MIT Immersion Project Reveals What NSA's PRISM Program Knows

 
 
By Wayne Rash  |  Posted 2013-07-07
 
 
 
Immersion Project

MIT Immersion Project Reveals What NSA's PRISM Program Knows


When I first heard about the National Security Agency's PRISM operation at a conference in Washington, D.C., it wasn't clear just how significant that might be. I knew that the government was collecting information from emails, including the name and address of the recipients, the originator, the time and date of the message, and perhaps the size of the message. But it wasn't clear just how much the government could glean from that.

But that was before it became clear exactly how effectively visualization tools can show the relationships between and among points of data. I found out a few days later just how effective that can be when I was introduced to its use as a cyber-security tool. Now it turns out that the same type of illustration is available from MIT, and it uses your own email to produce the illustration.

As Brian Fung reports in National Journal, this is the information that Google has available from your Gmail account. If the government requests email data from Google, this is what the government gets. The tool, called Immersion, goes through your Gmail and reports to you on what it finds. Then Immersion displays it as a sort of bubble chart showing who you trade email with the most, and perhaps equally important, the relationship between those people.

If you look at the illustration at the top of this story, you'll see a cluster of colored bubbles. The size of those bubbles shows how much correspondence has happened between you and those people, effectively showing how important they may be in regards to you.

The illustration here is the chart of my Gmail account. The largest bubbles are public relations agents, except for the second-largest, which is my long-suffering Apple support person. Some of these bubbles also represent news sources, and if you could see them, there are thin lines between some of those bubbles showing that they also know each other. In this particular snapshot, I've left the names of those people out, but the same data is available with the names included.

If you click on the link in the word "Immersion" above, you can try this out for yourself. The results will appear in a few seconds, first with preliminary results, and then with more details as the data is analyzed further. For people who are not all that active on Gmail (me, for example) the amount that the data shows is sobering. Just imagine if Gmail is your primary means of email as it is for many people.

Now, for the really scary part. When Google handles your email, it gets this information, but it also has been searching for keywords within your email so that it can use it for advertising. What this means is Google not only knows all the information in your metadata, but also knows what is contained in your email. This could be a very revealing profile indeed. At least the NSA says it doesn't read the contents of your email. Google does, and it admits that it does. Which is more scary?

MIT Immersion Project Reveals What NSA's PRISM Program Knows


I've never been that uncomfortable about having the government or Google know that I get press releases (since they're meant to be public anyway) or that I communicate with tech support people since my communications there will also probably be public. I also don't communicate anything important using Gmail for exactly this reason.

But what about companies that use Google for their corporate email? Even if Google doesn't use that for marketing info, there's still the metadata that lives for a fairly long time in your Gmail account. As long as it's in there, it can be mined and analyzed. My Gmail account goes back to 2008, so there are years of communications available.

The NSA doesn't really need your permission to get this data because it can pick it up as it passes through certain parts of the Internet. Google can't do that, so it needs your account. There's not much you can do about the filtering of Internet data because your address information has to be readable if your email is going to get delivered.

You can assume that if the NSA is looking at your email, the information in Immersion is similar to what they will see. Consider that it is likely all of your email addresses (and not just Gmail) and that the metadata is examined along with the metadata from everyone you've corresponded with, and you can see just how much can be inferred from this data alone.

If this sounds as if you're stuck in some sort of digital hell, it's not as bad as it could be. First, you don't need to use Gmail, and that will limit the information Google has about you and your company. You also don't have to use Google for search, and that will limit it even more. None of this affects what the NSA may find out about you, but at least the government isn't selling your info for ad revenue.

Rocket Fuel