electronic surveillance and privacy 130916
TRANSCRIPT
Electronic surveillance and privacy
in the light of the Snowden affair
fil. kand, jur. kand, LL.M. jur. dr.
Mark Klamberg
senior lecturer public international law, Uppsala University
16 September 2013
Outline
I. Programs and applications covered in
media as a result of the Snowden affair
II. What is the purpose of intelligence?
III. How does modern surveillance work?
IV. Is it legal?
V. Why are we having this discussion now?
VI. What is privacy?
Programs and applications
covered by media 2013 (selection)
NSA (USA)
• PRISM - social media (downstream)
• Blarney, Fairview, Stormbrew, Oakstar - upstream collection
• PINWALE - metadata database
• Xkeyscore (NSA, BND) - search and analysis tool
• Marina - internet metadata database
• Mainway - telephone metadata database
• Bullrun - weaken encryption standards
GCHQ (UK)
• Tempora - upstream collection
• Edgehill - weaken encryption standards
NSA, GCHQ, CSE, DSD, GCSB (USA, UK, CAN, AUS, NZ)
• FiveEyes - cooperation agreement,
exchange of data
DGSE (France)
• “Big Brother français” (Le Monde 4 July 2013) - upstream collection, metadata
database
FRA (Sweden)
• “FRA-law” - upstream collection
• Titan - metadata database
• “The third pillar” - cooperation agreement,
exchange of data
Str
ess o
n s
ocie
ty
Start of
reaction
Time
Normal state
of society
Start of crisis
Stress on society
Robustness
Early warning
Reaction
For each sector of society
there is a balance
Source: Civil Security, Saab AB
What is the purpose of surveillance?
5
We humans leave electronic footprints after us, in the form of
credit card payments, visits to websites, records of phone calls
and e-mail (communication data). Imagine that somebody could
collect everything and process it through a powerful computer.
With the right tools one could find patterns that in detail describe
what groups and networks you belong to. Such techniques are
referred to as traffic analysis and social network analysis
Traffic analysis and social
network analysis
6
With traffic analysis social networks may be identified
A communication pattern can depict relations between individuals,
Organisations, websites, etc with purpose of charting the social networks,
position of power, views and other personal data about an individual.
The actual message is less important than
the information about the sender, recipient,
the time of transaction, and means of
communication. Knowledge about the
communication pattern and thus
the social network of person is often enough
Individual
How does it work?
Panopticon (Bentham)
Liberals
Colleagues in the HagueCentre liberals and
conservatives
Jews
Running
Colleagues in Stockholm
Homosexual liberals
Colleagues Blekinge
Friends in Lund
Social network analysis with
Application: ”Friend Wheel”
9
USA
Organization: National Security Agency (NSA)
Legislation: FISA
Cases (multiple): Smith v. Maryland (1979), Hepting v. AT&T (2012),
Jewel v. NSA (2013)
United Kingdom
Organization: Government Communications Headquarters
(GCHQ)
Legislation: RIPA
Case: Liberty et al. v. The United Kingdom, Kennedy v.
United Kingdom
Is it legal?
10
France
Organization: Direction Générale de la Sécurité Extérieure
(DGSE)
Germany
Organization: Bundesnachrichtendienst (BND)
Legislation: G 10-law (Gesetz zur Beschränkung des
Brief-, Post- und Fernmeldegeheimnisses)
Case: Weber and Saravia v. Germany
Denmark
Organization: Forsvarets Efterretningstjeneste (FE)
Legislation: 17 § forsvarsloven
Is it legal?
11
Technological change
Until the end of the 1990s satellites were the main
medium for international communication. Now it is
fiber optics in cables controlled by private companies.
Shift in Threats Relevant for National Security
The perceived threat from the Soviet Union has been replaced with vague threats such
as terrorism, international criminality, migration, environmental threats and financial
imbalances
New Legal Demands
The European Convention on Human Rights requires that interferences in the private
life and family has a legal basis (article 8)
Privatization
Telecom operators were previously state-owned and controlled. Now they are private
companies whose priority is to safeguard the interests of their customers, not the
interests of the state
Why are we having discussion now?
12
Considering the changes in the 1990s:
The technological change and privatization creates a need to adopt
legislation or other binding measures that obligates the private operators to
surrender communication to the State. This makes the existence of
previously top secret surveillance public knowledge
The shift in perceived threats creates a need to expand the mandate or
codify an already expanded mandate of signal intelligence organizations
The public knowledge about this surveillance and new legal demands
creates a need for legislation protecting privacy
Why legislation?
Panopticon (Bentham)
Solove, A Taxonomy of Privacy, 2006
What is privacy?
14
Bamford, James, The Shadow Factory: The Ultra-Secret NSA from 9/11 to the
Eavesdropping on America, Doubleday, New York, 2008
Klamberg, Mark, FRA and the European Convention on Human Rights - A Paradigm
Shift in Swedish Electronic Surveillance Law in “Overvåking i en Rettstat,Nordisk
årbok i rettsinformatikk” (Nordic Yearbook of Law and Information Technology),pp.
96-134, Fagforlaget, Bergen 2010
Aldrich, Richard J., GCHQ: The Uncensored Story of Britain's Most Secret
Intelligence Agency, Harper Press, London, 2010
Fura, Elisabet and Klamberg, Mark, The Chilling Effect of Counter-Terrorism
Measures: A Comparative Analysis of Electronic Surveillance Laws in Europe and
the USA in Josep Casadevall, Egbert Myjer, Michael O’Boyle (editors), “Freedom of
Expression – Essays in honour of Nicolas Bratza – President of the European Court
of Human Rights”, Wolf Legal Publishers, Oisterwijk, 2012, pp. 463-481
Read more
Questions?
