22 Jul 13 | Comment, Digital Freedom, Europe and Central Asia, News and features, United Kingdom, United States
There have been some sharply contrasting political reactions to the US and UK’s mass surveillance programmes in European countries in recent days. Could the US perhaps play divide and rule in managing the fallout from Snowden’s revelations in Europe? Or is there enough common ground between German, UK or even Russian politicians to push for real changes in US (and UK and French) snooping?
(Photo: Gonçalo Silva / Demotix)
At first glance, it seems the issue is being damped down in the UK in contrast to angry and sustained political debate in Germany, and a more nationalist and opportunistic response by Russian politicians.
Last week British MPs on parliament’s intelligence and security committee confirmed that GCHQ, the UK’s signals intelligence HQ, had indeed obtained intelligence from the US Prism programme. But they concluded, remarkably quickly (no long investigation here), that allegations of law-breaking were “unfounded”. Whether the MPs are right or not, their report in fact only concerns part of Prism – the ‘content’ data GCHQ accessed and not the reams of metadata which can be equally or more revealing about individuals’ activities; and it doesn’t touch at all on the so-called Tempora programme by which, according to Snowden, the UK has been accessing massive amounts of data, by tapping into underwater cables, on a scale that goes beyond even US activities.
Meanwhile in Berlin last week, German politicians on the Bundestag’s control committee – were demanding answers on the NSA revelations from interior minister Hans-Peter Friedrich, who admitted he was still trying to get enough information out of the US on the reach of American surveillance. The following day, German journalists grilled Chancellor Angela Merkel’s spokesman for an hour and half about what the German government and security services already knew about US snooping, and how they will stop it.
Merkel has called on Obama to respect German laws though adding, rather curiously, “on German territory” – snooping on Germans on servers in the US or as their communications pass through underwater cables are side-lined by this emphasis. Merkel is also pushing for action at EU level, promising she will demand much tougher EU data protection laws – due to be agreed in the coming months. Germany’s political response seems in a much higher gear than in the UK.
Over in Moscow, some Russian MPs too are emphasising safeguards to protect personal data from US snooping. But with demands for big companies like Google and Facebook to respect Russian laws and pass on user data when requested (just as they have been in the US), this is not a sudden shift to political support for digital freedom in Russia. It is simple political opportunism taking full advantage of the NSA’s activities and revelations to reinforce Russia’s determined attempts domestically and internationally to control, monitor and impede a free and open internet.
But German, British or EU criticism of Russia’s attacks on digital freedom will be ignored and labelled hypocritical unless there is a much stronger condemnation of mass surveillance from European leaders and action to limit future abuses. Nor is this simply about whether intelligence services are operating within the law (and whose laws) important though that is. It is about ensuring laws do not allow the sort of mass surveillance domestically and internationally that the NSA, GCHQ – and it would seem France too – have been carrying out.
Here the report from the MPs on the British intelligence and security committee potentially opens up a vital debate. Incautious language, the MPs say that existing legislation is “expressed in general terms” and that GCHQ itself was right to put more detailed practices into place to ensure compliance with UK human rights law. Crucially, though a studied understatement, they say that the “complex interaction” between UK human rights laws and security laws needs further consideration – and commit the security committee to investigate further.
So more digging will happen in the UK, in Germany – and too at EU level thanks to the efforts of the European Parliament.
But the UK is clearly as complicit as the US in mass surveillance. And there is growing and sharper questioning in Germany of how much the government and the security services previously knew about US and UK snooping.
So where new revelations and investigations will take European countries in the coming weeks is an open question. And whether we will see a united defence of digital freedom in Europe and an end to mass surveillance is at best unclear for now and, more probably, highly unlikely.
Kirsty Hughes is the CEO of Index on Censorship. She tweets @Kirsty_Index
22 Jul 13 | Digital Freedom, News and features, Politics and Society, United Kingdom
Technology writer and broadcaster Bill Thompson spoke at the recent ISPA Awards dinner. ISPA, the Internet Service Providers Association, represents the companies that connect us all to the Net, and Thompson called on them to stand up for freedom, however hard that may be. This is an edited version of his talk.
I first used the internet in 1984/5 when I was a student at Cambridge University sitting at a dumb terminal on an IBM mainframe and discovered that we could email people both locally and at other universities. I didn’t know we were using the Internet, of course, because it was just ‘the network’. I had access when I worked at Acorn Computers, and in the early 1990’s ended up at PIPEX, the UK’s first commercial ISP.
A lot of my work at that time revolved around promoting the idea that the Internet was the right way to build the ‘information superhighway’ beloved of Al Gore, Tony Blair and others, rather than closed, proprietary technologies like AOL, Compuserve and the Microsoft Network. These systems were touted as the alternative to the insecure, unmanageable internet, and for a brief period it looked like they might triumph simply because of the marketing effort that went into them, but in the end it was the open net and the open web that came to provide the infrastucture for our networked economies and society.
In the last three decades the internet has become the pipe that delivers the world to us in all the ways that radio and TV used to and all the ways that radio and TV, as one-way broadcast media, never could. These days there are many countries where it makes far more sense to occupy the offices of the ISPs after a military coup than it does to take over the television stations.
