Edward Snowden is now a famous man.

He has been praised as a hero and as one of the greatest whistleblowers of his generation.

He may well be; but it is too soon to tell.

When a major news story breaks, it is always important to look at the information revealed. Whilst the pundits make heady claims and counter-claims, the rest of us should do a gap-analysis.

As a lawyer would ask, does the evidence come up to proof?

At the moment, the evidence is mixed. The evidence does not (yet) come up to proof. The documents so far disclosed do not substantiate the (initial) contention that the US government has direct access to the servers of various internet service providers; but the documents cannot be easily dismissed either.

As a police officer would say, there is enough here to form a reasonable suspicion.

By far the most significant document produced is the Verizon court order. There appears to be no doubt as to its authenticity. And if it is authentic, then it shows that the US government not only has a legal basis for obtaining call data from a US telecoms provider, but that it is perhaps routinely applying to the court to obtain that information. One worrying aspect of this is that the “rule of law” by itself is no barrier to a government getting such data; it depends on what the law says and the courts allow.

Putting this order into the public domain was a great scoop for the journalist Glenn Greenwald and he should be congratulated for doing so.

But the Verizon court order does not support the wider claims being made for the Prism programme, as Mark Klumber explains here. Indeed, it may not be relevant to Prism at all. And this is why the limitations of the other documents disclosed need to be noted. Whilst the detail of the documents is interesting, they are not compelling evidence of a progamme in existence. The supplementary evidence of Edward Snowden is vague. It is perhaps not a surprise that the original claims being made by the Guardian and Washington Post have been watered down since the original splash.

None of this, however, discredits Edward Snowden (even if his red typing hood is not encouraging). The evidence that has been disclosed so far is consistent with an ambitious Prism programme in existence, and it is also consistent with its existence not being much greater than in the disclosed documents.

But, in a way, the existence of Prism is a moot point; the great security writer Bruce Schneier detailed today the Surveillance State which is already in existence in the United States.

He notes:

We don’t know a lot about how the government spies on us, but we know some things. We know the FBI has issued tens of thousands of ultra-secret National Security Letters to collect all sorts of data on people — we believe on millions of people — and has been abusing them to spy on cloud-computer users. We know it can collect a wide array of personal data from the Internet without a warrant. We also know that the FBI has been intercepting cell-phone data, all but voice content, for the past 20 years without a warrant, and can use the microphone on some powered-off cell phones as a room bug — presumably only with a warrant. We know that the NSA has many domestic-surveillance and data-mining programs with codenames like Trailblazer, Stellar Wind, and Ragtime — deliberately using different codenames for similar programs to stymie oversight and conceal what’s really going on. We know that the NSA is building an enormous computer facility in Utah to store all this data, as well as faster computer networks to process it all. We know the U.S. Cyber Command employs 4,000 people. We know that the DHS is also collecting a massive amount of data on people, and that local police departments are running “fusion centers” to collect and analyze this data, and covering up its failures. This is all part of the militarization of the police. Remember in 2003, when Congress defunded the decidedly creepy Total Information Awareness program? It didn’t die; it just changed names and split into many smaller programs. We know that corporations are doing an enormous amount of spying on behalf of the government: all parts. We know all of this not because the government is honest and forthcoming, but mostly through three backchannels — inadvertent hints or outright admissions by government officials in hearings and court cases, information gleaned from government documents received under FOIA, and government whistle-blowers. There’s much more we don’t know, and often what we know is obsolete. We know quite a bit about the NSA’s ECHELON program from a 2000 European investigation, and about the DHS’s plans for Total Information Awareness from 2002, but much less about how these programs have evolved. We can make inferences about the NSA’s Utah facility based on the theoretical amount of data from various sources, the cost of computation, and the power requirements from the facility, but those are rough guesses at best. For a lot of this, we’re completely in the dark.

The only part of the Surveillance State which I have first hand experience of is the RIPA regime in the United Kingdom. Under RIPA, various organs of the UK State can obtain from telecoms company data about users. This can range from a registered user’s name to every piece of information on a customer held by the telecoms company.

You may wonder how may of these requests are made.

They surely would be exceptional.

In fact, in 2010-11 (the latest year where figures are available) there were 494,078 requests.

None of this is hidden from the UK citizen; the figures are published by a “Interception of Communications Commissioner” in plain view. The figure of 494,078 is at section 7.3 in this report. But as it is buried in a public report, few really care. (Wise civil servants know the advantage of dull public disclosure over needless glamorous secrecy.)

This is State appropriation of user data on an industrial scale. As it is only data (and not interceptions) then no warrant is required, just a signed certificate. The information is usually provided on the nod. And the provision of such information can be crucial: the police obtaining data about a caller on a suddenly aborted 999 call can mean the difference between life and death. However, such purposes do not account for all the requests, and there is little in place to prevent abuse.

One good thing that Edward Snowden has done is that, regardless of whether the documents disclosed come up to proof about Prism, there is now a rare public controversy about the Surveillance State. There was even a statement in the House of Commons requiring the Foreign Secretary to say certain allegations were “baseless” (though noticeably not “false”).

The only limits to the State’s desire to obtain data on its own citizens are probably only practicality, competence, and expense.

There is a debate to be had as to the correct limits are to this intrusion (and those officials who say that “if you’ve nothing to hide, you’ve nothing to fear” are usually most reluctant to tell you what they are doing); but we will not get that debate unless it is demanded. The State certainly does not want to discuss its intentions with us and get our prior approval.

It may well be that the wider claims made this week about Prism are “baseless” – and even false.

But it would not be because the State does not want to have such powers, if they were to become available.

And the expressions of concern this week over the Snowden allegations and the documents disclosed will be an unwelcome reminder to public officials that such powers are not there simply for the taking.

Addendum – 11 June 2013



There is already adverse speculation about Edward Snowden. There are suggestions that his story does not add up.

From my perspective, this is irrelevant if the documents and other evidence prove the Prism programme exists. If there is a Prism programme then there is a Prism programme, and nobiographical fact about Snowden can change that.

Watch the evidence; follow the ball, not the player.

COMMENTS MODERATION

Comments are pre-moderated.No purely anonymous comments will be published; always use some name for ease of reference by other commenters.Other comments published at my absolute discretion.