It is perfectly achievable to maintain national security and manage the security risks posed domestically by extremists without instituting mass-surveillance programs of ones own citizens and corporate entities.
While this would seem like common sense, the continuing activities of authorities in the United States of America and the United Kingdom would suggest otherwise. But the French have also dipped a toe (or rather an entire leg) in these waters when after the Paris attacks they expanded the 1955 State of Emergency law and legislated for a French mass-surveillance program.
The implications of the Snowden revelations were slow to filter through to ordinary people not working in the security domain. The NSA, the PRISM program and the Patriot Act had produced a culture of widespread surveillance of ordinary citizens’ activities with the assistance of many household names and brands.
Shocking news. Huge outcry. Much apologising and “contextualising” and “perspective” setting occurred. “Expediency” and “imminent threat” were debated and on it went.
The collaborators in the form of telco’s, social networks, media organisations and household brands went into overdrive to backpedal from the disastrous PR outcome their involvement created.
At the same time – encryption and privacy software companies made wild claims about the strength of their products and hundreds of new entrants emerged to fill the public demand for Private Messaging, Email Encryption, Secure Voice, VPN’s, Proxy Spoofers and other privacy tools – a space previously reserved for paranoid board room members, activists and some well informed underworld organisations.
It was supposed to have been a watershed – the worst excesses of intelligence agencies exposed and now oversight, accountability and proportionate measures would rule the day.
The Investigatory Powers Bill
The Investigatory Powers bill will become law in the United Kingdom sometime toward the end of 2016. Inside this legal maze of mass surveillance facilitators the UK alphabet agencies can now:
- Hack any device, any network or any service;
- Perform these hacks without restriction and against any target;
- Store the resulting information indefinitely;
- Maintain databases of private and confidential information on any citizen of the United Kingdom or person in the United Kingdom;
- Targets do not have to be “persons of interest” nor do they have to be of any interest whatsoever – at this time;
- It is an omnipresent power to simply gather information on everyone, at anytime, from anywhere – without any reason and store it – “just in case”;
- In the commercial context the law allows the state to pressure any company to perform decryption on any data that they store – on request – without reason or right to appeal;
- This in so many words means that un-compromised commercially available encryption products will no longer exist in the United Kingdom after the Bill becomes Law and no company that is based in the United Kingdom can make that claim to its users and no company that stores its data in the United Kingdom can assure it’s users that it is safe from hacking or more likely simply being handed over to whatever department of the government of the United Kingdom asks for it;
- It also requires communications service providers to maintain an ongoing log of all digital services their users connect to for a full year.
It has been quite rightly criticised widely and has already been named the most extreme law ever passed in a democracy — because it cements the legality of mass surveillance.
The English Speaking World Is Giving Ireland the Chance for Privacy Leadership
This blog has already discussed the The “Five Eyes” (FVEY) intel alliance many times. The organisation unifies elements of the national alphabet agencies of the United Kingdom, the United States, Australia, Canada and New Zealand and their intel gathering infrastructures.
The AA’s in each member country and the terms of their information exchange mandate is encapsulated in the multilateral agreement called the “UKUSA Agreement”.
This alliance and it’s mass-surveillance capabilities leading to large scale undermining of personal freedoms and civil liberty has really only come into its own with the advent of social networks, big data, the cloud and AI.
Brexit, Trump, US Corporation Tax & Mass Surveillance
Brexit presents challenges for Ireland but it also presents opportunities. This is one of them.
Trump will shortly be in the White House and he has pledged to end the Irish FDI arrangement of convenience with US corporations. His attitude to surveillance is well known and not categorised by its message of restraint.
Brexit, Trump, The Five Eyes, PRISM, the NSA, GCHQ and now the Investigatory Powers Bill are a frontal assault of epic proportions on the right to privacy of citizens in democracies.
A sort of perfect storm of oppression and suppression tools just standing there waiting – in the wings – for a time when someone will come along and use them for the polar opposite purpose of what they were allegedly created for.
Out of Adversity, Opportunity
The opportunity created by this adversity is not to convince Facebook, Google, Microsoft, Yahoo, Paypal, eBay or the host of other US corporations in Ireland who are either facilitators of the surveillance culture or, like Twitter, engaged in widespread in-house censorship.
But if for once the Irish government showed some spine then the opportunity exists to create an entirely new sector catering to the privacy needs of freedom loving citizens and organisations who dwell in jurisdictions governed by these Stasi like surveillance laws.
And the market size? Well, it’s somewhere around seven billion people and rising.
The attitude of these politicians (Trump, May, Valls & Co.) and their intelligence organisations and the new “laws” – in the form of the revised Patriot Act and the Investigatory Powers Bill – means that’s the vast majority of the worlds English speaking population now live under governments who can – legally – invade their privacy at will – whether at home, at work or at leisure – store the information and use it for any purpose, at any time, at any point in the future – for any reason.
But Ireland has a long way to go to create credibility – the view that Ireland is a Privacy Advocate for the world whose lives are described on social media sites whose data is located in the Irish jurisdiction is a total myth.
I dearly hope that for once Ireland can take the lead – despite its size and influence – and act even if out of self-interest as a stopgap for the complete erosion of civil liberty and privacy in the Western World.