Rogers/Ruppersberger vs Leahy/Sensenbrenner vs Obama? NSA reform proposals and reactions

Ending bulk collection of phone records? Er, not yet.

This week: much talk of potential surveillance reforms.

Sadly, this sounds more hopeful than it is.

On Friday, the Fisa court order for bulk domestic phone records collection expired. An alternative to bulk collection was thus badly needed. Or so you would think. Except, there wasn’t that much of a hurry, really.

In absence of new legislation that reflects surveillance reforms, “[t]he administration [sought] approval from the Fisa court to continue the [bulk collection] programs for another 90-days […] until Congress passes a bill along the administration’s guidelines”. All rejoice. 90 more days (at least) of the same stuff.

Ironically, “[a]fter President Obama announced his willingness to really end the bulk collection of phone records under Section 215 of the Patriot Act, Senator Patrick Leahy pointed out that the easiest way to do that was to simply not ask the FISA Court to renew that authority this Friday when it expired”.

Yes, I suppose that would have been the easiest way. It also didn’t happen. The president may be willing to really end the phone bulk collection programme in the long term, but in the short to medium term the programme remains in place.

So far, so rubbish.

Mind you, it isn’t for lack of (as yet unlegislated) alternatives.

For an initial idea of what those alternatives are, take a look at the Guardian’s neat overview of the individual proposals here.

No, seriously, do it now.

Are you doing it?

Have you done it?


New legislation: competing proposals

One: the USA Freedom Act

So then let’s take a look at them – and some reactions – in a bit more detail.

We have already heard a lot about the so-called USA Freedom Act – introduced among others by the author of the Patriot Act, Jim Sensenbrenner. Also known as the Leahy/Sensenbrenner bill, it has “163 co-sponsors in both chambers” and “would prohibit the NSA from searching for Americans’ identifying information in its foreign-oriented communications content databases.”

In short, it would end bulk data collection. Which is good.

I commented on this here and I still think that it’s one of the more exciting proposals as it would “require a stronger burden of proof for data searches and limit some of the NSA’s other programs, including surveillance of overseas internet traffic”.

However, as of this week, it has a couple of rivals.

Two: Rogers and Ruppersberger

Most notable amongst those (and not for promising reasons) perhaps a new bill introduced by the leaders of the House Intelligence committee, Dutch Ruppersberger and Mike Rogers (of Snowden-denouncing notoriety), the tellingly – and may I add deceitfully – named End Bulk Collection Act of 2014.

Now, about this particular gem of proposed legislation, I am not sorry to say, I utterly fail to get excited.

Fine, superficially, the bill also ends bulk collection. It does not “require telecommunications firms to keep such records any longer than the current 18-month maximum, a significant shift away from the five years during which they are currently held by NSA” (but still plenty of time for some good snooping).

However, and this is crucial, it                      

would allow the government to collect electronic communications records based on “reasonable articulable suspicion”, rather than probable cause or relevance to a terrorism investigation, from someone deemed to be an agent of a foreign power, associated with an agent of a foreign power, or “in contact with, or known to, a suspected agent of a foreign power.

Think about this for a moment.

What this legislation would actually do, is to expand rather than rein in, some of the NSA’s powers.

Whereas “[t]he NSA’s current phone records program is restricted to a reasonable articulable suspicion of terrorism”, amending this to “reasonable articulable suspicion” while omitting the limitation to terrorism would significantly lower the legislative threshold.

As the Guardian reports, “the bill […] proposes the acquisition of such phone or email data for up to a year and would not necessarily require prior approval by a judge. Authorisation of the collection would come jointly from the US attorney general and director of national intelligence.”

Fails to inspire confidence? Same here. I am particularly intrigued by the little detail that it does “not necessarily require prior approval by a judge”.

So, “[i]n essence, the draft bill gets rid of bulk collection, but makes it easier for government authorities to collect metadata on individuals inside the US suspected of involvement with a foreign power.”

And while it cuts the current “three hops” approach down to two, this still means that

if you talked to someone who talked to a suspect, your records could be searched by the NSA. Coupled with the expanded “foreign power” language, this kind of law coming out of Congress could, arguably, allow the NSA to analyze more data of innocent Americans than it could before.


I cannot be the only one to whom the bill smacks (yet again) of too many secret dealings by the FISA court, the attorney general and Director of National Intelligence (who is that again? Oh yes. James Clapper! The guy who lied to Congress.) This seems more like a continuation of too little oversight than anything.

And, as we all know and Jameel Jaffer has pointed out once again oversight was flawed to begin with:

…there was an entirely one-sided system in which government attorneys presented the supposed interests of the intelligence community in the most expansive way possible, and the judges of a poorly resourced court tried unsuccessfully, and sometimes halfheartedly, to imagine what ordinary citizens might say in response.

Equally bad, or perhaps worse

the intelligence committees that were meant to serve as a further check on unwarranted government surveillance failed just as profoundly. They allowed the intelligence community to launch dragnet programs when narrower programs would have been equally effective. They allowed it to mislead the public about the scope of its surveillance activities. They allowed it to pretend that the government’s surveillance technology was directed at suspected terrorists abroad when in fact it was directed at ordinary citizens.

Criticisms: Basically, don’t trust Rogers and Ruppersberger

No wonder that Jim Sensenbrenner, author of the rival bill, criticises that the Rogers/Ruppersberger bill “limits, but does not end, bulk collection”.

Trevor Timm, of the Freedom of the Press Foundation, is more explicit. He sharply criticizes both the bill and its proponent Mike Rogers, writing that

…[a]s a general rule, whenever Mike Rogers […] claims a bill does something particular – like, say, protect your privacy – it’s actually a fairly safe assumption that the opposite will end up true. His new bill seems to have the goal of trading government bulk collection for even more NSA power to search Americans’ data while it sits in the hands of the phone companies.

Personally, I have as little confidence as Mr Timm in anything Mr Rogers says, not only because of his “long history of distorting the truth and practicing in outright fabrication” but also because of “his attempts to impugn [Edward Snowden’s] motives” who, as Timm correctly emphasises is “once again vindicated.”

And here is why else I don’t trust Rogers, Ruppersberger or their bill: in a “highly unusual” move this week – which Dustin Volz at the National Journal labels as a “procedural coup” – they sent their bill first to the House Intelligence committee rather than the Judiciary committee, which begs the question of what Rogers’ and Ruppersbergers’ interest in protecting people’s civil liberties really is.
It may be needless to say that the Judiciary Committee were “pretty outraged”: “The maneuver, [one staffer] said, puts NSA reform in “the hands of its biggest chearleaders”.”

Which points to the crux of the problem: there is a good reason for why “[t]he House judiciary committee has primary jurisdiction over the legal framework of [America’s] intelligence-gathering programs”. That’s because the spies or their supporters should not be the ones making the laws that govern spying. Separation of powers and all that…

And finally: the White House

Ah well. There is another proposal so not all may be lost.

After all, president Obama himself announced this week that he really, really intends to end bulk collection, a move which has been hailed as a “turning point”, marking “a new effort to reclaim our rights from the NSA and restore the public’s seat at the table of government” by the very man who exposed bulk surveillance – Edward Snowden.

I am assuming Mr Snowden got overexcited because at the time he hadn’t actually seen the proposal. I can tell you, it’s not that grand.

