electronic surveillance of communications 100225

31
1 Electronic Surveillance of Communications - Master Programme in Law and Information Technology - Course C 2010. Development and Management of Information Systems in a Legal Perspective - Course C, block 5. Identification and Control technologies Mark Klamberg, doctoral candidate

Upload: klamberg

Post on 19-May-2015

1.388 views

Category:

Education


0 download

DESCRIPTION

Presentation used in Master Programme in Law and Information Technology, Stockholm University, 25 February 2010

TRANSCRIPT

Page 1: Electronic Surveillance of Communications 100225

1

Electronic Surveillance of Communications

- Master Programme in Law and Information Technology- Course C 2010. Development and Management of Information

Systems in a Legal Perspective- Course C, block 5. Identification and Control technologies

Mark Klamberg, doctoral candidate

Page 2: Electronic Surveillance of Communications 100225

Outline

Background

1. Changes in Our Society

2. Why legislation

3. How does it work?– Traffic analysis and social network analysis– Data mining– Impact on society: From Panopticon to Panspectron?

Discussion

5. Academic discourse (Solove v. Kerr)

6. Constitutional Protection and the ECHR

7. How does it work at home?

8. The involvement of Courts

Legislation

9. Defining content and traffic data

10. Four fields of legislation

11.EU Data Retention Directive

12.Signal Intelligence

Page 3: Electronic Surveillance of Communications 100225

New types of legislation concerning

electronic surveillance of communications

1. Data retention of traffic data

2. Signal intelligence (strategic monitoring)

Page 4: Electronic Surveillance of Communications 100225

4

Changes in Our SocietyTechnological changeUntil the end of the 1990s satellites were the main medium for international communication. Now it is fiber optics in cables controlled by private companies.

Shift in Threats Relevant for National SecurityThe perceived threat from the Soviet Union has been replaced with vague threats such as terrorism, international criminality, migration, environmental threats and financial imbalances

New Legal DemandsThe European Convention on Human Rights requires that interferences in the private life and family has a legal basis (article 8)

PrivatizationTelecom operators were previously state-owned and controlled. Now they are private companies whose priority is to safeguard the interests of their customers, not the interests of the state

Page 5: Electronic Surveillance of Communications 100225

5

Signal Intelligence- why legislation?

Considering the changes in the 1990s:

The technological change and privatization creates a need to adopt legislation or other binding measures that obligates the private operators to surrender communication to the State. This makes the existence of previously top secret surveillance public knowledge

The shift in perceived threats creates a need to expand the mandate or codify an already expanded mandate of signal intelligence organizations

The public knowledge about this surveillance and new legal demands creates a need for legislation protecting privacy

Page 6: Electronic Surveillance of Communications 100225

6

Data retention - why legislation?Communication providers have stored traffic data (who is phoning who and when) about the phone calls of their customers for billing purposes. Law enforcement agencies have used such data in order to detect, prevent and investigate crime

Nowadays, consumers are turning to flat-rate subscriptions and voice over IP-services (for example Skype). Thus, there is no need to retain traffic data for billing purposes.

Law enforcement agencies still want/need traffic data.

Page 7: Electronic Surveillance of Communications 100225

7

We humans leave electronic footprints after us, in the form of credit card payments, visits to websites, records of phone calls and e-mail (communication data). Imagine that somebody could collect everything and process it through a powerful computer. With the right tools one could find patterns that in detail describe what groups and networks you belong to. Such techniques are referred to as traffic analysis and social network analysis

Traffic analysis and social network analysis

Page 8: Electronic Surveillance of Communications 100225

8

With traffic analysis social networks may be identified A communication pattern can depict relations between individuals, Organisations, websites, etc with purpose of charting the social networks, position of power, views and other personal data about an individual.

The actual message is less important than the information about the sender, recipient, the time of transaction, and means of communication. Knowledge about the communication pattern and thus the social network of person is often enough

Individual

Page 9: Electronic Surveillance of Communications 100225

U.S. National Research Council, report October 2008

“Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment”

Page 10: Electronic Surveillance of Communications 100225

Two general types of data mining techniques

1. Subject-based data mining

2. Pattern-based data mining

U.S. National Research Council“Protecting Individual Privacy in the Struggle Against

Terrorists: A Framework for Program Assessment”

Page 11: Electronic Surveillance of Communications 100225

Subject-based data mining

Subject-based data mining uses an initiating individual or other datum that is considered, based on other information, to be of high interest, and the goal is to determine what other persons or financial transactions or movements, etc., are related to that initiating datum.

