We have a problem when it comes to stopping mass
surveillance.The entity that’s conducting the most extreme and
far-reaching surveillance against most of the world’s communications—the
National Security Agency—is bound by United States law.
That’s good news for Americans. U.S. law and the Constitution
protect American citizens and legal residents from warrantless surveillance.
That means we have a very strong legal case to challenge mass surveillance
conducted domestically or that sweeps in Americans’ communications.
Similarly, the United States Congress is elected by American
voters. That means Congressional representatives are beholden to the
American people for their jobs, so public pressure from constituents can
help influence future laws that might check some of the NSA’s most egregious
practices.
But what about everyone else? What about the 96% of the
world’s population who are citizens of other countries, living outside
U.S. borders. They don’t get a vote in Congress. And current American
legal protections generally only protect citizens, legal residents, or
those physically located within the United States. So what can EFF do to protect
the billions of people outside the United States who are victims of the
NSA’s spying?
For years, we’ve been working on a strategy to end mass
surveillance of digital communications of innocent people worldwide.
Today we’re laying out the plan, so you can understand how all the pieces fit
together—that is, how U.S. advocacy and policy efforts connect to the international
fight and vice versa. Decide for yourself where you can get involved to make
the biggest difference.
This plan isn’t for the next two weeks or three months. It’s
a multi-year battle that may need to be revised many times as we better understand
the tools and authorities of entities engaged in mass surveillance and as
more disclosures by whistleblowers help shine light on surveillance
abuses.
Intro: Mass Surveillance by NSA,
GCHQ and Others
The National Security Agency is working to collect as much as possible about the digital lives of people worldwide. As the
Washington Post reported,
a former senior U.S. intelligence official characterized former NSA
Director Gen. Keith Alexander’s approach to surveillance as “Collect it
all, tag it, store it… And whatever it is you want, you go searching
for it.”
The NSA can’t do this alone. It relies on a network of
international partners who help collect information worldwide, especially
the intelligence agencies of Australia, Canada, New Zealand, and the United
Kingdom (collectively known, along with the United States, as the “Five
Eyes.”) In addition, the United States has relationships (including various
levels of intelligence data sharing and assistance) with Belgium, Denmark,
France, Germany, Israel, Italy, Japan, the Netherlands, Norway, Singapore,
Spain, South Korea, Sweden, and potentially a number of other countries
worldwide. There are also other countries—like Russia, China, and
others—engaging in surveillance of digital communications without sharing
that data with the NSA. Some of those governments, including the U.S. government,
are spending billions of dollars to develop spying capabilities that
they use aggressively against innocent people around the world. Some of them
may do so with even less oversight and even fewer legal restrictions.
Although whistleblowers and journalists have focused
attention on the staggering powers and ambitions of the likes of the NSA
and GCHQ, we should never assume that other governments lack the desire to
join them. Agencies everywhere are hungry for our data and working to
expand their reach. Read about international surveillance law reform and fighting back through user-side encryption.
We focus here on the NSA because we know the most about its
activities and we have the most legal and political tools for holding it
to account. Of course, we need to know much more about surveillance practices
of other agencies in the U.S. and abroad and expand our work together with our
partners around the world to confront surveillance as a worldwide epidemic.
Mass surveillance is facilitated by technology companies,
especially large ones. These companies often have insufficient or even
sloppy security practices that make mass surveillance easier, and in some
cases may be actively assisting the NSA in sweeping up data on hundreds of
millions of people (for example, AT&T).
In other cases, tech companies may be legally compelled to provide access
to their servers to the NSA (or they may choose to fight that access). Read more about how tech companies can
harden their systems against surveillance.
The NSA relies on several laws as well as a presidential
order to justify its continued mass
surveillance. Laws passed by Congress as well as orders from the U.S. President
can curtail surveillance by the NSA, and the Supreme Court of the United
States also has authority to put the brakes on surveillance.
The Game Plan
Given that the American legal system doesn’t adequately
protect the rights of people overseas, what can we do in the immediate
future to protect Internet users who may not be Americans?
Here’s the game plan for right now. Note that these are not
consecutive steps; we’re working on them concurrently.
1. Pressure technology companies to harden their
systems against NSA surveillance
To date, there are unanswered questions about the degree
to which U.S. technology companies are actively assisting the NSA.
