In mid-June 2013, a search engine that guarantees its users privacy noticed a sudden influx of 500,000 new queries. One day earlier Edward Snowden had leaked details of the PRISM surveillance programme. Since then, traffic at DuckDuckGo has climbed steadily as further leaks underscore the range of online eavesdropping by members of the Five Eyes surveillance alliance (US, UK, Canada, Australia, and New Zealand). In addition to facilitating corporate espionage and wiretapping the Chancellor of Germany, the group has reportedly captured and stored private data from millions of its own citizens, and countless unsuspecting foreigners.
In a preface to Privacy International’s recent report ‘The State of Privacy 2014’ its Executive Director says that Snowden’s leaks have provided “evidence of what we had most feared: that governments acting with scant attention to legal protections, are using invasive techniques to collect as much as they can, while compromising the systems that we all rely upon.” (The report’s survey of National Comprehensive Data Protection/Privacy currently lists Guyana among the countries in which there is either no law or available information.)
The importance of protecting personal data is often treated as a ‘First-World problem’ but the PI report shows its relevance throughout the developing world too, particularly after the widespread adoption of mobile phones. The group warns that the “the very thing that makes the data generated or collected by mobile phones valuable for development agencies is what makes these programs risky for individual privacy.” Private data is extremely valuable to angry governments. In 2008, for instance, following anti-government food protests in Egypt, the authorities used “cell phone records and text messages held by the private sector to track down and convict protestors.”
The right to privacy may be a global issue, but its future will likely be decided by debates within developed democracies. To date, progress on this issue has been underwhelming, to say the least. Privacy International’s freedom of information requests for the details of the post-World War II agreements which govern information sharing among the Five Eyes alliance have been met with flat denials and strategic delays. The group notes that what little is known about these agreements “raises concern that the [intelligence] agencies are playing a game of jurisdictional arbitrage, seeking to exploit differing standards in national legislation.”
The dangers of “jurisdictional arbitrage” are considerable. Earlier this week the Guardian reported that between 2008 and 2010 the British Intelligence agency GCHQ gathered images from web-cameras of more than 1.8 million Yahoo users globally. Codenamed Optic Nerve, the operation stored these images in the agency’s databases without bothering to determine whether the subjects were legitimate intelligence targets. (After sifting through images from several hundred users, GCHQ estimated that up to 10 per cent of its cache contained “undesirable nudity.”) In the absence of public scrutiny of the Five Eyes agreements, it remains unclear whether foreign agencies can access this sort of data – material that would otherwise have been available to them only through illegal activity.
Elsewhere, there is growing evidence that intelligence agencies have crossed the line between observing targets and attacking them. Earlier this week Glenn Greenwald reported on a “Joint Threat Research Intelligence Group” (JTRIG) within GCHQ that has used distributed denial-of-service attacks (DDOS) and malware to retrieve private information from members of the hacking collective Anonymous. Greenwald furnished details of JTRIG’s schemes to “Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations.” Given the high price hackers have paid for similar activity, it is intolerable that governments should accord themselves the right to deploy such dirty tricks with impunity.
The revelations of American mass surveillance are particularly disappointing in light of President Obama’s early commitment to end the long secrecy of the Bush administrations. On his first day in office, Obama issued a memorandum on ‘Transparency and Open Government’ that promised an “unprecedented level of openness” and urged the federal government’s executive departments and agencies to “put information about their operations and decisions online and [make them] readily available to the public.” Six years later, after extensive prosecution of whistleblowers, the promise seems not just hollow but hypocritical. For, as the legal scholar Karen Greenberg has written, the President “continues to insist that the Justice Department documents offering ‘legal authorization and justification for White House-ordered drone assassinations of suspects, including American citizens, remain classified even as administration officials leak information on the program that they think will make them look justified.”
More than ten years ago, the editors of a book on The Intensification of Surveillance wrote that the Pentagon’s Terrorism Information Awareness program, launched a year earlier, marked “a massive increase in surveillance, an expansion of those deemed deserving of scrutiny, and an integration of this with warfare itself.” Edward Snowden’s leaks have confirmed the truth of this observation and given us a timely glimpse of how far adrift leading democracies have gone in their overzealous quest for national security.