Under the White House proposal, the New York Times reports,

the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order.

Notably, the administration’s proposal entails a “judge’s prior approval for individual phone numbers” (emphasis added) as opposed Rogers and Ruppersberger’s proposed “review [of] the specific collection [by a judge] after the fact” which, frankly, seems like utter nonsense. Disapproval is useless once the action that is to be disapproved has been done.

Before you get all excited about the administration’s proposal though, do consider a couple of things that are wrong with it.

One, bulk records would still be held for up to 18 months by the phone companies. Like I wrote above, this plenty of time for…

Two, the judge whose prior approval the NSA would need, would likely be a FISA court judge which, once again, raises the question of responsible oversight: “the […] FISA court […] has a long record of rubber stamping government requests, no doubt in no small part because only the government is allowed to speak to the court”.

Mind you, there are a lot of questionable aspects of current surveillance practices that Obama’s proposed reforms don’t even mention. In fact, for a more in-depth dissection of what they do and don’t mention, I suggest you read Peter van Buren’s excellent article.

Certainly, Jameel Jaffer isn’t wrong to criticize that the White House Proposal does not go far enough, for example by cutting the three-hops approach down to two hops (still plenty of people).

Similarly, “[p]rivacy groups […] expressed wariness that Obama’s proposals […] only covered phone data,” leaving the door open for other data to be collected in bulk.

One of the problems is that

the reform proposals seem specific only to bulk phone records collected by the NSA under section 215 of the Patriot Act. They do not appear to apply to any other collections by the NSA (email, Skype, chat GPS, texts, and so on and on), or any other federal or state agency, or to any programs in place today that we are not aware of or which may be created in the future, perhaps in response to the reforms.

As Dan Gillmor writes, “we can’t even begin to feel reassured about the long-term trajectory of surveillance […], not when so much of our ordinary communications don’t take place on the usual phone-record system at all.” He also correctly asks if “are we talking about the right reforms here”. “Maybe,” he suggests, “we’re missing the larger point”. That larger point includes all data besides phone records. It also includes encryption.

Worryingly, under the administration’s new proposal, the NSA would not “be prevented from surreptitiously undermining online encryption standards”.

I fail to understand why that particular omission hasn’t caused more of a stir. Perhaps it’s because it went so casually un-mentioned that no one noticed.

After all, we have been hearing a lot over the past months about how important encryption is and why undermining encryption exposes every single user of the internet to all sorts of threats that need not even have anything to do with the NSA.

And there is another deeply concerning aspect that many of us so far may not have been aware of. Trevor Timm points out that “neither [the White House nor the Rogers/Ruppersberger] proposal touches the NSA’s under-reported and incredibly dangerous “corporate store”.

Haven’t heard of that? Neither had I. I guess that’s what under-reported means.


More scary stuff: the corporate store

Yet this corporate store is actually a very significant and spooky “shiny object”. It is “where queries from the collection store [the much-discussed dragnet] are kept for an undisclosed (and possibly indefinite) period of time.”

You see, “[t]hat store, according to the government’s official privacy and civil liberties watchdog, contains tens of millions of phone numbers, and analysts do not face any restrictions on searching through it”.

Essentially, what it allows the NSA to do is to “pull together both network maps and additional lifestyle information.”

So, ironically, “all the things NSA’s defenders have been insisting the dragnet doesn’t do […] Everything the defenders say the phone dragnet is not, the corporate store is.”

Told you they can make a map of our lives and add every single bit of information to it. Mind you, Edward Snowden told us too. Vindicated. Once again. I wonder if the man isn’t feeling incredibly chuffed by now. I would.


No change for Snowden: figure it out

Maybe he doesn’t. Because what of Edward Snowden, the man whose disclosure prompted these proposals for change?

“There’s no change in our position that he needs to return and face the felony charges against him,” says the US administration.

And while “[m]ost Americans disapprove of the blanket electronic eavesdropping carried out by the vast apparatus of U.S. security organs” and president Obama sympathizes, “Americans overwhelmingly believe that Edward Snowden […] is a traitor who harmed his country. Obama’s officials wholeheartedly concur with that view.”

As, apparently, do many Brits.

“It doesn’t make any sense at all,” writes Neil MacDonald, while Peter van Buren puts it this way:

after nine months of ignoring the Snowden revelations, downplaying the Snowden revelations, not telling the truth about the Snowden revelations, insulting the Snowden revelations, sending members of his administration to lie to Congress about the Snowden revelations and claiming everything the NSA does is legal, righteous and necessary to keep the barbarians outside the gates, Obama is coincidentally now proposing some “reforms” without acknowledging the Snowden revelations.

Or, in fact, Edward Snowden’s role in bringing these reforms about. There can be no question that “had it not been for Snowden, his administration would not be supporting legislation that would put an end” to bulk collection.

If the bulk collection programme ends and if mass surveillance is subjected to meaningful reform, then this is due to Edward Snowden. And yet the new insights that will be the basis for any reform and changes in legislation have prompted no change in the US government’s position or most people’s opinion concerning Edward Snowden.

Yes, I dare you to go away and make sense of that one.

Clearly, “congruence and logic do not matter where official secrets are concerned.”


Reality check, Mr Daly: Crimea isn’t Edward Snowden’s responsibility

Dear Mr Daly,

I know it may be considered a rude to start a letter to a stranger without preamble but then, your own recent open letter to Edward Snowden dove right in, so I am hoping you will empathize with my lack of decorum.

After all, at such times when one has pressing questions, no words can be wasted on pleasantries.

So then, my questions: are you serious? And if you are: is this going to become the new fashion: that whenever Vladimir Putin does something the international community dislikes it will prompt calls for Edward Snowden to “come home and face the music”?

I hope not. Because – and this should be obvious – one has nothing to do with the other. It didn’t during the Sochi Olympics and it certainly doesn’t now, with the conflict over Crimea getting worse by the day.

You call for Edward Snowden “to announce that [he] would rather face an American prison than endorse Putin’s thuggery with [his] continued presence in Russia.”

Surely, you don’t mean that. I mean, you are essentially asking Mr Snowden to stamp his foot like a petulant child (or Russian president), walk out and slam the door. No good has ever come out of that kind of behaviour.

What is more, your implied suggestion that Edward Snowden’s mere presence in Russia endorses Putin’s thuggery doesn’t quite follow.

Neither does the notion that Edward Snowden is under obligation to speak out against Russia’s actions because anything else would mean abetting international piracy.

But well. Let us, for the sake of the argument, assume that Edward Snowden would choose to give up his asylum in Russia to, as you request, go home and “face the music”.

What would happen, do you think? And who would it serve? Most importantly, exactly what difference would it make to Putin’s decisions regarding Ukraine?

I think the answer to the third question is, simply and obviously: very little. If the international community cannot make a dent in Putin’s resolve to annex Crimea and after that possibly other areas as well, what makes you think Edward Snowden could?

Oh right, you seem to believe that Edward Snowden has “true moral authority among many right thinking people.” Disregarding the fact that “right thinking” is by no means an unambiguous concept, you may have a point here: what Edward Snowden has to say matters to a lot of people.

But here’s the thing: I don’t believe that any of these people actually need a show of moralizing recklessness on Edward Snowden’s part to understand that Russia’s “policy” over Crimea would be a dangerous thing to endorse. So then, what exactly would be the “impact if [Mr Snowden] announced that [he] could no longer countenance Russia’s behaviour and [was] returning home”?

