Computer Security

Share this article:

Computer Security

  • Join our comunity:

‘Snowden,’ a Picture of the Cybersecurity State

By: , Posted on: September 23, 2016

What can ‘Snowden’ teach us about cybersecurity? Jürgen Olczyk/Open Road Films, CC BY
What can ‘Snowden’ teach us about cybersecurity? Jürgen Olczyk/Open Road Films, CC BY

With the release of a new film about Edward Snowden, the man who revealed secret documents detailing a massive U.S. government spying program, the debate about his character continues. That includes a renewed effort to encourage President Obama to pardon him. But, as Snowden himself might point out, what should give us pause is government intelligence agencies’ power.

The extent and scope of their ability to intercept communications and collect information is mind-boggling. “Snowden” the movie lays bare National Security Agency surveillance programs that show little regard for citizen privacy, and the duplicitous statements the NSA makes about its activities.

Edward Snowden. WikiLeaksChannel, CC BY

The movie’s narrative tells the story of Snowden himself(fictionalized and dramatized somewhat), including his military training, his medical discharge and his work in the intelligence community. It provides a new vehicle for the layperson to learn about how the government uses modern communications technology.

The movie doesn’t take a nuanced view of why intelligence agencies do what they do. Nor does it provide sufficient context about the NSA’s practices in relation to those of agencies in other countries. Its portrayal of the technology involved (and of U.S. government efforts to apprehend and prosecute whistleblowers) is, however, mostly accurate.

Collection, but not inspection

The film discusses three distinct aspects of the NSA’s efforts: data collection, analysis and the legal basis for surveillance. The movie accurately shows the agency’s systems for collecting bulk data from across the country – through direct connections to the networks of major telephone and internet companies, including AT&T, Verizon, Google, Microsoft and Facebook. The suggestion, though, is that not only are data collected on all citizens, but – misleadingly – that all citizens are being investigated continuously.

Given the volume of communications, and the constantly changing threat landscape, intelligence agencies can’t respond to every lead they get in real time. Under its PRISM program, the NSA collects data on every citizen, including emails, web-browsing histories, social media activity records, voice and video chat records, phone calls, text documents, images and videos.

Rather than monitor that immense stream as information flows through it, the agency archives it so as to be able to search it later, as new leads arise and investigations begin. The movie does not make clear this important distinction between having the ability to spy on every citizen and actually doing so.

Simplifying data mining

The film also depicts the NSA’s XKeyScore system, which can tap into all the data being collected. The information revealed by Snowden includes details on how XKeyScore can analyze the massive data trove, finding connections between people and matching voice patterns, among other abilities.

In the movie, scenes where analysts use XKeyScore suggest that just by typing very basic data about individuals (such as a name or email address) into an on-screen form, analysts can easily find exactly what they are looking for. This is a bit misleading. Data mining is a very challenging problem, especially in a set so large as to contain every communication in the U.S. Lots of innocent data surround a very small amount of what might be called useful intelligence.

Data mining can help narrow down a large batch of information to a more manageable amount, but human analysts – not a computer search screen – are the key to discerning actionable intelligence. Rules and constraints govern who has access to the information. What analysts actually do is also closely supervised. A further limit on the abilities of technology and human analysts alike is that truly dangerous people are very careful to cover their tracks, using temporary email accounts and strong encryption on their transmissions.

What’s in the law?

The movie also strongly suggests that all of the NSA programs are illegal. While they are controversial, the legality of these programs is an unclear, and even moving, target. The 1978 Foreign Intelligence Surveillance Act provides legal procedures for physical and electronic surveillance and collection of communications between foreign powers and their agents in the U.S.

It also allows surveillance of American citizens and permanent residents suspected of espionage or terrorism. While the law was designed to collect data from specific individuals, the NSA has used its powers to justify mass data collection and analysis.

Some federal laws have been changed in the wake of Snowden’s revelations, in some cases retroactively legalizing practices that might have been illegal. The NSA itself has also made changes to some of its programs, due more to the public – and congressional – outcry against them than their legality.

