[bestbits] How to end human rights violating communcations surveillance (was Re: Position by IT for Change...)

Sat Aug 31 22:01:32 EDT 2013

Ian Peter <ian.peter at ianpeter.com> wrote:

> not sure I am as pessimistic about this as both of you. There are
> plenty of examples in history where international agreements have
> regulated matters where countries have agreed, for the greater good,
> to regulate or stop previous actions. The Geneva Convention is one
> example, outlawing of poison gases after WW1 (worked for a while) is
> another.
> 
> I am sure also that regularly in trade treaties countries give up
> certain actions in return for other advantages.
> 
> In the case of the Internet, it may well be that an open available
> trusted global network - which can only be achieved if espionage is
> contained - is the greater good that leads to a decent regulatory
> regime.

I see two major problems with this optimistic scenario:

On one hand the world trade system is already largely designed around
the vision of the US and like-minded countries on how the world trade
system should work, and the US is already a very central node in this
world trade system. The US already has pretty much all of the advantages
that a country could possibly have. I don't see what “other advantages”
the US could possibly be offered in exchange for the US agreeing to
give up the NSA's foreign surveillance activities which are obviously
very important from the perspective of the US government.

On the other hand, a lot of whatever trust that people used to have for
the US as a “democratic country” that claims to be strongly committed to
human rights has been permanently destroyed. This loss of credibility
affects not only US government representatives and by extension
government representatives from other Western countries. After all the
crap with for example Microsoft claiming “Your Privacy Is Our Priority”
while at the same time secretly cooperating with the NSA's efforts to
undermine our privacy, every reasonable and well-informed person will
similarly distrust technology vendors.

Add to this that the US concerns about terrorist threats etc are not
just a matter of mere paranoia. It would not be reasonable for the US to
agree a simple and straightforward principle like never again wanting
to know the contents of conversations of people outside the US. The US
will have to insist that in situations of legitimate suspicion of plans
for terrorist activities, surveillance activities will have to be
conducted. Regardless of how the rules for handling that kind of
exceptional situations would be designed precisely, if those rules meet
both the requirements of international human rights law and the
requirement of providing effective means of surveillance for suspected
terrorists, those rules are not going to be totally simple and
straightforward. Consequently, although certainly necessary, such rules
are not going to help much in regard to rebuilding the trust that has
been destroyed.

I conclude that without trustworthy efforts to create effective
technical protections of communications privacy, a “trusted global
network” cannot be achieved in the post-Snowden world.

Nota bene, I'm not advocating for trying to make surveillance totally
impossible.

What we IMO need in the post-Snowden world is

1) trustworthy end-to-end encryption of all non-public Internet
communication content,

2) trustworthy protection of the software on the computers and other
communication devices against remote compromise,

3) redesigned communication protocols which ensure that at no point in
the communication channel between the endpoints, information about both
communication endpoints is visible in unencrypted form, and

4) trustworthy anti-surveillance monitoring which would likely detect
the problem in the case of a system compromise that results in
significant quantities of communication channel endpoint information
leaking out.

When all of that has been achieved, surveillance of the communications
content and communications metadata of specific persons will still be
possible, but it'll be expensive enough that cost economics will force
it to be limited to specific persons where there is significant reason
to consider them a major threat.

It is the human rights violating automated mass surveillance which must
be brought to an end.

Greetings,
Norbert