[governance] FW: [IP] Richard Stallman: How Much Surveillance Can Democracy Withstand? - GNU Project - Free Software Foundation

[michael gurstein]

-----Original Message-----
From: David Farber [mailto:farber at gmail.com] 
Sent: Wednesday, November 06, 2013 8:32 AM
To: ip
Subject: [IP] How Much Surveillance Can Democracy Withstand? - GNU Project -
Free Software Foundation

[ I would like to hear comments on this djf]

http://www.gnu.org/philosophy/surveillance-vs-democracy.html

How Much Surveillance Can Democracy Withstand?

by Richard Stallman

A version of this article was first published in Wired in October 2013.

The current level of general surveillance in society is incompatible with
human rights. To recover our freedom and restore democracy, we must reduce
surveillance to the point where it is possible for whistleblowers of all
kinds to talk with journalists without being spotted. To do this reliably,
we must reduce the surveillance capacity of the systems we use.

Using free/libre software, as I've advocated for 30 years, is the first step
in taking control of our digital lives. We can't trust nonfree software; the
NSA uses and even creates security weaknesses in nonfree software to invade
our own computers and routers. Free software gives us control of our own
computers, but that won't protect our privacy once we set foot on the
Internet.

Bipartisan legislation to "curtail the domestic surveillance powers" in the
U.S. is being drawn up, but it relies on limiting the government's use of
our virtual dossiers. That won't suffice to protect whistleblowers if
"catching the whistleblower" is grounds for access sufficient to identify
him or her. We need to go further.

Thanks to Edward Snowden's disclosures, we know that the current level of
general surveillance in society is incompatible with human rights. The
repeated harassment and prosecution of dissidents, sources, and journalists
provides confirmation. We need to reduce the level of general surveillance,
but how far? Where exactly is the maximum tolerable level of surveillance,
beyond which it becomes oppressive? That happens when surveillance
interferes with the functioning of democracy: when whistleblowers (such as
Snowden) are likely to be caught.

The Upper Limit on Surveillance in a Democracy

If whistleblowers don't dare reveal crimes and lies, we lose the last shred
of effective control over our government and institutions. That's why
surveillance that enables the state to find out who has talked with a
reporter is too much surveillance-too much for democracy to endure.

An unnamed U.S. government official ominously told journalists in 2011 that
the U.S. would not subpoena reporters because "We know who you're talking
to." Sometimes journalists' phone call records are subpoenaed to find this
out, but Snowden has shown us that in effect they subpoena all the phone
call records of everyone in the U.S., all the time.

Opposition and dissident activities need to keep secrets from states that
are willing to play dirty tricks on them. The ACLU has demonstrated the U.S.
government's systematic practice of infiltrating peaceful dissident groups
on the pretext that there might be terrorists among them. The point at which
surveillance is too much is the point at which the state can find who spoke
to a known journalist or a known dissident.

Information, Once Collected, Will Be Misused

When people recognize that the level of general surveillance is too high,
the first response is to propose limits on access to the accumulated data.
That sounds nice, but it won't fix the problem, not even slightly, even
supposing that the government obeys the rules. (The NSA has misled the FISA
court, which said it was unable to effectively hold the NSA accountable.)
Suspicion of a crime will be grounds for access, so once a whistleblower is
accused of "espionage," finding the "spy" will provide an excuse to access
the accumulated material.

The state's surveillance staff will misuse the data for personal reasons
too. Some NSA agents used U.S. surveillance systems to track their
lovers-past, present, or wished-for-in a practice called "LOVEINT." The NSA
says it has caught and punished this a few times; we don't know how many
other times it wasn't caught. But these events shouldn't surprise us,
because police have long used their access to driver's license records to
track down someone attractive, a practice known as "running a plate for a
date."

Surveillance data will always be used for other purposes, even if this is
prohibited. Once the data has been accumulated and the state has the
possibility of access to it, it can misuse that data in dreadful ways.

Total surveillance plus vague law provides an opening for a massive fishing
expedition against any desired target. To make journalism and democracy
safe, we must limit the accumulation of data that is easily accessible to
the state.

Robust Protection for Privacy Must Be Technical

The Electronic Frontier Foundation and other organizations propose a set of
legal principles designed to prevent the abuses of massive surveillance.
These principles include, crucially, explicit legal protection for
whistleblowers; as a consequence, they would be adequate for protecting
democratic freedoms-if adopted completely and enforced without exception
forever.

However, such legal protections are precarious: as recent history shows,
they can be repealed (as in the FISA Amendments Act), suspended, or ignored.

Meanwhile, demagogues will cite the usual excuses as grounds for total
surveillance; any terrorist attack, even one that kills just a handful of
people, will give them an opportunity.

