EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.21.13

Richard Stallman: How Much Surveillance Can Democracy Withstand?

Posted in FSF, GNU/Linux at 8:03 am by Dr. Roy Schestowitz

The current level of general surveillance in society is incompatible with human rights. To recover our freedom and restore democracy, we must reduce surveillance to the point where it is possible for whistleblowers of all kinds to talk with journalists without being spotted. To do this reliably, we must reduce the surveillance capacity of the systems we use.

Using free/libre software, as I’ve advocated for 30 years, is the first step in taking control of our digital lives. We can’t trust nonfree software; the NSA uses and even creates security weaknesses in nonfree software so as to invade our own computers and routers. Free software gives us control of our own computers, but that won’t protect our privacy once we set foot on the Internet.

“Thanks to Edward Snowden’s disclosures, we know that the current level of general surveillance in society is incompatible with human rights.”Bipartisan legislation to “curtail the domestic surveillance powers” in the U.S. is being drawn up, but it relies on limiting the government’s use of our virtual dossiers. That won’t suffice to protect whistleblowers if “catching the whistleblower” is grounds for access sufficient to identify him or her. We need to go further.

Thanks to Edward Snowden’s disclosures, we know that the current level of general surveillance in society is incompatible with human rights. The repeated harassment and prosecution of dissidents, sources, and journalists provides confirmation. We need to reduce the level of general surveillance, but how far? Where exactly is the maximum tolerable level of surveillance, beyond which it becomes oppressive? That happens when surveillance interferes with the functioning of democracy: when whistleblowers (such as Snowden) are likely to be caught.

Don’t Agree We Need to Reduce Surveillance? Then Read This Section First

If whistleblowers don’t dare reveal crimes and lies, we lose the last shred of effective control over our government and institutions. That’s why surveillance that enables the state to find out who has talked with a reporter is too much surveillance—too much for democracy to endure.

“Opposition and dissident activities need to keep secrets from states that are willing to play dirty tricks on them.”An unnamed U.S. government official ominously told journalists in 2011 that the U.S. would not subpoena reporters because “We know who you’re talking to.” Sometimes journalists’ phone call records are subpoenaed to find this out, but Snowden has shown us that in effect they subpoena all the phone call records of everyone in the U.S., all the time.

Opposition and dissident activities need to keep secrets from states that are willing to play dirty tricks on them. The ACLU has demonstrated the U.S. government’s systematic practice of infiltrating peaceful dissident groups on the pretext that there might be terrorists among them. The point at which surveillance is too much is the point at which the state can find who spoke to a known journalist or a known dissident.

Information, Once Collected, Will Be Misused

When people recognize that the level of general surveillance is too high, the first response is to propose limits on access to the accumulated data. That sounds nice, but it won’t fix the problem, not even slightly, even supposing that the government obeys the rules. (The NSA has misled the FISA court, which said it was unable to effectively hold the NSA accountable.) Suspicion of a crime will be grounds for access, so once a whistleblower is accused of “espionage,” finding the “spy” will provide an excuse to access the accumulated material.

“Surveillance data will always be used for other purposes, even if this is prohibited.”The state’s surveillance staff will misuse the data for personal reasons too. Some NSA agents used U.S. surveillance systems to track their lovers—past, present, or wished-for—in a practice called “LoveINT.” The NSA says it has caught and punished this a few times; we don’t know how many other times it wasn’t caught. But these events shouldn’t surprise us, because police have long used their access to driver’s license records to track down someone
attractive
, a practice known as “running a plate for a date.”

Surveillance data will always be used for other purposes, even if this is prohibited. Once the data has been accumulated and the state has the possibility of access to it, it may misuse that data in dreadful ways.

Total surveillance plus vague law provides an opening for a massive fishing expedition against any desired target. To make journalism and democracy safe, we must limit the accumulation of data that is easily accessible to the state.

Robust Protection for Privacy Must Be Technical

The Electronic Frontier Foundation and other organizations propose a set of legal principles designed to prevent the abuses of massive surveillance. These principles include, crucially, explicit legal protection for whistleblowers; as a consequence, they would be adequate for protecting democratic freedoms—if adopted completely and enforced without exception forever.

However, such legal protections are precarious: as recent history shows, they can be repealed (as in the FISA Amendments Act), suspended, or ignored.

