If the Guardian and Washington Post are correct, the US government has direct access to the servers of Google, Facebook, Yahoo, AOL, Skype and Apple, and is pulling data from them which is then filtered for “foreignness.” It’s a program allegedly designed to look for terrorists who are using these services, but because of the nature of the wide net being cast, it’s very likely that it’s turning up orders of magnitude more false positives than real terrorists.
The companies named have largely denied knowledge of such a program in the wake of the reports. But, regardless, it’s potentially a huge public relations and business challenge for all US-based internet companies, given that many have the bulk of their users abroad. For example, just 195 million of Facebook’s 1.1 billion monthly active users during the first quarter of this year were in the US and Canada. (Facebook is among those that denied involvement.)
According to the Post, NSA analysts are filtering user data for attributes that indicate “foreignness,” with tests designed to produce at least a 51% confidence the online service account owner is not American.
Assuming this filter is reasonably good, that means this is not—by design at least—a domestic spying program, but rather a way for the NSA to take advantage of the fact that all these US companies constitute a readily-accessible global communications backbone used by people all over the world.
Several months ago I interviewed US National Security Agency whistleblower William Binney about a possible domestic spying program conducted by the NSA, and he explained that one of the issues with the NSA’s “big data” approach to assembling lists of terrorists is that the wider a net the NSA casts, the more innocent people are drawn in for examination. It’s inherent in the mathematics of “fishing expeditions” in large pools of data. The same problem shows up in, for example, “genome wide analyses” in which geneticists look for potential correlations between an observed trait and a gene. Statistically, the broader the data set, and the more questions one asks of it, the more false positives show up.
If the details reported today are true, then simply being a non-US national increases the chances of being caught in what’s by definition an imprecise intelligence dragnet. That could lead consumers abroad to reconsider their use of services provided by US-based companies. And it could certainly increase foreign regulatory scrutiny of US internet firms.