#IndexDrawtheLine: Where should governments draw the line on everyday surveillance?

draw-the-line-header

 

Former NSA contractor Edward Snowden attempted to explain mass surveillance through a conversation around dick pics during an interview with John Oliver on Last Week Tonight, a satirical current affairs show aired by American network HBO.

“Even if you sent it to somebody within the United States, your wholly domestic communication between you and your wife can go from New York to London and back and get caught up in the database,” Snowden said in the interview, conducted in his temporary residence in Russia after the United States cancelled his passport for leaking details about NSA domestic spying in June 2013.

The elimination of complicated terminology in the discussion has allowed us to understand that although emails sent between Gmail accounts are encrypted and unidentifiable to outsiders as they move from Google’s data centres in the US and across the world, in reality the racy pictures embedded in these emails can actually be stored in several data centres worldwide as a way to provide backups in case one centre fails.

These encryption techniques have been around since 1991, when hacker Philip Zimmermann uploaded a free encryption program called Pretty Good Privacy – better known today as PGP – to the internet. Using a form of cryptography developed in the 1970s known as public-key cryptography, users are given a public key that can be shared which encrypts messages that are sent to them, and another one they keep private to decrypt messages they receive.

As public-key cryptography was generally reserved for military and government use prior to the release of PGP, the availability of these advanced encryption algorithms to the general public was a significant step in the realm of free expression at the time. But while web-based communication has become part of daily life, the average citizen is only beginning to grapple with the idea of mass surveillance let alone the tools associated with it.

Should individuals accept the surveillance environment, allowing – for example – government officials to obtain personal photographs shared between two consenting adults through a corporate service, as raised by Snowden?

Just months before Snowden blew the whistle, India began implementing a Centralised Monitoring System in April 2013 to monitor all phone and internet communications in the country. Following his disclosures on mass US secret surveillance programs, other governments around the world such as Brazil and Russia began debating on how to pressure companies to store user data locally. During this period, Turkey began drafting new regulations that would make it easier to get data from internet companies following the eruption of Gezi Park protests.

To what extent is it possible to escape everyday surveillance amidst these developments and how would this affect our communications? And even if technological advancement brings us newer tools providing stronger privacy protection, where should governments draw a line in monitoring what we share with friends and family?

Join the discussion on twitter with #IndexDrawTheLine

Egypt: Authorities reveal plans for mass surveillance of social media

2011_Egyptian_protests_Facebook_&_jan25_card

(Image: Essam Sharaf/Wikimedia Commons)

A few months after the adoption of a progressive new constitution guaranteeing freedom of expression and the right to privacy, reported plans by Egyptian authorities for indiscriminate mass surveillance of social media in Egypt have alarmed rights advocates and many within the country’s internet community.

The proposed surveillance plan has also sparked fears that internet activists may be the next targets of the military-backed government’s widening crackdown on dissent.

Defending his ministry’s decision to introduce the new mass monitoring system, Egypt’s Minister of Interior Mohamed Ibrahim was quoted by the semi-official Al Ahram newspaper on Monday as saying that the proposed system was “necessary to combat terrorism and protect national security”. He added it would be “similar to that used in the US or the UK to protect their national security”.

Seeking to allay concerns that the new system would curtail freedom of expression, Ibrahim said: “We do not seek to interfere with citizens’ privacy. The system will merely help us track and identify potential terrorist and criminal threats.”

Ibrahim’s statements came a day after the privately-owned Al Watan newspaper published a leaked call by the ministry of interior for tenders from companies to establish a sophisticated mass surveillance system.

In a statement criticising the proposed mass surveillance plan, Amnesty International said the monitoring of social media “would deal a devastating blow to the rights to privacy and freedom of expression in the country”, adding that “the new surveillance system risks becoming yet another instrument in the Egyptian government’s toolbox of state repression”. Amnesty also urged the Egyptian authorities not to replicate illegal programmes that have been used by other countries to violate the right to privacy. “Any surveillance programmes must comply with the general principles under international law of legality and judicial accountability,” the statement said.

