not, I would go one
step further, and say all of these things are directly attributable to you
personally.

I would strongly urge young people to really think about what they are putting
out there. Consider this, the military was doing the equivalent of credit
checks for sensitive positions during the 60s. No one else typically had to
have credit checks back then. [Today...] you need a credit check to do
ANYTHING, even things that don't require credit. How long before an internet
and phone background check is standard in the background checks organizations
do before offering jobs? [Saying that it won't happen is naive.]

I can tell you the military is doing this sort of screening right now for
sensitive positions, but at least you are confronted about it. It still
basically ends your career, but they will give you a chance to explain your
posts. In the private sector in the future, they will just deep six your
application and you won't know what happened. Or they'll let you in at entry
level, maybe, and subsequently you'll start running up against an invisible
barrier as you try to advance beyond the first or second layer of management.
Or you will find resistance to you advancing into management at all.

Also be mindful, it can affect more than your professional life. Think about
what the background [and credit] checks for apartments will look like in the
2020s. Or what 'dating sites' will be like in the 2020s [perhaps with Google
Glass]..."

\----

That comment was made in a thread on trolling... but the principle is apropos
here as well. Back in the 60's credit and background checks were not
commonplace because only security agencies had incentive enough run that
information down and collate it for a given person. Security Agencies like...
say... National ones. Eventually the process was smoothed out so much that
today even a rinky dink property manager in Rochester MN, or Santa Clara CA
can run that information down. So they do! Whenever you want to rent an
apartment. And employers do as well... whenever you want to get a job. etc.
etc.

Now think about that in the context of a theoretical "internet and mobile
phone profile check".

For an apartment?

For a job?

For a date?

For a lawsuit? or for a divorce?

or even...

Just for the hell of it! Why not? I never liked that lady anyway.

So people ask... what are the implications?

Well... consider "scope creep".

With information of this nature... the number of methods to command your
conformity that the government and military can dream up is legion.

~~~
rdouble
_Now think about that in the context of a theoretical "internet and mobile
phone profile check"._

If you're a marketer you can already buy this data from various vendors. The
way it works is since everyone signs up for various services with the same
email address, they just figure out what your email address is, then scrape
out your data from all the services you've signed up for.

------
ninetenel
what are the implications .. you can't have a conversation with someone
without thinking that your thoughts and opinions right now won't be tied and
assigned to you forever ..

Imagine a highschool student who liked some band or political movement on
facebook or talked about it on skype that is somehow tied to a imbalanced
person who shot up a school or committed a crime? how could this effect his
applications to state universities or grants or whatever? who knows...

do you trust the goverment that feels the need to spy on everyone behind their
back to make a decent decision?

I've been keeping all of my work notes/journals/thoughts in OneNote which is
synced and stored on Microsoft's servers ... who has access to those?

I don't want the bureaucracy to use my private thoughts, my private
information or my private feelings to make decisions about me for whatever
reason .. what happened to having rights and liberty?

tl;dr the implications are that you don't have the freedom to be yourself as
long as this is going on

