Curious what the NSA gleans from your Gmail? Now you can see for yourself
Ever since Edward Snowden leaked what seems to be the mother lode of the decade, the internet has been fervently abuzz with speculation about Prism. The (aptly named) program was setup by the United States NSA (National Security Agency) to work hand in hand with internet giants to cull over mountains of data related to users of numerous services from Facebook to Gmail to Hotmail. Whether or not this information is accurately being used for its intended purpose -- thwarting terror attacks -- is still up for debate. But one thing we do know for sure is not only the type of data being plucked, but more importantly the overarching power this data yields.
It seems the crafty folks at MIT haven't been sitting back and watching this drama unfold. They've gone ahead and launched a representative cloud tool called Immersion that is very accurate in its portrayal of the inner workings of your entire digital life (or at least, the one contained to your Gmail account). National Journal's Brian Fung first covered this astonishing project, and it was since picked up similarly by eWeek.
In a nutshell, Immersion is a cloud tool that takes a 'big data' approach to representing the relationships exposed by the contents of your Gmail account. There is no cost to use the tool, and it fully asks for your stated permission to tie into your chosen Gmail address to cull information for analysis. For those worried, yes, you do have the option of having the tool completely erase all of the data pulled once you are done perusing the colorful representation of your entire Gmail history.
How MIT pieced together Immersion is not really a big secret at this point. It uses the same basic underpinnings for its representation of your digital life as Google already has access to, and which the NSA either "asks for" or gleans on its own -- you can come to your own conclusion on that one. Nonetheless, this information, known as metadata, is the digital equivalent to what the US Postal Service is collecting yearly on every piece of mail touched in America. Who your emails went to, how many of them you sent to each person, the file types of your attachments, the first and last time you spoke with each person -- pretty much everything besides the actual contents of the emails themselves. That clarification is the fine legal line that the NSA and other agencies are riding to uphold their legitimacy.
Piecemeal, these loose data sets are useless. Collectively, however, they paint a hyper realistic portrait of one's personal life, in context of the entirety of the data being woven together. MIT gives us a relatively toned down perspective by delivering a snapshot stemming from only our Gmail accounts, but you can imagine the power the NSA has with its monstrous data centers that churn through this, and more, on a daily basis.
While the execution behind Immersion is likely very accurate to the methods being used by the NSA, it by no measure shows the totality of one's digital life when cross-examined on a playing field taking into account all of your digital stomping grounds. If you believe the NSA isn't leveraging such power already, then you're just being plain naive.
So how does an Immersion plotting look? I tested the service on myself, using my oldest Gmail account created back in high school (late 2004). Mind you, Immersion is very clear in stating that it only looks at the To, CC, BCC, and timestamp fields of your messages. This is just a portion of the metadata the NSA is likely curating to create digital mugshots of each of us every day.
Immersion's primary dashboard graphic gives you your "web of relationships" at a glance. My personal web, shown above, took Immersion 5-7 minutes of digging through my Gmail to display. The NSA's systems can probably tackle hundreds of these in seconds.
The immense breadth of information that metadata can provide when viewed as a whole is breathtaking. My Gmail account has been in existence since late 2004 and Immersion claims I've got 31,000+ email messages in my account. The sheer fact that it could take nearly nine years of data and piece it together into a visually corroborative narrative of who I've spoken with, how long I've been speaking to them, and how they are related to everyone else in my life is something you have to see with your own eyes.
The tool doesn't stop there, however. If you want to see how specific contacts in your email history are related to others, simply click on any bubble in the graphic Immersion spits out (in wonderful Ajax fashion, might I add). Each bubble represents a single person you may have communicated with, and the larger their bubble, the heavier the email volume you've had with this person. On a lighter note, this may not be a bad way to see who is eating up all those minutes (or hours) in your inbox each day.
Clicking on any of your contact "bubbles" in Immersion gives you a top-down view of the relationships between that person and others you have spoken with. Direct lines between contacts represent associates that somehow know each other -- likely by being involved in email threads.
I labeled the first screenshot from my own Immersion readout with the major "webs" that exist in my Gmail account life. Seeing as this has been the primary inbox I've used since my high school years, it has the deepest insight into my personal communications. From work colleagues to hockey teammates down to past relationships. Immersion leaves no stone unturned.
Going even one step further, Immersion allows you to view some interesting specifics about any of your email contacts you associate with. I decided to take a peek at a few of the larger "bubbles" in my contact web, and was able to find out neat (or scary?) statistics about my relationships with these people. Immersion not only shows me when my first email to the person was, but also when my last message to/from them was, as well as a bar graph showing the overall volume of interaction over the entire history of us speaking to one another. Slightly less accurate was the "Introduced you To" area which tried to explain who I met as a result of knowing this individual, but for an agency using similar info-mining like the NSA, it's the bigger picture that matters most.
Should any one party be privilege to such information? Again, another area up for massive debate. A lot of this metadata that surrounds emails you send are already considered public knowledge to some extent. For any message on the internet to reach its intended destination, whether it be on a Gmail account or on Office 365, metadata needs to be shared and read between systems so that items can be properly routed. The NSA is undoubtedly culling a lot of the information it gleans from such siphoning of the public web, but one can easily see where abuse of this information in a big data context can easily spiral out of control -- especially in the wrong hands, for the wrong purposes.
I'm not one opposed to all forms of digital surveillance to keep the likes of al-Qaeda at bay in this age of virtually-equipped terrorism. But the cop out excuse of "I've got nothing to hide" is nothing more than complacency for digital tyranny. The further we allow government to creep into every aspect of our lives unchecked, the less meaning we can attach to claiming we live in a "Land of the Free".
If Immersion is just a sliver of the exponential power that metadata can behold, then the capabilities of the NSA are up merely to your mind's imagination. Literally.
Derrick Wlodarz is an IT Specialist that owns Park Ridge, IL (USA) based technology consulting & service company FireLogic, with over 8+ years of IT experience in the private and public sectors. He holds numerous technical credentials from Microsoft, Google, and CompTIA and specializes in consulting customers on growing hot technologies such as Office 365, Google Apps, cloud hosted VoIP, among others. Derrick is an active member of CompTIA's Subject Matter Expert Technical Advisory Council that shapes the future of CompTIA exams across the world. You can reach him at derrick at wlodarz dot net.