I have a hard time imagining that if international sanctions cannot sway Mr Putin that Edward Snowden’s leaving Russia would suddenly change his mind.

“Oh dear,” Mr Putin would certainly not say to himself. “Sanctions threatened by the US and the EU don’t impress me at all but if Edward Snowden, that glorious defender of people’s civil liberties that I have given shelter because I like him so much says I shouldn’t be doing this then perhaps I should reconsider my position.”

Much though I respect Mr Snowden, I daresay his moral authority over Russia and its president is rather limited.

Instead, what Mr Putin would probably think, would be something along the lines of: “Fair enough, Snowden, I’ve always thought you were a little weird, now you’ve got another strange idea. Suit yourself. You can take or leave the asylum, I don’t really mind. Was fun while it lasted and allowed me to poke the US in the eye but do you know what? You’re not that useful to me anymore, have fun in prison.” Although perhaps not in so many words.

To assume that Edward Snowden’s leaving the country in protest would accomplish anything other than land him in a US prison is hubris on your part, Mr Daly.

A similar kind of hubris, in fact, to the one that lets the leaders of certain nations assume that their views are more valid than those of others and that they are endorsed with more rights and freedoms or a more refined sense of morality.

Don’t get me wrong: I do believe that the crisis in Ukraine and Russian intervention warrant international action. But that hasn’t got anything to do with Mr Snowden, his revelations about the NSA, or – in fact – his motives. I’ll come back to that in a minute.

First though, let me ask you why, as both the US and the EU seem to be avoiding decisive action (29 of 120 potential individuals are being sanctioned, excluding Putin and his inner circle, and they don’t even seem that bothered), you expect Edward Snowden to give up his freedom to make a symbolic statement that, once again, governments aren’t willing to make themselves?

Just because Mr Snowden accepted asylum in Russia after being stranded at Sheremetyevo airport when the US cancelled his passport does not mean that he is under any kind of obligation to comment on the international shenanigans of the country that is temporarily playing host to him.

You blame Edward Snowden for ignoring one wrong in seeking to right another, implying that his silence makes him complicit in Russia’s actions.

Yet what you seem to be forgetting is that Edward Snowden is in Russia precisely because of the wrongs committed by many of those nations who are now seeking to right Russian wrongs.

The EU and US may be right to intervene in the Ukraine crisis. But that doesn’t alter the fact that the EU and US were wrong to persecute Snowden or to refuse him asylum, themselves violating the sovereignty of Ecuador when intercepting its president’s plane.

You seem to suggest that because Mr Snowden has chosen to attempt to right one wrong, he is automatically responsible for writing all other wrongs as well.

Now, I am sure that many of Mr Snowden’s supporters would happily cast him as some kind of superhero and watch him save the world single-handedly, but I honestly think that’s asking a little too much.

Last time I looked, Mr Snowden was not sporting a red cape, a lycra catsuit or wearing his briefs over his leggings. Although, funnily enough, the big golden letter “S” on the front of the suit I am referring to would actually go well with Edward’s last name.

Sorry, if I have lost you: my inner geek ran away with reason for a minute there.

But then, it seem that your inner something or other ran away with your reason too because you completely lost me in those last couple of paragraphs of your open letter.

You write that if Mr Snowden was arrested, he could “then steady [himself] with the example of Sister Megan Rice, the 84-year-old nun who was arrested along with two other peace activists after they made their way into a U.S. nuclear weapons facility in 2012” and who when “asked at her sentencing last month if she had anything to say” responded that “[t]o remain in prison for the rest of my life would be the greatest gift” for her.

I am sorry but I fail to see how that is a steadying example. Less so, as you go on to say that Edward Snowden would most likely receive many more years in prison than Sister Megan. And still you maintain that he should come home. I am sorry, but that makes no sense whatsoever.

Also, no disrespect to Sister Megan but either she was being ironic when she asked for a life sentence at 84 or, in line with her religious beliefs, she believed that life in the hereafter was what really mattered. We also need to entertain a third possibility, I am afraid. Namely the one that she was, bluntly put, a bit of a nutcase. Whatever prompted her request, even you, Mr Daly, clearly realise that, realistically, “life” means a different thing for her than for a 30-year-old.

What is more, if Edward Snowden did “come home”, for him to “face the music” would mean that he would not be able to defend himself properly in front of a jury because most likely, most of the information he could use to do so would not be admitted in court.

Asking him to do this, simply to make a political statement that one, has nothing to do with the wrongs he has revealed and two, would serve no one except those naysayers who have been questioning his motives for the past nine months (and who would then probably recommence going on about his being arrogant enough to believe that his actions make any difference regarding Russia’s policy) is, frankly, nonsense.

Let’s be realistic here: Edward Snowden cannot single-handedly change the world. He never claimed he could or suggested that this is what he intended to do. What he did intend to do was give the rest of us a chance of discussing whether or not we needed and wanted mass surveillance.

He said: “Look, this is what’s happening, it’s unconstitutional. In my opinion, you should know this. Discuss.”

For that he was marooned in Russia by the very government to which you now claim he should return to face, yes, a show trial. To a regime which, in many ways I am sorry to say, makes an equal mockery of anything many people champion – and I am pretty sure that not even you would call them “wrong thinking” people. Can I just give you a couple of keywords here: drone strikes, the death penalty, Guantanamo?

You also take issue with Edward Snowden’s statement that he would do it all again, “regardless of what happens” to him. For some reason, to some people this seems to mean that he has automatically revoked his right to value his life or his freedom. It doesn’t. Just because he did what he did in full knowledge and irrespective of the risk he was taking, doesn’t mean he is no longer entitled to try and keep his freedom until it is forcibly taken from him.

The fact that a citizen of a democracy should have to risk his life and freedom to inform us of what we have a right to know is a sad thing. It doesn’t mean, he will (or should) now seek out life imprisonment simply to make a point. That would be daft.

Sorting out Russia is not Edward Snowden’s responsibility or something that Mr Snowden could hope to do. Edward Snowden’s silence regarding Ukraine says nothing about his personal opinion, it does not endorse Russian actions.

In fact, to conflate Edward Snowden’s situation and the situation in the Ukraine is ludicrous and short-sighted. The situation in the Ukraine and Mr Snowden’s situation are related in people’s minds for one reason only: Mr Snowden’s unfortunate and involuntary presence in a certain place at a certain time. If Edward Snowden wasn’t in Russia (where he didn’t choose to be) no one would ask his opinion on this. It is only because the situation affords an opportunity (if you are into that kind of thing) to once again indulge in a bit of Snowden-bashing, and that in the most illogical way possible, that this is even an issue.

You think that Edward Snowden should give himself up. You are entitled to that opinion of course. But I, for one, fundamentally disagree with you, because your opinion is based on a shaky premise. That is, on the idea that it would accomplish anything or serve anyone except Mr Snowden’s most self-righteous critics, if Mr Snowden accomplished a feat of such enormous stupidity. And that only for the period of time it took for him to vanish for months in solitary confinement.

In fact, this ill-concealed push to cast Mr Snowden’s motives in a questionable light once again deflects attention away from the actual problems – two entirely separate problems, I might add: one, the crisis in the Ukraine, Putin’s annexation of Crimea and what this may mean for international relations and, yes, peace long-term.

