NSA Prism Data Mining – Are we just talking about privacy concerns?

digitalIDIn the last few days there has been a lot of talks about the fact that NSA and FBI  might be collecting and analyzing data from major service providers like Google, yahoo, apple and others in order to spy on citizens and internet users. Now while the concerns about privacy are legitimate I believe it is important also to start a proper debate about regulation for legal intercept on one end and what analysis these same internet players can do on their own without violating privacy.

While NSA and FBI are supposedly accessing the central servers of  leading U.S. Internet companies in order to extract audio, video, photographs, e-mails and documents that enable analysts to track a person’s movements and contacts over time, the key question remains: how do we regulate the service providers and authorities?

Service Provider Regulations

Now while the regulations in the telecoms are quite mature I can feel that for internet service provides still a lot remains to be done and much is still blurry. For regulated services provides like telcos, it is quite clear on what can be done and not, especially when it comes to voice services. Authorities can perform lawful intercept, record and analyze voice calls of a suspected criminal after a court order has been issued. The tapping could also be done on the data traffic and deep packet inspection mechanisms can be used to understand what is said on the data connection as long as the traffic is not encrypted. Encryption is why Blackberry had issues in middle east and had to deploy proxy servers to allow tapping into their traffic. In any case their is a clear identification of the user by the service provider and that is enough to provide court order and do the tapping.

Internet services providers like google, yahoo, apple and others have on the other hand hardly been subject to regulations, and even though the internet as we now it is now almost twenty years old, the regulations are still in their infancy. What one can and cannot monitor is not that obvious and in that ambiguity and in an era of BigData the ambition for both service providers and authorities is to monitor more and more to get better insights.

The Digital ID at the heard of the problem?

I believe the decoupling of a digital ID from a physical ID is at the heart of the some of the issues we are talking about here. Let’s have a look at how you are identified as a user. For phone numbers their is usually quite a strong link between that phone number and a physical person, since you have to use your national ID or passport to get that service from your telecom service provider. You pretty much know who is at the end of the line or at least you know who is accountable for that phone or internet connection.  Yes, sure there is fake ID’s but still…

Now, how about a digital ID created over a public internet connection? There is no way you can be sure about the real identity of that digital user. I guess, and this is only a guess, that one of the mechanisms to validate an ID is to cross reference some of the content including messages, pictures and videos. Image recognition algorithms can fairly accurately identify persons and that maybe a way to uncover fake users. I believe the main purpose to analyze content is to identify dangerous content like terrorist messages or child pornography, but also because looking at the actual content  and applying BigData technology can help you in the identification process.

Another issue that might arise is how do you issue a court order when the user ID is not that clear? The digitial ID might be enough but it does not necessarily give you access to the physical person, but that is maybe a lesser problem.

Now while authorities are interested to identify people and their behaviors for national security reasons, the internet providers are doing the same with the intent of selling you more or at least get more of your attention. In both cases, I believe regulations have to evolve to properly handle a multi-faceted digital ID.

This article takes a bit different angle than what you might read in the common press and I do not intend to defend any abusive privacy invasion, but I think we need to have more structured debate on Telecom and Internet Service Provider regulations and put the digital ID at the heart of it.

Advertisements

One thought on “NSA Prism Data Mining – Are we just talking about privacy concerns?

  1. Hi JL !
    I think that you describe a right and precise situation. The Internet isn’t yet really regulated. There are no global rules or laws valid in all the countries. Legal systems are different from one country to another and it’s often difficult to get good results with international information exchanges.
    Another problem follows from this virtual ID. Why couldn’t we have an epassport including several securities (electronic chip, pin code and why not biometrics).
    Some people would shout evoking human rights violation. But it could be the best method to clearly identify a “virtual world” user, empower people and give them the good rights on the Internet. I think we can’t be Dr Jekyll in real life and Mr Hyde in the virtual life…
    (and sorry for my scholar english)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s