Paranoid about my android

Ed Snowden’s revelations prove that we are in a new era of mass surveillance, says Bernard Keane. Artwork by Peter Sheehan.

On June 5, 2013, our view of the internet began to change significantly. It was the day that Glenn Greenwald’s first articles on mass surveillance by the United States’ National Security Agency (NSA) appeared in The Guardian.

In what might be the most important act of whistleblowing in recent history, Edward Snowden, a private contractor who worked for the NSA, revealed to the media the extent to which the Obama administration had established a vast surveillance state that monitors internet and telecommunications traffic in the US and throughout the world.

The US government, with allies including the UK and even Australia, is engaged in mass surveillance on a global basis. Claims that once looked like the absurdities of conspiracy theorists are now confirmed by hard evidence.

The revelations, via Greenwald and other journalists such as Laura Poitras at The New York Times and Barton Gellman at The Washington Post, are still continuing months later. While non-experts may find the detail of surveillance, encryption and data retention difficult to keep up with, some key themes have emerged from Snowden’s revelations.

First, much of the surveillance conducted by the NSA has been illegal, even under the extraordinarily broad terms allowed by US Congress through the Patriot Act. The illegality has been confirmed by the NSA itself in leaked internal audits. It has even been confirmed by the court that normally acts as a rubber stamp for surveillance, the Foreign Intelligence Surveillance Court.

And the NSA’s surveillance is not confined to terrorism or national security. French and Spanish media reported that the NSA had recorded millions of phone calls in those countries (the NSA insists they had been provided with that material by agencies from those countries). According to Der Spiegel, the NSA had access to German chancellor Angela Merkel’s phone for a decade; it has spied on US allies in the EU and on the United Nations, on the Brazilian president, the Brazilian mining industry and the Mexican president as well as up to 35 other international leaders.

It looks more like a list of the US’s economic competitors than terrorist threats. The NSA’s surveillance network was even used to spy on New Zealand resident Kim Dotcom, the copyright industry’s enemy number one but not, even in its view, a terrorist.

This demonstrates that once a mass surveillance apparatus is established and used in secret, the temptation to use it for purposes other than national security will prove too great.

The response of governments to Snowden’s whistleblowing has been to pursue him through national security legislation. Snowden has been forced to seek asylum in Russia (with the US Secretary of State John Kerry making a public promise that Snowden would not be executed or tortured if extradited).

Whistleblowers have been repeatedly prosecuted under the Espionage Act. US journalists in other instances have been subpoenaed and spied on to track down whistleblowers, often for stories that embarrassed governments but did not include any national security information.

Such examples are intended to send a message: embarrass governments and you will be punished. Chelsea [formerly Bradley] Manning was sentenced to 35 years in jail for revealing US war crimes and embarrassing the US with the release of non-secret diplomatic and military material. The partner of journalist Glenn Greenwald was stopped by British authorities at Heathrow Airport under UK anti-terrorism laws, detained and robbed of his possessions. American journalist Barrett Brown remains in jail facing charges that could carry prison terms totalling more than 100 years for sharing an internet link to material hacked from security firm Stratfor (and no, he didn’t do the hacking).

And in a moment of high farce, The Guardian was forced to go through the theatre of destroying IT devices at the request of the UK government, despite all parties understanding it would not affect the newspaper’s reportage – demonstrating that the default setting of the surveillance state is always toward absurdity.

This aggressive pursuit of whistleblowers and journalists stands in contrast to the willingness of governments to leak secrets for their own political purposes. Secrecy and the rule of law are for everyone else, not for governments, which routinely leak national security-related information for their own political purposes, even to Hollywood, and even when they damage national security.

We learnt from Snowden’s revelations that Australia forms a component of this vast surveillance state as part of its role in the Anglophone “Five Eyes” intelligence network.

We also learnt this year from the Australian Federal Police (AFP) that journalists and even MPs and senators who release material from whistleblowers and leakers can expect to have their telephone data handed over as police try to track down their sources.

