US Supreme Court judges Samuel Warren and Louis D. Brandeis, in 1890, ruled that privacy was a human right — as part of right to liberty. This was in the context of new technology — the printing press — that was invading the privacy of influential citizens of the US.
In the era of information technology, which is growing at an exponential pace, laws have been created by governments to keep citizens’ personal data private from the prying eyes of the state. Likewise, the protection of consumers’ personally identifiable information (PII) collected by corporates, while providing services to customers, is also mandated by laws.
Profiling a person is strictly prohibited under these laws, with privacy being almost a fundamental right of a citizen and a consumer. But then came the Patriot Act, and the Foreign Intelligence Surveillance Act (FISA) amended in 2008 in the US! And things changed.
In the name of gathering intelligence on foreigners for counter-terrorism, a massive programme for intercepting all phone calls from all telcos without interruption began, though ostensibly for collecting only metadata. Likewise, electronic surveillance of the Internet began, to monitor all that anyone in the US does online — using email, chat, blogs, Skype, Facebook, search, e-commerce, web browsing, Google, Yahoo…
It includes all of the global traffic, which is over 75 per cent, that passes through US gateways and servers. The whole world is practically under surveillance by the US National Security Agency (NSA).
In the name of counter-terrorism, the US government has suspended the privacy rights of its citizens. It has suspended the Fourth Amendment, since search and seizure of all citizens is being carried out under the amended FISA without any warrant.
It has suspended the First Amendment, since the freedom of expression on the Internet, so assiduously propagated by it across the world, has been curtailed. Even Facebook ‘likes’ that are critical of the US foreign policy are said to be feeling the heat of law-enforcement.
No internet privacy
Encrypted transactions are no longer secure, since the NSA has all the keys, with the voluntary help or coercion, of all the technology companies. Recent revelations by Edward Snowden in The Guardian and the New York Times have confirmed the worst fears of all those interested in the growth of the Internet.
Glenn Greenwald’s revelations of Snowden documents on September 6 are chilling. There is no Internet security or privacy, since the NSA has defeated all encrypted communications — not only normal mails and chats, but even real-time transactions in secure protocols. “…. methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and — the most closely guarded secret of all — collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities — known as backdoors or trapdoors — into commercial encryption software.”
No wonder, Bruce Scheneier, noted security expert and cryptographer, says: “Government and industry have betrayed the Internet and us.
By subverting the Internet at every level to make it a vast, multilayered and robust surveillance platform, the NSA has undermined a fundamental social contract.
The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back.”
Now a word about cyber espionage. The US has carefully created world opinion to focus on cyber espionage conducted by China to steal industrial and state secrets.
But the enormity of its own global surveillance programme is just beginning to emerge. Its objective is not confined to the ‘noble cause of counter-terrorism’. Surely, it did not need to read the private correspondence of the presidential candidate in Mexico. Nor that of Brazilian President Dilma Rousseff.
The continued Snowden revelations show that the US is guilty of conducting cyber espionage too. Brazil has been spied upon for commercial and industrial data too.
The NSA has attacked Petrobras — the Brazilian state-run oil giant. The stolen data is likely to provide undue advantage to some companies in the upcoming auctions for oil exploration. It is also accessing all airlines, and financial data such as electronic fund transfer through the global network SWIFT.
Saying one thing...but
The US keeps shifting its statements as new revelations emerge. The Department of Defence said that it does not engage in economic espionage in any domain, including cyber.
But now we hear James Klapper, Director, US National Intelligence, say that “it is not a secret that the intelligence community collects information about economic and financial matters, and terrorist financing”.
He is trying to couch it with the holy objective of preventing financial crises, and global market meltdowns, in addition to preventing terrorist attacks.
The story does not end here. Encryption products, in the future, will come with backdoors, as revealed by Greenwald: “The document sets out in clear terms the programme’s broad aims, including making commercial encryption software “more tractable” to NSA attacks by “shaping” the worldwide marketplace and continuing efforts to break into the encryption used by the next generation of 4G phones.”
Whither privacy? Why must there be laws for privacy protection, or global data flows, if such large-scale surveillance of nearly everyone is being carried out by the US and its ally, the UK?
Seems that the Europeans are living in a make-believe world of their own, with stringent data protection laws that are toothless in the face of surveillance carried out ostensibly for counter-terrorism. Should they worry about data flows from Europe to India anymore?
The US has been at the forefront of preaching to the world that respecting privacy and internet freedom of expression is good business, apart from being good for human rights. Former Secretary of State Hillary Clinton had said that “..censorship should not be in any way accepted by any company from anywhere… American companies need to make a principled stand. This needs to be our national brand…”
But she did not say that they have to make an exception for the US government’s surveillance of the entire world!
The former Brazilian president Luis Inacio Lula da Silva recently said: “The US President should apologise to the world for thinking that it can control global communications and violate the sovereignty of other countries.
The US can’t just snoop on the activities of India, Brazil, China and other countries. This is very serious.”
Rousseff sent a strong message on September 18 when she called off her state visit to the White House to protest American surveillance. For counter-terrorism, there has to be a political solution to the surveillance problem, in the form of acceptable rules of the road for cyberspace.
As more skeletons will surely emerge in the coming weeks, Internet governance is back on the table with a vengeance.
(The author is CEO, Data Security Council of India. Views are personal.)