“If we don’t want a total surveillance society, we must consider surveillance a kind of social pollution, and limit the surveillance impact of each new digital system just as we limit the environmental impact of physical construction.”Meanwhile, demagogues will cite the usual excuses as grounds for total surveillance; any terrorist attack, even one that kills just a handful of people, will give them an opportunity.

If limits on access to the data are set aside, it will be as if they had never existed: years worth of dossiers would suddenly become available for misuse by the state and its agents and, if collected by companies, for their private misuse as well. If, however, we stop the collection of dossiers on everyone, those dossiers won’t exist, and there will be no way to compile them retroactively. A new illiberal regime would have to implement surveillance afresh, and it would only collect data starting at that date. As for suspending or momentarily ignoring this law, the idea would hardly make sense.

We Must Design Every System for Privacy

If we don’t want a total surveillance society, we must consider surveillance a kind of social pollution, and limit the surveillance impact of each new digital system just as we limit the environmental impact of physical construction.

For example: “Smart” meters for electricity are touted for sending the power company moment-by-moment data about each customer’s electric usage, including how usage compares with users in general. This is implemented based on general surveillance, but does not require any surveillance. It would be easy for the power company to calculate the average usage in a residential neighborhood by dividing the total usage by the number of subscribers, and send that to the meters. Each customer’s meter could compare her usage, over any desired period of time, with the average usage pattern for that period. The same benefit, with no surveillance!

We need to design such privacy into all our digital systems.

Remedy for Collecting Data: Leaving It Dispersed

One way to make monitoring safe for privacy is to keep the data dispersed and inconvenient to access. Old-fashioned security cameras were no threat to privacy. The recording was stored on the premises, and kept for a few weeks at most. Because of the inconvenience of accessing these recordings, it was never done massively; they were accessed only in the places where someone reported a crime. It would not be feasible to physically collect millions of tapes every day and watch them or copy them.

“To restore privacy, we should ban the use of Internet-connected cameras aimed where and when the public is admitted, except when carried by people.”Nowadays, security cameras have become surveillance cameras: they are connected to the Internet so recordings can be collected in a data center and saved forever. This is already dangerous, but it is going to get worse. Advances in face recognition may bring the day when suspected journalists can be tracked on the street all the time to see who they talk with.

Internet-connected cameras often have lousy digital security themselves, so anyone could watch what the camera sees. To restore privacy, we should ban the use of Internet-connected cameras aimed where and when the public is admitted, except when carried by people. Everyone must be free to post photos and video recordings occasionally, but the systematic accumulation of such data on the Internet must be limited.

Remedy for Internet Commerce Surveillance

Most data collection comes from people’s own digital activities. Usually the data is collected first by companies. But when it comes to the threat to privacy and democracy, it makes no difference whether surveillance is done directly by the state or farmed out to a business, because the data that the companies collect is systematically available to the state.

The NSA, through PRISM, has gotten into the databases of many large Internet corporations. AT&T has saved all its phone call records since 1987 and makes them available to the DEA to search on request. Strictly speaking, the U.S. government does not possess that data, but in practical terms it may as well possess it.

“Purchases over the Internet also track their users.”The goal of making journalism and democracy safe therefore requires that we reduce the data collected about people by any organization, not just by the state. We must redesign digital systems so that they do not accumulate data about their users. If they need digital data about our transactions, they should not be allowed to keep them more than a short time beyond what is inherently necessary for their dealings with us.

One of the motives for the current level of surveillance of the Internet is that sites are financed through advertising based on tracking users’ activities and propensities. This converts a mere annoyance—advertising that we can learn to ignore—into a surveillance system that harms us whether we know it or not. Purchases over the Internet also track their users. And we are all aware that “privacy policies” are more excuses to violate privacy than commitments to uphold it.

We could correct both problems by adopting a system of anonymous payments—anonymous for the payer, that is. (We don’t want the payee to dodge taxes.) Bitcoin is not anonymous, but technology for digital cash was first developed 25 years ago; we need only suitable business arrangements, and for the state not to obstruct them.

A further threat from sites’ collection of personal data is that security breakers might get in, take it, and misuse it. This includes customers’ credit card details. An anonymous payment system would end this danger: a security hole in the site can’t hurt you if the site knows nothing about you.