If limits on access to the data are set aside, it will be as if they had
never existed: years worth of dossiers would suddenly become available for
misuse by the state and its agents and, if collected by companies, for their
private misuse as well. If, however, we stop the collection of dossiers on
everyone, those dossiers won't exist, and there will be no way to compile
them retroactively. A new illiberal regime would have to implement
surveillance afresh, and it would only collect data starting at that date.
As for suspending or momentarily ignoring this law, the idea would hardly
make sense.

We Must Design Every System for Privacy

If we don't want a total surveillance society, we must consider surveillance
a kind of social pollution, and limit the surveillance impact of each new
digital system just as we limit the environmental impact of physical
construction.

For example: "Smart" meters for electricity are touted for sending the power
company moment-by-moment data about each customer's electric usage,
including how usage compares with users in general. This is implemented
based on general surveillance, but does not require any surveillance. It
would be easy for the power company to calculate the average usage in a
residential neighborhood by dividing the total usage by the number of
subscribers, and send that to the meters. Each customer's meter could
compare her usage, over any desired period of time, with the average usage
pattern for that period. The same benefit, with no surveillance!

We need to design such privacy into all our digital systems.

Remedy for Collecting Data: Leaving It Dispersed

One way to make monitoring safe for privacy is to keep the data dispersed
and inconvenient to access. Old-fashioned security cameras were no threat to
privacy. The recording was stored on the premises, and kept for a few weeks
at most. Because of the inconvenience of accessing these recordings, it was
never done massively; they were accessed only in the places where someone
reported a crime. It would not be feasible to physically collect millions of
tapes every day and watch them or copy them.

Nowadays, security cameras have become surveillance cameras: they are
connected to the Internet so recordings can be collected in a data center
and saved forever. This is already dangerous, but it is going to get worse.
Advances in face recognition may bring the day when suspected journalists
can be tracked on the street all the time to see who they talk with.

Internet-connected cameras often have lousy digital security themselves, so
anyone could watch what the camera sees. To restore privacy, we should ban
the use of Internet-connected cameras aimed where and when the public is
admitted, except when carried by people. Everyone must be free to post
photos and video recordings occasionally, but the systematic accumulation of
such data on the Internet must be limited.

Remedy for Internet Commerce Surveillance

Most data collection comes from people's own digital activities. Usually the
data is collected first by companies. But when it comes to the threat to
privacy and democracy, it makes no difference whether surveillance is done
directly by the state or farmed out to a business, because the data that the
companies collect is systematically available to the state.

The NSA, through PRISM, has gotten into the databases of many large Internet
corporations. AT&T has saved all its phone call records since 1987 and makes
them available to the DEA to search on request. Strictly speaking, the U.S.
government does not possess that data, but in practical terms it may as well
possess it.

The goal of making journalism and democracy safe therefore requires that we
reduce the data collected about people by any organization, not just by the
state. We must redesign digital systems so that they do not accumulate data
about their users. If they need digital data about our transactions, they
should not be allowed to keep them more than a short time beyond what is
inherently necessary for their dealings with us.

One of the motives for the current level of surveillance of the Internet is
that sites are financed through advertising based on tracking users'
activities and propensities. This converts a mere annoyance-advertising that
we can learn to ignore-into a surveillance system that harms us whether we
know it or not. Purchases over the Internet also track their users. And we
are all aware that "privacy policies" are more excuses to violate privacy
than commitments to uphold it.

We could correct both problems by adopting a system of anonymous
payments-anonymous for the payer, that is. (We don't want the payee to dodge
taxes.) Bitcoin is not anonymous, but technology for digital cash was first
developed 25 years ago; we need only suitable business arrangements, and for
the state not to obstruct them.

A further threat from sites' collection of personal data is that security
breakers might get in, take it, and misuse it. This includes customers'
credit card details. An anonymous payment system would end this danger: a
security hole in the site can't hurt you if the site knows nothing about
you.

Remedy for Travel Surveillance

We must convert digital toll collection to anonymous payment (using digital
cash, for instance). License-plate recognition systems recognize all license
plates, and the data can be kept indefinitely; they should be required by
law to notice and record only those license numbers that are on a list of
cars sought by court orders. A less secure alternative would record all cars
locally but only for a few days, and not make the full data available over
the Internet; access to the data should be limited to searching for a list
of court-ordered license-numbers.

The U.S. "no-fly" list must be abolished because it is punishment without
trial.

It is acceptable to have a list of people whose person and luggage will be
searched with extra care, and anonymous passengers on domestic flights could
be treated as if they were on this list. It is also acceptable to bar
non-citizens, if they are not permitted to enter the country at all, from
boarding flights to the country. This ought to be enough for all legitimate
purposes.

Many mass transit systems use some kind of smart cards or RFIDs for payment.
These systems accumulate personal data: if you once make the mistake of
paying with anything but cash, they associate the card permanently with your
name. Furthermore, they record all travel associated with each card.
Together they amount to massive surveillance. This data collection must be
reduced.
Navigation services do surveillance: the user's computer tells the map
service the user's location and where the user wants to go; then the server
determines the route and sends it back to the user's computer, which
displays it. Nowadays, the server probably records the user's locations,
since there is nothing to prevent it. This surveillance is not inherently
necessary, and redesign could avoid it: free/libre software in the user's
computer could download map data for the pertinent regions (if not
downloaded previously), compute the route, and display it, without ever
telling anyone where the user is or wants to go.

Systems for borrowing bicycles, etc., can be designed so that the borrower's
identity is known only inside the station where the item was borrowed.
Borrowing would inform all stations that the item is "out," so when the user
returns it at any station (in general, a different one), that station will
know where and when that item was borrowed. It will inform the other station
that the item is no longer "out." It will also calculate the user's bill,
and send it (after waiting some random number of minutes) to headquarters
along a ring of stations, so that headquarters would not find out which
station the bill came from. Once this is done, the return station would
forget all about the transaction.  If an item remains "out" for too long,
the station where it was borrowed can inform headquarters; in that case, it
could send the borrower's identity immediately.

Remedy for Communications Dossiers

Internet service providers and telephone companies keep extensive data on
their users' contacts (browsing, phone calls, etc). With mobile phones, they
also record the user's physical location. They keep these dossiers for a
long time: over 30 years, in the case of AT&T. Soon they will even record
the user's body activities. It appears that the NSA collects cell phone
location data in bulk.

Unmonitored communication is impossible where systems create such dossiers.
So it should be illegal to create or keep them. ISPs and phone companies
must not be allowed to keep this information for very long, in the absence
of a court order to surveil a certain party.

This solution is not entirely satisfactory, because it won't physically stop
the government from collecting all the information immediately as it is
generated-which is what the U.S. does with some or all phone companies. We
would have to rely on prohibiting that by law. However, that would be better
than the current situation, where the relevant law (the PATRIOT Act) does
not clearly prohibit the practice. In addition, if the government did resume
this sort of surveillance, it would not get data about everyone's phone
calls made prior to that time.

But Some Surveillance Is Necessary

For the state to find criminals, it needs to be able to investigate specific
crimes, or specific suspected planned crimes, under a court order. With the
Internet, the power to tap phone conversations would naturally extend to the
power to tap Internet connections. This power is easy to abuse for political
reasons, but it is also necessary. Fortunately, this won't make it possible
to find whistleblowers after the fact.

Individuals with special state-granted power, such as police, forfeit their
right to privacy and must be monitored. (In fact, police have their own
jargon term for perjury, "testilying," since they do it so frequently,
particularly about protesters and photographers.) One city in California
that required police to wear video cameras all the time found their use of
force fell by 60%. The ACLU is in favor of this.

Corporations are not people, and not entitled to human rights. It is
legitimate to require businesses to publish the details of processes that
might cause chemical, biological, nuclear, fiscal, computational (e.g., DRM)
or political (e.g., lobbying) hazards to society, to whatever level is
needed for public well-being. The danger of these operations (consider the
BP oil spill, the Fukushima meltdowns, and the 2008 fiscal crisis) dwarfs
that of terrorism.

However, journalism must be protected from surveillance even when it is
carried out as part of a business.

Digital technology has brought about a tremendous increase in the level of
surveillance of our movements, actions, and communications. It is far more
than we experienced in the 1990s, and far more than people behind the Iron
Curtain experienced in the 1980s, and would still be far more even with
additional legal limits on state use of the accumulated data.

Unless we believe that our free countries previously suffered from a grave
surveillance deficit, and ought to be surveilled more than the Soviet Union
and East Germany were, we must reverse this increase. That requires stopping
the accumulation of big data about people.

Copyright 2013 Richard Stallman
Licensed under the Creative Commons Attribution-NoDerivs 3.0 United States
License





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/22720195-c2c7cbd3
Modify Your Subscription:
https://www.listbox.com/member/?member_id=22720195&id_secret=22720195-8fdd43
08
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=22720195&id_secret=22720195-9
7c5b007&post_id=20131106113712:ACB2AC62-4701-11E3-B1CC-E64EA58CAE5F
Powered by Listbox: http://www.listbox.com


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t