Why You're Probably on an NSA Watchlist

07/31/2014 09:30
Mike Leahy
by Mike Leahy

I was talking with one of my colleagues the other day, and he raised a very interesting question, one that deserves consideration by anyone worried about their digital privacy. He read an article that championed the idea that the more steps one took to protect their privacy by using anonymous Web-browsing tools like Tor, the more likely that individual would be targeted for "surveillance" by the NSA.


The article went on to say the NSA closely watched user accounts searching for information on non-Windows operating systems like Tails or Linux. The authors of the article suggest the NSA presumes anyone interested in using technology to protect their privacy is a potential threat to national security. On the other hand, those taking no steps to demonstrate privacy concerns (as evidenced by an interest in available tools) are not.

Let that sink in for a moment.

Supporters of the sentiment that security must trump privacy will tell you that if you have nothing to hide, you have nothing to fear. A more apt statement to be garnered from the article is if you have something to hide, the government has something to fear.

Right now, the NSA operates an Internet surveillance tool called XKeyscore. This program allows them to place every Tor user in the world under ongoing surveillance. This completely negates the supposed anonymity the system was designed to provide.

“In the ongoing battle between government snoops and people interested in protecting their privacy, the snoops will always concentrate their activities where they will have the most impact.”
The NSA's own description of XKeyscore suggests its use is widespread, collecting metadata and relational information about Internet and telephone usage. This is then stored and is searchable in real time. The interesting point about XKeyscore's use you should keep in mind is the NSA's decision that anyone interested in privacy is considered a potential terrorist. Think about that for a moment.

The Pew Research Center Internet and American Life survey found in September 2013 that:
  • "86% of Internet users have taken steps online to remove or mask their digital footprints -- ranging from clearing cookies, encrypting their email, and avoiding using their real name, to using virtual networks that mask their Internet protocol (IP) address
  • "55% of Internet users have taken steps to avoid observation by specific people, organizations, or the government."

Or, more simply, more than half of the population of the United States that uses the Internet is categorized as potential terrorists requiring government surveillance to "protect us." From whom is the government protecting us?

Apparently, from ourselves.

This is madness.

Aside from this, there's another important point you need to be aware of. I remember arguments I had with my peers when I was 10 years old. It was the height of the Cold War, and we were debating the need of missiles to stop intercontinental ballistic missiles. But it didn't stop there. We argued about whether we needed anti-missiles to stop the ICBMs. And anti-anti-missiles to stop those.

Similarly, you might remember the quote attributed to Willie Sutton, who supposedly said that he "robbed banks because that was where the money was." In the ongoing battle between government snoops and people interested in protecting their privacy, the snoops will always concentrate their activities where they will have the most impact.

Just as Apple computers have not been targeted with viruses by online threats nearly as much as their Windows PC counterparts, growing use of alternate operating systems like Linux, Tor and Tails raises the interest in their users. Quite simply, they choose to "hide" something.

As in all technology-dependent conflicts, each side will reinvent its tools to defeat the tools used by their opponents. Thus, it is important to acknowledge that the tools we use to "enhance" privacy are simply that -- tools. The only way to truly keep personal information "private" is to not share it.

Having said that, how many social media platforms (Facebook, et al.) do you participate on?

Think about it.


Mike Leahy is an attorney in Annapolis, Md., and a Certified Information Privacy Professional (CIPP/US). Mike can be reached at mike@mgleahy.com or via his LinkedIn profile. 2014 Laissez Faire Books, LLC.