Remedy for Travel Surveillance

We must convert digital toll collection to anonymous payment (using digital cash, for instance). License-plate recognition systems recognize all license plates, and the data can be kept indefinitely; they should be required by law to notice and record only those license numbers that are on a list of cars sought by court orders. A less secure alternative would record all cars locally but only for a few days, and not make the full data available over the Internet; access to the data should be limited to searching for a list of court-ordered license-numbers.

The U.S. “no-fly” list must be abolished because it is punishment without trial.

“The U.S. “no-fly” list must be abolished because it is punishment without trial.”It is acceptable to have a list of people whose person and luggage will be searched with extra care, and anonymous passengers on domestic flights could be treated as if they were on this list. It is also acceptable to bar non-citizens, if they are not permitted to enter the country at all, from boarding flights to the country. This ought to be enough for all legitimate purposes.

Many mass transit systems use some kind of smart cards or RFIDs for payment. These systems accumulate personal data: if you once make the mistake of paying with anything but cash, they associate the card permanently with your name. Furthermore, they record all travel associated with each card. Together they amount to massive surveillance. This data collection must be reduced.

“Internet service providers and telephone companies keep extensive data on their users’ contacts (browsing, phone calls, etc).”Navigation services do surveillance: the user’s computer tells the map service the user’s location and where the user wants to go; then the server determines the route and sends it back to the user’s computer, which displays it. Nowadays, the server probably records the user’s locations, since there is nothing to prevent it. This surveillance is not inherently necessary, and redesign could avoid it: free/libre software in the user’s computer could download map data for the pertinent regions (if not downloaded previously), compute the route, and display it, without ever telling anyone where the user is or wants to go.

Systems for borrowing bicycles, etc., can be designed so that the borrower’s identity is known only inside the station where the item was borrowed. Borrowing would inform all stations that the item is “out,” so when the user returns it at any station (in general, a different one), that station will know where and when that item was borrowed. It will inform the other station that the item is no longer “out.” It will also calculate the user’s bill, and send it (after waiting some random number of minutes) to headquarters along a ring of stations, so that headquarters would not find out which station the bill came from. Once this is done, the return station would forget all about the transaction. If an item remains “out” for too long, the station where it was borrowed can inform headquarters; in that case, it could send the borrower’s identity immediately.

Remedy for Communications Dossiers

Internet service providers and telephone companies keep extensive data on their users’ contacts (browsing, phone calls, etc). With mobile phones, they also record the user’s physical location. They keep these dossiers for a long time: over 30 years, in the case of AT&T. Soon they will even record the user’s body activities. It appears that the NSA collects cell phone location data in bulk.

Unmonitored communication is impossible where systems create such dossiers. So it should be illegal to create or keep them. ISPs and phone companies must not be allowed to keep this information for very long, in the absence of a court order to surveil a certain party.

This solution is not entirely satisfactory, because it won’t physically stop the government from collecting all the information immediately as it is generated—which is what the U.S. does with some or all phone companies. We would have to rely on prohibiting that by law. However, that would be better than the current situation, where the relevant law (the PATRIOT Act) does not clearly prohibit the practice. In addition, if the government did resume this sort of surveillance, it would not get data about everyone’s phone calls made prior to that time.

But Some Surveillance Is Necessary

For the state to find criminals, it needs to be able to investigate specific crimes, or specific suspected planned crimes, under a court order. With the Internet, the power to tap phone conversations would naturally extend to the power to tap Internet connections. This power is easy to abuse for political reasons, but it is also necessary. Fortunately, this won’t make it possible to find whistleblowers after the fact.

Individuals with special state-granted power, such as police, forfeit their right to privacy and must be monitored. (In fact, police have their own jargon term for perjury, “testilying,” since they do it so frequently, particularly about protesters and photographers.) One city in California that required police to wear video cameras all the time found their use of force fell by 60%. The ACLU is in favor of this.

“…journalism must be protected from surveillance even when it is carried out as part of a business.”Corporations are not people, and not entitled to human rights. It is legitimate to require businesses to publish the details of processes that might cause chemical, biological, nuclear, fiscal, computational (e.g., DRM) or political (e.g., lobbying) hazards to society, to whatever level is needed for public well-being. The danger of these operations (consider the BP oil spill, the Fukushima meltdowns, and the 2008 fiscal crisis) dwarfs that of terrorism.