Two, NSA wrongdoing. What the NSA doing is wrong – we can arrive at that judgement independently of what we make of Mr Snowden’s person or his motives. Whether or not he did what he did with an ulterior motive that can somehow be gleaned between the lines of the subtext to his silence does nothing to change the fact that mass surveillance is probably unlawful and unconstitutional. The documents Mr Snowden has leaked speak for themselves. Therefore to suggest that Mr Snowden somehow needs to validate the content of his disclosures by making a moral statement out of a situation he hasn’t chosen makes no sense.

It also suggests that those “right-thinking people” you say Mr Snowden has so much influence over need him to tell them what to think.

Mr Snowden, I think, would disagree and, respectfully, so do I.

With more than the future of the internet at stake, it does not do to become complacent – or: my run-in with political adversity

The NSA can highjack your computer – panic and freak out

First of all, the big news this week: the story in The Intercept about “How the NSA Plans to Infect ‘Millions’ of Computers with Malware”.

What it basically tells us is that the NSA has malware that could completely take over our computers. Tools like CAPTIVATEDAUDIENCE, GUMFISH, SALVAGERABBIT can highjack microphones and webcams to secretly listen in on conversations taking place near the device or to snap photographs. They can even exfiltrate “data from removable flash drives that connect to an infected computer.”

According to the article written by Glenn Greenwald and Ryan Gallagher based on documents provided by Edward Snowden – which can be found here – “the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.”

Encryption works, Edward Snowden once again told an audience at the South by Southwest (SXSW) conference this week. He isn’t wrong, the encryption that protects the material he took from the NSA being a case in point.

Still, it seems, that if the NSA has already infected your computer, that’s an entirely different story: “The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks.”

This is scary stuff. I dare you to read it in full.

Run-in with Nemesis – well, sort of

Me, I am not going to spend too much time on it this week because one, the article in The Intercept together with the documents provided tell a comprehensive story – and they do it better than I could.

Two, I would like to focus on a rather interesting, and a little bit disturbing, experience I had this week.

You see, I found myself confronted with someone who seemed to be ideologically located at the far end of the political spectrum from where I consider myself to be. That is somewhere to the political left of the centre. To avid readers of this blog, should they exist, this may be obvious. I admit that the fact that I regularly read the Guardian and support many of its views and values is probably difficult to overlook.

Mind you, I do go to other sources. I do not agree with every single opinion put forward in the Guardian (to assume that were possible would be daft). Yet let the Guardian – for the sake of this anecdote – serve as an illustration of where I lean; politically, socially, ethically, editorially etc. Or, for further illustration, you could just read this blog.

Anyway, I had a discussion this week with someone who was clearly not a big fan of the Guardian. I didn’t seek that discussion out – in fact, I tried to warn the other person that it would not be a good idea to “get me started” – but I wasn’t able to avoid it either.

So there I was, trying to get my point of view across to someone who I am guessing must be getting his news from publications that clearly aren’t the ones I have much faith in or whose lines of argumentation I find particularly convincing.

All the more fascinating, thus, to realize that the audience of these media quite probably thinks the same about me. Don’t get me wrong, I was of course aware that these people existed and that their general opinion of readers like myself was probably not a favourable one. Yet surrounded as normally I am by people who share many of my views, to be thus confronted with someone who quite possibly thinks I am at best naïve or a bit radical (don’t know which would be worse but I am neither) and at worse a deluded conspiracy theorist who believes that the powers that be are out to get us all (which I don’t) was quite a fascinating experience for me.

It was also worrying. Once again, I was reminded – and not just by the government-friendly media but actually first hand – that there are people who do not necessarily think that it is wrong to lock people up in an institution like Guantanamo (which hasn’t been closed yet because, after becoming president, Obama realized that there was nowhere else to put the “terrorists”), who hold the view that Chelsea Manning got exactly what was coming to her, or that the death penalty isn’t a bad idea by default (it is: it is complete and utter nonsense, unworthy of democratic societies in the 21st century and there is no room for discussion here either).

Why am I writing this down? Especially when I should be addressing the fact that the NSA, by aid of a “man-on-the-side technique, codenamed QUANTUMHAND, […] disguises itself as a fake Facebook server” to transmit malicious data packets to a target’s computer? A revelation that has prompted Facebook founder Mark Zuckerberg to vent his frustration about NSA spying on the phone to president Obama?

Well, for one thing because I fully trust ye who read this to follow these things up for yourselves – and gobble up some Pulitzer Prize worthy journalism in the process.

For another, my run-in with someone whose views differ so fundamentally from my own, brought home once again the reality that people actually buy into the reassurances made by their governments that everything will be fine.

Surveillance according to other people

Yes, this did shake me: people with a worryingly blind faith in their governments do exist. They are not a media invention.

These people display the kind of faith that completely ignores the fact that not all is good and well in this or most other countries.

More worryingly, these people seem to think that since there is nothing anyone can do about anything governments do, there is no need for us to bother. We are, after all, quite well off. Nothing we can do if others aren’t. There is no danger in a lack of government accountability because the possibility of us becoming victims of a totalitarian regime is remote (I am not sure it is but for that I get odd looks).

So, I am writing this down because what I heard during this discussion I had this week dismays me.

But more in line with the usual subject matter of this blog, I am writing this down because, perhaps obviously, that discussion eventually turned to mass surveillance.

Needless to say that I argued that mass surveillance is a bad idea. And you may have guessed that the the person opposite me argued the… well opposite, saying that mass surveillance is necessary for national security, that there is no danger from it to most of us regular people with nothing to hide and that those who have revealed it may well have done grave damage to the aforementioned national security, which is why they are being persecuted.

Further, that there is no danger to a free press in the UK because it isn’t true that journalists (and human rights lawyers) are being detained at airports. Moreover, that there was a very good reason to make the Guardian destroy its hard drives last year because they contained material that was hazardous to national security, that the destruction was justified and that it accomplished something other than nothing, being not a failed attempt at intimidation but the successful destruction of the only copy of one stash of Edward Snowden’s material. No, I am not joking.

If you have been following the Snowden stories as I have, you may empathize with how well-informed (or not) the person who said these things appeared to me.

I am not going to repeat obvious counter-arguments to claims like the one that mass surveillance is effective because it has successfully foiled several terrorist plots. John Inglis, the deputy head of the NSA himself has conceded that “at most one terrorist attack might have been foiled by NSA’s bulk collection” – and I know I am quoting from the Guardian here but feel free to check this against other sources around the web, although you may find that the Torygraph or the Daily Fail certain media organisations have been curiously quiet on that particular subject.

Neither am I going to once again blast the unproven allegation that the Snowden disclosures have severely harmed national security. Or the one that Russia and China have Snowden’s material and that the intelligence agencies know where Snowden is. Therefore, my discussion partner argued, if they really wanted to kill him, he would be dead. Seeing as he is still alive they obviously don’t want him dead.

I’d put it to you that that’s not what they told BuzzFeed but hey, prone as I am to believing all sorts of leftie-liberal scaremongering propagated by the Guardian editorial staff, Edward Snowden, and Glenn Greenwald and his minions over at the Intercept (not to mention the NY Times, the Washington Post, the ACLU, Der Spiegel…) what do I know?

