How the NSA Spies on the Entire World

Edward Snowden’s disclosures to The Guardian and the The Washington Post of surveillance by the US National Security Agency (NSA) have created a public storm. Simply put, it is now clear that all those dismissed as conspiracy theorists have been right all along – every bit of digital communications is today under NSA’s scanner. NSA violates the privacy of its own citizens, the sovereignty of other countries and the privacy of all foreigners – dubbed as “aliens” in the US law.


The US collects 2 petabytes of data (1 petabyte is equal to a 1 million gigabytes) every hour and stores it in its 2 billion dollar facility in Utah for data mining. This facility vacuums up all metedata – who is talking to whom, for how long, from where, etc. – of all callers using the telephone networks in the US. It also syphons off all Internet data under the PRISM program passing not only through the fibre optic network in the US – which acts as virtually the global Internet traffic junction – but also from undersea cables passing off the coast of South America, North Africa and the Indian Ocean. The three taps into the undersea cables are visible in one of the 5 Power Point slides disclosed by The Guardian/Washington Post. Add to this that it has access to all the data of the 9 global Internet giants – Google, Facebook, Yahoo, Microsoft, Apple, and four others.


image Courtesty:


NSA is the major source of all intelligence reports for the US Government – it is estimated that such information constitutes 75% to 98% of all intelligence reports that its agencies generate. In March, 2013 NSA collected 97 billion pieces of intelligence data from such global surveillance. India occupies the fifth place among countries under surveillance with 6.3 billion pieces of data, ahead of China and Russia.


The Guardian report also indicates that the US shares this data with some its partners – the UK and Israel being the obvious examples. For the rest, such as India, the US asks for court orders and strict adherence to Mutual Legal Assistance Treaty (MLAT). So much for India cosying up to the US and becoming its strategic partner.


Obviously, major Internet companies have become partners of the US intelligence agencies – either willingly or under orders issued by secret courts set up under the Foreign Surveillance Intelligence Act (FISA) and the Patriot Act.


The outrage in the US to the disclosure that the US government is spying on the entire world has been limited to the US government spying on its own citizens; that this is a violation of the 4th Amendment – illegal search and seizure. The US media and its citizens seem to accept that the rest of the world is fair game. This response is no different than that of the US extra territorial killings using drones. The only issue is whether US citizens – al Aulaki and his son, both US citizens – could be killed without the due process of the law. The rest 3,500 odd ones killed in drone strikes are again fair game and under no protection of paltry things such as international law. Just as Guantanamo Bay prisoners can be imprisoned indefinitely by the US. As far as the US is concerned, there is only the US law and no other law for its actions. For all other countries, there is international humanitarian law, the violation of which – as determined by the US – can lead to “humanitarian” intervention by the NATO and the US forces. And the summary public execution with torture of even its President, if the country is Libya and the President is Gaddafi.


After the public outcry on the massive spying that NSA is carrying out, the US President and other officials have made candid statements. Obama is now on record that NSA is reading content only of  “foreigners” and not of US citizens and this does not violate US laws.


Deeply upset, the EU’s justice commissioner, Viviane Reding, has written to the US attorney general asking for details of the PRISM program. While the European Union is agitated with the invasion of privacy of its citizens, countries such as India have been remarkably quiet on the violation of their sovereignty. All that Indian government seem to want is that its security agencies should also have the same rights in snooping on its citizens as the US agencies. Protecting Indian citizens and their privacy from other countries is not on its agenda.


How has this enormous security state that the US has created arisen? It started with the Echelon network set up by the US, UK, Canada, Australia and New Zealand in 1947 as a kind of Anglo -Saxon intelligence club for spying on all telecommunications networks. Echelon was investigated by the EU which issued a report in 2001 on its activities, particularly that of Echelon passing sensitive commercial information to the US and UK firms on its EU competitors. What has evolved out of the Echelon program is a far greater and invasive program of tapping virtually all global telecommunications traffic and Internet communications. This has been backed up, within the US after 9-11, by laws that give enormous powers to the US government and its security agencies.


The spying infrastructure created after 9-11 has what is called National Security Letters (NSL) and FISA orders. The Security Letters existed earlier, but were greatly expanded after 9-11 with the Patriot Act. It requires no judicial oversight and can be issued by any US federal agency – FBI, Homeland Security, CIA, NSA, etc. All that it requires is that an officer of a certain rank issues the order. All information regarding such a Letter is under a gag order. The agency served with the Letter cannot disclose either that it has been served with such an order or the scope of the order. The other instrument is the orders issued by the FISA Court. Last year, the FISA Court rubber stamped all the requests of the US agencies; whatever it wanted was given clearance by the FISA Court. All the proceedings of the FISA Court are secret including its orders. What The Guardian has disclosed is just one such FISA order.


The US agencies have been giving out some figures regarding Security Letters and FISA orders, but they are completely deceptive. For example, last year, about 2000 FISA orders were issued. Only one such order served on Verizon, the telecom company, asks for access to all the records of its subscribers – the scope of one such order is millions of records and monitoring millions of its subscribers.


This is the other part of FISA and National Security Letters. Google, for example, declares in its transparency report that it gets about 1,000 such letters every year. What is not disclosed is the scope of such Letters. If it is as broad as the Verizon order, these numbers tell us nothing; it is the numbers monitored under such orders and the scope of these orders that defines the amount of data that is being sucked up by the US intelligence agencies.


The Internet companies such as Google and Facebook have denied that they have back-doors to their servers for the NSA. They have also asked that they be allowed to disclose the FISA orders they receive as a part of their transparency reports. As a number of commentators have pointed out, this is all semantics. The key point here is that Google, Microsoft and others  have obviously built some measure of co-operation with the NSA. Whether it is a back-door or a drop-box or just a piece of software that sits on the Google/others servers and sends data automatically to NSA on query is a matter of nit-picking details. Neither do transparency reports help, as long as the content of the orders are not made public.


Getting access to these companies’ servers is not the only way that NSA collects data. As the famous AT&T and Folsom Street Office case in San Franciscoshowed, NSA was directly tapping into the AT&T network – it was using a splitter to bifurcate the data coming into AT&T switches and diverting the signals to a room which housed NSA equipment. This data was then directly sent to NSA servers for storage and analysis. This was at one AT&T location. If the AT&T network needs to be comprehensively covered, about 18-20 such connections are required. All security analysts believe that AT&T does provide such access to the NSA. And Snowden’s information makes clear, not only has NSA access to the US telecom networks carrying all the Internet communications that passes through it, it is also tapping into major trunk routes of the Internet in international waters. It is this combination of data – the Internet data streams being carried by the telecom networks coupled with access to the Internet companies’ data that gives the US its enormous ability to spy on all the people through out the world.


There are a number of people who believe that they are safe from such spying as they do not do anything wrong. Snowden makes clear why his disillusionment with the US agencies started. It started with a Swiss banker being first encouraged to drink and then having him arrested for drunken driving. It is this information that was then used to blackmail the banker into submission. There is another even more chilling case. Joseph P. Nacchio, the former CEO of Qwest, refused requests from the NSA to spy on Americans before September 11, 2001 even happened. Subsequently, the federal government tried him and sent him to jail for six years on charges widely held to be cooked up. Most people do not realise that if the government goes through our records with a tooth comb, they can always find something that can be construed as a felony. At best, enough innuendos can be made based on the persons he knows, the Internet sites he visits, the tax returns submitted and so on. The author Harvey Silverglate writes in his book,Three Felonies a Day that almost every individual in the US can be held to have committed three felonies every day under laws that are vague and have wide scope. This is not dissimilar to Indian laws, one of which has hit public eye recently for exactly the same reasons – the IT Act and its provisions under 66A.


We have now to address how do we protect the people under this enormous invasion of privacy that the NSA’s wholesale snooping has brought about. This means re-examining how the Internet should be governed – not under a license from the US Department of Commerce as it is now — but in a truly multilateral way in which peoples’ rights are protected. We are back to the issues that were discussed in World Conference on International Telecommunications (WCIT 2012) in Dubai from which the US walked out. We now know why.