How Does the NSA Do What it Does, and Why is it Worrisome?

By now, everyone has heard of Edward Snowden, the NSA (the National Security Agency), and the many (classified) documents that Snowden leaked to the American public about some of the NSA’s secret surveillance programs. Yet another recent article by The Washington Post (“NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say“)  portrays how complicated the NSA’s programs actually, and how much data they are indiscriminately monitoring from around the world.

Last October, I had a friend make the following comment: I understand how it’s a clear violation of the 4th, but I’m fuzzy on what exactly they’re doing and how.

In this blog post, I will attempt to address this confusion, explain why this is (legally) possible, but also explain why the facts in this particular Washington Post article are so disturbing.

The NSA has built relationships with governments and organizations worldwide that allow them to place internet monitoring equipment worldwide, outside of US territory.

So how does this allow the NSA to monitor emails and other internet data coming from the States? As explained in the Washington Post article, giant tech companies like Google and Facebook process massive amounts of data throughout their numerous data centers. They routinely backup this data to other data centers, sometimes to ones that are located outside of the US.

Even companies the size of Google and Facebook don’t maintain 100% of their own network connections – the physical cables connecting their data centers on different continents – and so they rely on the huge telecommunication and ISP companies that provide those services.

If the NSA is able to control (or at least monitor) the internet hardware operated by these ISPs that provide the corporations’ ability to exchange data between their data centers, then this constitutes as a classic attempt at a “man-in-the-middle” attack. The only problem left to solve for the NSA, then, would be to break the encryption (something that is often times more easily done than you would think).

The vision of the NSA is “Global Cryptologic Dominance through Responsive Presence and Network Advantage” (C/F The NSA argues that monitoring internet traffic is necessary because it allows them to search for keywords and keep tabs on known terrorists.

On the other hand, millions of Americans’ data is intercepted and automatically processed through filters – without a search warrant, which many argue is a clear violation of the 4th Amendment (search and seizure only with probable cause and with a search warrant).

By monitoring hardware outside of US jurisdiction, the NSA argues, it is legal for them to monitor all of the internet traffic that flows through those devices – regardless of where that data is coming from. The argument is that there is reasonable doubt the data they are monitoring is tied to an American, because it isn’t on American soil.

Another way the NSA is able to monitor Americans’ internet and phone communications is that often times, technically, they don’t. Instead, they ask their counterparts in different countries (such as the Government Communications Headquarters – GCHQ – in Britain) to do the dirty work. That way, the NSA can argue that they aren’t actually the ones doing the monitoring.

In essence, the NSA has built a massive world-wide surveillance system and maintains close ties with similar organizations from other countries to exchange information and broaden their ability to monitor traffic.

Why is this worrisome? After all, the majority of Americans simply don’t care – or do they?

Very rarely will an American have something to hide, and be negatively affected by the NSA’s monitoring program. However, as an IT professional and security guy, I argue this is worrisome because of two main reasons:

  1. If the data exists, it is vulnerable.
  2. If the potential for abuse is present, there is always potential for abuse!

First, if the data exists, it is vulnerable.

The very fact that the NSA is storing huge amounts of data (often times personal data on individuals) raises a security and privacy concern. Perhaps the NSA has the best of intentions, and will always work to keep that data safe. But as I’ve written several times on the Develop CENTS blog, data that is stored on any computer system is never 100% safe. There’s an old saying among IT professionals: A truly secure computer is turned off, unplugged, encased in concrete, buried 5 feet deep, and guarded 24/7. The point? Hackers know this truth, and, now that they know where so much data is stored, they just have to figure out a way to get to the data.

No system is completely secure, and that goes for the NSA’s computer system and network.

Secondly, if the potential for abuse is present, there is the potential for abuse!

No individual, system of government, or entity is infallible, and this is true for achieving one’s own ambitions. The very fact that the NSA stores (and monitors) so much data about American citizens is worrisome, because that data could be used for nefarious ends.

Take the example of Edward Snowden. Here was a dude working for the NSA that obviously had access to a lot of classified information. If he had wanted to, he could have kept quiet and sold the data on the black market or to other countries. He didn’t. Instead, many argue that he has provided a very big, very good, public act of service.

But the question remains: What if he HAD used this data (or other data that hasn’t been released on individuals) for nefarious purposes? The security situation in the United States could have been a lot worse than it is.