The reality is, the person opposite me claimed, that there have been no major terrorist attacks since 9/11 and this is precisely because surveillance was stepped up post 9/11 – I am not even going to repeat the answer I got when referring to the Boston bombings.

Let’s not go there.

It’s the law, stupid!

Instead what I want to focus on is one particular idea that emerged during this discussion that I found both interesting and alarming: the idea, put forward by my discussion partner, that mass surveillance is going to become “the new normal” once the initial outrage has calmed down. We will all get used to it, the person opposite me argued, and that will be that. And anyway, tech companies have been gathering our data for years, so why are we so bothered about NSA and GCHQ doing the same thing?

In answer to the last question, let me refer you to Mr Edward Snowden – who else?

A similar question was put to him during his appearance at the SXSW conference this week (a transcript of the talk is here, a video here):

“Why is it less bad if big corporations get access to our information instead of the government?”

Said Edward Snowden – and I am going to quote this at length because it hits the nail on the head:

The government has the ability to deprive you of rights. Governments around the world […] have police powers, they have military powers, they have intelligence powers they can literally kill you, they can jail you, they can surveil you. Companies can surveil you to sell you products, to sell your information to other companies. That can be bad, but you have legal records. First off, it is typically a voluntary contract. Secondly, you have got court challenges you could use. If you challenge the government about these things […] the government throws it out on state secrecy and says you can’t even ask about this. […]That’s the difference and it is something we need to watch out for.

Mr Snowden is right on several counts here: first of all, yes, it is sort of a voluntary contract to give our data to tech companies. In theory, we know about it (from their dreaded T&Cs) and we accede to it. By contrast, we have not acceded to government mass surveillance.

Second of all, tech companies – although perhaps critics of lobbyism would disagree – do not make laws, they are bound by similar laws as we are, at least in theory.

Governments, on the other hand, make laws. Yes, they are also subject to laws but if we have seen anything over the past months, it is that for this to really work, strong oversight is needed.

And in a week in which NSA-supporter Dianne Feinstein herself has ripped into the CIA for spying on the Senate Intelligence Committee, in what potentially amounts to a violation of the US constitution, it has become more obvious than ever that the bodies that make laws, and that should provide oversight that ensures these laws are observed are not actually doing a very good job of it.

(As a side note to how well they are doing with that, do consider that Feinstein never had a problem with surveillance as long as it didn’t involve her or the Senate. Edward Snowden certainly wasn’t wrong to criticize the double standards at work here.)

So yes, Edward Snowden is absolutely right that it is the power difference between governments and companies we need to watch out for, especially as we can already see that the power governments have is being used in questionable ways.

As Chris Soghoian said at the SXSW: “Even if you trust this administration that we have right now, you know that the person who sits in the oval office changes every few years. You may not trust the person who is going to sit there in a few years with the data that was collected today.”

When I advance that particular theory – that all it takes is for the wrong sort of leader to come along for us all to realize that just because we think we have nothing to hide or have done nothing wrong we are by no means safe – I usually get funny looks, even from people who generally share my views.

The threat of a totalitarian government taking over our cosy democracies just seems a little too remote. But I put it to you that the kinds of capabilities that the NSA and GCHQ have or are planning to make use of – again, read the Intercept story! – are the stuff of nightmares if you imagine them in the wrong hands.

And we do not even need to wait for our own governments to go rogue to see the danger of such capabilities or un-checked spying: “Every other government within the international community will accept [NSA spying] as a sign, as the green light to do the same. And that is not what we want.”

Mass surveillance is not the “new normal”

Now, as to the other idea forwarded by my discussion partner this week – that mass surveillance will become the “new normal” – that is actually both a very worrying and a very interesting suggestion.

Worrying for two reasons: one, the person sitting opposite me seemed to advance it by way of saying that we needn’t bother get outraged over the whole mass surveillance omnishambles because we’ll all get used to it. Two, because if we’re not careful, this might actually prove to be true.

We may be having a debate about this at the moment, and both the US and the EU may be looking into amending legislation to reflect and rein in the spooks’ new technical capabilities but unless we all pay attention, I daresay these things may just quietly go away again. Let us not forget that there has not been any meaningful reform yet.

And that is exactly why the idea that mass surveillance will be the new normal is interesting: it says a lot about where we are at the moment.

You see, I would argue that we have reached the proverbial fork in the road: either, we will now all accept – and more or less quietly consent to – what is going on or we will keep insisting on much-needed reform, both of policy and of technical capability.

During his appearance at the SXSW conference, Edward Snowden said that the NSA was setting fire to the internet and that it was for technologists to act as firefighters.

Along with that, Ben Wizner and Chris Soghoian of the ACLU called for more usable encryption tools to be made available as default software settings. Obviously, this is not going to be easy but if implemented, it could make mass surveillance a lot more difficult and perhaps even economically unviable for the spooks. Which is what we want.

Rather than for mass surveillance to become the new normal, because after our initial outrage we all go back to quiet and comfortable ignorance, we have reached a point where there is a chance to profoundly reform – and thus lastingly reshape – internet security. If this happens, it may be done just in time for us all to be safer.

And, as Chris Soghoian said, the fact that we have reached this fork in the road, is because of Edward Snowden. It is to him that we owe both knowledge and opportunity.

Actually, complacency killed the cat

My point in this anecdote about my uncanny encounter with political conservatism is that one of the most worrying aspects about the views expressed not only by my discussion partner but also by many of the government-friendly media, is the complacency they bespeak.

A “we can trust the government to do right” kind of complacency, a “there is nothing we can do about it so why bother” kind of complacency, a “it’s not as bad as you make it sound” kind of complacency, and finally a “there is no need to assume the worst case” kind of complacency.

To this, I have a couple of answers: firstly, the past couple of months have shown that we cannot trust our governments to always get it right. So we have no reason to be complacent about that.

Secondly, during that session with Edward Snowden, Ben Wizner and Chris Soghoian at the SXSW conference, valuable suggestions have emerged about what can be done about mass surveillance – I suggest you watch the video, it’s very worthwhile but basically, what they are saying is that it is perfectly possible to make mass surveillance a lot more difficult.

And precisely because it is possible to do this, we absolutely need to bother. The technology community needs to step up its game. It’s all very good and well for people like Yahoo and Zuckerberg to complain, but what use is their righteous outrage if it doesn’t result in substantial changes that make mass surveillance less attractive for the spooks?

Those of us who aren’t the tech-savviest of people can also step up our security. We can learn about these things. We too can make mass surveillance more difficult. Then, if the policy side of things falls short, perhaps the technology side can do something to reclaim the internet.

And if nothing else, we can make ourselves heard. We can keep the discussion that Edward Snowden was trying to enable alive. We can discuss the question if our security is worth a complete loss of privacy and liberty.

And by doing all of that, make no mistake, we can shape the future. The other important question is what shape we want the future to take.

“It is the steps we take today, the moral commitment, the philosophical commitment, the commercial commitment to protect and enforce our liberties through technical standards that will allow us to reclaim the open and trusted internet,” Edward Snowden told the SXSW.

That is our responsibility and it will not do for us to let complacency interfere with that commitment.

The threat that mass surveillance and the indulgence that has been shown towards the spy agencies so far mean for our rights and freedoms cannot be emphasized strongly enough.