However, journalism must be protected from surveillance even when it is carried out as part of a business.


Digital technology has brought about a tremendous increase in the level of surveillance of our movements, actions, and communications. It is far more than we experienced in the 1990s, and far more than people behind the Iron Curtain experienced in the 1980s, and would still be far more even with additional legal limits on state use of the accumulated data.

Unless we believe that our free countries previously suffered from a grave surveillance deficit, and ought to be surveilled more than the Soviet Union and East Germany were, we must reverse this increase. That requires stopping the accumulation of big data about people.


Licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 27/5/2016: Android for Raspberry Pi, Google Beats Oracle in Court

    Links for the day



  2. Warning: EPO Surveillance May Have Just Gotten Even More Intrusive

    BlueCoat, which the EPO uses to enable oppression inside its European premises, has just gotten even nastier and staff may be at risk



  3. Victim Card Ends up in Another Blunder for Battistelli and His Six Bodyguards

    Battistelli is wrecking what's left of the EPO's reputation (after decades it took the Office to earn it) as the media continues to scrutinise his appalling regime



  4. Italian Report About EPO Now Available in English

    An English translation of a TV program which earlier this month documented some of the glaring problems at the EPO



  5. The EPO is Doing Great, Says EPO-Connected 'News' Site

    IAM 'magazine', a longtime ally of the EPO, gives people the impression that all is fine and dandy at the EPO even though that's clearly not the case



  6. Microsoft Has Killed Nokia (and Its Own Mobile Ambitions), But Watch What it Does With Patents

    Microsoft announces many more layoffs, having already caused tremendous damage to the Finnish economy, and patents are left astray for Microsoft's favourite patent trolls to pick



  7. EPO Management Under Growing Stress From Croatian Law Enforcement Authorities, German Politicians, Italian Media

    Things are not as rosy as the relative calm may suggest, and in the coming weeks we expect some major events other than the protest at all EPO sites across Europe



  8. Microsoft, a Dead Company Walking, Resorts to Malware Tactics, Now Truly Indistinguishable From Crackers

    Microsoft is essentially taking over people's PCs and installing on them a large piece of malware, complete with keyloggers, against the will of these PCs' owners



  9. Links 26/5/2016: CentOS Linux 6.8, Ansible 2.1

    Links for the day



  10. The Latest EPO Victim Card (Played by Željko Topić) Should be Treated as Seriously as Those Bogus Claims of Violence by a Judge (Updatedx3)

    In its desperate pursuit of a narrative wherein the staff of the EPO is violent and aggressive the management of the EPO, renowned for institutional aggression, finds (or claims to have found) a little tampering with a bicycle



  11. Links 25/5/2016: Nginx 1.11, F1 2015 Coming to GNU/Linux Tomorrow

    Links for the day



  12. The Media Starts Informing the European Public About the Downsides of UPC While EPO Accelerates Its Lobbying for Ratification

    The EPO's shameless UPC promotion takes another step forward as the European press outlets (even television channels) begin to explore the secret deal that's negotiated by patent lawyers (with corporate clients) and patent offices, not the public or any public interest groups



  13. Some Details About How the EPO's President is Rumoured to be 'Buying' Votes and Why It's Grounds/Basis for “Immediate Dismissal”

    Some background information and a detailed explanation of the systemic financial dependency, created by Battistelli at the cost of €13 million or more, which prevents effective oversight of Battistelli



  14. How the Patent Lawyers' Microcosm Continues to Boost Software Patents Filth by Misdirecting Readers, Relying on Highly Selective Coverage

    Under the guise of reporting/analysis/advice the community of patent lawyers is effectively lobbying to make software patents popular and widely-accepted again, based on one single case which they wish to make 'the' precedent



  15. Documents Show Zagreb Police Department in Investigation of Vice-President of the European Patent Office

    Željko Topić's troubles in Croatia, where he faces many criminal charges, may soon become an extraordinary burden for the EPO, which distances itself from it all mostly by attacking staff that 'dares' to bring up the subject



