In our ongoing effort to keep you safe we've decided to read your email without your consent.
Your Democratically Elected Government.
Controlling information and spying on citizens were hallmarks of totalitarian regimes in the 20th century. Today, even moderate democracies are getting in on the action. In the last decade, as communication has shifted from traditional landlines, phone calls, and postal service to cell phones and email, governments around the world have struggled to maintain their ability to hunt down criminals and dissidents. As the world went wireless, intelligence gathering agencies have adapted and upgraded wiretapping skills, and major telecommunications companies have helped them do it. Nokia, Sprint, Ericsson, Facebook, Google - think of a business that helps people talk and exchange information and you'll think of a company that has helped law enforcement agencies look through private data in search of the bad guys. Not such a big deal, right? I mean, we all want to hunt down the bad guys. Yet it's becoming clear that not only is the loss of our privacy considered acceptable collateral damage, but giving backdoor access to governments make a business' data more vulnerable to the bad guys as well.
In many areas of the globe, such as the US, UK and EU, to name a few, governments may monitor a citizen's communications when they are suspected of a crime. There are legal/judicial hurdles that must be cleared for such observations to be installed but once they are cleared governments are legally allowed to spy. Such wiretapping has been going on since before the phone was invented. Now, however, much of our communication doesn't pass through telephone wires but through the servers of corporate giants like Google. This proved to be both a hindrance and a large opportunity to information gathering and law enforcement agencies. They didn't have direct access to those lines of communication, but the new medium allowed for automated detection and recording. By requiring companies like Facebook, Google, Sprint, etc to grant them automated backdoor access to their technologies, government agencies all around the world suddenly had the means to browse through billions of communications. Email subject lines, mobile phone GPS locations, call histories - all this digital information could be scanned, sorted, and stored for future use. And boy is it used. Sprint-Nextel provided US agencies with 8 million requests for cell phone GPS location information in 2008-2009 alone - and that's just one mobile company. In an interview with Russia Today, Julian Assange, head of WikiLeaks recently stated that other tech companies, such as Facebook, are so accessible to US intelligence agencies that they act as de facto information gathering sources - see the video below for more:
A quick reality check, neither WikiLeaks nor Russia Today are particularly fond of US government activity, and it's not surprising that both would critique the US government for invading online privacy. Yet it goes beyond one nation.
The EU's massive Project Indect, which we've discussed before, is going strong. Among other prerogatives, the initiative will require major telecomm companies to assist them in establishing automated data mining for mobiles, email, social networks, etc. If you send data to the EU, it's going to get looked at by a computer, and if it sets off the wrong filter, a human will look at it too. This is just the next step in the wiretapping evolution - we've seen other high profile incidents already. In 2008, Nokia sold Iran the wiretapping protocols and equipment they would need to monitor their citizens' phone calls. A group of Iranian citizens are suing the company for aiding the government in (unlawfully) detaining and persecuting them after the disputed 2009 elections. In 2004-2005, during Greece elections, unknown groups were able to monitor the calls of elected Greek representatives. They did so by illegally hacking into Ericsson's wiretapping capabilities - capabilities that were required by the Greek government. When Google was the victim of a cyber-attack based out of China more than a year ago, the hackers exploited wiretapping protocols Google built into their systems as dictated by the US government.
These last two examples highlight how ongoing compliance with wiretapping laws make telecommunications companies more vulnerable to cyber spying in general. Backdoors that grant access to the FBI or NSA also serve as tempting targets for everyone else. Whether they are exploited for identity theft, or used to coordinate concentrated cyber attacks from other nations, wiretapping access is a proven weak point in telecommunication security.
Which is perhaps why I find it so frustrating that countries are pushing companies for more access, not less. Starting last fall, the FBI has been leaning on Google and Facebook to open themselves up further to online wiretapping (presumably to grant easy access not just to subject lines and metadata but body text as well). Sweden's FRA-Law (passed in 2008) gave the government unheard of access to online data passing through its lines. While that law proved to be grossly unpopular with the citizenry of Sweden, it went into effect January 1st, 2009, and remains enforced today. WikiLeaks alleges, and Russia Today reports that cables from the US embassy show that the American government was prodding Sweden into adopting greater access to online communications, ostensibly because 80% of the traffic from Russia to the US passes through there. Here's another news video on the topic (my earlier reality check should be repeated here):
How secure is your online information? Depends on how much attention you've garnered. While current wiretapping technologies would make it unlikely for every correspondence you produce to receive even automated attention, there's little doubt that should you become the suspect of government scrutiny, there are systems in place that allow you to be monitored easily. When a law enforcement or intelligence agency comes a knocking, the backdoor to your data is opened. That's the reality of modern wiretapping laws.
The situation, however, is complex. Companies like Google and Yahoo struggled with being coerced to help countries like China censor information. They were also legally pressured to comply with wiretapping laws in the US and EU. On the flipside, Facebook and other Silicon Valley giants are setting up camp in Washington DC, spending more money every year on influencing laws that affect their industries. Governments pressure businesses, businesses use their wealth to pressure government officials...it's a fun little waltz, don't you think? The only problem is that we seem to be the dance floor, even if all the parties involved claim they're trying to help the average citizen.
Singularity Hub has often speculated that the upcoming generation will have different mores about privacy, that youth raised on Facebook updates and Tweets will move much of their lives into the public sphere. I still believe that and I'm not convinced it's going to be a bad thing. The trouble arises when our love of expression is twisted into a tool of oppression. We're currently wading through a nebulous gray zone where criminals can be convicted by their online activity and governments can pour through billions of online communications looking for criminal activity. Wherever we decide to draw the privacy line, we need to do so willingly and on our own terms. The longer citizens wait to make this a prominent political issue the more government agencies will become entrenched in their current behavior. Living in a democracy is no longer a guarantee that a government won't act in very totalitarian ways. Maybe it never was.