It is often touted that since the Edward Snowden revelations, the world has become a better place. Before Snowden, secret surveillance that was discussed in the fringes by conspiracy theorists seemed laughable. Back then, any mention of texts, emails, and other electronic communications being snooped on by the authorities was mistakenly considered to be deranged.
At that time, the government’s intelligence agencies were getting away with it. So much so, that when James Clapper (then head of the NSA) was asked in 2011, “Does the NSA collect any type of data, at all, on millions or hundreds of millions of Americans?” His answer was “Not wittingly.” That was a barefaced lie, because he gave the answer with full knowledge of programs like PRISM, which was specifically designed to harvest US citizens’ data in “bulk.”
Of course, you would be forgiven for thinking that things have actually improved since then. Watching the clip of Edward Snowden talking from Moscow at last year’s Living Liberty Forum, there comes a moment when the now-famous James Clapper clip is played to the audience. The result? Laughter. The reaction demonstrates the change in mass consciousness that has occurred. Conspiracy theorists’ paranoid ramblings are no longer funny, and instead, everybody is laughing at Clapper: the new comedian in town.
The crowd’s amusement, however, betrays a fact that not many people are willing to admit: that things haven’t really improved. A book called American Spies, by a US attorney called Jennifer Stisa Granick, explains the legal facts behind ongoing surveillance loopholes in the US. The book reveals that, unfortunately, US citizens’ data is still being harvested en masse.
What is Surveillance?
While it might seem natural to assume that gathering citizens’ data is considered ‘surveillance,’ Granick explains that this isn’t the case. In the US, intelligence agencies only consider surveillance to be ELSUR (electronic surveillance), as specified by the Foreign Intelligence Surveillance Act (FISA). From the book:
“By using “surveillance” to mean only ELSUR governed by FISA, officials can say that they do not conduct “surveillance” even when they are collecting personal data like phone numbers, Internet transactional records, face prints, or geolocation data. The intelligence community might call its acquisition of this kind of information “collection,” which sounds milder than “surveillance”.”
Bulk vs Specific
Granick also explains that the word bulk (or lack of bulk) is another problematic area for digital privacy:
“People use the word “bulk” as a synonym for massive, vast, or large-scale collection. But the intelligence agencies have a special definition of the word “bulk.” They only use “bulk” to mean acquisition that takes place without using a selection term or “discriminator.”
In other words, grabbing everything is bulk. But if the government uses search terms, keywords, or selection terms, it’s not bulk. So, if, when wiretapping a particular fiber optic cable, the NSA selects or “tasks” all communications with the word “Syria” or “China” in them, the NSA lawyers might not call that “bulk,” even though hundreds of millions of innocent people’s irrelevant messages are going to be collected and analyzed. Similarly, the government won’t say that its collection is indiscriminate if it uses any kind of selection term.”
This loophole means that government agencies can still scoop up electronic data en masse: as long as they specify a keyword, it isn’t bulk collection. In her example, Granick chooses the terms Syria and China. Those are search terms that are rather broad, and that would no doubt bring up plenty of innocent communications. However, if (for argument’s sake) we decide to consider those search terms “reasonable” to the task of performing useful surveillance (along with words like bomb, attack, and ISIS), then we admit that at times many innocent US citizens’ emails may have been intercepted.
Those search terms are all well and good. However, if you keep Granick’s revelation in mind, it is hard not to wonder what exactly stops the US government from using even broader search terms like ‘chocolate’ or ‘tree’ to make a search legal. After all, wouldn’t that search also be considered non-bulk?
This may seem unlikely, and there is no doubt that courts would likely not consider those search terms reasonable. However, are these search terms even scrutinized by a court? The answer to that question is largely unknown. It is this gray area that is one of the biggest problems, and which makes the post-Snowden world very similar to the pre-Snowden world.
Granick explains that the intricate connections between privacy, law, and surveillance practices are still largely confined to closed doors. Often, for national security reasons, secret courts decide on procedures, leaving the general public and judicial branches at the mercy of those decision makers:
“The evidence suggests that the misdirection is intentional, at least on the part of some officials. The misstatements go well beyond the kind of obfuscation needed to keep terrorists complacent about using surveilled networks. American spies know they have to maintain public acquiescence, and they believe that if people knew the truth, the programs would lose support.”