U.S. National Research Council

Page 12: Electronic Surveillance of Communications 100225

Pattern-based data mining

Pattern-based data mining looks for patterns (including anomalous data patterns) that might be associatedwith terrorist activity—these patterns might be regarded as small signals in a large ocean of noise.

U.S. National Research Council

Page 13: Electronic Surveillance of Communications 100225

When to use the two different techniques

In the case of the decentralized group, subject-based data mining is likely to augment and enhance traditional police investigations by making it possible to access larger volumes of data more quickly. Furthermore, communications networks can more easily be identified and mapped if one or a few individuals in the network are known with high confidence.

By contrast, pattern-based data mining may be more useful in finding the larger information footprint that characterizes centrally organized terrorist groups.

U.S. National Research Council

Page 14: Electronic Surveillance of Communications 100225

Utility of pattern-based data mining

The utility of pattern-based data mining is found primarily if not exclusively in its role in helping humans make better decisions about how todeploy scarce investigative resources, and action (such as arrest, search, denial of rights) should never be taken solely on the basis of a data mining result.Automated terrorist identification through data mining (or any other known methodology) is neither feasible as an objective nor desirable as a goal of technologydevelopment efforts.

U.S. National Research Council

Page 15: Electronic Surveillance of Communications 100225

Panspectron (Delanda)

“There are many differences between the Panopticon and the Panspectron being assembled at the NSA. Instead of positioning some human bodies around a central sensor, a multiplicity of sensors is deployed around all bodies: its antenna farms, spy satellites and cable-traffic intercepts feed into its computers all the information that can be gathered. This is then processed through a series of “filters” or key-word watch lists. The Panspectron does not merely select certain bodies and certain (visual) data about them. Rather, it compiles information about all at the same time, using computers to select the segments of data relevant to its surveillance tasks.”

Panopticon (Bentham)

Page 16: Electronic Surveillance of Communications 100225

16

Discussion

Based on the material distributed, discuss for 15 minutes:

1. When does the interference with privacy occur in relation to systems of mass surveillance of electronic communication?

2. How does the American system differ from the legal regime under ECHR in its approach to the content/non-content distinction?

3. In the country you come from, do you have any regulations concern signal intelligence/strategic monitoring/surveillance for intelligence purposes? If not, does your country still have a state agency similar to the NSA, GCHQ, BND and FRA?

4. Is it appropriate to involve courts in issues concerning the implementation of policies on national security?

Page 17: Electronic Surveillance of Communications 100225

17

Defining content and traffic data

As opposed to the content of a message, traffic data is the information used by the communication network to deliver the message to or from the user.

In a telephone network, traffic data will reveal the number dialed (“to”), the originating number (“from”), the time of the call, and its duration.

In the internet context, traffic data will similarly reveal the “to” and “from” e-mail address, the instant message to and from account names, and the other administrative information the computers generate in the course of delivery

Compare with Orin Kerr: content and envelope information

Page 18: Electronic Surveillance of Communications 100225

18

Four fields of legislation

International communication

Domestic communication

PreliminaryInvestigation

Intelligence

N/A

1. Chapter 27 of the Code of Judicial Procedure

2. Chapter 6 section 22(3) of the Electronic Communications Act (2003:389)

3. Act on measures concerning certain serious crimes (2008:854)

1. Act on measures to prevent certain serious crimes (2007:979)

2. Chapter 6 section 22(3) of the Electronic Communications Act (2003:389)

Signal Intelligence Act (2008:717)

Page 19: Electronic Surveillance of Communications 100225

19

EU Data Retention Directive1. Data is retained for periods of not less than six months and not more than two years from the date of the communication

2. The data retained purports to the questions who was communicating with who, when the communication occurred, where was the communicating parties and what type of communication used.

3. No content data may be retained for the purpose of the directive.

4. The access for national authorities to the data is to be regulated through domestic law

Page 20: Electronic Surveillance of Communications 100225

20

Summary of the legislation adopted 18 June 2008:

IT- and telecom operators are obligated to transfer all communication in cables crossing Swedish borders to nodes controlled by the State

The Defence Radio Establishment will intercept communication and collect data at the nodes (signal intelligence)

Page 21: Electronic Surveillance of Communications 100225

21

Similar organizations, laws and programs USAOrganization: National Security Agency (NSA)Legislation: FISA United Kingdom Organization: Government Communications Headquarters

