IN the week that WikiLeaks revealed the CIA and MI5 have an armoury of surveillance tools that can spy on people through their smart TVs, cars and cellphones, the FBI director, James Comey said at a Boston College conference on cybersecurity that, “There is no such thing as absolute privacy in America: there is no place outside of judicial reach,”. The remark came as he was discussing the rise of encryption since Edward Snowden’s 2013 revelations of the NSA’s mass surveillance tools, used on citizens around the world.
Both the Snowden revelations and the CIA leak highlight the variety of creative techniques intelligence agencies can use to spy on individuals, at a time when many of us are voluntarily giving up our personal data to private companies and installing so-called “smart” devices with microphones (smart TVs, Amazon Echo) in our homes. So, where does this leave us? Is privacy really dead, as Silicon Valley luminaries such as Mark Zuckerberg have previously declared?
Not according to the Electronic Frontier Foundation’s executive director, Cindy Cohn. “The freedom to have a private conversation – free from the worry that a hostile government, a rogue government agent or a competitor or a criminal are listening – is central to a free society,” she said. That doesn’t mean citizens have “absolute privacy”. “I don’t think there’s been absolute privacy in the history of mankind,” said Albert Gidari, director of privacy at the Stanford Center for Internet and Society. “You walk out in public and it’s no longer private. You shout from one window to another and someone will hear you in conversation.”
The law hasn’t kept pace with digital technologies. For example, there is a legal theory called the “third-party doctrine” that holds that people who give up their information to third parties like banks, phone companies, social networks and ISPs have “no reasonable expectation of privacy”. This has allowed the US government to obtain information without legal warrants. Unlike the NSA techniques revealed by Snowden, the CIA appears to favour a more targeted approach: less dragnet, more spearfishing.
The WikiLeaks files show that the CIA has assembled a formidable arsenal of cyberweapons designed to target individuals’ devices such as mobile phones, laptops and TVs by targeting the operating systems such as Android, iOS and Windows with malware. It’s encouraging to note that the government has yet to crack the encryption of secure messaging apps such as WhatsApp, Signal and Confide. However, it does not need to if it can install malware on people’s devices that can collect audio and message traffic before encryption is applied.
This week’s revelations are sure to increase the strain on relations between Silicon Valley and the US government. While some of the older telephony companies such as AT&T and Verizon, which rely heavily on government contracts, have a history of compliance with government requests, tech giants Google, Facebook, Microsoft and Apple have proved to be less compliant. It’s not possible to meaningfully participate in modern life without relationships with some or all of these technology companies processing our data, explained Neil Richards, a law professor from Washington University. So it’s important to know where their loyalties lie – to their customers or to government.
“We need to build the digital society we want rather than the one handed to us by default,” he added. This will require a complete overhaul of the laws relating to when the government can collect location and content information, something civil liberty campaigners have been pushing for. “These decisions need to be made by the public, not by law enforcement or tech executives sitting in private,” Richards said.
—Courtesy: The Guardian