We Need Stronger Laws to Protect Data from Government and Corporations
Ethical Consumer
Ethical Consumer rates products and companies to help consumers make wise, ethical buying choices.
For over a year now the media has been publishing documents released by Edward Snowden, a former contractor of the National Security Agency (NSA), the communications interception specialist intelligence agency of the United States.
The Snowden files, which continue to be drip fed to news agencies such as the Guardian, reveal a number of mass surveillance programmes undertaken by the NSA and its British counterpart the Government Communications Headquarters (GCHQ).
The revelations lay bare the agencies’ ability and willingness to access information stored by the major internet companies as well as mass-intercept data from fibre optic cables which make up the backbone of global phone and internet networks.
The situation has raised a number of concerns, not least the scale of global monitoring of the communications technology sector and the extent to which private companies, including many popular consumer brands, are cooperating with intelligence agencies. The extent of corporate complicity is, however, still a matter for debate.
Many of the companies implicated in the Snowden files (or that have colluded with oppressive regimes in order to operate in those markets) have taken a public policy position opposing mass surveillance, aimed at regaining the trust of their customers.
Google boss Larry Page and Facebook co-founder Mark Zuckerberg have both denied co-operatingwith NSA surveillance programmes such as PRISM.
We have not joined any program that would give the US government or any other government direct access to our servers.
In a public Facebook message, Zuckerberg said:
We have never received a blanket request or court order from any government agency asking for information or metadata in bulk...and if we did, we would fight it aggressively... We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe.
Snowden has also criticised Amazon, who were notable by their absence from any of the PRISM documents, for “leaking info like a sieve”. At a recent conference Snowden explained that intelligence agencies are currently able to monitor whatever you read on the Amazon website, and asked why the company was failing to implement proper website encryption.
In August 2013 a French consumer rights group named Google and other internet companies as potential accomplices to the NSA and FBI. The prosecutor’s office in Paris has now launched a preliminary investigation into the companies’ complicity with the PRISM surveillance programme.
The issues for consumers
Anna Fielder, Chair of Privacy International, believes that the big issue for consumers is that they are no longer in control of their personal information. She says the biggest areas of contention are automated profiling and the transfer of personal data.
Automated profiling is the collection and use of pieces of information about individuals to make assumptions about them and their future behaviour. This can, of course, be done by corporations and governments alike.
Anna told Ethical Consumer:
We have to ask ourselves: “Has it gone too far?” In the age of infinite data collection (so-called big data) and hundreds of databases holding personal information, disparate pieces of information can be combined and recombined to produce new information about you, more than you would know yourself. Profiling is likely to perpetuate and reinforce societal inequality, so it must be carefully monitored.
Legal action by Privacy International and others has forced an admission from the British government of a secret policy for mass surveillance of residents’ Facebook and Google use. Britain’s top counter-terrorism official has claimed that the indiscriminate interception of these communications is legal as they are “external communications” which use web-based platforms based in the US.2
In regard to the transfer of your personal data to third countries, Anna told us, “as most of the mass market internet corporations are US companies (Google, Facebook, Amazon, etc.), we are talking really about transfers to the US which has very weak data protection laws. There’s an agreement between the UK and USA on data transfers—called Safe Harbor—but it’s not very safe. It’s voluntary, companies cheat and it has not been enforced properly.”
Transparency initiatives
The best information we have at the moment about state monitoring of internet communications is from voluntary company transparency initiatives. Under pressure from organisations such as the Electronic Frontier Foundation, a privacy watchdog group, companies are now beginning to produce transparency reports in order to reassure consumers and be seen to do the right thing.
The mobile phone network provider Vodafone’s first transparency report, released in June, was the first to cover a global dataset. It made grim reading and demonstrated the extent to which corporations and states are colluding.
The company admitted that in six of the 29 countries where it operates, governments enjoy direct access to communications on its network. In some countries police have a direct link to customers’ phone calls and web communications and no warrant to intercept communications is needed. Human rights organisation Liberty called the government powers “terrifying”.
The report also gave a breakdown of lawful intercept requests and communications data requests for the 29 countries in which Vodafone operates. Italy made 139,962 interception requests in total and 605,601 communications requests to Vodafone alone. By comparison the UK government made 2,760 interception requests and 514,608 communications data requests to all mobile phone operators in 2013.1
Internet giant Facebook reported earlier this year that it received requests from governments and courts around the world about over 70,000 users in 2013. The United States counts for 50% of these requests. The vast majority were related to criminal cases and were made by government officials as part of official investigations. Facebook also received 10,000 requests by agencies such as the NSA and the Federal Bureau of Investigation (FBI). These requests usually regard investigation “to protect against international terrorism or clandestine intelligence activities.”3
According to the project “Silk” a transparency reports database, the number of inquiries that governments globally have submitted to the major telecommunication and internet companies of the western world amounted to more than 828,000 requests for users’ data in 2013.
The United States is the world’s most inquisitive country by a big margin, with over 730,000 requests, which corresponds to 3,000 requests for each million of the country’s internet users. It is followed by Australia (47,000 requests), Germany (30,000 requests), France (22,000 requests) and the United Kingdom (10,000 requests).
Some of these requests have been coming from countries with dubious democratic standards. For example, Turkey submitted 12,000 data requests to companies when protests in Turkey started to escalate in 2013. The Turkish government responded with arrests of journalists and attempts to shut down social media outlets.
Microsoft complied with 76% of Turkey’s requests. No other company contacted by Turkey complied with the exception of Facebook (which complied with 47%).4
The numbers outlined in the various transparency reports are the tip of the iceberg because the reports only contain the requests that authorities file through standard legal procedures, thus excluding data collected through bulk surveillance programmes and unauthorized interceptions, like the NSA’s or GCHQ’s.
Smaller companies fighting back
However, the security services and big business are clearly not having it all their own way. The release of PRISM files represented the first step in a fight back against the surveillance state and a loss of privacy.
Several smaller alternative Internet Service Providers (ISPs) from around the world have used the information released by Snowden to lodge formal complaints against GCHQ alleging it uses malicious software to break into their networks.
The claims come from seven organisations based in six countries, including our Best Buy ISP GreenNet and popular activist ISP the Riseup Collective.
The claims are being filed with the investigatory powers tribunal (IPT), a court in London that assesses complaints about the agencies’ activities and the misuse of surveillance by government organisations.
The complaint is based on allegations that GCHQ carried out an attack, codenamed Operation Socialist, on the Belgian telecoms group Belgacom, whose customers include the European Commission and Parliament.
Cedric Knight of GreenNet said in a statement: “Our longestablished network of NGOs and charities, or simply individuals who value our independent and ethical standpoint, rely on us for a level of integrity they can’t get from mainstream ISPs. Our entire modus operandi is threatened by this illegal and intrusive mass surveillance.”
Anna from Privacy International says that the message to consumers in the short term is simple: “Switch away from US corporations providing services.... [move] away from Gmail or Hotmail to one of the very many EU-based email providers. It won’t protect you from GCHQ, but at least you have stronger data protection laws.”
However, she is also clear that there needs to be reform on a policy and legal level. “There are some quick or short term solutions that consumers can take, but ultimately data protection laws need to be strengthened, and the only way that can happen is through political will. Demand that your elected representatives take these issues seriously.”
References
3. www.rt.com/usa/doj-reviews-fbi-surveillance-468
4. www.transparency-reports.silk.co
“State Surveillance & Corporate Complicity.” Ethical Consumer, September 2014. Reprinted by permission.