Meanwhile, Egyptian rights groups and internet activists have expressed fears the proposed system would “close down the last remaining space for free expression in Egypt”.

Since the ouster of Islamist president Mohamed Morsi by military-backed protests last summer, the interim authorities have taken measures to tighten the state’s grip on the media. Days after the military takeover of the country, several Islamist-linked media outlets were shut down by the interim government. Security forces ransacked the offices of a Muslim Brotherhood TV channel and the Al Jazeera Mubasher Channel (accused by Egyptians of being pro-Muslim Brotherhood), confiscating their equipment and arresting their journalists.There has since been a marked shift in the tone of both state and state-influenced news media with many journalists now towing the government line either for fear of persecution or of being labelled “unpatriotic.” Several journalists have complained of “harassment” and intimidation” by security agencies. In today’s deeply polarised Egypt, reports of verbal and physical attacks by “patriotic” mobs on journalists trying to cover the conflict, are all too common.

Journalists covering “anti coup” protests have been deliberately targeted by security forces with no fewer than five being shot and killed while covering the unrest. Mayada Ashraf who worked for the privately-owned El Dostour newspaper became the latest journalist-victim of the violence when she was shot in the head in March while covering clashes between security forces and supporters of the ousted Morsi. Meanwhile, 65 journalists have been detained since the military takeover of the country nearly a year ago. There are 17 journalists currently behind bars in Egypt, according to a recent report released by the Committee for the Protection of Journalists. Three Al Jazeera English journalists have been in prison for six months, charged with “aiding a terror group and spreading false news that harms national security.” Despite pleading “not guilty”, their repeated requests to be released on bail have thus far been denied by the prosecutors in the case. A fourth Al Jazeera journalist has been in jail since August 2013 and has to date, not been charged.

Besides detecting any references to terrorism on social media, the controversial new system will also scan social networks for “calls for illegal protests and sit-ins, incitement to violence and defamation of religion,” Abdel Fattah Othman, a spokesman for the ministry of interior said in an interview broadcast Sunday on Al Mehwar Channel. In the absence of a “watch list” determining the topics the ministry intends to censor, many internet users are worried, fearing their electronic communications may be targeted.

Responses by Egyptian internet activists to the ministry’s surveillance plan have teetered between anger and sarcasm. Some Twitter users chose to take the matter lightly, mocking the decision in their tweets. #Wearebeingwatched — created by Twitter activists a week ago in response to the proposed plan — has fast become one of the top trending hashtags in Egypt with more than 50,000 uses within the span of a single week.

“State security agents when are you coming to get me?” Mahmoud El Zanaty a Twitter user jokingly asked, using the hashtag.”You never keep your appointments.”

“I’m free, that is why I’m being watched,” was another sarcastic message posted, by a user going by the twitter handle Doaa. Meanwhile, in a message addressed to the “agent” supposedly watching him, another twitter user wrote: “Farrag, come join me for tea!”

While most rights activists fear the proposed surveillance system may be used as a tool of repression, a few rights advocates have dismissed it as “mere government propaganda”.

“State security agencies have always kept a close watch on social media networks in Egypt,” Rights Lawyer Gamal Eid told Index. He cautioned however, that the ministry’s announcement was meant “to intimidate online activists and silence voices of dissent”.

Over the course of the past three years, several activists have been arrested and prosecuted for the content they have posted on social media networks. Blogger Maikel Nabil was arrested in March, 2011 and later sentenced to 3 years in prison for a Facebook post allegedly insulting the military. He had written: “The army and the people were never one hand.” He spent ten months behind bars before being released. In September 2012, Alber Saber, a Computer Science student and blogger was also arrested on allegations of having shared the YouTube trailer of the anti-Islam film “Innocence of Muslims” on his Facebook page. While police found no evidence that he had uploaded the video deemed insulting to Islam, he was nevertheless sentenced to 3 years in prison for “defaming Islam and Christianity” and allegedly “spreading atheism”. Saber was released for an appeal session a year later and subsequently fled the country. Earlier this year, Amr Hamzawy, a prominent liberal intellectual and political scientist was charged with “insulting the judiciary” for a Twitter post criticising a court ruling against three US pro-democracy civil society organisations .