(GCHQ)Legislation: RIPACase: Liberty et al. v. The United Kingdom

Page 22: Electronic Surveillance of Communications 100225

22

Similar organizations, laws and programs FranceOrganization: Direction Générale de la Sécurité Extérieure

(DGSE)

GermanyOrganization: Bundesnachrichtendienst (BND)Legislation: G 10-law (Gesetz zur Beschränkung des

Brief-, Post- und Fernmeldegeheimnisses) Case: Weber and Saravia v. Germany

DenmarkOrganization: Forsvarets Efterretningstjeneste (FE)Legislation: 17 § forsvarsloven

Page 23: Electronic Surveillance of Communications 100225

23

Key Features of the Swedish law and the operations of the Defence Radio Establishment

1. Mandate for Surveillance by the Defence Radio Establishment

2. Clients

3. Review Mechanisms

4. Method – what is signal intelligence?Traffic analysis and social network analysis

5. Scope of Surveillance

Page 24: Electronic Surveillance of Communications 100225

24

1. Mandate of the Defence Radio Establishment

Mandate to monitor

1. external military threats, 2. factors relevant for peacekeeping operations, 3. international terrorism and international organized crime4. the development and proliferation of weapons of mass destruction and

arms control, 5. external threats against infrastructure (for example against information and

communication technology)6. conflicts outside of Sweden that effect international peace and security and 7. counter-intelligence8. international phenomena relevant for Swedish foreign-, security-, and

defence policy (Government and diplomatic correspondence?)

Page 25: Electronic Surveillance of Communications 100225

25

2. Clients (known)

1. The Government2. The Government office3. The Defence Forces4. The Police, including the Security Service (SÄPO)5. National Inspectorate of Strategic Products6. Swedish Customs Service7. Defence Materiel Administration Agency8. Defence Research Agency9. Civil Contingencies Agency

International Partners exist but unknown which those are.Could include NSA, GCHQ, BND, DGSE and FE

Excluded in Autumn 2009

Page 26: Electronic Surveillance of Communications 100225

26

3. Review Mechanisms1. Defence Intelligence Court

• Reviews applications for surveillance missions in advance• Professional judge and politically appointed lay-members

representing the majority and the opposition in Parliament2. Defence Intelligence Committee

• Reviews, inter alia, the integrity and use of the databases held by the Defence Radio Establishment

• Composed of a legal professional and politically appointed lay-members representing the majority and the opposition in Parliament

• Reports to the Government3. Internal oversight board inside the Defence Radio Establishment4. Ombudsman who report cases of misuse to the Parliamentary Ombudsman

(JO) or the Chancellor of Justice (JK), (proposal)5. Extraordinary review to be presented 2011 by the Data Protection

Authority and a parliamentary committee

Page 27: Electronic Surveillance of Communications 100225

27

4. Method – what is signal intelligence?

Information life cycle

1. Interception of messages and traffic data (meta data)

2. Processingi) Traffic analysis of traffic data (who is communicating with who)

ii) Cryptanalysis

iii) Analysis of the content of messages

3. Analysis with the use of other sources, for example Open Source Intelligence (OSINT)

4. Report to client

Page 28: Electronic Surveillance of Communications 100225

28

5. Scope of Surveillance

1. Fairly small amounts of messages are intercepted and processed Example from Germany, judgement of the First Senate of 14 July 1999, para. 89 :

The capacity of the Federal Intelligence Service (BND) permits the screening of approximately 15,000 acts of telecommunication per day out of a total of approximately 8 million telecommunications contacts between Germany and foreign countries. The material and personal resources of the Federal Intelligence Service, however, are not sufficient to evaluate all contacts.

Approximately 700 fall under the area of application of the G 10 Act. Only these acts are selected with the help of the search concepts.

About 70 of them are examined more closely by employees of the Federal Intelligence Service.

2. Traffic data (meta data) relating to all or large amounts of commun-ication is stored by the Defence Radio Establishment in a database (Titan)Example from the USA: The NSA Call database contains 1,9 trillion records which include the records of tens of millions of Americans

Page 29: Electronic Surveillance of Communications 100225

29

To consider…

Is this kind of data collection and surveillance…

• Consistent with the right to privacy? This is both a human right and a constitutional right.

• Efficient?

• Proportional?

• Confident and reliable in the sense that it provide accurate intelligence and not false alarms?

Page 30: Electronic Surveillance of Communications 100225

30

Questions?

Page 31: Electronic Surveillance of Communications 100225

31

Thanks!

Blog: www.klamberg.se

E-mail: [email protected]

Phone: +46 8 16 11 90