In some cases, we know that tech companies are doing a lot
to help the NSA get access to data. AT&T is a clear example of
this. Thanks to whistleblower evidence, we know AT&T has a secret room at its Folsom
Street facility in San Francisco where a fiber optic splitter creates a
copy of the Internet traffic that passes through AT&T’s networks.
That splitter routes data directly to the NSA.
Some companies have taken things a step further and deliberately weakened or sabotaged their own products to “enable” NSA spying. We don’t
know who’s done this or what they’ve done, but the NSA documents make clear
that it’s happening. It’s the height of betrayal of the public, and it could
conceivably be taking place with the help even of some companies that are
loudly complaining about government spying.
So what do we know about major tech companies, like
Google, Facebook, Yahoo, and Microsoft? Here we have mixed reports. Documents
provided by Edward Snowden and published in the Guardian
and the Washington Post name nine U.S. companies—Microsoft, Yahoo, Google, Facebook,
PalTalk, AOL, Skype, YouTube, and Apple—as participants in the NSA’s PRISM
program. The documents indicate that the NSA has access to servers at each
of these companies, and implies that these companies are complicit in the
surveillance of their users.
The companies, in turn, have strongly denied these allegations, and have even formed alobby group
calling on governments to “limit surveillance to specific, known users
for lawful purposes, and should not undertake bulk data collection of
Internet communications.”
While a start, that’s a far cry from the role companies
could be playing. Tech companies also have the ability to harden their systems
to make mass surveillance more difficult, and to roll out features that
allow users to easily encrypt their communications so that they are so completely
secure that even their service providers can’t read them. Perhaps most importantly,
technology companies must categorically resist attempts to insert backdoors
into their hardware or software.
There’s also an important legal issue that can’t be
ignored. Tech companies are in a unique position to know about surveillance
requests that are kept secret from the press and the public. These companies
may have the best chance to fight back on behalf of their users in court (as Yahoo has done).
What’s more, tech companies literally spend millions of
dollars to lobby for laws in Washington and enjoy incredible access to and
influence over U.S. lawmakers. Often, companies spend that money trying
to derail potential regulation. Instead, these companies could be heavily
prioritizing positive surveillance reform bills.
So how do we get tech companies to start fighting surveillance
in court, hardening their systems against surveillance, pushing back
against the administration, and lobbying for real reform? We’re focused on
transparency—uncovering everything we can about the degree to which big tech
companies are actively helping the government—and public pressure. That
means highlighting ways that companies are fighting surveillance and
calling out companies that fail to stand up for user privacy.
It’s why we’re proud to support the Reset
the Net campaign, designed to get companies
big and small to take steps to protect user data. It’s also why we’re working
to make what companies do and don’t do in this area more visible. Campaigns
like HTTPS Everywhere and our work on email transport encryption, as well as scorecards like Who Has Your Back are
designed to poke and prod these companies to do more to protect all their
users, and get them to publicly commit to steps that the public can objectively
check.
We also need to cultivate a sense of responsibility on
the part of all those who are building products to which the public entrusts
its most sensitive and private data. The people who create our computing
devices, network equipment, software environments, and so on, need to be
very clear about their responsibility to the users who have chosen to trust
them. They need to refuse to create backdoors and they need to fix any existing
backdoors they become aware of. And they need to understand that they themselves,
unfortunately, are going to be targets for governments that will try to
penetrate, subvert, and coerce the technology world in order to expand
their spying capabilities. They have a grave responsibility to users
worldwide and we must use public pressure to ensure they live up to that
responsibility.
2. Create a global movement that encourages user-side
encryption
Getting tech giants to safeguard our digital lives and
changing laws and policies might be slow going, but anybody could start
using encryption in a matter of minutes. From encrypted chat to encrypted
email, from secure web browsing to secure document transfers, encryption
is a powerful way to make mass surveillance significantly more difficult.
However, encryption can be tricky, especially if you
don’t have a team of engineers to walk you through it the way we do at EFF.
With that in mind, we’ve created Surveillance Self Defense, an in-depth resource that explains encryption to
folks who may want to safeguard their data but have little or no idea how to
do it.
We’ve already translated the materials
into Spanish and Arabic, and we’re working on even more translations
We’ll continue to expand these materials and translate
them into as many languages as possible, while also doing a public campaign
to make sure as many people as possible read them.
Again, the more people worldwide understand the threat
and the more they understand how to protect themselves—and just as importantly,
what they should expect in the way of support from companies and
governments—the more we can agitate for the changes we need online to fend off
the dragnet collection of data.
3. Encourage the creation of secure communication
tools that are easier to use
Many of the tools that are using security best practices
are, frankly, hard to use for everyday people. The ones that are easiest to
use often don’t adopt the security practices that make them resilient to
surveillance.
We want to see this problem fixed so that people don’t
have to trade usability for security. We’re rolling out a multi-stage Campaign
for Secure and Usable Crypto, and we kicked it off with a Secure Messaging
Scorecard. The Secure Messaging Scorecard is only looking at a few criteria for security, and the
next phases of the project will home in on more challenging security and
usability objectives.
The goal? Encouraging the development of new technologies
that will be secure and easy for everyday people to use, while also pushing
bigger companies to adopt security best practices.
4. Reform Executive Order 12333
Most people haven’t even heard of it, but Executive Order
12333 is the primary authority the NSA uses to engage in the surveillance
of people outside the U.S. While Congress is considering much-needed
reforms to the Patriot Act, there’s been almost no debate about Executive
Order 12333.
This executive order was created by a stroke of the pen
from President Ronald Reagan in 1981. President Obama could undo the worst
parts of this executive order just as easily, by issuing a presidential
order banning mass surveillance of people regardless of their nationality.
5. Develop guiding legal principles around surveillance
and privacy with the help of scholars and legal experts worldwide
The campaign got started well before the Snowden leaks
began. It began with a rigorous policy document called the International
Principles on the Application of Human Rights to Communications
Surveillance, which features 13 guiding principles
about limiting surveillance. Written by academics and legal experts
from across the globe, the principles have now been endorsed by over 417 NGOs
and 350,000 individuals worldwide, and have been the basis for a
pro-privacy resolution successfully passed by the United Nations.
The 13 Principles, as they’re also known, are also meant
to work both locally and globally. By giving politicians and activists the
context for why mass surveillance is a violation of established international
human rights law, they make it clear that legalizing mass surveillance—a path
promoted by the Five Eyes countries—is the wrong way forward. The 13 Principles
are our way of making sure that the global norm for human rights in the context
of communication surveillance isn’t the warped viewpoint of NSA and its
four closest allies, but that of 50 years of human rights standards showing
mass surveillance to be unnecessary and disproportionate.
6. Cultivate partners worldwide who can champion surveillance
reform on the local level, and offer them support and promotion
Katitza Rodriguez, EFF’s International Rights Director,
is rarely in our San Francisco office. That’s because the majority of her
time is spent traveling from country to country, meeting with advocacy
groups on the ground throughout Latin America and parts of Europe to fight
for surveillance law reform. Katitza and the rest of EFF’s international
team assist these groups in working to build country-specific plans to end
mass surveillance at home and abroad.
The goal is to engage activists and lawyers worldwide who
can use the 13 Principles and the legal analyses we’ve prepared to support
them at the national level to fight against the on-going trend of increased surveillance
powers. For example, we teamed up with activists in Australia, Mexico, and
Paraguay to help fight data retention mandates in those countries, including
speaking in the Paraguayan National Congress.
EFF is especially focused on countries that are known to share intelligence data
with the United States and on trying to understand the politics of surveillance
behind those data sharing agreements and surveillance law proposals.
We’ve been sharing with and learning from groups across
the world a range of different tactics, strategies, and legal methods that
can be helpful in uncovering and combating unchecked surveillance. Our
partners are starting to develop their own national surveillance law strategies,
working out a localized version of the Who Has Your Back campaign,
evaluating strategic litigation, and educating the general public of
the danger of mass surveillance.
In certain locales, these battles are politically and
socially difficult, in particular in places where a culture of fear has
permeated the society. We’ve seen anti-surveillance advocates wrongly
painted as allies of pedophiles or terrorists. In at least one of the countries
we’re working in, anonymity is forbidden in its constitution. For some of
our partners, promoting a rational debate about checking government
power abuses can risk their very freedom, with activists facing jail time or
even more serious consequences for speaking out.
Establishing a bottom-up counter-surveillance law
movement—even if it’s one based on common sense and the entire history of modern
democracies—isn’t easy. It’s a titanic task that needs the involvement of advocates
around the world with different tactics and strategies that are complementary.
This is why we’ve also been working to make connections between activists in
different countries, with case studies like the Counter-Surveillance
Success Stories, and highlighting individuals
who are proud to stand up and say “I Fight Surveillance.”
We’re also teaming up with partners, such as Panoptykon Foundation,
to share the strategies and tactics they used in Europe with local groups in
Latin America and vice-versa. We’re working closely with groups in the Middle
East and North Africa, such as 7iber and
SMEX, to track, report on, and coordinate responses to state
surveillance in these regions.
All of this has helped inform the work we’ve done in venues
like the United Nations, theOffice of the High Commissioner on Human
Rights, and the Inter-American Commission on Human Rights, where EFF and our allies are helping—with great
success—the legal minds there wrap their heads around this new age of state violations
of the right to privacy and free expression.
Meanwhile, back in Washington…
7. Stop NSA overreach through impact litigation and new
U.S. laws
Executive Order 12333 may be the presidential command
that sets the agenda for mass surveillance, but U.S. law also plays a huge
role. The NSA claims (often wrongly) that certain U.S. laws allow surveillance
of all Internet users, with almost zero oversight of its spying on non-U.S.
persons. There’s the FISA Amendments Act, which the NSA believes allows it to
spy on groups of people instead of with directed warrants and scoop up all of
the Internet traffic it can, and grants it carte blanche to target anyone
overseas on the grounds that they are potentially relevant to America’s
“foreign interests.” And then there’s the Patriot Act, which has been loosely
interpreted by the NSA to permit the dragnet surveillance of phone
records.
Fighting these laws
is the bread and butter of our domestic legal team. Our lawsuits, likeJewel v. NSA, aim to demonstrate
that warrantless surveillance is illegal and unconstitutional. Our
grassroots advocacy is dedicated to showing American lawmakers exactly
how U.S. law is broken, what must be done to fix it, and the powerful movement
of people working for change.
You can read more details
about American law in our addendum below, but here’s
the upshot: we have to fix the law if we’re to stop these secret agencies spying
on the world. And we have to make sure that no new tricks are being planned.
That means chipping
away at the culture of secrecy that lies at the heart of this mess.
8. Bring transparency
to surveillance laws and practices
One of the greatest
challenges we face in attempting to end mass surveillance is that we don’t
know what we don’t know. Thanks to whistleblower evidence, statements by certain
public officials, and years of aggressive litigation under the Freedom of Information Act, we’ve confirmed
that the NSA is engaged in mass surveillance of our communications
and that it is primarily relying on three legal authorities to justify
this surveillance.
But what if the NSA
is relying on seven other legal authorities? What if there are other forms
of surveillance we have not yet heard about? What if the NSA
is partnering with other entities (different countries or different
branches of the U.S. government) to collect data in ways we can’t imagine?
It’s extremely difficult
to reform the world of surveillance when we don’t have a full picture of
what the government is doing and how it’s legally justifying those
actions.
With that in mind, we
are working to fight for more transparency by:
- Working to reform the broken classification system, which keeps the government’s actions hidden from public oversight.
- Using Freedom of Information Act requests and lawsuits to gain access to government documents that detail surveillance practices (and their legal justifications).
- Helping allies, like Germany and Brazil, to put pressure on the United States to justify its surveillance practices.
- Educating people about the value of whistleblowers and the important role they play in combating secrecy. This includes advocacy for organizations and platforms like Wikileaks that defend and promote the work of whistleblowers. It also includes highlighting the important contributions provided by whistleblowers like Mark Klein, Bill Binney, Thomas Drake, Edward Snowden, and others.Global Solutions for a Global ProblemMass surveillance affects people worldwide, reaching everywhere that the Internet reaches (and many places that it doesn’t!). But laws and court systems are divvied up by jurisdictional lines that don’t make sense for the Internet today. This means we need a range of tactics that include impact litigation, technological solutions, and policy changes both in the United States and across the globe.This game plan is designed to give you insight into how U.S. laws and policies affect people worldwide, and how we can work to protect people outside of America’s borders.We’re up against more than just a few elements in the American administration here. We’re up against a growing despondency about digital privacy, and we’re up against the desire of spooks, autocrats, and corporations jockeying for intelligence contracts in every nation, all of whom want to shore up these surveillance powers for themselves. But we work side-by-side with hundreds of other organizations around the world and thousands of supporters in nearly every country. We have the amazing power of technology to protect privacy, organize opposition, and speak up against such damning violations of human rights.We’re continuing to refine our plan, but we wanted to help our friends understand our thinking so you can understand how each of our smaller campaigns fit into the ultimate objective: secure, private communications for people worldwide.It’s what we’re doing to fight surveillance. But what can you do?You can join your local digital rights organization, of which there are now hundreds, in almost every nation (and if there isn’t one in yours, ask us for advice on starting one). You can pressure companies to increase your protection against government espionage and support companies that make a stand. You can sign our petition about Executive Order 12333 and help spread the word to others. You can use encryption to protect yourself and raise the cost of mass surveillance, and you can teach your friends and colleagues to use it too. You can personally refuse to cooperate with surveillance and promote privacy protections inside institutions you’re a part of. You can tell your friends and colleagues the real risks we are running and how we can turn this mess around.And whether you’re in the United States or not, you can support our plan by becoming a member of EFF.
Addendum: Laws & Presidential Orders We Need to Change
One of the best ways
to end mass surveillance by the NSA is to change the United
States law to make clear that warrantless surveillance is illegal. However,
that’s a little challenging. The NSA is relying on a patchwork
of different laws and executive orders to justify its surveillance
powers.
Here are a few we
know we need to change. Note that there are other parts of U.S. law that may
need revision (including provisions such as the Pen Register Trap and Trace andNational Security Letters), but this is where
we’re focusing our energies currently as the primary known authorities
used to justify mass surveillance:
Section 215 of the
Patriot Act, Known as the “Business Records” Section
What it does: The section of the
law basically says that the government can compel the production of any
“tangible things” that are “relevant” to an investigation.
Why you should care: The NSA
relies on this authority to collect, in bulk, the phone records of millions
of Americans. There are suggestions it’s also being used to collect other
types of records, like financial records or credit card records, in bulk
as well.
How we can stop it: There are a few ways
to fix Section 215. One way is to pass a reform bill, such as the USA
FREEDOM Act, which would make clear that using Section 215 to conduct
bulk collection is illegal. The USA FREEDOM
Act failed to pass in the Senate in 2014, which means it would need to be reintroduced
in 2015.
However, there’s an
even easier way to defeat this provision of the law. This controversial
section of the Patriot Act expires every few years and must be reauthorized
by Congress. It’s up for renewal in June 2015, which means Congress must successfully
reauthorize the section or it will cease to be a law. We’re going to be
mounting a huge campaign to call on Congress not to reauthorize
the bill.
We also have three
legal cases challenging surveillance conducted under Section 215: Jewel v NSA, Smith v Obama, and First Unitarian Church of Los Angeles
v. NSA.
Section 702 of the FISA
Amendments Act
What it does: This section of law
is designed to allow the NSA to conduct warrantless
surveillance within the U.S. when the intended target is overseas.
Why you should care: The NSA
relies on this law to support PRISM, which compels Internet
service providers like Google, Apple, and Facebook to produce its users communications.
The NSA’s upstream surveillance—which includes tapping into
fiber optic cables of AT&T
and other telecommunications providers—also relies on this provision.
Through these two surveillance options, the NSA
“targets” subjects for surveillance. But even when the NSA
is “targeting” specific foreign intelligence subjects overseas, they’re
“incidentally” collecting communications on millions of people,
including both Americans and innocent people abroad.
How we can stop it: Currently, there
aren’t any reform bills that show promise. We’re working on educating the
public and Congress about the Section 702 and the FISA
Amendments Act. In 2017, this authority will be up for reauthorization.
We’ll be planning a big campaign to demolish this invasive and oft-abused
surveillance authority.
Executive
Order 12333
What it does: Executive orders
are legally binding orders given by the President of the United States which
direct how government agencies should operate. Executive Order 12333 covers“most of what the NSA
does” and is “the primary authority under which the country’s intelligence
agencies conduct the majority of their operations.”
Why you should care: Executive Order
12333 is the primary authority the NSA uses to conduct its surveillance
operations—including mass surveillance programs—overseas. Reforming mass surveillance
requires reforming the NSA’s authority under EO 12333.
How we can stop it: Executive Order
12333 was created by a presidential order, and so a presidential order
could undo all of this damage. That’s why we’re pressuring President Obama to issue a new executive
order affirming the privacy rights of people worldwide and ending mass
surveillance.
The Funding Hack
While passing a bill
through Congress is extremely challenging, another (somewhat more controversial)
method of ending this surveillance is through the budget system. Every
year, Congress must approve the defense budget. This frequently becomes a
contentious battle with numerous amendments introduced and debated. We may
see an amendment that tackles some form of surveillance.
Related Cases
Related Posts
-
http://agenda21news.com/2015/01/effs-game-plan-ending-global-mass-surveillance/#more-4611
No comments:
Post a Comment