Sunday, June 08, 2014

Don't spy on us!


Very inspiring today to see over 500 people turn up for the Don't Spy On Us coalition's day of action, on the first anniversary of Edward Snowden's leaks. There were some great speeches - amongst others from Bruce Schneier, Jimmy Wales, Duncan Campbell and Shami Chakrabarti. 

Here are my notes for my own panel remarks:

Maintaining privacy online is an ongoing struggle. We need changes in both technology and law.

Encrypting everything is a good starting point, and will raise the cost of mass surveillance. But it is not a panacea - it is not nearly easy enough yet for the majority of users, and anyway many organisations hold user data without sufficient organisational and technical controls to adequately protect it. 

NSA’s TURBINE programme is designed to allow control of millions of compromised systems. Even at much lower levels of sophistication, we see millions of machines in botnets. Where the Five Eyes states lead, other nations and then criminals will follow. We need much better tools for producing and verifying trustworthy systems.

Technologists can also help by developing useable open source security tools for non-geeks (GPGTools is a good example). But it's also important to work on standards (like the IETF) and find other ways to get mainstream providers to beef up security (like Google’s TLS monitoring).

One important benefit of the Snowden disclosures has been to force legal discussion of foreign intelligence collection into the open. This was previously an almost undiscussed area of international law. It's important to push stronger standards (like the Necessary & Proportionate principles) and even more importantly, to enforce them - through courts, the UN, international political processes like EU-US treaty negotiations - and every other available forum (such as the Council of Europe, WTO, TTIP…) 

This can be a boring unglamorous slog, and eats up campaign groups’ already scarce resources. But the anti-privacy voices in those venues have to be consistently countered. 

The most important way to protect online privacy is political. It takes thousands of loud voices to persuade politicians over the soothing noises of the security agencies (and the tabloid newspapers that think you can never have enough surveillance). We need many more Julian Hupperts, Claude Moraes and David Davises, in national and European parliaments, to get the long-term legal reforms required. So I hope everyone in this room is already a member of at least one campaign group like ORG or Liberty - and will get more involved in activism on these issues in future. 

No comments: