NSA (USA) is doing Data collection across the world and there is nothing wrong in that according to USA. In the process of spying non-USA citizens they also spy USA citizens. It is really difficult to differentiate between citizens and non-citizens when you are spying in massive scale of all types of communications.
Goal of NSA: Having profile of each person on earth who is connected via any devices to network. It contains information about each person like:
- Name, Address and Office address
- How many bank accounts he owns and how much money he has in each of bank account.
- What kind of job he does, researcher? Developer? Politician? etc.
- His family and relation among other people.
- His photo, his family photos
- What does he speak more often? What is the content of his talks? Whom he speaks to more often?
- Where do you travel?
This list is to name a few. Each of the information is done based on person primarily. Later they can establish the relationship among other people across world.
Let’s understand this interesting story…
How will they spy through internet on large scale?
Ask all local companies to provide all most all data which they have stored in plain text. Using national security related acts they can get data legally on all companies which are based out of USA. For e.g. if USA asks Google and Facebook for all data about non-citizens why will they not give?
A privacy law which exists in USA is nothing to with outside USA. In this way they gather huge data in plain text including pictures, behaviour of user, etc. Facebook in its IPO has declared that they can share data for business reasons. USA government pays money for getting all these personal information. If you don’t like to use Facebook, don’t use it. If you don’t like to use Google, don’t use it.
Google and Facebook is not forcing any country use it, each citizens from different country is going and hooking themselves into these companies product, that is not the problem of Google and Facebook or other large companies from USA.
Legally USA can always ask any data about USA citizens using court order, this job is very easy. (Collect massive data here).
Cloud Infrastructure. Billions of $ has invested by USA companies and its investors. This has business advantage for many organizations to go for cloud. Every big corporate company has invested billions of dollars in setting up infrastructure for cheap rates. This is going to go up further and many of the organizations will use the cloud infrastructure in coming years. If you see discussions related to cloud, only one point which is stopping to some extent is security, however companies who are investing in billions are able to convince other companies with different clouds like private, public, hybrid, blah blahblah and make sure organizations adopts it.
This is USA saying like – “Why do you keep data inside your country and organizations, keep it in our country and in some USA companies servers. You are safe”. USA is succeeding in doing that and its success we can watch in future too. Again collect data from here same like in the previous point.
Intercept data at ISP level. Collect all data from all ISPs of all plain texts and store in data centre for further analysis. If here is a specific target they can collect the encrypted data from all ISPs for later decryption. They are working on breaking encryption got long and they are building massive hardwares using ASIC for very long, they will use every possibility available to break the encryption and they will improve further. (Collect massive data here).
NSA (USA) spying divisions in friendly countries. USA can help friendly (week) countries with its capabilities and in return get all ISPs data in respective countries; they can easily setup these centres which helps both countries. In this way they will collect both plain text and specific or all encrypted traffics. (Collect massive data here).
Using 3rd party to collect data. This is very interesting part. Private companies do work for giving information to NSA, these private companies can do anything what they like, as long as they give information NSA is happy. 3rd party can be companies or individuals where NSA might have one time contacts. For e.g. having contacts with botnet masters. This is powerful method, since many botnets across world can collect specific data from each PC of all types. Even these bot masters does not need to know whom they are selling to, as long as they make money they are happy. No bot master will have connection directly with NSA, but indirectly through other channels. In case if some company legally trying to shutdown botnet, NSA does not care for these bot-masters since they know they can get other bot-net and somebody else will build one more botnet always exists in underground and that business is again many billion dollar business. This is very good options for NSA to collect specific data from specific PC/Mobile/Tablet. All Plain text data.
Data breach. Does not matter what data breach happens anywhere in world, again NSA can get these data via 3rd party and build a profile about specific person or organizations etc. All Plain text data.
Individual blackhat hacker. If somebody gets important data from any critical infrastructure, they might want to sell it to other countries, NSA can buy all these data again 3rd party channel. All Plain text data.(Collect massive data here).
There are other methods also to gather data bydifferent means? I have collected few here.
What are the various types of data collection can happen in massive scale?
- Confidential documents of Organizations across the globe.
- All types of user credentials from all PC, Mobile, Tablet or another device which will come into existence tomorrow
- Documents like: PDF, DOC, XLS, PPT, Source code, personal documents, Images of your family, etc.
- All financial related documents, credentials to login to bank, credit card information, trading account, where do you stay, your digital certificates, organization digital certificate etc.
What does NSA do with this massive data? Do you expect them to use local Google search engine or Google appliance and do the search using keywords and expect humans to navigate information manually? Nope, it is waste of time and all money they have invested in collecting information. Story goes further.
Consider you are searching using keyword in internet and some very important information exists in 100th page, will you go there to look for information? Nope. But for NSA all critical information does not matter where it exists, it is important.
NSA has couple of problems to solve; the same problem does not exist for public or even for internet yet, few are listed here:
- Searching meaningful information in huge amount of data. USA investors and every other people on this earth are speaking about Big data, there is massive investment has done it. More the technology improvement happens, NSA is going to benefit in searching information in its massive data. Everyone is investing in big data like MAD.
- Search needs to improve beyond based on keywords, there are many efforts are on the way including context based search within information + big data analytics. Even if there are any further improvements in these areas, the same technology is going to be used within NSA as basis to solve specific problem within NSA
- Image based search this needs lot of improvements. Lot of research is happening in this area and some of available for public too. Do you remember Google image search? Yes. You remember it.
- Searching keyword within different formats of files like PNG, JPEG, DOC, XLS, PDF, etc. is not easy in integrated way. I am pretty sure they have done enough investment and proceed in this area as well. Integrated search of all types of formats is most important before they apply other technologies like analytics.
- Have you heard of global intelligence by all software based security companies these days? Yes. You have heard about it, more these private companies improves these domain. The same technology can be used by NSA as basis to develop further within.
- Hardware Speed – only one target here i.e. breaking AES and other encryption technologies. ASIC plays larger role here and I am pretty sure they have improved in this area a lot.
Once you collected all data in some of these methods, you can use this to prevent some of the problems for country in terms of national security; at the same time privacy is also going to be a problem for the good citizens of its own country.
If USA can put strong controls for not misusing the information which they gathered on good citizens of its country, they will win the game. According to USA and its citizens collecting information globally is perfectly acceptable. PRISM program will continue, I expect no change in that. It will only become more secret and more control will be placed further.
If I look at from my country point of view, I will not accept USA collecting information from my country.
Spying on other countries is ancient art (well documented by Chanakya in Arthashastra more than 2000 years ago); spying using technology is just an extension of existing methods of spying. Every country knows about it and there is nothing to feel bad about it, apart from getting our own house in order based on India’s national interests.
I don’t mind if India is spying all countries in world using program similar to PRISM, I will be happier for the same. But, stronger control needs to be put on the person who has access to these collected data against misuse within our country for some political reasons or harassing citizens due to personal rivalry.
Yash K. S.