It is evident in the very news that the CIA has been spying on the Senate Intelligence Committee and in Dianne Feinstein’s reaction to it: the spooks seem to be arrogant enough to believe they are above the law, while lawmakers seem to believe that mass surveillance only is wrong when it targets them – the mass collection of data from countless of innocent citizens didn’t seem much of an issue for Ms Feinstein.

I agree that in many ways our political system sort of works at the moment. That does not mean it always will. It certainly doesn’t work well enough now (and that’s not only evident from the Snowden disclosures).

As Paul McNamee put in the UK’s Big Issue this week, “we should be nervous about what may become of the system unless we speak up”.

Thanks to Edward Snowden we have reached that fork in the road where we have the knowledge we need to speak up and do something about where the system is headed.

Yet if we allow ourselves to become complacent, we may miss our chance to do it.

“I swear under penalty of perjury that this is true” – Edward Snowden’s testimony to Members of the European Parliament

This week, Edward Snowden’s written testimony to members of the European Parliament was released. In it, he addresses a number of questions put to him by MEPs.

As Mr Snowden points out in his opening statement, his testimony does not disclose “new information about surveillance programs.”

Given the particular conditions of his asylum in Russia and his own insistence that the determination of what is in the public interest be left to the journalists handling his material, Mr Snowden limited his testimony to “information regarding what responsible media organizations have entered into the public domain.”

While thus not revealing anything that isn’t already in the public domain, the testimony addresses and recalls some important points that have been raised since June last year, some of which I will attempt to summarize and comment on in the following.


Basic human rights and unimpressive success

Importantly, Mr Snowden’s testimony emphasizes again, that “suspicionless surveillance programs of the NSA, GCHQ, and so many others that we learned about over the last year endanger a number of basic rights which in aggregate, constitute the foundation of liberal societies.”

This cannot be stated often and emphatically enough. It has been acknowledged time and again that a balance needs to be struck between civil liberties and fundamental rights, and national security. It has also been shown, on numerous occasions, that this balance is now dangerously off-kilter.

Civil rights and liberties have been eroded in favour of programmes of mass surveillance which, “despite extraordinary political pressure to do so, no western government has been able to” justify by “showing that such programs are necessary.”

To the contrary, Mr Snowden reminds us again of the “unimpressive success” rate of these programmes, citing the White House’s Privacy and Civil Liberties Oversight Board, which, investigating one of these programmes, “determined that [it] was not only ineffective — they found it had never stopped even a single imminent terrorist attack — but that it had no basis in law.”

Bluntly put, “they discovered the United States was operating an unlawful mass surveillance program, and the greatest success the program had ever produced was discovering a taxi driver in the United States transferring $8,500 dollars to Somalia in 2007.”


Plausible deniability – circumnavigating the law

 The surest way for any nation to become subject to unnecessary surveillance is to allow its spies to dictate its policy.”

More worrying than that is that the USA are (obviously) not the only country that operates programmes of questionable legality and usefulness. And while it may be arguable that some spying is beneficial and necessary for national security, any form of surveillance should be conducted within and respecting of the legal frameworks operating in a given country. Yet, surveillance agencies and legislators seem to have been hard at work to make legislation suit their purposes – and not just legislation in their own countries either.

“One of the foremost activities of the NSA’s FAD, or Foreign Affairs Division,” Mr Snowden writes, “is to pressure or incentivize EU member states to change their laws to enable mass surveillance. Lawyers from the NSA, as well as the UK’s GCHQ, work very hard to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance.”

Similarly, “the priority of the overseers is not to assure strict compliance with the law and accountability for violations of law, but rather to avoid […] “damaging public debate.””

So, when it comes to surveillance, legislation is apparently no longer intended to protect the rights of a country’s citizens but to ensure that these citizens don’t realize that their rights are being violated.

According to Mr Snowden, there “are indications of a growing disinterest among governments for ensuring intelligence activities are justified, proportionate, and above all accountable.”

This lack of interest in accountability becomes conspicuous, for example, in the reactions to Mr Snowden and the journalists who have been reporting on these programmes: some government officials are still refusing to engage in much-needed debate or reform of their surveillance activities. More than that, they have called for an end to publication and even criminal investigation of Mr. Snowden and his “accomplices”.

And even when debate is being demanded, like in the UK most recently by shadow home secretary Yvette Cooper, it is still “accepted” that “the leaks […] have damaged national security while highlighting legitimate concerns about privacy in the internet age.”


Repeat: there is no evidence of any damage done to national security.

A lack of interest in accountability and attempts at legislation that facilitates avoiding public debate is one thing. But it gets worse.

“Once the NSA has successfully subverted or helped repeal legal restrictions against  unconstitutional mass surveillance in partner states, it encourages partners …to gain access to the bulk communications of all major telecommunications providers in their jurisdictions… it is very difficult for the citizens of a country to protect the privacy of their communications, and it is very easy for the intelligence services of that country to make those communications available to the NSA –even without having explicitly shared them.”

This apparent ease with which communications can be made available without being actively shared – which would be unlawful – gives governments a certain amount of “plausible deniability”, i.e. the ability to deny that what they are doing is unlawful.

They are not, after all, spying on their own citizens or allowing a foreign power to spy on their citizens with their knowledge or consent – they are merely sharing data in a roundabout way. While arguably within the law, this is merely telling a half-truth and the result is the same: the mass collection and subsequent sharing of vast amounts of communication from people not suspected of any wrongdoing.

So while “[s]urveillance against specific targets, for unquestionable reasons of national security while respecting human rights, is above reproach. Unfortunately, we’ve seen a growth in untargeted, extremely questionable surveillance for reasons entirely unrelated to national security.”

Examples of this include the capturing of “bulk data that is clearly of limited intelligence value and most probably violates EU laws” under GCHQ’s “light oversight regime” and the subsequent trading of “that data with foreign services without the knowledge or consent of any country’s voting public.”

This forcefully came to public attention recently when it emerged that GCHQ has been spying on Yahoo webcams, screencapping, amongst other things, people’s nude pictures.


I heard there was a secret court…

Mr Snowden is not wrong when he states that “[t]here is no argument that could convince an open court that such activities were necessary and proportionate, and it is for this reason that such activities are shielded from the review of open courts.”

As mentioned previously, accountability does no longer seem to be the major concern of law makers or overseers. Rather, the emphasis is on limiting “damaging” public debate about the agencies’ powers.

Yet “better oversight,” Edward Snowden maintains, “could have prevented the mistakes that brought us to this point.”

A point where NSA and GCHQ were able to undermine internet encryption programmes, effectively working “against the public interest by weakening critical infrastructure.” Edward Snowden in his testimony correctly labels this “an action taken against the public good.”

It should be obvious that “[s]ecret laws and secret courts cannot authorize unconstitutional activities by fiat, nor can classification be used to shield an unjustified and embarrassing violation of human rights from democratic accountability.” If this is done, it undermines democracy.

Therefore, it is in the public interest to investigate these programmes, to discuss them and decide their value.

Writes Mr Snowden: “If the mass surveillance of an innocent public is to occur, it should be authorized as the result of an informed debate with the consent of the public, under a framework of laws that the government invites civil society to challenge in open courts.”

That’s what proper oversight and accountability mean.


