The NSA and XMission
Last November, I was invited to tour the new NSA Datacenter in Bluffdale as part of a Utah consortium of datacenter operators. The facility is impressive, as it should be when you spend over a billion dollars. Yet any questions about purpose were deflected by our tour guide. Instead we got raw specs about how big the generators were, and how many gallons of diesel their tanks could hold.
I had always heard the rumors that the NSA had Star Trek style computational power that was 20 years ahead of what the industry was using. They could read erased hard-drives, crack the toughest encryption, and have an omniscient power to know where any national threat was at any time. As news reports revealed this last week, the reality is closer to earth. They’re simply capturing as much information as they can, indexing, and storing it. I have seen estimates that the amount of running storage they will have in Bluffdale could capture world communications for the next 100 years.
Apple, Google, Facebook, Microsoft, and Yahoo were fingered by The Guardian as having collaborated with the NSA in their data collection program. This was immediately denied by Google’s Larry Page and Facebook’s Mark Zuckerberg. Some accused them of sidestepping the issue, claiming that “no direct access to servers” did not preclude cooperation with the NSA. Only they know the full depth of that question, and I hope they will be forthcoming with further details.
I was appalled to see calls for a boycott of U.S. tech providers. It lumps us all in with companies who care more about their shareholders than their customers. To this extent, XMission is publishing it’s Transparency Report to demonstrate that we don’t agree with this and have been fighting for customer privacy since the beginning. Warrantless requests have repeatedly been refused. XMission cooperates with law enforcement when they provide a proper judicially authorized warrant. Sadly, investigations rarely follow this constitutional requirement. XMission also doesn’t datamine, inspect, or sell your information you trust with us. Employees have been fired for violating this cardinal rule by looking at email content without customer authorization.
Sharp eyed inspectors of our Transparency Report will note the FISA request of November 29th, 2010. XMission complied with that request only after consulting with our attorneys and the Electronic Frontier Foundation. It was specific monitoring of one IP address. What irks me about the manufactured outrage of Utah’s congressional delegation over NSA domestic spying is that they have signed off the NSA Bluffdale Data Center and FISA expansion repeatedly. They have supposedly been briefed on their actions as well. If they are angry about the lack of oversight of the NSA, do your job and provide oversight of the NSA.
However, I am convinced that no level of oversight of the NSA, nor boycott of U.S. tech companies, nor relying on trustworthy companies like XMission will turn back governmental snooping of the Internet. Regardless of the cooperation of names like Google, Facebook, and Microsoft, it has been a well known fact that the NSA has been intercepting calls and Internet traffic. This exploits a weakness the Internet has had since its inception. The Internet was built on trust, and nobody anticipated interception of data would be a problem. The only way to fix this is through encryption. XMission’s email servers use encryption to transfer data across the Internet to other email servers, yet only 17% of inbound connections utilize it. On the bright side, 70% of our outbound email is encrypted. Everyone has the ability to add encryption to their emails for free, and as this spying continues, I expect it will become the norm. In spite of the Star Trek rumors about the NSA breaking encryption, I trust mathematicians more. If you want to protect your privacy on computers and the Internet, utilize encryption as much as possible, and keep your important data at home or work. Then demand that the companies who provide you services disclose their policy towards governmental and commercial requests. If they won’t give you that information, it’s time to change to a Internet/cloud provider who cares.