The heretic leak and the policy leak

BY Saurav Datta| IN Privacy | 16/06/2013
The secrecy with which fiendishly vast surveillance powers are being exercised flies thick in the face of all constitutional and legal principles.
SAURAV DATTA decodes aspects of PRISM. PIX: Screenshot of PRISM slide on The Guardian website.

Edward Snowden and Glen Greenwald's disclosures about Prism and Boundless Informant,- the US government's National Security  Authority's (NSA) top-secret, sweeping, surveillance programme and datamining tool, respectively, has left us quite gobsmacked- primarily because of the dizzyingly dystopian future which once seemed to exist only in the realms of literature that has hit us in the form of reality. Orwellian, Kafkaesque, Panopticon-like…adjectives have flown in thick and fast. Valorization and vilification of Glen Greenwald and Edward Snowden- the whistleblowers at the bottom of it all -have been following in equal measure.

Coming as it did close on the heels of the disclosure of how the US government had been snooping on the Associated Press's reporters and the ongoing persecution of "conscientious objector" Bradley Manning, can we afford to remain oblivious, reposing faith in the benign, protective State? Or remain smug in the belief that privacy is only some mythical, esoteric concept, and that because of the looming threat of "terrorism" (a concept whose gross abuse - as a reason for waging illegal wars to continuing torture has become evident) the government is entitled to award itself with a carte blanche order to trample upon civil liberties?

Moreover, in this careening from one incident of privacy annihilation to another, more sinister in magnitude than the previous one, what are the concerns which need to be addressed, and NOW?

Privacy
First, the most illusory seems to be the all-too-common refrain- that privacy is another form of secrecy, and since 'I-have-got-nothing-to hide' and 'I -have-committed -no-wrong', not even a hair on my head is in danger. Computer-security specialist Bruce Schneier notes, that the nothing-to-hide argument stems from a faulty "premise that privacy is about hiding a wrong." Surveillance, for example, can inhibit such lawful activities as free speech, free association, and other cherished civil liberties rights essential for democracy.

The fallacy of this line of argument is further reinforced by the role of metadata which was being tracked by Prism. This 'non-content data' (basically, the government is tracing the sources of our communication- who all, where we are speaking to, rather than the content of this communication) is not innocuous at all. Susan Freiwald of the University of San Francisco Law School in Uncertain Privacy: Communication Attributes After The Digital Telephony Act (1997) explains how gathering this kind of non-content data can go wrong:

"For example, some information can be used to incriminate those who communicate with people involved in criminal enterprises. Further, some information can incriminate even without connecting the subject to other suspects. Several courts have held that an unusual volume of calls made immediately before, during, and after sporting events furnishes strong evidence that the caller is engaged in a gambling operation. Besides incriminating those who violate the law, communication attribute information yields evidence of those with whom one associates, and the sources of one's information."

Secrecy- Section 215 of the Patriot Act and the Foreign Intelligence Surveillance Act (FISA)
Second, there is a fundamental difference between the specific requests made by intelligence agencies to telephone and Internet companies, and the vast dragnet that Prism has proved to be.

Lest we get entangled in the 'security (from terrorism) versus privacy' trap, it is made clear at the very outset that it is not the surveillance per se which the glaring problem is. Rather, it is the absolute secrecy with which such fiendishly vast powers are being exercised, that flies thick in the face of all constitutional and legal principles.

Section 215 allows the FBI (Federal Bureau of Investigation) to order any person or entity to turn over "any tangible things," so long as the FBI "specifies that the order is "for an authorised investigation... to protect against international terrorism or clandestine intelligence activities." (Emphasis supplied). Neither probable cause, nor even reasonable grounds to believe, that the person whose records it seeks is engaged in criminal activity. Those served with Section 215 orders are prohibited from disclosing the fact to anyone else. Those who are the subjects of the surveillance are never notified that their privacy has been breached- how, when, and how many times.

This violates two fundamentally critical rights. One- the right to privacy (guaranteed by the Fourth Amendment) - by authorizing searches without a warrant and without showing probable cause. Two- and this is what makes the violation more egregious is the fact that Section 215 might be used to obtain information about the exercise of First Amendment (Free Speech) rights, thereby trampling on that, too. For example, the FBI could invoke Section 215 to require a public library to produce records disclosing who had borrowed a particular book or to produce records showing who had visited a particular web site.

The worst case scenario is this- one cannot even sue for suspected breach of privacy, because since there is no evidence to prove that surveillance had been mounted and was being carried on (and the government cannot be directed to disclose any), courts can hold that there is no locus to file the suit in the first place! In fact, some courts have already thrown out lawsuits filed by the ACLU (American Civil Liberties Union) specifically on this ground.

The secret court set up under the FISA makes matters unimaginably worse. This court was established in 1978 to curb the depredations of the CIA, FBI and NSA during the Lyndon Johnson and Nixon regimes. The sheer irony of the present situation is evident from the court's order against Verizon (a telecommunication company). This order, which Greenwald leaked, and made available here: http://ht.ly/m1P0h expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the order itself. And Greenwald, as we all know, will be facing a leak persecution for putting this order in the public domain.

"Secrecy begets tyranny", said Robert Heinlein in Stranger in a Strange Land (1961). I do not think anything other than the above can be a better exemplifier than this inexorable secrecy.

Whistleblowers' "leaks"- Acts of patriotism or treason?
Third, how do we evaluate "leaks" and the intrepid people who make them a reality, and the governments who relentlessly persecute whistleblowers? Jack Schafer in this Reuters column succinctly nails the galling hypocrisy of governments, especially the US government, by lucidly demarcating a "heretic leak" (one done by Snowden) from a "policy leak" (one, containing equally sensitive information, authorized for reaping political gains.)

"Sovereignty" in the digital and cyber-age
Fourth, when it has been established that the tentacles of surveillance have transcended all geographical and national boundaries- though the NSA, Google and Facebook have had their knickers in a twist in trying to vehemently deny this, what does "Sovereignty" as defined in International Law mean in the Digital Age? Does cyberspace have its own rules? Can 'Superpowers', in cahoots with technology behemoths, violate these so-called and amorphous rules with impunity?

The Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, Frank La Rue, in his report to the UN Human Rights Council outlines in painstaking detail how surreptitious monitoring of the Internet, worsened by absence of laws and shutting out judicial oversight, is tantamount to one of the gravest contraventions of human rights. La Rue's warnings have turned out to be eerily prescient, as the recent spate of events show.

Do we in India have anything to fear?
This seems to be nothing but a rhetorical question. The Indian government's vaunted Central Monitoring System (CMS) , with its tertiary branches like the Mumbai Police Cybercrime Cell's  Social Media Lab, along with the cavernous void of privacy, safeguard and proper communication regulation laws, has already set the cat among the pigeons, and for good reason.  This precariousness is exacerbated when Milind Deora, Minister of State for Information Technology lavishes praise on the CMS (India's version of Prism): ' (It)"is a good tool" which will "ensure and protect your privacy".'

Is there any way out of this vicious web?
Lawrence Lessig, in this The Daily Beast article giving almost a clarion call for exploring the relationship between "law and code", the vast terrains of the Internet and robustly- established civil liberties and human rights standards, says  "Trust us" does not compute. But trust and verify, with high-quality encryption, could.  No conscientious, sensible denizen of the Digital Era can afford to ignore Lessig, except at his own peril.