 Economic espionage and surveillance of activists

If you were targeted on the basis of your political beliefs, would you know? If they sought to discredit you on the basis of your private communications, could you discover the culprit and prove it was them? What would be your recourse?

Edward Snowden asks MEPs in his testimony. And further:

Try to imagine the impact of such activities against ordinary citizens without power, privilege, or resources. Are these activities necessary, proportionate, and an unquestionable matter of national security?

I commented last month on how chilling and potentially dangerous to freedom of speech and political dissent the targeting of hacktivists as done by GCHQ is.

More than that, it has little to do with national security or the fight against terrorism. Neither does industrial espionage which, according to Mr Snowden, is very much alive:

“[Y]es, global surveillance capabilities are being used on a daily basis for the purpose of economic espionage […] NSA had successfully targeted and compromised the world’s major financial transaction facilitators, such as Visa and SWIFT.” They have also spied on “Petrobras, an energy company”.

And as if this kind of economic spying wasn’t enough, let us remind ourselves that “[r]eport after report has revealed targeting of G-8 and G-20 summits. Mass surveillance capabilities have even been used against a climate change summits.”

The fact that this really has very little to do with national security is reflected in how “governments have shifted their talking points from claiming they only use mass surveillance for “national security” purposes to the more nebulous “valid foreign intelligence purposes.”

I don’t think Mr Snowden is wrong in suggesting that “this rhetorical shift is a tacit acknowledgment by governments that they recognize they have crossed beyond the boundaries of justifiable activities.”


Blowing the whistle

So then, to recap: what has been revealed over the past months, based on the documents provided by Edward Snowden, is that intelligence agencies around the world, most notably the NSA and GCHQ, are operating potentially unlawful mass surveillance programmes in the name of national security but with very limited success and hardly any value to national security.

To keep the programmes intact and prevent “damaging public debate”, oversight has been kept firmly within the framework of secretive intelligence courts that deal in “classified information”, defying any attempt for these surveillance practices to be challenged in an open court or scrutinized by an informed public.

What Edward Snowden’s revelations have made clear, however, is that public debate is badly needed and, in many cases, also wanted.

Instigating this debate is one of the main reasons Edward Snowden has repeatedly given for his decision to blow the whistle on these programmes.

Sadly, this has resulted in his being persecuted, indicted and exiled.

Once again, as part of his testimony, Mr Snowden commented on why he chose to leak the documents he obtained from the NSA to journalists rather than make an official complaint.

“[R]eporting serious concerns about the legality or propriety of programs is much more likely to result in your being flagged as a troublemaker than to result in substantive reform.”

According to Mr Snowden, raising concerns results in “two kinds of responses.”

Firstly, “well – meaning but hushed warnings not to “rock the boat,” for fear of the sort of retaliation that befell former NSA whistleblowers like Wiebe, Binney, and Drake.” Thomas Drake, for one, is an outspoken supporter of Edward Snowden. You can read some of his thoughts on the treatment of whistleblowers in the US here.

Secondly, “similarly well – meaning but more pointed suggestions, typically from senior officials, that we should let the issue be someone else’s problem.”

Clearly, neither Mr Snowden, nor Mr Wiebe, Binney, Drake or many others were satisfied that these issues should be left to be someone else’s problem. For this, they have paid a high price.

Whistleblower protections, Edward Snowden’s case has once again revealed, are less than satisfactory and, according to Mr Snowden, they have not improved recently.

Sadly, whistleblowers who are afforded little protection under US law cannot hope to find support or protection from many other governments around the world, as Mr Snowden’s case has shown.

Writes Mr Snowden: “European governments, which have traditionally been champions of human rights, should not be intimidated out of standing for the right of asylum against political charges, of which espionage has always been the traditional example.”

Sadly, we have witnessed that precisely such intimidation has been shaping the decisions of European governments over the past months. Edward Snowden should have been offered asylum a long time ago, yet it was only recently that the European Parliament dropped his asylum bid.

As Jan-Phillip Albrecht, MEP from Germany, told Ars Technica: “European lawmakers are afraid that if one member state does grant Snowden asylum or some other type of similar legal protection […] President Obama will pull out of the upcoming US-EU summit […] or take further action that could harm individual member states’ interests.”

It is equally concerning that EU members states can be thus intimidated and that President Obama would go to such lengths to intimidate.

“[A]n unlikely, last-ditch effort to grant Edward Snowden protection against criminal prosecution and/or extradition to the United States”, that is to be considered in the European Parliament next week is therefore just that: unlikely to meet with much success.

It is a sad thing that someone who has initiated a debate that has been widely acknowledged as necessary, and who has now provided testimony to the EU about extensive mass surveillance that is putting the very security of the global internet at risk, should receive so little support.

Similarly, it is sad that over the past months, journalist and other supporters of Mr Snowden have been subject to attempts at intimidation.

Let us be clear:

“Journalism is not a crime, it is the foundation of free and informed societies, and no nation should look to others to bear the burden of defending its rights.”

What Mr Snowden’s testimony and the very fact that he was asked to testify show us once again is that our rights are under threat and that our governments are realizing this too.

It is now time our governments started defending these rights. And this absolutely includes Mr Snowden’s rights and those of other whistleblowers.

It is about time a strong statement was made that EU governments will not allow themselves to be intimidated and to encourage future whistleblowers by showing them that they will not be left out in the rain for making the public aware of what is in their interest to know.

Pushing for strict legislation to curb mass surveillance would be one such statement. Insisting on meaningful oversight would be another. As would granting asylum to Edward Snowden and reforming whistleblower protection.

Sadly, the latter seems to “require an extraordinary act of political courage” that none of our governments are capable of.

Unfortunately, Mr Snowden’s willingness to help and inform, as evident once again in his testimony, seems to have earned him little help in improving his own situation. Wouldn’t it be great if our governments found their courage in time to change that?

Webcams, mugshots and boobs: recent revelations on GCHQ spying and why I think we should consider a “flash”mob

Underground editorial choices

So, this week the latest revelation based on documents leaked to the Guardian by Edward Snowden made the front page in the UK’s free morning newspaper, the Metro.

For those of you unfamiliar with the Metro: “The Metro brand was launched in March 1999, as a London only free newspaper.”
Originally, “designed as a concise read for urbanites on the commute, filled with bite-sized news and local information for them to consume whilst on the move”, “1.4 million copies” are now available “across 50 UK urban centres every weekday morning.”

Those are their words. I would describe it as a free morning paper, published on weekdays and available for download or as hardcopies at most Tube (i.e Underground), Railway and I suppose miscellaneous stations. Which probably isn’t far off the mark.

Personally, I use it mostly to get a first impression, whilst commuting to work, of what’s going on out there is Big Bad World to then follow it all up on my more preferred news outlets.

Thus being a more or less regular Metro “reader”, I have over the past months often been dismayed at the sheer lack of NSA/Snowden reporting by members of the Metro group – revelations and issues that made headline news with other agencies didn’t necessarily seem to be considered of front page importance by Metro editors.

Correct me if I’m wrong but the last time I actively remember seeing any part of the Snowden story take centre stage was last June when the paper ran the story of Mr Snowden’s girlfriend Lindsay Mills who was quoted as feeling “lost at sea without a compass”.

So why this week all of a sudden? Why, after months of either silence or tiny columns in double-digit page corners, did the most recent story make the front page?

