[bestbits] How to end human rights violating communcations surveillance (was Re: Position by IT for Change...)

[michael gurstein]

Bravo, this is precisely the kind of discussion we need to be having (note, I have no useful insight into the technical details of what Norbert is proposing) but we need to be having this type of discussion preliminary to working together to figure out how to do the technical assessments required for these types of approaches (necessarily to be done by techies informed by policy folks) i.e. what sort of institutional mechanisms can make(and implement) these kinds of assessments (and initiatives) in a manner which elicits/warrants widespread trust.

Of course, we also need to be working in parallel to this to identify the mechanisms which can move forward in the policy sphere including the framework agreements  and broad based review councils all done in full recognition of geo-political realities of power and interest.

As an aside it would be interesting to know how much of the $80 Billion or so annual budget of the US security establishment was spent on infiltrating and looking to influence the direction of civil society (and the technical community?) as for example in their role as a multi-stakeholder "partner" in various governance and other spheres both domestically and globally.  Perhaps this information is something we could look forward to in a subsequent revelation from Mr. Snowden.

M

-----Original Message-----
From: bestbits-request at lists.bestbits.net [mailto:bestbits-request at lists.bestbits.net] On Behalf Of Norbert Bollow
Sent: Sunday, September 01, 2013 9:02 AM
To: bestbits at lists.bestbits.net
Cc: IRP
Subject: [bestbits] How to end human rights violating communcations surveillance (was Re: Position by IT for Change...)

Ian Peter <ian.peter at ianpeter.com> wrote:

> not sure I am as pessimistic about this as both of you. There are 
> plenty of examples in history where international agreements have 
> regulated matters where countries have agreed, for the greater good, 
> to regulate or stop previous actions. The Geneva Convention is one 
> example, outlawing of poison gases after WW1 (worked for a while) is 
> another.
> 
> I am sure also that regularly in trade treaties countries give up 
> certain actions in return for other advantages.
> 
> In the case of the Internet, it may well be that an open available 
> trusted global network - which can only be achieved if espionage is 
> contained - is the greater good that leads to a decent regulatory 
> regime.

I see two major problems with this optimistic scenario:

On one hand the world trade system is already largely designed around the vision of the US and like-minded countries on how the world trade system should work, and the US is already a very central node in this world trade system. The US already has pretty much all of the advantages that a country could possibly have. I don't see what “other advantages”
the US could possibly be offered in exchange for the US agreeing to give up the NSA's foreign surveillance activities which are obviously very important from the perspective of the US government.

On the other hand, a lot of whatever trust that people used to have for the US as a “democratic country” that claims to be strongly committed to human rights has been permanently destroyed. This loss of credibility affects not only US government representatives and by extension government representatives from other Western countries. After all the crap with for example Microsoft claiming “Your Privacy Is Our Priority”
while at the same time secretly cooperating with the NSA's efforts to undermine our privacy, every reasonable and well-informed person will similarly distrust technology vendors.

Add to this that the US concerns about terrorist threats etc are not just a matter of mere paranoia. It would not be reasonable for the US to agree a simple and straightforward principle like never again wanting to know the contents of conversations of people outside the US. The US will have to insist that in situations of legitimate suspicion of plans for terrorist activities, surveillance activities will have to be conducted. Regardless of how the rules for handling that kind of exceptional situations would be designed precisely, if those rules meet both the requirements of international human rights law and the requirement of providing effective means of surveillance for suspected terrorists, those rules are not going to be totally simple and straightforward. Consequently, although certainly necessary, such rules are not going to help much in regard to rebuilding the trust that has been destroyed.

I conclude that without trustworthy efforts to create effective technical protections of communications privacy, a “trusted global network” cannot be achieved in the post-Snowden world.

Nota bene, I'm not advocating for trying to make surveillance totally impossible.

What we IMO need in the post-Snowden world is

1) trustworthy end-to-end encryption of all non-public Internet communication content,

2) trustworthy protection of the software on the computers and other communication devices against remote compromise,

3) redesigned communication protocols which ensure that at no point in the communication channel between the endpoints, information about both communication endpoints is visible in unencrypted form, and

4) trustworthy anti-surveillance monitoring which would likely detect the problem in the case of a system compromise that results in significant quantities of communication channel endpoint information leaking out.

When all of that has been achieved, surveillance of the communications content and communications metadata of specific persons will still be possible, but it'll be expensive enough that cost economics will force it to be limited to specific persons where there is significant reason to consider them a major threat.

It is the human rights violating automated mass surveillance which must be brought to an end.

Greetings,
Norbert