Cybersecurity

How to Get NSA's Attention (It's Art)

Many people, upon learning of the government's expansive programs to monitor electronic communications, probably thought to themselves, "Huh, I wonder if there is any steps I can take to make sure my emails do not end up in the pile that the NSA 'touches.'"

But not Ben Grosser. Grosser, an artist whose work explores the effects of software in society, had a different idea: How can I put my emails—the ones about my new cat, the invitations to meet up for coffee—under surveillance?

The result of this counterintuitive line of thinking is ScareMail, a new extension for Gmail that tacks text onto the bottoms of emails, algorithmically generated to capture the attention of the NSA's filtering mechanisms.


A bit of extra text tacked onto an email, full of NSA-alluring keywords. (Ben Grosser)

Grosser explains:

One of the strategies used by the US National Security Agency’s (NSA) email surveillance programs is the detection of predetermined keywords. These “selectors,” as they refer to them internally, are used to identify communications by presumed terrorists. Large collections of words have thus become codified as something to fear, as an indicator of intent. The result is a governmental surveillance machine run amok, algorithmically collecting and searching our digital communications in a futile effort to predict behaviors based on words in emails.

ScareMail proposes to disrupt the NSA’s surveillance efforts by making NSA search results useless. Searching is about finding the needles in haystacks. By filling all email with “scary” words, ScareMail thwarts NSA search algorithms by overwhelming them with too many results. If every email contains the word “plot,” or “facility,” for example, then searching for those words becomes a fruitless exercise. A search that returns everything is a search that returns nothing of use.

And he demonstrates in a quick video:

ScareMail from benjamin grosser on Vimeo.

As you can see from the examples, the results aren't exactly intelligible, and that's intended, says Grosser. Part of what he hopes to demonstrate with his project is that the mere inclusion of certain terms does not itself imply "intent"—that keywords will always generate some content that is innocuous.

Will ScareMail work as intended? The picture of how the NSA filters and handles email contents is still incredibly vague, and you'd have to know how that system works in order to game it, as ScareMail seeks to do. A recent report in The Wall Street Journal explained that of the 75 percent of all U.S. Internet traffic the system could conceivably reach, an unknown amount actually winds up stored within NSA databases, though "some" of what does is said to be communication between Americans (as opposed to between Americans and foreigners, or exclusively between foreigners). 

Just what terms and other clues go into filtering that firehose—a collaborative process on the part of several telecoms and the government—remain mysterious. Grosser says that "the 'scary' nouns and verbs" his program generates "are a best guess at probable NSA search keywords." He relies on a "Department of Homeland Security list of keywords used by their National Operations Center (NOC) for searching social media sites." As expected, Grosser says, that list contains terms such as "Al Qaeda," but, he adds, "it also contains a large number of multipurpose words, such as 'plot,' 'facility,' 'wave,' 'dock,' etc."

On their face, those words aren't scary in the least—which is precisely what's scary about their inclusion on that list.

Threatwatch Alert

Cyber espionage / Network intrusion / Stolen credentials

Hackers ogled 500,000 consumer records at British boob job clinics

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// 1:10 PM ET