Another potential for abuse comes from the U.S. government itself. What if a department, branch of government, the White House administration, or even an individual in the higher ranks of government wanted certain information on an individual – or a group of people? The reasoning could be anything, such as learning business trade secrets or getting ahead in a political campaign.

Remember, if the data exists, it is vulnerable. Someone has access to that data, or could illegally gain access to that data. There is, and always will be, the potential for abuse.

What are your questions? Do you have any comments? Leave them below, or contact me!


Mark Gornik on Learning to Pray with African Christians: Ethnography, Theology and a World of Christianity

8 days ago, President Derek Halvorson, of Covenant Collegetweeted the following:

Looking forward to having @CovenantCollege alum Mark Gornik, author of Word Made Global, on campus next week: 

And with that, I knew that I wanted to attend Gornik’s lecture series this weekend (Thursday night, Friday night, and this morning – Saturday). Of course, other than my reading of Gornik’s book “To Live in Peace” years ago when I took the course “Principles of Community Development” as a sophomore at Covenant College, I had no idea what to expect from this particular course, nor did I have any time to prepare.

Since his time living and working in Sandtown among residents in this poor area of Baltimore and helping to start New Song Urban Ministries, Gornik left to live and study in New York City, and start the City Seminary of New York. He subsequently did his doctorate thesis on African Christianity in NYC, eventually focusing on three churches.  This was a work of ethnography, a work of learning from African Christians who now live in NYC, learning their theology, and learning how they worship.  Gornik’s doctorate thesis was then turned into the book Word Made Global: Stories of African Christianity in New York City.

Gornik’s lecture series at Covenant this weekend partly reflected his doctorate thesis and book.

First, let me get it out of the way that I’m very glad I attended. It was free and open to the public, and although I wasn’t familiar with the book, nor did I really understand what the lecture was going to be about, the title of the course really intrigued me. I knew that Gornik has spent a lot of time thinking about (and living) intentionally with believers in an urban setting.

But this lecture and his work went way beyond his work and interaction in Sandtown, Maryland.

As Gornik spoke, I realized that here was a man who had devoted himself to anthropology work, learning about different cultures worldwide (and for his particular doctorate thesis, learning about African Christianity in NYC). He has spent time in Africa, Asia, and Central America also learning about Christian communities.

Gornik spoke from experience that in theology and worship, one size does not fit all. Time and time again, he pointed out that worship is by nature a representation of a culture. Each individual Christian has a particular story, and each community has a particular story that is unique.

Gornik concludes that we must be incredibly humble and cautious when we think about critiquing another Christian style of worship or theology. Certainly, all Christians share the same basic tenants of the faith (e.g. that humans are sinful and as a result that Jesus Christ died – and more importantly, rose – to save us from our sins). Despite these core truths, Christians worldwide (not to mention in just North America) have distinct theologies.

For example, while the Reformed (think Presbyterian) tradition formally believes that no human is without excuse to know God as a result of Creation (general revelation), it is also held that no one can be saved apart from Scripture. On the other hand, a different tradition (such as the Pentecostal movement) might believe that God works in wondrous ways to reveal himself to others, and that people can be saved apart from Scripture. (This is just an example, mind you – I have not explicitly stated what I personally do or do not believe).

So Gornik’s argument is that a Christian theology on which an individual or community holds is directly affected by that individual’s or community’s history and cultural context.

I thought a lot about Bryant Myers, who has similar thoughts to Gornik’s conclusions. Myers writes about theology in Christian Community Development at the beginning of Chapter 2 of Walking With The Poor:

…The development process is a convergence of stories. The story of the development practitioner is converging with the story of the community and together they will share a new story for a while. Because the development promoter is a Christian and because God has been active in the community since the beginning of time, the biblical story is the third story in this confluence of stories. This brings the development practitioner back to theology and the biblical account.

One of my favorite quotes, which affirms this idea, is by Duane Elmer, another Christian Community Development practitioner:

Love is culturally defined. When we truly love others, we love them in their own context, in keeping with the way they define love. We can’t express love in a vacuum. It can be expressed egocentrically (my way) or sociocentrically (as the other person would define love).

I whole heartily agree with Gornik, Myers and Elmer. We must be incredibly careful (and humble) in our critique of Christianity in other cultural contexts, which we may not completely understand.

Certainly the core foundations of our faith are essential. For the non-essentials (to salvation) however, it is better to err on the side of love, acceptance, and mutuality rather than pointing fingers and saying “you’re wrong, I’m right.”