Mass Surveillance No Surprise To Many In Technology And Politics 12/06/2013 by Monika Ermert for Intellectual Property Watch Leave a Comment Share this:Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Facebook (Opens in new window)Click to email this to a friend (Opens in new window)Click to print (Opens in new window)Revelations about boundless spying by the National Security Agency and other US agencies on the electronic communications of US and non-US citizens are rippling international politics and will be a surprise topic at the upcoming Group of 8 summit in Dublin. But the more savvy technical community has been slow to react. There is some speculation about the technical solutions used and even less call for action. For many, quite obviously, the state surveillance does come as a surprise because of its scope. “The extent has been rumoured, but a lot of people refused to accept that it was so large,” Scott Bradner, professor at Harvard University, wrote in answer to Intellectual Property Watch. Asked why no core infrastructure providers like network access, backbone or DNS providers were mentioned as targets of PRISM or other surveillance programs, Bradner wrote that it seems only “logical that something is going on there considering what we already know.” Diverting traffic or copying it at more central nodes is possible, a German network operator told Intellectual Property Watch. Information about Prism, a data mining project collecting bulk data sets from large internet platforms like Google, Facebook, Youtube, Skype, Yahoo, Microsoft, Paltalk and AOL, have been leaked by a former CIA analyst and Booz Allen Hamilton infrastructure analyst for the National Security Agency (NSA), Edgar Snowden late last week. Snowden provided the UK Guardian and the Washington Post newspapers with large sets of classified data which give glimpses into PRISM and other surveillance programs (see an interview with Snowden here). The companies all declined “direct access” to their systems. Bradner, senior technology consultant, Office of the CTO at Harvard University and a Jon Postel awardee, has served in various roles of internet governance and operating organisations, including the Internet Engineering Task Force, which in one of its rare political statements rejected 10 years ago to standardise surveillance technology. He did expect a discussion in the IETF, wrote Bradner, at its upcoming meeting in Berlin in July. So far engineers have kept their opinions largely to themselves. The Internet Society (ISOC), which on many occasions speaks up for the technical community, so far did not get back on a request for comment on the issue. The best option, Bradner said, for engineers to react, is to “enable end-to-end encryption – that hides the contents but does not hide who is talking – use Tor to do the latter (see http://www.newyorker.com/strongbox/).” Longer lists about how to fight back state intruders (as well as other unwelcome common electronic thieves) also have been posted on the mailing list of the North American Operator Group (Nanog). Nanog, one engineer wrote, is not a political forum. “However many of the people on NANOG are in positions to affect positive change at their respective employers,” he said, and presented a whole to do list: “- Implement HTTPS for all services. – Implement PGP for e-mail. – Implement S/MIME for e-mail. – Build cloud services that encrypt on the client machine, using a key that is only kept on the client machine. – Create better UI frameworks for managing keys and identities. – Align data retention policies with the law. – Scrutinize and reject defective government legal requests. – When allowed by law, charge law enforcement for access to data.” Beside the rather technical and cautious – or cynical ? – answers, there were also clear complaints about the US government “failing us”. “I am not so much concerned about them gaining access to data I don’t want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement,” network expert Owen de Long wrote. No Surprise to EP members For EU politicians, the PRISM programme also did not come as a real surprise, said Sophie In’T Veld, member of the Liberal Party Group in the European Parliament at an ad hoc meeting of the EP Plenary Tuesday morning. In’t Veld said questions were unanswered on the Foreign Terrorist Surveillance Act (FISA), the legislation said to allow for the 24/7 complete data communication spying of the NSA against non-US citizens, on extraterritorial enforcement of US law and violations of EU data protection legislation through bilateral agreements on data transfers from the EU to US authorities. But also did European national governments “do the same thing,” with regard to more and more spying on their citizens. “We are failing our citizens,” said In’t Veld. EU Health Commissioner Tonio Borg confirmed that Commission Vice President Viviane Reding would ask for clarification from the US government at the upcoming Summit meetings in Dublin at the end of the week. According to German news reports, German Chancellor Angela Merkel also said she would ask Obama about PRISM and will ask for clarification. All party groups in the Parliament pushed to finalise the EU data protection regulation that also would make EU data protection law binding for those companies offering services to EU citizens – like the PRISM partners of the NSA. “Data protection here is not a technical issue, a small thing,” said Green Party member Jan Philipp Albrecht. “It is about the rule of law and democracy.” The protection from massive surveillance instead is “precondition for democracy.” The protection of EU data protection standards also would be included in negotiations for the Transatlantic Trade and Investment Partnership (TTIP), said Claude Moraes (Group of the Progressive Alliance of Socialists and Democrats) in the EP. The TTIP mandate is expected to be finalised during the meeting of EU trade ministers on 14 June. Health Commissioner Borg underlined that one major issue between the EU and the US is that in the EU granted fundamental rights of privacy and data protection to all and not only to EU citizens. US in Breach of International Law? This very issue was also taken up in an open letter to the UN Human Rights Commission by the Best Bits Coalition. These revelations were “suggesting a blatant and systematic disregard for human rights as articulated in Articles 17 and 19 of the International Covenant on Civil and Political Rights (ICCPR), as well as Articles 12 and 19 of the Universal Declaration of Human Rights,” Best Bits warns, and requests a special session of the Human Rights Council. The High Commissioner on Human Rights also should ask states to report on surveillance practices and laws in place on surveillance and the PRISM case itself should be examined “in the light of the Human Rights Council endorsed United Nations Guiding Principles on Business and Human Rights, the ‘Protect, Respect and Remedy’ Framework of A/HRC/RES/17/4.” Finally, civil society groups support a recommendation of the UN Special Rapporteur on Freedom of Expression, Frank La Rue, “that the Human Rights Committee develop a new General Comment 16 on the right to privacy in light of technological advancements.” La Rue only three days before the leaks published a major report on the growing danger for privacy and freedom of expression through massive state surveillance (see here). Quite obviously, for La Rue and the UN, mass surveillance from the US did not come as a surprise, either. Challenges in the US: ACLU, StopWatching.Us In the US, the American Civil Liberties Union (ACLU) today (12 June) filed a lawsuit against the Obama administration challenging the constitutionality of the NSA programme. More information is available here. Meanwhile, a large coalition of US non-governmental organisations wrote to Congress demanding legal reform. There were nearly 30,000 signatures as of yesterday. The letter can be signed here. InternetNZ: PRISM for New Zealanders? Separately, a group of New Zealand ICT organisations in an open letter called on Prime Minister John Key and Law and Order Committee Chair Jacqui Dean to extend the deadline for submissions to several NZ draft bills. More time is necessary, according to organisations including the .nz ccTLD manager InternetNZ, to check the potential impact “PRISM will have on the Telecommunications Interception Capability and Security (TICS) and Government Communications Security Bureau and Related Legislation Amendment (GCSB) Bills.” InternetNZ Acting Chief Executive Jordan Carter said in a press release, “a great deal of New Zealanders’ Internet traffic over PRISM partners services will have passed and is passing through the United States.” How much countries like New Zealand, Australia, and Canada have been participating or benefitting from PRISM – following the old model of Echelon, a major spy program on satellite communications – is an open question. Old Echelon partner UK has already been reported by the Guardian to be a PRISM beneficiary. Share this:Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Facebook (Opens in new window)Click to email this to a friend (Opens in new window)Click to print (Opens in new window) Related Monika Ermert may be reached at firstname.lastname@example.org."Mass Surveillance No Surprise To Many In Technology And Politics" by Intellectual Property Watch is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.