  16. [ES] Interrumpiendo la Propagánda Distractante de Battistelli: los Empleados de la EPO Protestará de Nuevo en una Quincena

    La exágerada extravagancia (desperdicio de dinero) en la Ceremonia de Premiación al Inventor Europeo de la EPO tendrá que competir por atención de los medios con miles de empleados de la EPO (en todaslas sedes de la EPO) marchándo en las calles para protestar por los abusos de la EPO



  17. Windows and Microsoft's Other 'Burning Platforms'

    It's not just Windows for phones that's reaching minuscule market share levels but also Windows, but Microsoft is skilled at hiding this (cannibalising Windows using something people do not even want, then counting that cannibal, Vista 10)



  18. Links 24/5/2016: CRYENGINE Source Code is Out on GitHub, Jono Bacon Leaves GitHub

    Links for the day



  19. Links 23/5/2016: GNOME 3.22, Calculate Linux 15.17

    Links for the day



  20. 'Celebrity' Patent Trolls and the Elusive Battle Against Patent Trolls (or Eastern District of Texas Courts) Rather Than Software Patents

    Some of last week's more important reports, which serve to demonstrate how the system is attempting to tackle a side-effect of software patents rather than the patents themselves (their irrational scope)



  21. The Circus of Patent 'Reporting' (by Omission) on the Subject of Software Patents in the US and USPTO Bias

    look at some of the latest oddities in the US patent system and much of the reporting about software patenting (more or less monopolised by those who profit from it, not harmed by it)



  22. IP3 Demonstrates That Today's Patent Systems Devolve Into a Conglomerates' Game, Won't Protect the Mythical Small Inventor

    Multinational corporations bring together their shared interests and steer the increasingly-inseparable patent systems according to their needs and goals, but has anyone even noticed?



  23. Disrupting Battistelli's Distracting Propaganda: EPO Staff to Protest Again in About a Fortnight

    The overly extravagant (waste of money) EPO European Inventor Award will have to compete for media attention with thousands of EPO staff (in all EPO sites) marching in the streets to protest against the EPO's abuses



  24. Corrupting Democracy? Growing Frequency of Rumours That the EPO's President Battistelli is 'Buying' Votes of Small Member States

    Several sources suggest that rather than appease the Administrative Council by taking corrective action Battistelli and his notorious 'circle' now work hard to remove opposition from the Administrative Council, especially where this is easier a task to accomplish (politically or economically)



  25. [ES] Los Mitos de la EPO ‘Calidad’ de Patentes y de ‘Creación’ de Patentes: Basados en Ventas de Cafe y Trauma

    La carrera hacia el fondo, o la ridícula asumpción de Battistelli de que otorgar más y más patentenes más rápidamente (e.g. usando PACE) sería beneficióso a largo término, puede guíar al final colapse del valor de la EPO y la pérdida de su lárgamente ganada reputación a nivel mundial



  26. Links 22/5/2016: Systemd 230, Debian Installer Alpha 6

    Links for the day



  27. EPO Patent 'Quality' and 'Patent Creation' Myth: Capsule-Based Coffee Sales and Trauma

    The race to the bottom, or Battistelli's ludicrous assumption that granting more and more patents faster (e.g. using PACE) would be beneficial in the long run, may lead to the ultimate collapse of the EPO's value and demise of its long-earned reputation worldwide



  28. Guest Post: How Vista 10 Imposes Itself on Users of Windows

    A reader's experience being nagged by Microsoft, as documented and explained by this reader



  29. [ES] El Notorio Tirano de la EPO, Benoît Battistelli, Se Reune Con Otros Tiranos, Reportes de Que ‘Limpia’ el Consejo Administrativo

    El régimen de Battistelli, talvez la fuente de verguénza más grande, alegadamente está “cortejándo países pequeños/corruptos para asegurárse de que los delegados que votarón contra él serán remplazados”



  30. [ES] Comentadores Anónimos Debaten Si la EPO de Battistelli Puede Revocar las Pensiones de Empleados Que Se Atreveen — GASP — a Buscar Empleo Alternativo

    Una mirada a las causas de desesperación e imensa presión en la EPO, donde las pensiónes pueden ser cortadas como medio de represália y la gente puede ser negada empleo aún después de dejar la Oficina Europea de Patentes (EPO)


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts