Tuesday 18 March 2014

After CIA Incident, Time for Feinstein to Evolve on Privacy Oversight

Last week, Senator Dianne Feinstein (D-CA) signaled that she too recognizes the destructive influence of government surveillance.  For too long, she has been among the most high-profile public defenders of the United States government’s NSA surveillance.  As the Chairwoman of the Senate Intelligence Committee, Feinstein has publicly defended the legality of the NSA’s efforts under the Patriot Act.  Aiming at another large government agency, she publicly lambasted the Central Intelligence Agency (CIA) on the Senate floor for allegedly violating the separation-of-powers principles in disputes over documents Feinstein’s committee was analyzing regarding CIA “black sites” used for counterterrorism efforts between 2002 and 2006.  Central to her claims is what she believes is evidence that the CIA withdrew documents from Senate control without consent.

Many critics have suggested Feinstein’s emboldened attack on the CIA signals hypocrisy, not recognizing the grave potential harm the NSA’s surveillance has on millions of Americans and people abroad.  Feinstein has failed to recognize that her allegations against the CIA rooted in the Constitution’s Fourth Amendment are wildly similar to constitutional critiques of the NSA’s invasive counterterrorism measures.  Feinstein has also showed little evolution regarding the matter as recently as last fall when she introduced an NSA “reform” bill after facing significant political pressure.  Rather than stop the NSA’s unconstitutional actions, her anti-privacy “reform” bill sought to essentially codify the NSA’s actions.  Feinstein’s reform bill was reform in name only. 

This Trojan horse wasn't lost on many of Feinstein’s Congressional colleagues.  Feinstein came under fire by civil liberties advocacy groups across the board, and even the original author of the Patriot Act, Representative James Sensenbrenner Jr. (R-WI), came out against Feinstein’s bill saying that it extended an abuse of the original legislation.  Rep. Sensebrenner gave voice to those who felt Congressional oversight had “hit the gas pedal” rather than “put the brakes on overreaches” in offering a bill to reel in NSA and other agencies exploiting the Patriot Act with a Senate equivalent sponsored by Sen. Patrick Leahy (D-VT).  Feinstein had offered what many concluded was a bill to codify NSA’s invasive programs with superficial, ultimately inconsequential reporting requirements.

Feinstein and her Congressional allies have an opportunity to recognize the destructive influence surveillance has on all people, and not just classified Congressional inquiries but all unconstitutional abuses of power that spy on citizens.  The Senator’s full-throated indigence and willingness to go toe-to-toe with the CIA signals resolve but not enough resolve.  As the Chairwoman of the Senate Intelligence Committee, with oversight over the NSA and other agencies engaging in surveillance, Feinstein ought to show leadership to restore the rights of all citizens to be free of government surveillance.  Just as the CIA’s alleged actions have deeply concerned Feinstein, the NSA’s confirmed actions bear similar consideration and action.

Snowden & ACLU at SXSW: Consumers Must Protect Themselves, Tech Companies Must Innovate

In his longest public appearance since fleeing the United States, Snowden appeared via webcast with Ben Wizner and Christopher Soghoian from the American Civil Liberties Union (ACLU)'s Project on Speech, Privacy, and Technology.  Snowden was the ACLU’s featured speaker and spoke for about an hour (full video).  The conversation (click here for full transcript) began by looking at how internet surveillance and other government intrusion has fundamentally changed the internet, easily transitioning into a discussion about how those in the technology sector–startups and otherwise–can better encrypt communications and heighten security in other ways.  Soghoian, ACLU’s principal technologist, made the case for paid security services to keep consumers’ data encrypted.

Snowden opened with remarks at SXSW by explaining why he chose to address the technology sector at SXSW rather than more policy-oriented audiences:

When we think about what is happening at the NSA for the past decade, the result has been an adversarial internet.  It’s a sort of global free-fire zone for governments that is nothing that we ever asked for. It is not what we want. It is something that we need to protect against. We think about the policies that have been advanced the sort of erosion of fourth amendment protections the proactive seizure of communications... There is a policy response that needs to occur. There is also a technical response that needs to occur. It is the [technology] development community that can really craft the solutions and make sure we are safe.

Snowden highlights the centrality of cybersecurity and privacy in geopolitics today.  In the 21st Century, civil and international conflicts have extensive technological underbellies, foregrounded in the conflict or unquestionably influencing the tenure of the conflict under the mainstream radar.  Observers of the recent conflict between Russia and the Ukraine have been eager to see, for instance, if Russia will employ cyber warfare tactics against the Ukraine they usedagainst Georgia in 2008

The conversation moved from international cybersecurity to individual privacy considerations.  The ACLU’s Soghoian talked at length about the need to bridge the gap between user-friendliness and optimal security.  Soghoian observed that many widely-used tools developed by large companies do not provide optimal levels of security for users (especially by default), and tools developed by smaller companies that are more secure are often too difficult to use for everyday users.  Snowden agreed saying that we do not want the standard for cybersecurity being opt-in. 

Soghoian summarized the security landscape by saying, “If you want a secure online backup service you are going to have to pay for it. If you want a secure voice or video communications product you are going to have to pay for it.”  He explained, too, that consumers cannot rely on free solutions to their security concerns.  Soghoian explained, “You [don’t] have to pay thousands of dollars a year, but you have to pay something so that company has a sustainable business model that doesn't revolve around collecting and monetizing your data.”

Wide-scale changes are needed to improve the ways consumers are currently under-protected or directly violated by government and non-government parties.  As the discussion highlighted, those changes require action from a variety of different actors.  Legislative and regulatory changes can help restrict governments’ access to citizens’ data but also work to further protect countries from outside cyber-attacks.  What he technology sector and proactive consumers can do in the meantime is protect their customers and protect themselves from harm by using the most secure tools possible and investing in high-security services (like those provided by SumRando). 

The ACLU and Snowden discussed what many of us know about technology today: As omnipresent and intertwined technology has become by choice and by default, privacy remains less of a priority than it should be with most consumers.  As Soghoian points out, most technology users rely on technology developers for security protections without knowing there are additional services that could protect them but also without knowing how to evaluate which services can provide consumers adequate security.  Without more widespread change in government and popular technology, informed consumers must rely on high-quality products that actively protect their security online.

Friday 7 March 2014

New Turkish Law Attacks Freedom of Expression, Restricts Access

Turkish President Abdullah Gul signed a law championed by embattled Turkish Prime Minister Recep Tayyip Erdogan to attack freedom of expression by restricting internet access.  The law allows the Turkish Telecommunication Authority (TIB) to restrict access to websites without court order, and internet providers will be forced to monitor their users’ activities and relinquish data at the request of government authorities, according to Reuters.

During last year’s Gezi Park protests, Prime Minister Erdogan was quoted as decrying social media as “the worst menace to society.”  The protests resulted in the arrest of several dozen anti-government protestors who organized using Twitter and Facebook.   Many of Erdogan and his party’s many critics assert that the law is a self-serving, authoritarian response to anti-government sentiment.  They suspect this law helps protect the government from increased scrutiny and insulates them from leaks of information to the internet.  President Gul’s complacency on the matter, approving such an egregious bill after only minor hesitation, indicates that Turkey’s authorities find minimal value in protecting the freedoms of its citizens. 

This law is not without consequence.  This new law inches closer to demanding what the Telecommunication Authority expressed in the wake of those protests: Full disclosure of information upon request.  By allowing officials to restrict access to certain websites within 4 hours without a court order, the law could prevent future efforts among Turkish citizens to organize on popular social media platforms as they have in the past.  Although the Authority must obtain a court order within 24 hours of their initial request, the website targeted will remain offline until the court renders an opinion.  The law’s requirement that internet providers track users’ activity and then relinquish user information upon the request of the Telecommunication Authority allows the Turkish government to not only limit access but enhance its efforts to target whoever they so choose.  Given that this law was also passed alongside a law that enhances the government’s control over the judiciary, there appears a clear effort to centralize control in Turkey, not limited to internet control.

Not surprisingly, this law has given rise to protests throughout Turkey, with hundreds of thousands having taken to the streets of Istanbul and clashing with police and efforts led through Twitter feeds, according to Al-Jazeera.  Supporters of internet freedom have undertaken efforts to oppose the law through social media, generating a considerable amount of attention, and notable news outlets have raised awareness of the new legislation’s possible impact on journalism. 

Critics of the law have suggested that Turkey, which has long desired inclusion in the EU, is further distancing itself from other EU countries by restricting freedom of expression in this and other ways.  The EU, the Council of Europe, and the United Nations have all publicly expressed concern with these new measures in Turkey limiting freedom of expression.