A False Sense of Security?
The post-Snowden world promotes a certain feeling: that things have improved and that people can relax. Knowledge is power. These days, organizations like the Electronic Frontier Foundation (which Granick used to be a part of) help to push legislators in the right direction. However, despite this, the world has gone downhill in terms of surveillance policies since the Edward Snowden revelations.
In Canada, France, the UK, Germany, Australia and China – to name a few – surveillance practices that were before occurring in secret have now become legal. Data retention from anything between six and 12 months allows governments to force ISPs to retain citizens’ data on their behalf.
“Not in the US,” I often hear people say. Yet, the Stored Communications Act (SCA) does permit the government to legally ask ISPs to retain someone’s data for 180 days if requested. SCA also permits firms that hold data to willingly pass that data to the government if they feel there could be a danger of loss of life involved in not doing so. With terrorism a catalyst for surveillance, is it any wonder that the world’s current geopolitical turmoil tends to lead to a willingness to help? (Think Yahoo.)
In addition, when countries that are part of the Five Eyes (and 14 Eyes) agreement can’t legally spy on their own citizens legally for any reason, they can ask another country’s intelligence agency to do the work for them (and simply pass the information along). With that in mind, Canada’s CSEC, the UK’s GCHQ, and even Germany’s BND can be called in to do the NSA’s bidding and vice versa.
Furthermore, there is no evidence that bulk collection even works. Experts have long been saying that statistics prove that collecting everything is fruitless. “Big data” is valuable, and everyone wants a piece of it (which is why the likes of Facebook have become so powerful) but it can also be incredibly hard to sift through in a useful manner. Sadly, however, society is on the cusp of another problem that seems likely to exasperate the current climate.
This week, the EU is voting on whether robots should be given a legal status. With artificial learning or ‘emergent’ robotics on the rise, the software that controls those artificial beings – essentially their “minds” – is starting to cause debate. In the past, manufacturers could be held accountable for their products’ behavior. With a new type of product that self-learns quickly approaching the consumer market, however, the question arises: how can a manufacturer be held accountable for something that changes once it leaves the factory?
This is a fair question, and certainly one that shows that there is a lot to think about in terms of these new AI products. What it also clearly demonstrates is that we are fast approaching a time when computer minds can greatly help intelligence agencies to make sense of the data that they collect en masse. When that happens, the shady surveillance legislation (that is becoming more and more prolific all over the world) is only going to put privacy in even more danger than it is now. On the other hand, AI could help to make bulk surveillance useful in ways it has never been before.
What is also worth noting, is that despite America’s hope that Trump will bring about great change, in terms of digital privacy things do not look hopeful with Trump in power. Newly appointed attorney general senator Jeff Sessions is known to be in favor of backdoors. In addition, FCC chairman Ajit Pai is an ex-industry lobbyist who is an enemy of net neutrality.
What’s more, two weeks ago at a meeting on cybersecurity (at which Trump was supposed to sign a cybersecurity executive order) it was made obvious that the Trump administration’s ‘solution’ to US cybersecurity problems is a stronger partnership between government and the private sector. This certainly rings alarm bells for digital privacy, especially if the future of the US entails backdoors and data sharing.
Also concerning, the executive order remained unsigned because it sent “shivers” down a lot of lawmakers’ spines. It has apparently been redrafted now, but it is unclear what changes have been made or when exactly it will come into force. My prediction is that with UK Prime Minister Theresa May and US President Trump hitting it off so well, and vowing to rekindle the ‘special relationship,’ the US may well have a Snooper’s Charter of its own to look forward to. Watch this space.
Opinions are the writer’s own.
Title image credit: Billion Photos/Shutterstock.com
Image credit: argus/Shutterstock.com
Image credit: ibreakstock/Shutterstock.com
Image credit: Vladystock/Shutterstock.com