Nettime mailing list archives

<nettime> Stallman: How Much Surveillance Can Democracy Withstand?
nettime's avid reader on Tue, 15 Oct 2013 09:57:48 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Stallman: How Much Surveillance Can Democracy Withstand?


By Richard Stallman, 10.14.13

The current level of general surveillance in society is incompatible
with human rights. To recover our freedom and restore democracy, we must
reduce surveillance to the point where it is possible for whistleblowers
of all kinds to talk with journalists without being spotted. To do this
reliably, we must reduce the surveillance capacity of the systems we use.

Using free/libre software, as I’ve advocated for 30 years, is the first
step in taking control of our digital lives. We can’t trust non-free
software; the NSA uses and even creates security weaknesses in non-free
software so as to invade our own computers and routers. Free software
gives us control of our own computers, but that won’t protect our
privacy once we set foot on the internet.

Bipartisan legislation to “curtail the domestic surveillance powers” in
the U.S. is being drawn up, but it relies on limiting the government’s
use of our virtual dossiers. That won’t suffice to protect
whistleblowers if “catching the whistleblower” is grounds for access
sufficient to identify him or her. We need to go further.

Thanks to Edward Snowden’s disclosures, we know that the current level
of general surveillance in society is incompatible with human rights.
The repeated harassment and prosecution of dissidents, sources, and
journalists provides confirmation. We need to reduce the level of
general surveillance, but how far? Where exactly is the maximum
tolerable level of surveillance, beyond which it becomes oppressive?
That happens when surveillance interferes with the functioning of
democracy: when whistleblowers (such as Snowden) are likely to be caught.
Don’t Agree We Need to Reduce Surveillance? Then Read This Section First

If whistleblowers don’t dare reveal crimes and lies, we lose the last
shred of effective control over our government and institutions. That’s
why surveillance that enables the state to find out who has talked with
a reporter is too much surveillance — too much for democracy to endure.

An unnamed U.S. government official ominously told journalists in 2011
that the U.S. would not subpoena reporters because “We know who you’re
talking to.” Sometimes journalists’ phone call records are subpoena’d to
find this out, but Snowden has shown us that in effect they subpoena all
the phone call records of everyone in the U.S., all the time.

Opposition and dissident activities need to keep secrets from states
that are willing to play dirty tricks on them. The ACLU has demonstrated
the U.S. government’s systematic practice of infiltrating peaceful
dissident groups on the pretext that there might be terrorists among
them. The point at which surveillance is too much is the point at which
the state can find who spoke to a known journalist or a known dissident.
Information, Once Collected, Will Be Misused

When people recognize that the level of general surveillance is too
high, the first response is to propose limits on access to the
accumulated data. That sounds nice, but it won’t fix the problem, not
even slightly, even supposing that the government obeys the rules. (The
NSA has misled the FISA court, which said it was unable to effectively
hold the NSA accountable.) Suspicion of a crime will be grounds for
access, so once a whistleblower is accused of “espionage”, finding the
“spy” will provide an excuse to access the accumulated material.

The state’s surveillance staff will misuse the data for personal reasons
too. Some NSA agents used U.S. surveillance systems to track their
lovers — past, present, or wished-for — in a practice called ”LoveINT.”
The NSA says it has caught and punished this a few times; we don’t know
how many other times it wasn’t caught. But these events shouldn’t
surprise us, because police have long used their access to driver’s
license records to track down someone attractive, a practice known as
”running a plate for a date.”

Surveillance data will always be used for other purposes, even if this
is prohibited. Once the data has been accumulated and the state has the
possibility of access to it, it may misuse that data in dreadful ways.

Total surveillance plus vague law provides an opening for a massive
fishing expedition against any desired target. To make journalism and
democracy safe, we must limit the accumulation of data that is easily
accessible to the state.
Robust Protection for Privacy Must Be Technical

The Electronic Frontier Foundation and other organizations propose a set
of legal principles designed to prevent the abuses of massive
surveillance. These principles include, crucially, explicit legal
protection for whistleblowers; as a consequence, they would be adequate
for protecting democratic freedoms — if adopted completely and enforced
without exception forever.

However, such legal protections are precarious: as recent history shows,
they can be repealed (as in the FISA Amendments Act), suspended, or ignored.

Meanwhile, demagogues will cite the usual excuses as grounds for total
surveillance; any terrorist attack, even one that kills just a handful
of people, will give them an opportunity.

If limits on access to the data are set aside, it will be as if they had
never existed: years worth of dossiers would suddenly become available
for misuse by the state and its agents and, if collected by companies,
for their private misuse as well. If, however, we stop the collection of
dossiers on everyone, those dossiers won’t exist, and there will be no
way to compile them retroactively. A new illiberal regime would have to
implement surveillance afresh, and it would only collect data starting
at that date. As for suspending or momentarily ignoring this law, the
idea would hardly make sense.
We Must Design Every System for Privacy

If we don’t want a total surveillance society, we must consider
surveillance a kind of social pollution, and limit the surveillance
impact of each new digital system just as we limit the environmental
impact of physical construction.

For example: “Smart” meters for electricity are touted for sending the
power company moment-by-moment data about each customer’s electric
usage, including how usage compares with users in general. This is
implemented based on general surveillance, but does not require any
surveillance. It would be easy for the power company to calculate the
average usage in a residential neighborhood by dividing the total usage
by the number of subscribers, and send that to the meters. Each
customer’s meter could compare her usage, over any desired period of
time, with the average usage pattern for that period. The same benefit,
with no surveillance!

We need to design such privacy into all our digital systems.

Richard Stallman

Free/libre software advocate Richard Stallman is president of the Free
Software Foundation. He launched the development of the free software
operating system GNU in 1984; the GNU/Linux system (essentially GNU with
Linux added) is used on tens of millions of computers today. Stallman
also founded the League for Programming Freedom, which campaigned
against legal threats to programming (including patents).

Remedy for Collecting Data: Leaving It Dispersed

One way to make monitoring safe for privacy is to keep the data
dispersed and inconvenient to access. Old-fashioned security cameras
were no threat to privacy. The recording was stored on the premises, and
kept for a few weeks at most. Because of the inconvenience of accessing
these recordings, it was never done massively; they were accessed only
in the places where someone reported a crime. It would not be feasible
to physically collect millions of tapes every day and watch them or copy

Nowadays, security cameras have become surveillance cameras: they are
connected to the internet so recordings can be collected in a data
center and saved forever. This is already dangerous, but it is going to
get worse. Advances in face recognition may bring the day when suspected
journalists can be tracked on the street all the time to see who they
talk with.

Internet-connected cameras often have lousy digital security themselves,
so anyone could watch what the camera sees. To restore privacy, we
should ban the use of internet-connected cameras aimed where and when
the public is admitted, except when carried by people. Everyone must be
free to post photos and video recordings occasionally, but the
systematic accumulation of such data on the internet must be limited.
Remedy for Internet Commerce Surveillance

Most data collection comes from people’s own digital activities. Usually
the data is collected first by companies. But when it comes to the
threat to privacy and democracy, it makes no difference whether
surveillance is done directly by the state or farmed out to a business,
because the data that the companies collect is systematically available
to the state.

The NSA, through PRISM, has gotten into the databases of many large
internet corporations. AT&T has saved all its phone call records since
1987 and makes them available to the DEA to search on request. Strictly
speaking, the U.S. government does not possess that data, but in
practical terms it may as well possess it.

The goal of making journalism and democracy safe therefore requires that
we reduce the data collected about people by any organization, not just
by the state. We must redesign digital systems so that they do not
accumulate data about their users. If they need digital data about our
transactions, they should not be allowed to keep them more than a short
time beyond what is inherently necessary for their dealings with us.

One of the motives for the current level of surveillance of the internet
is that sites are financed through advertising based on tracking users’
activities and propensities. This converts a mere annoyance —
advertising that we can learn to ignore — into a surveillance system
that harms us whether we know it or not. Purchases over the internet
also track their users. And we are all aware that “privacy policies” are
more excuses to violate privacy than commitments to uphold it.

We could correct both problems by adopting a system of anonymous
payments — anonymous for the payer, that is. (We don’t want the payee to
dodge taxes.) Bitcoin is not anonymous, but technology for digital cash
was first developed 25 years ago; we need only suitable business
arrangements, and for the state not to obstruct them.

A further threat from sites’ collection of personal data is that
security breakers might get in, take it, and misuse it. This includes
customers’ credit card details. An anonymous payment system would end
this danger: a security hole in the site can’t hurt you if the site
knows nothing about you.
Remedy for Travel Surveillance

We must convert digital toll collection to anonymous payment (using
digital cash, for instance). License-plate recognition systems recognize
all license plates, and the data can be kept indefinitely; they should
be required by law to notice and record only those license numbers that
are on a list of cars sought by court orders. A less secure alternative
would record all cars locally but only for a few days, and not make the
full data available over the internet; access to the data should be
limited to searching for a list of court-ordered license-numbers.

The U.S. “no-fly” list must be abolished because it is punishment
without trial.

It is acceptable to have a list of people whose person and luggage will
be searched with extra care, and anonymous passengers on domestic
flights could be treated as if they were on this list. It is also
acceptable to bar non-citizens, if they are not permitted to enter the
country at all, from boarding flights to the country. This ought to be
enough for all legitimate purposes.

Many mass transit systems use some kind of smart cards or RFIDs for
payment. These systems accumulate personal data: if you once make the
mistake of paying with anything but cash, they associate the card
permanently with your name. Furthermore, they record all travel
associated with each card. Together they amount to massive surveillance.
This data collection must be reduced.

Navigation services do surveillance: the user’s computer tells the map
service the user’s location and where the user wants to go; then the
server determines the route and sends it back to the user’s computer,
which displays it. Nowadays, the server probably records the user’s
locations, since there is nothing to prevent it. This surveillance is
not inherently necessary, and redesign could avoid it: free/libre
software in the user’s computer could download map data for the
pertinent regions (if not downloaded previously), compute the route, and
display it, without ever telling anyone where the user is or wants to go.

Systems for borrowing bicycles, etc., can be designed so that the
borrower’s identity is known only inside the station where the item was
borrowed. Borrowing would inform all stations that the item is ”out”, so
when the user returns it at any station (in general, a different one),
that station will know where and when that item was borrowed. It will
enform the other station that the item is no longer ”out”. It will also
calculate the user’s bill, and send it (after waiting some random number
of minutes) to headquarters along a ring of stations, so that
headquarters would not find out which station the bill came from. Once
this is done, the return station would forget all about the transaction.
If an item remains “out” for too long, the station where it was borrowed
can inform headquarters; in that case, it could send the borrower’s
identity immediately.
Remedy for Communications Dossiers

Internet service providers and telephone companies keep extensive data
on their users’ contacts (browsing, phone calls, etc).  With mobile
phones, they also record the user’s physical location. They keep these
dossiers for a long time: over 30 years, in the case of AT&T.  Soon they
will even record the user’s body activities. It appears that the NSA
collects cell phone location data in bulk.

Unmonitored communication is impossible where systems create such
dossiers. So it should be illegal to create or keep them. ISPs and phone
companies must not be allowed to keep this information for very long, in
the absence of a court order to surveil a certain party.

This solution is not entirely satisfactory, because it won’t physically
stop the government from collecting all the information immediately as
it is generated — which is what the U.S. does with some or all phone
companies. We would have to rely on prohibiting that by law. However,
that would be better than the current situation, where the relevant law
(the PATRIOT Act) does not clearly prohibit the practice.  In addition,
if the government did resume this sort of surveillance, it would not get
data about everyone’s phone calls made prior to that time.
But Some Surveillance Is Necessary

For the state to find criminals, it needs to be able to investigate
specific crimes, or specific suspected planned crimes, under a court
order. With the internet, the power to tap phone conversations would
naturally extend to the power to tap internet connections. This power is
easy to abuse for political reasons, but it is also necessary.
Fortunately, this won’t make it possible to find whistleblowers after
the fact.

Individuals with special state-granted power, such as police, forfeit
their right to privacy and must be monitored. (In fact, police have
their own jargon term for perjury, “testilying,” since they do it so
frequently, particularly about protesters and photographers.) One city
in California that required police to wear video cameras all the time
found their use of force fell by 60%. The ACLU is in favor of this.

Corporations are not people, and not entitled to human rights. It is
legitimate to require businesses to publish the details of processes
that might cause chemical, biological, nuclear, fiscal, computational
(e.g., DRM) or political (e.g., lobbying) hazards to society, to
whatever level is needed for public well-being. The danger of these
operations (consider the BP oil spill, the Fukushima meltdowns, and the
2008 fiscal crisis) dwarfs that of terrorism.

However, journalism must be protected from surveillance even when it is
carried out as part of a business.


Digital technology has brought about a tremendous increase in the level
of surveillance of our’ movements, actions, and  communications. It is
far more than we experienced in the 1990s, and far more than people
behind the Iron Curtain experienced in the 1980s, and would still be far
more even with additional legal limits on state use of the accumulated data.

Unless we believe that our free countries previously suffered from a
grave surveillance deficit, and ought to be surveilled more than the
Soviet Union and East Germany were, we must reverse this increase. That
requires stopping the accumulation of big data about people.

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime {AT} kein.org