As a result of Snowden’s disclosures, the NSA has stopped its bulk collection of phone records and limited surveillance of leaders of foreign allies. It has also offered more transparency to Congress on some of its efforts, and reduced the length of time it stores information on individuals.

The international context

“Snowden” reveals details of the NSA’s cooperation with other intelligence agencies, and shows its surveillance of international leaders – including Germany’s Angela Merkel and Brazil’s Dilma Rousseff. The reality is that every country is trying to gather intelligenceinformation to get leverage in international diplomacy, whether with friends or foes.

Snowden’s revelations will make it harder for U.S. intelligence agencies to conduct this sort of diplomatic surveillance, but does not similarly affect other countries’ practices. The world’s awareness of the level of spying conducted by the U.S. has also provided legitimacyto citizen-monitoring efforts in less democratic countries such as China and Russia.

Is there any real privacy?

The impact of all this information has been enormous, both for the U.S. government and Snowden’s own personal life. Since releasing the information to the world, he has been holed up in Russia, with only temporary permission to stay. His American passport has been revoked. He cannot move around freely or communicate easily, for fear of U.S. covert agents seeking to apprehend him – or worse.

The movie doesn’t depict much of his Russian life, a decision that tends to reinforce the film’s message that there is no privacy anymore. If it showed more about how Snowden communicates now, it might provide useful insights into how Americans – and others around the world – could potentially use encrypted software to communicate without being subject to government surveillance.

What it does show of secure communications is a good start, though. Not surprisingly, Snowden suggests using software that prevents tracking of user activities such as browsing, shopping and communicating. He also recommends using the Tor network, which anonymizes data by sending it through a series of encrypted computer links. He suggests whistle-blowers use tools like SecureDrop to communicate with journalists anonymously.

“Snowden” the movie shows the long reach of the government in collecting intelligence on its citizens, and the fight of one disillusioned citizen against that unrestricted and unacknowledged governmental power. It highlights some of the complexities of the intelligence world, and the challenges of collecting information in the internet-dominated world.

Finally, it portrays the challenges in the personal life of a highly driven individual who followed his convictions in pursuit of social justice. Whether he is a patriot or a pariah depends on the lens you use – but he has certainly brought to the fore important discussions of privacy and cybersecurity for ordinary citizens, as well as free speech and government surveillance power.

This article was originally published in The Conversation under a Creative Commons Attribution No Derivatives license. Read the original article here.


Visit the Elsevier Store  to view our extensive range of books on Big Data! Below is a handful of recent titles that discusses the topic in the above article. Use discount code STC215 at checkout and save up to 30% on your very own copies!

you for sale

You: For Sale is for anyone who is concerned about what corporate and government invasion of privacy means now and down the road. The book sets the scene by spelling out exactly what most users of the Internet and smart phones are exposing themselves to via commonly used sites and apps such as facebook and Google, and then tells you what you can do to protect yourself. The book also covers legal and government issues as well as future trends.

big data for national security

Application of Big Data for National Security introduces state-of-the-art concepts and technologies surrounding big data, providing users with a strategic framework that can be used to combat terrorism and reduce crime.

threat forecasting

Threat Forecasting: Leveraging Big Data for Predictive Analysis  discusses important topics, including the danger of using historic data as the basis for predicting future breaches, how to use security intelligence as a tool to develop threat forecasting techniques, and how to use threat data visualization techniques and threat simulation tools. Readers will gain valuable security insights into unstructured big data, along with tactics on how to use the data to their advantage to reduce risk.

Computer Security

Securing computer systems is crucial in our increasingly interconnected electronic world. With so many business, consumer, and governmental processes occurring online, a growing potential exists for unauthorized access, change, or destruction of those processes. For years, Elsevier’s Syngress imprint has helped computer and information security professionals learn theory, strategy, and tactics for protecting digital assets in this constantly evolving field. Our books and eBooks in areas such as info security, digital forensics, hacking and penetration testing, certification, and IT security and administration. Click here for Syngress companion materials Click here for access to our archive of free eBooks, booklets and downloadable PDFs for Syngress and Computer security content. Access companion materials and instructor’s resources for all our books from the Elsevier Store. Search by author, title or ISBN, then look for the “Resources” tab on any book page.