Saturday, October 26, 2013

Jesselyn Radack reads Snowden statement at Stop Watching Us rally

Jesselyn Radack, the Government Accountability Project's National Security & Human Rights Director, read the following statement from Edward Snowden at the Stop Watching Us rally today:
In the last four months, we’ve learned a lot about our government. We’ve learned that the US Intelligence Community secretly built a system of pervasive surveillance.
Today, no telephone in America makes a call without leaving a record with the NSA. Today, no Internet transaction enters or leaves America without passing through the NSA’s hands. Our representatives in Congress tell us this is not surveillance. They’re wrong.
We’ve also learned this isn’t about red or blue party lines. Neither is it about terrorism.
It is about power, control, and trust in government; about whether you have a voice in our democracy or decisions are made for you rather than with you. We’re here to remind our government officials that they are public servants, not private investigators.
This is about the unconstitutional, unethical, and immoral actions of the modern-day surveillance state and how we all must work together to remind government to stop them. It’s about our right to know, to associate freely, and to live in an open society.
We are witnessing an American moment in which ordinary people from high schools to high office stand up to oppose a dangerous trend in government. We are told that what is unconstitutional is not illegal, but we will not be fooled.
We have not forgotten that the Fourth Amendment in our Bill of Rights prohibits government not only from searching our personal effects without a warrant but from seizing them in the first place. Holding to this principle, we declare that mass surveillance has no place in this country.
It is time for reform. Elections are coming and we’re watching you.

Letter to MP re parliamentary debate on surveillance

Following a prompt by the Open Rights Group I have written to my MP asking she intervene positively on the side of privacy or at least follow her conscience rather than party orders in the debate on mass surveillance in parliament next Thursday. Copy of my note below.
Dear Ms Blackwood,
As you know, MPs Tom Watson, Julian Huppert and Dominic Raab have secured a 'Westminster Hall' debate in Parliament next Thursday, on 'oversight of intelligence and security services.'
Intelligence agencies have significant powers to collect and analyse private information. It is Parliament's responsibility to ensure these are necessary, proportionate and that they are not abused.
We now know from Edward Snowden's leaks that GCHQ has developed a range of mass surveillance programmes, for example the tapping of undersea fibre-optic cables under the codename 'Tempora'. From the information published so far, it seems clear that surveillance law is unfit for the digital age and that significant reforms are needed.
Debates about the limits of surveillance and the oversight of intelligence agencies are being held in America and across Europe including potentially historic hearings on the matter in the EU parliament LIBE civil liberties committee. Whether the latter hearings come to be seen as historic will largely, of course, depend on the change they can effect.
MPs in the UK, however, have seemed reluctant to take the initiative and discuss mass surveillance by UK intelligence services. And so far the Government have only seemed worried about whether newspapers should have told us anything about the surveillance.
It is high time a substantial debate took place in the UK too. The debate next Thursday will be the first substantial debate in Parliament about the mass surveillance revealed by Edward Snowden. It is an opportunity to begin the process of updating our surveillance laws so they better respect our privacy and are more fit for purpose in facilitating targeted electronic surveillance with the appropriate checks, balances and oversights to inhibit the abuse of such laws.
I'm writing to ask you to speak up about this issue in the debate. There is a long and a short articulation of why this issue is one of the most fundamental questions of the information age. I appreciate you are busy so I'll use the short version. Simply speaking the evolving infrastructure of our surveillance state represents a clear and present danger to our democracy. If that sounds like hyperbole then I would just ask you to take some time to read two essays on the subject by hugely respected commentators - Bruce Schneier's Power in the Age of the Feudal Internet available at http://en.collaboratory.de/w/Power_in_the_Age_of_the_Feudal_Internet and Evgeny Morozov's The Real Privacy Problem at http://www.technologyreview.com/featuredstory/520426/the-real-privacyproblem/
I would ask that you consider the issues carefully and draw your own conclusions rather than follow the party line. The matter is far too serious to be in the business of just following orders.
If you would like some further details don't hesitate to get in touch. I'd leave you with one final thought. Nearly 250 years ago, Lord Chief Justice Camden decided that government agents are not allowed to break your door down and ransack your house and papers in an effort to find some evidence to incriminate you (the case of Entick v Carrington (1765) 19 Howell’s State Trials 1029, 2 Wils 275, 95 ER 807, Court of Common Pleas).
The good judge also declared personal papers to be one’s “dearest property”. I suspect he might view personal data likewise in the internet age. I understand Lord Camden's reasoning in Entick became the inspiration behind the 4th Amendment to the US Constitution which offers protection from unreasonable searches and seizures. For a quarter of a millennium, fishing expeditions of the type that the GCHQ and NSA are engaged in have been considered to fundamentally undermine the rule of law. It's time Parliament brought these modern practices into line with that rule of law.
Thanks for your time and consideration.
Regards,
Ray Corrigan

Friday, October 25, 2013

Tapping Merkel's phone and other stories

It's been a bumper week for Snowden revelations and EU reactions to them.

Monday
The French government expressed their disapproval via Prime minister Jean-Marc Ayrault and President Hollande of the industrial scale tapping of French telephones by the US.

Former editor of The Times and the Sunday Times, Harold Evans, felt compelled to defend the Guardian in the face of government and other news outlets accusations that the paper was undermining national security.
"No editor in his right mind wants to give aid and comfort to murderous enemies, but every editor is duty-bound to scrutinise the use of power – responsibly but fearlessly"
The EU Parliament LIBE Committee on Civil Liberties, Justice and Home Affairs voted through the complex 'General Data Protection Regulation' (Rapporteur: Jan Philipp Albrecht) and the 'Protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (Directive)' (Rapporteur (and former Greek foreign minister): Dimitrios Droutsas). Those MEPs sure know how to coin a catchy title. The associated press release painted a rosy picture of how the new regulations are going to put people
"in control of their personal data while at the same time making it easier for companies to move across Europe...
Responding to mass surveillance cases, MEPs inserted stronger safeguards for data transfers to non-EU countries. They also inserted an explicit consent requirement, a right to erasure, and bigger fines for firms that break the rules."
In the US the vote was seen as a stick to beat the US with in the wake of the Snowden leaks on the NSA.surveillance.

Unfortunately, in spite of the best intentions of MEPs, no one can possibly know the effect of the regulations even if they were to see the light of regulatory day in the form the LIBE committee approved them.

Firstly they are hugely complicated.

Secondly they were subject to 3999 amendments, tabled in various EU committees, the highest number with respect to a single legislative file ever in the parliament's history.

Thirdly because Article 6 of the proposed data protection regulations drives a coach and horses through all of the protections:
"Article 6
Lawfulness of processing
1. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
[...]
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the a controller or in case of disclosure, by the third party to whom the data is disclosed..."
Seriously? All those words, clauses, pages, negotiations and protections and buried in the midst of it there is a gigantic get-out-of-data-protection-free provision like this. The government and associated public services can process your data "in the exercise of official authority"; and commerce (including 3rd parties) can do so for the purpose of their own "legitimate interests"? With a loophole that enormous it's hard to believe the UK government are still fighting tooth and nail against the package.

Evgeny Morozov did a lovely job of outlining the clear and present danger to democracy posed by the voracious appetite of government and commerce for personal data when combined with privacy blind unrestrained information consumerism.

The Irish High Court granted Maximilian Schrems leave to pursue a judicial review case against the Irish Data Protection Commissioner. Schrems alleged that that esteemed body's refusal to investigate his complaint in June 2013 in relation to Facebook's actions in connection with the NSA PRISM program was unlawful.

Tuesday
Reporter Glenn Greenwald labelled Julian Smith, the MP who is demanding the Guardian gets prosecuted for endangering national security, an authoritarian functionary.

Mr Smith and security minister James Brokenshire shamefully used the platform of a parliamentary committee to abuse Guardian. All attempts at debate in the committee were curtailed by the chairman.

Privacy International wrote to NSA chief, Keith Alexander regarding their unauthorised access to the international financial messaging system, SWIFT.

A powerful cast of US dignitaries noted their objections to mass surveillance via a very well produced EFF video.

Wednesday
The European Parliament voted to suspend the Terrorist Finance Tracking Program (TFTP) agreement with the US - the transfer of the SWIFT finance data of European citizens to the US.

Dutch MEP Sophie in t Veld was pleased
The Commission in the form of Commissioner Malmström rapidly moved to calm US and UK jitters on the matter by issuing a statement saying they would "take note" of the vote and that they "have no indications that the TFTP Agreement has been violated" by the NSA. The Commission have asked for assurances that the agreement has not been violated and
"In the meantime, the provisions of the TFTP Agreement that clearly regulate the transfer of personal data, and that provide effective safeguards to protect the fundamental rights of Europeans, will remain in place."
MEPs also voted for enhanced whistleblower protections but Commissioner Malmström scuppered that notion too:
"For the time being, the commission does not however intend to propose new legislation on the definition of corruption or approximations of statutes or limitations of corruption offences or protection for whistleblowers," 
She's of the opinion that there are adequate international standards in place which will be why Edward Snowden is holed up in Russia of course.

Peter Sommer produced a succinct blueprint of how to engage in better oversight of security and intelligences agencies, specifically GCHQ.

Keith Alexander, head of the NSA, continued to defend his right to defend America in cyberspace.

Thursday
German Chancellor Merkel was reported as being rather upset that the NSA had been bugging her phone since at least 2006. Even the Taoiseach thought it might be a good idea to speak up against such misbehaviour.

So with France and Germany now less than enamoured with US digital shenanigans, the best laid plans of officials for the EU leaders' meeting got slightly sidetracked.

Friday
It wasn't just you Ms Merkel - the NSA monitored the calls of 35 world leaders. So Ms Merkel and Mr Hollande are agreed then that they should have a chat with the US government and that they might well be, contrary to popular belief, undermining the fight against terrorism.

Even David Cameron can't find a way out of signing a relatively innocuous statement from the EU leaders complaining about US surveillance. He hasn't changed his mobile phone though, so I assume he's got nothing to hide...

Some consolation for Mr Cameron was that he may have managed, with Chancellor Merkel's support and the disapproval of certain members of the Commission, to scupper the data protection package until 2015, i.e. beyond the next EU parliament elections, the deadline being pushed by the LIBE committee to get the provisions passed.

The EU Commission proposed a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. They kinda agree with the LIBE committee but not really.

A study done for the EU parliament LIBE civil liberties committee on National Programmes for Mass Surveillance of Personal Data in Member States and their Compatibility with EU Law looks like a fascinating read.
"In the wake of the disclosures surrounding PRISM and other US surveillance
programmes, this study makes an assessment of the large-scale surveillance
practices by a selection of EU member states: the UK, Sweden, France,
Germany and the Netherlands. Given the large-scale nature of surveillance
practices at stake, which represent a reconfiguration of traditional intelligence
gathering, the study contends that an analysis of European surveillance
programmes cannot be reduced to a question of balance between data
protection versus national security, but has to be framed in terms of collective
freedoms and democracy. It finds that four of the five EU member states
selected for in-depth examination are engaging in some form of large-scale
interception and surveillance of communication data, and identifies parallels and
discrepancies between these programmes and the NSA-run operations. The
study argues that these surveillance programmes do not stand outside the
realm of EU intervention but can be engaged from an EU law perspective via (i)
an understanding of national security in a democratic rule of law framework
where fundamental human rights standards and judicial oversight constitute key
standards; (ii) the risks presented to the internal security of the Union as a
whole as well as the privacy of EU citizens as data owners, and (iii) the potential
spillover into the activities and responsibilities of EU agencies. The study then
presents a set of policy recommendations to the European Parliament."
Finally, for now, has the Guardian just got its own back on Julian Smith MP by accusing him of endangering national security? Apparently Mr Smith posted a picture on his official website of him posing with staff from the high-security US base in the UK, Menwith Hill. Mess with the press at your peril.

Thursday, October 24, 2013

Stop watching us: the US video; now where's the UK version?

The EFF has produced a nice video with an impressive cast of characters demanding a halt to mass suspicionless surveillance.



Now how about a UK version with an equally heavyweight cast? There is at least a debate up and running in the US.

Tuesday, October 22, 2013

MP & Minister "debate" aka accuse Guardian of breach of national security

The terms and conditions for embedding video of exchanges in the UK Parliament state that sites that "Lower the dignity of either House or that of individual members" are excluded from posting the recordings. You can judge for yourself whether this site or the particular MP and minister are the ones lowering the dignity of the House or its members in this "debate" on whether Guardian damaged national security.

Just for the record and so no one is in any doubt about my perspective - I believe it was an utter disgrace:


The Guardian bashing starts at 16:30:11. There follows 30 minutes of prepared speeches by Julian Smith MP and security minister James Brokenshire with all efforts to "debate" blocked by the session chairman. This is despite several MPs desperately trying to intervene. David Winnick makes a number of heckling interventions accusing Mr Smith in particular of McCarthyism and of making a "disgraceful speech". Mr Smith responds that Mr Winnick is "a rude man". As soon as Mr Brokenshire finishes his speech the chairman closes the session.

Mr Brokenshire allowed David Davis to make a single intervention to ask if it was so clear that the Guardian has broken the law and endangered national security why has there been no prosecutions? The minister dodged the question saying it was a matter for the police and CPS and continued with his pre-prepared speech.

That a parliamentary debate about one of the most fundamental issues in an information age should be orchestrated in such a manner is contemptible and inexcusable. That most people still won't care is, as John Naughton put it in the Observer this week, is really scary.

Update: the Guardian's own reserved report on Messrs Smith & Brokenshire's performance is now available.
I also recommend Evgeny Morozov's MIT Technology Review essay on how the erosion and neglect of privacy is putting democracy at risk. Extract:
"we can now be pinged whenever we are about to do something stupid, unhealthy, or unsound. We wouldn’t necessarily need to know why the action would be wrong: the system’s algorithms do the moral calculus on their own. Citizens take on the role of information machines that feed the techno-bureaucratic complex with our data. And why wouldn’t we, if we are promised slimmer waistlines, cleaner air, or longer (and safer) lives in return?
This logic of preëmption is not different from that of the NSA in its fight against terror: let’s prevent problems rather than deal with their consequences. Even if we tie the hands of the NSA—by some combination of better oversight, stricter rules on data access, or stronger and friendlier encryption technologies—the data hunger of other state institutions would remain. They will justify it. On issues like obesity or climate change—where the policy makers are quick to add that we are facing a ticking-bomb scenario—they will say a little deficit of democracy can go a long way."