This triumph comes at a cost. We have managed to avoid replacing the cacophony of the somewhat democratic open standards bazaar with a closed-minded architecture of control in which we would be expected to ask for permission to do anything, and would be reliant on Microsoft, AOL and those who they approve to maintain, develop and deliver innovation, and to charge what they liked for the privilege, but in the process we have built an internet that is almost impossible to manage.
We see it in the chaos of spam, malware and phishing, as well as the impossibility of creating effective filters for material that we’d prefer our children didn’t see, whatever the government may want to believe (and whatever PR hype they may persuade the Daily Mail to print). Many ISPs would probably prefer a safe, manageable network where they can control what their customers see and do and avoid takedown notices and copyright trolls and excessive legislation to manage illegal and ‘harmful’ content online. We know what that world looks like – it’s the content industries dream of compulsory digital rights management, premium services and Ultraviolet, but it doesn’t look that attractive to those of us who value the Internet’s creative potential and see it as the foundation of an open society.
We inherited a network which was designed to be open and permissive and to be used by nice people doing nice things. Over the last three decades it has been unleashed onto the world, and the openness of the network has meant that bad people have used it to do bad things, selfish people have used it to do selfish things, and governments have looked for ways to monitor it using the same features that the authors of Tor used to make it hard to monitor.
As a result today’s internet is more easily used for oppression than openness, and have seen how the US and UK, like China and others, have been reading as much net traffic as they can get their hands on, and how laws have been written to make such surveillance legal. The latest announcements on filtering mark a move towards deeper monitoring of the material UK net users are downloading, using the argument that we must ‘think of the children’ to justify this.
It may mark the point at which many ordinary users start to worry that the network they increasingly rely on for many aspects of their daily life is in fact the space in which they are most exposed, where their freedom to live their lives without being observed or suspected is most easily removed, because it is just as impossible to enforce the positive freedoms online as the negative ones. We can’t keep people safe from malware or spam, and we can’t tell them they can speak privately or speak openly without fear of reprisal.
ISPs have a real problem here. It’s the one outlined by Tim Wu and Jack Goldsmith in their book ‘Who Controls the Internet?’, where they point out that whatever freedom we may seek online, the net is delivered to us by companies that have offices and employees and servers, all of which are located in the physical world. For a company to operate within a territory it has to obey the laws within that territory, and while it seems to be accepted that there’s some wriggle room over how ISPs manage their tax affairs, disobeying court orders – especially secret ones – is generally seen as being a bad idea. Their lawyers don’t like it. Their families wouldn’t like having to say goodbye as senior executives were whisked off to gaol.
Yet these ISPs have become the de facto guardians of our online freedoms. They are the people who built the networks on which the world now runs, and the choices they make about standards, systems, hardware, traffic shaping, pricing plans and who gets to put tapping equipment in their routing cabinets matter.
The only viable solution I can see is to work with ISPs to re-engineer the network so that it cannot be so easily subverted by the forces of oppression and control that would close the networks, close society and close our imagination. We created the internet, it is a product of our imagination and our engineering skill and there is very little about it that could not be re-engineered – if we cared enough to do it, and there are no laws that we cannot change to ensure that the regulation of that re-engineered network preserves our freedoms and does not remove them.
If we want the network to be a tool for freedom then we need to design it in the right way, not simply work with what we have inherited.
Our last, best, hope? Metafilter tells me the phrase was coined by Lincoln but used in Bablyon 5 :-)
Further reading
• Larry Lessig on Rewriting the Internet
• Marco Ament on Lockdown
• Adactio on APIs
• Anil Dash on the Web we Lost
• Tim Wu & Jack Goldsmith: Who Controls the Internet?
15 Jul 13 | Europe and Central Asia, News and features
German chancellor Angela Merkel has called for more stringent EU data protection rules, after allegations that US surveillance programmes have also impacted EU citizens. Sara Yasin reports
In an interview with ARD television yesterday, the German leader called for privacy rules that apply to all member states, as online companies are currently only required to follow legislation where they are registered. Facebook, for example, is registered in Ireland and is only required to follow Irish privacy laws.
Merkel also told ARD that she expects the United States to abide by Germany’s privacy laws in the future.
While Merkel has claimed that she learned of US mass surveillance from the media, German daily Bild reported that the country’s foreign intelligence agency (BND) knew about the programme as well as storage of German data for many years now. Bild also reported that data stored was also used by German intelligence to locate citizens kidnapped abroad.
Index, along with English PEN, Open Rights Group, and Article 19 have called on the European Parliament “to support a Data Protection Regulation that helps people regain control of their personal data.”
In a letter sent to Sarah Ludford MEP, a shadow rapporteur on the European Parliament’s data protection dossier, the organisations stressed the importance of control over personal data:
Too often, people do not know how their information will be used, where it will be processed or who will have access to it. This is partly because the principles of the current data protection laws are insufficiently implemented. We believe the new Data Protection Regulation could give people more control over what happens to their information, and ensure those that collect and use data adhere to the rules.
The European Parliament has ordered a probe into allegations that the United States has spied on EU citizens and diplomats. The Civil Liberties Committee will hold an inquiry, and plans to release a report by the end of this year.
Sara Yasin is an Editorial Assistant at Index. She tweets from @missyasin
