Storm Clouds Gathering
Dec. 9. 2015
The first UN privacy chief has said the world needs a Geneva convention style law for the internet to safeguard data and combat the threat of massive clandestine digital surveillance.Speaking to the Guardian weeks after his appointment as the UN special rapporteur on privacy, Joseph Cannataci described British surveillance oversight as being “a joke”, and said the situation is worse than anything George Orwell could have foreseen.He added that he doesn’t use Facebook or Twitter, and said it was regrettable that vast numbers of people sign away their digital rights without thinking about it.One thing that is certainly going to come up in my mandate is the business model that large corporations are using“Some people were complaining because they couldn’t find me on Facebook. They couldn’t find me on Twitter. But since I believe in privacy, I’ve never felt the need for it,” Cannataci, a professor of technology law at University of Groningen in the Netherlands and head of the department of Information Policy & Governance at the University of Malta, said.Appointed after concern about surveillance and privacy following the Edward Snowden revelations, Cannataci agreed that his notion of a new universal law on surveillance could embarrass those who may not sign up to it. “Some people may not want to buy into it,” he acknowledged. “But you know, if one takes the attitude that some countries will not play ball, then, for example, the chemical weapons agreement would never have come about.”Cannataci came into his new post in July after a controversial spat involving the first-choice candidate, Katrin Nyman-Metcalf, who the Germans in particular thought might not be tough enough on the Americans.But for Cannataci – well-known for having a mind of his own – it is not America but Britain that he singles out as having the weakest oversight in the western world: “That is precisely one of the problems we have to tackle. That if your oversight mechanism’s a joke, and a rather bad joke at its citizens’ expense, for how long can you laugh it off as a joke?”However, Cannataci says we are dealing with a world even worse that anything Orwell could have foreseen. “It’s worse,” he said. “Because if you look at CCTV alone, at least Winston [Winston Smith in Orwell’s novel 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already.“The way we handle it is going to be the difference. But Orwell foresaw a technology that was controlling. In our case we are looking at a technology that is ever-developing, and ever-developing possibly more sinister capabilities.” Because of this, the Snowden revelations were very important, he said.“We have a number of corporations that have set up a business model that is bringing in hundreds of thousands of millions of euros and dollars every year and they didn’t ask anybody’s permission. They didn’t go out and say: ‘Oh, we’d like to have a licensing law.’ No, they just went out and created a model where people’s data has become the new currency. And unfortunately, the vast bulk of people sign their rights away without knowing or thinking too much about it,” he said.
"ISIL's M.O. is to broadcast on Twitter, get people to follow them, then move them to Twitter Direct Messaging" to evaluate if they are a legitimate recruit, he said. "Then they'll move them to an encrypted mobile-messaging app so they go dark to us."
The FBI can get court-approved access to Twitter exchanges, but not to encrypted communication, Comey said. Even when the FBI demonstrates probable cause and gets a judicial order to intercept that communication, it cannot break the encryption for technological reasons, according to Comey.
But the question is are we going to allow a means of communications which it simply isn't possible to read. My answer to that question is: no, we must not.
For David Cameron's proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you've downloaded hasn't been tampered with.
* All Britons' communications must be easy for criminals, voyeurs and foreign spies to intercept.
* Any firms within reach of the UK government must be banned from producing secure software.
* All major code repositories, such as Github and Sourceforge, must be blocked.
* Search engines must not answer queries about web-pages that carry secure software.
* Virtually all academic security work in the UK must cease -- security research must only take place in proprietary research environments where there is no onus to publish one's findings, such as industry R&D and the security services.
* All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped.
* Existing walled gardens (like IOs and games consoles) must be ordered to ban their users from installing secure software.
* Anyone visiting the country from abroad must have their smartphones held at the border until they leave.
* Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons.
* Free/open source operating systems -- that power the energy, banking, ecommerce, and infrastructure sectors -- must be banned outright.
Today, with almost everyone carrying a networked device on his or her person, ubiquitous encryption provides essential security. If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.