But in other respects, the surveillance story in Australia has been a happier one. In June 2013, the federal parliament’s Joint Committee on Intelligence and Security declined to recommend that the government establish a data retention regime, something the agencies and the federal attorney-general’s department had been pushing for since the former Labor government was elected in 2007.

This was the result of politicians on all sides of the ideological divide being willing to seriously engage on the balance between basic rights and national security.

It’s important to understand that data retention is mass surveillance. It is not, as claimed by security and law enforcement agencies, a mere extension of analog-era information-gathering powers into the digital realm. Retention, even of metadata alone, enables 24-hour physical tracking of users via their mobile phone location. And retention of all data allows the establishment of patterns of interaction among users, even those not targeted for operational purposes, that traditional wiretaps could never provide.

In some ways, the content of communications is less important than the metadata that agencies want to retain. As the AFP admitted in relation to journalists and politicians, their phone records’ metadata can lead police straight to their sources.

Apart from its direct effects, mass surveillance creates suspicion. IT companies in the US are now learning about the price of surveillance as customers discover that their cloud provider or Apple, Microsoft, Facebook and Google have facilitated the systematic breach of their privacy (but were prohibited from revealing it by US government gag orders). All products or services from American IT or communications companies must now be assumed to enable US government surveillance of users.

Caveat emptor.

Your smartphone, as Julian Assange likes to note, is a surveillance device that also makes calls. Now there’s an iPhone that takes your fingerprint (and by the way, you can change a stolen credit card number, but it is somewhat harder to change a stolen fingerprint).

It is also particularly concerning that we do not know how extensive the NSA’s disruption of encryption has been. This is not an arcane issue for IT specialists: if encryption is undermined it provides the tools of tomorrow for criminals. This is true whether the undermining occurs through demands that IT companies provide a backdoor into a product (backed with a gag order), or by such serious corruption of industry encryption standards that the standards body has to publicly denounce its own NSA-approved standards.

Once you undermine encryption, you undermine it for everyone – banks, businesses, journalists and other governments – as well as for terrorists and paedophiles.

Who can you trust online now? How do you know someone you work with, another member of a political party or activist group, a friend, an MP, has not had their phone or IT equipment accessed by intelligence agencies? What new encryption product can you trust to actually protect you if you want to communicate privately?

If you’re a whistleblower or confidential source, how do you know that a journalist, who may rather go to jail than reveal your name, doesn’t have poor IT hygiene and will be easily monitored by the government, or leave phone records that lead them straight to your door?

Mass surveillance, as free software activist Richard Stallman has pointed out, is ultimately incompatible with a free press since it will deter any whistleblower or non-government approved source from speaking to the media.

But the media still has a key role to play. It has the distribution platforms to inform citizens of the remorseless growth of surveillance and its abuse. It remains, even in an increasingly fragile commercial environment, the key institution pushing for greater transparency from governments.

To do this effectively, however, journalists, editors and producers need to change their working habits.

They need to achieve a working knowledge of basic encryption, surveillance techniques and IT hygiene so whistleblowers and other sources can contact them with confidence that it will not be straightforward to identify them or access journalists’ records.

Journalists must understand that they are automatically surveillance targets in everything they do, and use effectively encrypted IT and communications and information storage as a default, as well as avoiding using systems that are easily accessible. They also need the judgment to know when electronic communications should be abandoned altogether.

They need to be permanently sceptical of any unevidenced assertion that the needs of national security outweigh the need for disclosure, transparency and accountability, or justify industrial-scale invasions of privacy. Journalists should never be apologists for state secrecy and surveillance.

And they need to understand that free speech, a free press and ultimately democracy itself are threatened by mass surveillance, particularly mass surveillance conducted in secret. In a surveillance state, the media can never effectively play the watchdog role that remains its ultimate civic justification.

The world, the internet and the media have been changed by the revelations of whistleblower Edward Snowden. Australian journalists need to work hard to preserve what freedom from surveillance we have left.


Bernard Keane is Crikey’s political editor and writes on politics, media and economics. He is the author of The War on the Internet (2011)

Peter Sheehan is a writer, illustrator, designer and storyboard artist;