Ahead of the January 2011 uprising, young pro-democracy activists had used social media networks to mobilise and organise the mass protests that brought down autocratic president Hosni Mubarak. Videos depicting police brutality and others urging Egyptians to rise against the corrupt Mubarak regime posted by the April 6 pro-democracy youth movement and “We Are All Khaled Said” — a Facebook page created by Google Executive Wael Ghoneim to bring attention to the brutal murder of a young Alexandrian (allegedly beaten to death by two police officers) — were the initial spark igniting the 2011 uprising, prompting some analysts to describe the revolt of 3 years ago, as a “Facebook Revolution”. Recognising the role of social media in the mass uprising, Mubarak cut off the internet and mobile phone lines in an attempt to quell the protests, a few days after their eruption. His rash response however, triggered public furore and only served to further strengthen the resolve of the Tahrir protesters.

With internet penetration in Egypt at 43 per cent (at the end of last year) — relatively low compared to other countries where illiteracy rates are lower than in Egypt — the Egyptian government is nevertheless wary of social media, having witnessed first-hand the role of Facebook and Twitter in toppling the authoritarian regimes in the region. Despite provisions in the recently-adopted constitution protecting the right to privacy and guaranteeing the confidentiality of electronic correspondence, telephone calls and other means of communication, the military-backed authorities are taking no chances. Systematic monitoring of Facebook, Twitter, You Tube and possibly mobile phone applications such as WhatsApp, Viber and Instagram would enable the government to identify dissenters and possibly, crackdown even harder on them, critics fear.

In the past year, the interim government has shown little respect for freedoms and rule of law. With military strongman Abdel Fattah El Sisi now sworn in as the country’s new president and in the wake of the proposed mass surveillance plan, skeptics warn that things are likely to get even worse as a counter-revolutionary bid seeking to obliterate all traces of the 2011 Revolution that called for bread, freedom and social justice, gains ground in Egypt.

This article was published on June 10, 2014 at indexoncensorship.org

Perfection as the enemy of the good: Weakening surveillance reform

Last week saw a flurry of legislative to-and-fro on the Hill as the US House of Representatives pondered the passage of legislation aimed at ending bulk-collection by the US National Security Agency.  The USA Freedom Act, or HR. 3361, was passed on Thursday in a 303-121 vote, and was hailed by The New York Times as “a rare moment of bipartisan agreement between the White House and Congress on a major national security issue”.  Congressman Glenn ‘GT’ Thompson (R-Pa.) tweeted that he was the proud cosponsor of a bill “that passed uniting and strengthening America by ending eavesdropping/online monitoring.”

It was perhaps inevitable that compromise between the intelligence and judiciary committees would see various blows against the bill in terms of scope and effect.  When legislators want to posture about change while asserting the status quo, ambiguity proves their steadfast friend.  After all, with the term “freedom” in the bill, something was bound to give.

Students of the bill would have noted that its main author, Rep. Jim Sensenbrenner (R-Wi.), was also behind HR. 3162, known more popularly as the USA Patriot Act.  Most roads in the US surveillance establishment tend to lead to that roughly drafted and applied piece of legislation, a mechanism that gave the NSA the broadest, and most ineffective of mandates, in eavesdropping.

Then came salutatory remarks made about the bill from Rep. Mike Rogers[2], who extolled its virtues on the House floor even as he attacked the Obama administration for not being firm enough in holding against advocates of surveillance reform.  There is a notable signature change between commending “a responsible legislative solution to address concerns about the bulk telephone metadata program” and being “held hostage by the actions of traitors who leak classified information that puts our troops in the field at risk or those who fear-monger and spread mistruth to further their misguided agenda.”

Even as Edward Snowden’s ghost hung heavy over the Hill like a moralising Banquo, Rogers was pointing a vengeful finger in his direction.  There would, after all, have been no need for the USA Freedom Act, no need for this display of lawmaking, but for the actions of the intelligence sub-contractor. Privacy advocates would again raise their eyebrows at Rogers’s remarks about the now infamous Section 215 telephone metadata program under the Patriot Act, which had been “the subject of intense, and often inaccurate, criticism. The bulk telephone metadata program is legal, overseen, and effective at saving American lives.”

Such assertions are remarkable, more so for the fact that both the Privacy and Civil Liberties Oversight Board and the internal White House review panel, found little evidence of effectiveness in the program.  “Section 215 of the USA Patriot Act,” claimed the PCLOB, “does not provide an adequate basis to support this program.”  Any data obtained was thin and obtained at unwarranted cost.

Critics of the bill such as Centre for Democracy and Technology President Nuala O’Connor expressed concern at the chipping moves.  “This legislation was designed to prohibit bulk collection, but has been made so weak that it fails to adequately protect against mass, untargeted collection of Americans’ private information.”  In O’Connor’s view, “The bill now offers only mild reform and goes against the overwhelming support for definitively ending bulk collection.”

Not so, claimed an anonymous House GOP aide.   “The amended bill successfully addresses the concerns that were raised about NSA surveillance, ends bulk collections and increases transparency.”  Victory in small steps would seem to have impressed the aide. “We view it as a victory for privacy, and while we would like to have had a stronger bill, we shouldn’t let the perfect being the enemy of the good.”

Various members of the House disagreed.  Rep. Zoe Lofgren (D-Calif.) noted that the bill had received a severe pruning by the time it reached the House floor, having a change “that seems to open the door to bulk collection again.”  Others connected with co-sponsoring initial versions of the bill, among them Rep. Jared Polis (D-Colo.) and Rep. Justin Amash (R-Mich.) also refused to vote for the compromise.

What, then, is the basis of the gripe?  For one, the language “specific selection term”, which would cover what the NSA can intercept, is incorrigibly vague.  The definition offers the unsatisfactory “term used to uniquely describe a person, entity or account.”  What, in this sense, is an entity for the purpose of the legislation?  The tip of the iceberg is already problematic enough without venturing down into the murkier depths of interpretation.

Even more troubling in the USA Freedom Act is what it leaves out. For one thing, telephony metadata is only a portion of the surveillance loot.  Other collection programs are conspicuously absent, be it the already exposed PRISM program which covers online communications, Captivatedaudience, a program used to attain control of a computer’s microphone and record audio, Foggybottom – used to note a user’s browsing history on the net, and Gumfish, used to control a computer webcam.  (These are the choice bits – others in the NSA arsenal persist, untrammelled.)

Section 702 of the Foreign Intelligence Surveillance Amendments (FISA) Act, the provision outlining when the NSA may collect data from American citizens in various cases and how the incorrect or inadvertent collection of data is to be handled, is left untouched.  On inspection, it seems the reformist resume of the Freedom Act is rather sparse.

Ambiguities, rather than perfections, end up being the enemy of the good. Laws that are poorly drafted tend to be more than mere nuisances – they can be dangerous in cultivating complacency before the effects of power. Well as it might that the USA Freedom Act has passed, signalling a political will to deal with bulk-collection of data.  But in making that signal, Congress has also made it clear that compromise is one way of doing nothing, a form of sanctified inertia.

This article was posted on May 28, 2014 at indexoncensorship.org

Bunting and Effect: Reforming the Federal Intelligence Surveillance Court

(Photo: Shutterstock)

(Photo: Shutterstock)

The reforms to the intelligence community that have been advocated by US President Barack Obama are not being taken well in some circles.  This is not necessarily because all members of that covert fraternity object to them.  There has been, in fact, a general understanding that something had to be done in light of Edward Snowden’s revelations regarding dragnet surveillance.  A fundamental feature of Obama’s reform agenda centres on a greater oversight role regarding surveillance applications assessed by the Foreign Intelligence Surveillance Court (FISC).

Former FISC Presiding Judge John Bates has given, in a fashion, support for proposals that would allow the appointment of a public advocate or lawyers acting in an amicus curiae role.  Their role suggests, in spirit at least, a modest attempt to open an otherwise secret court process to scrutiny over surveillance applications, providing direction on privacy and specific legal points. “I think it could have some good elements if done correctly,” suggested the judge before a gathering at George Washington University Law School last Friday.

Reading between the lines, however, the judge is not glowing at the prospect of an increased work load, one affected without little benefit.  For one, he claims that an outside advocate is, for the most part, needless in standard court deliberations (pen registers, trap-and-trace orders and individualised search warrants) under the Foreign Intelligence Surveillance Act of 1978.  Furthermore, surveillance applications tended to be prosaic matters with specific individuals in mind, using such standards as probable cause that would only affect the privacy interests of an individual or set of individuals.  Amicus advocates would busy the court without any benefit, they being, for the most part, unqualified to deal with the technical matters at hand.

Where such a “friend” of the court might have some bearing would be on concerns over bulk-collection of data, though the judge was again shaving much relevance over the move.  Was this reform a genuine attempt to alter practice, or simply one designed to pacify “public perception”?  Those on the FISC are more troubled than pleased.

Many of the concerns made by Judge Bates were outlined in his January 13 letter to Senator Dianne Feinstein, Chair of the Select Committee on Intelligence.  It is worth reading carefully, given the role Bates has played as chief judicial officer over FISC matters.  A vigorous, conceptual tussle between secret deliberations and transparency is undertaken, much of it fundamental over the role of the court in “oversight” matters.

If workloads were to increase, then this should be “accompanied by a commensurate increase in resources.”  Adding a number of administrative subpoena-type cases in excess of 20,000 “would fundamentally transform the nature of the FISC to the detriment of its current responsibilities.”  But even such an increase of work would not necessarily be remedied by the mere addition of personnel and resources.  It would “prove disruptive to the Courts’ ability to perform their duties, including responsibilities under FISA and the Constitution to ensure that the privacy interests of United States citizens and others are adequately protected.”

Like it or not, Judge Bates suggests that the secrecy function of the FISC should continue.  In this, the judge slips into his paternalistic voice, suggesting that publishing Court decisions for public consumption would limit rather than “enhance the public’s understanding of FISA implementation”.  Unless classified information is provided with those decisions, confusion was bound to happen.

A real bruiser comes in his detailed observations over what role the public advocate would actually play in FISA proceedings.  First and foremost, there will be no constructive adversarial role to speak of, as the advocate will be “unable to communicate with the target or conduct an independent investigation”.  Privacy protection will not be assured by involvement of the advocate in “run-of-the-mill FISA matters” and might “undermine the Courts’ ability to receive complete and accurate information on the matters before them.”

Much of the concern stems from who has the authority over appointments.   A court appointed advocate might well be more palatable for judges, but it will hardly satisfy the privacy reformists, who wish to open the FISC door to some form of public accountability.  But according to Judge Bates, a “standing advocate with independent authority to intervene at will could actually be counterproductive” while a court appointee may well maximise assistance while minimising disruption. He also fears the “constitutional” implications of the move.

Some of Bates’ concerns on the public advocate may be uncalled for. They are already considered in the Leahy/Sensenbrenner and Blumenthal bills.  Both make the point that the special advocate only appear in set cases, and never in those touching on individualised search warrants.  They would only deal with novel matters affecting subjects of surveillance targeting persons outside the United States (FISA, s. 702) and American subjects under s. 215 of the USA PATRIOT Act.

Judge Bates’ overview suggests that some reforms to the hearing and granting of surveillance applications are not only modest but cosmetic, in so far as they hope to improve privacy protections.  The impact will be to actually hamper judicial oversight, rather than improve it.  The adversarial element that would improve representation would actually be absent, despite the presence of the public advocate, making the reform one of bluff rather than effect.   No change, however, would have been intolerable.

Speaking to a gathering of national security lawyers organised by the American Bar Association, Judge Bates had a prediction.  “My guess is nothing will happen legislatively until after the mid-term elections – if then.”  There will be congressional disagreements about matters of form and substance.  If care is not taken, enacted reforms may well be the bunting without the product.

This article was published on April 7, 2014 at indexoncensorship.org