I cannot be the only one who finds it curious (taking into full consideration the prominence of the Lindsay Mills story) that of all the revelations the one that GCHQ stored webcam images of people in the nude (or worse) finally shook the Metro out of its NSA/GCHQ reporting apathy.

It seems to be a telling comment on editorial choice that the stories selected for the front page all contain an element of shall we say salaciousness: abandoned lovers, nudity, masturbation… talk about how sex sells! In a free paper, no less.

Now then, what is this story that has people so worked up that three USA senators – Wyden, Udall and Heinrich, the usual suspects – are planning an investigation into possible NSA involvement in this particular manifestation of spying?

Hitting a Nerve: spying on naked people via webcam

Well, it’s this story, published by the Guardian on Friday, which reports that “Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing”.

The neat little programme that allows them to do this is called Optic Nerve. It began in 2008 and was apparently still active in 2012. Basically what it does is collect stills from Yahoo webcam chats – one still photograph every five minutes.

Much like metadata, these images are collected in bulk with no differentiation between people who are surveillance targets and people who aren’t. In the past, this has meant collecting images from up to 1.8 million Yahoo user accounts globally over a period of six months.

Okay, you might say, 1.8 million out of over 7 billion people in the world… one still every five minutes… does not sound like that much, what is all the fuss about?

Look at it this way: one of GCHQ’s internal documents on the programme apparently “likened its “bulk access to Yahoo webcam images/events” to a massive digital police mugbook.”

Well, a database of mugshots – trouble is, mugshots of people who aren’t actually suspected of any wrongdoing. How would you feel if someone dragged you to a police station, took and stored several mugshots of you and filed them away for future use, even though you hadn’t actually done anything wrong? Simply because you happened to be in a certain place at a certain time.

In this case, place and time are on your webcam on Yahoo! Chat and the mugshot is taken over the internet and without your knowledge but I would argue that that’s not only the same difference, it is worse, actually.

Not knowing that your images are being accessed by a third party that shouldn’t be privy to your conversation and then stored, you have no means of contesting what is being done. You cannot, actually, protest this invasion of your privacy or the fact that you are being treated like an arrested individual without having been arrested or without having done anything to warrant arrest.

Except perhaps stupidly taking your clothes off in front of your webcam. That is another matter. Personally, I don’t trust a camera that is connected to the internet as far as I can throw it. Right now my webcam is glaring at me from above my laptop screen and it’s giving me the heebie jeebies. I am certainly not taking my clothes off anywhere near it.

Consider that “Microsoft, the maker of Xbox, faced a privacy backlash last year when details emerged that the camera bundled with its new console, the Xbox One, would be always-on by default”. Eek. Big Brother is watching and all that.

Don’t deceive yourself either that it is only Yahoo or Microsoft Whose webcams are considered useful.

Anyway, whether or not people who strip or pleasure themselves in front of their webcam had it coming (yes, the choice of words is deliberate) or not is hardly the point.

The point is that what these people do in front of their webcam in a private chat should be up to them, as long as they do not break any  laws. Yet under Optic Nerve operations “analysts were shown the faces of people with similar usernames to surveillance targets, potentially dragging in large numbers of innocent people.”

So you could be showing GCHQ analysts delicate parts of your body simply because you picked an unfortunate username and happen to be using the same chat as some surveillance targets.

It gets worse. Under UK law “[u]nlike the NSA, GCHQ is not required […] to “minimize”, or remove, domestic citizens’ information from its databases.” Yes, analysts may need “additional legal authorisations […] before [they] can search for the data of individuals likely to be in the British Isles at the time of the search.” However, “[t]here are no such legal safeguards for searches on people believed to be in the US or the other allied “Five Eyes” nations – Australia, New Zealand and Canada.”

So there. Don’t masturbate or strip naked in front of your webcam while abroad, is all I’m saying. “The Spy Who Loved Me” or you, as the Metro so quaintly titled, could be looking at images of what you are doing to your private parts right now.

I am not saying that all spooks would want to do that – I can imagine this could actually be quite traumatic in certain cases – but the possibility is there and that, in itself, cannot be right.

And if you insist that people who show their boobies to other people on webcam deserve to be punished for being morons, then take into consideration that bulk collection of online video content also hoovers up things like family home movies.

Again, it is debatable whether or not parents should be putting home movies of their children on the internet but – once again – this isn’t exactly the point. The point is that people should be able to choose to do that without being in danger of getting sucked into a GCHQ or NSA dragnet.

Say senators Udall, Wyden and Heinrich: “A very large number of individuals – including law-abiding Americans – may have had private videos of themselves and their families intercepted and stored without any suspicion of wrongdoing. If this report is accurate it would show a breathtaking lack of respect for the privacy and civil liberties of law-abiding citizens.

So, why are they doing this, you wonder? Biometric detection, apparently, both “for target recognition [and] general security”, that is using “facial recognition technology to identify intelligence targets, particularly those using multiple anonymous internet IDs”.

In short, catching the “bad guys” – as usual at the expense of the privacy of a vast majority of good guys who were never asked if they were okay with becoming the stars of a dragnet collected porno.

Get our own satellite? Yes, let’s!

What does GCHQ have to say for itself?

The usual: no comment.

“It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.”

Ah well, that’s all right then. Errr… no. Here is why:

“The Optic Nerve documentation shows legalities were being considered as new capabilities were being developed. Discussing adding automated facial matching, for example, analysts agreed to test a system before firming up its legal status for everyday use.”

What this seems to mean is that for research purposes, the programme is used without a firm legal framework in place. Only when it becomes operational is the legality of it properly considered.

Also, can I just remind everyone that “in accordance with a strict legal and policy framework” and “rigorous oversight” mean something different in spy parlance than they do to the rest of us?

No wonder that the above-mentioned senators Wyden, Udall and Heinrich “were “extremely troubled” by Optic Nerve and planned to investigate it”.

Funny thing is, Optic Nerve is just as troubling as many of the other programmes that have been revealed over the past months, yet it is only now that some of the media seem to finally catch on to that fact.

I would argue that it is heartening to see previously rather unfazed members of the media taking an interest. Except I won’t. That’s because I am suspicious of the reasons for this interest.

People didn’t seem that troubled as long as it was just something as abstract as metadata being hoovered up and stored. Now that people’s private parts are involved, however, that seems to be a different matter. I have my doubts that the interest this generates is directed anyone’s rights being infringed. Rather it seems that what’s going on here is a bit of surveillance-porn. Finally there is actually something to see! At last someone is taking their clothes off!  

I cannot say that I am surprised. In a society that is obsessed with celebrities’ naked anythings, the reaction is somewhat predictable. That doesn’t mean it isn’t worrying. It doesn’t mean that the revelations aren’t dismaying either.

Yet if it takes nudity on webcams for people to take an interest then I wonder what kind of revelation is needed to actually make them realize that interest isn’t enough. That it needs to be followed up with action.

The question is what kind of action to take. Voting the current government out could be an idea. But Germany has just failed to do that and in the UK another election isn’t due until next year.

Perhaps the answer is, as Marina Hyde suggests, to buy our own satellite and point it at GCHQ.

Obviously not until we have “raise[d] the cash and f[ou]nd the lawyers” but in the meantime, I suggest we all opt for a more easily executable of Hyde’s suggestions:

“[Re]-read the Optic Nerve passage that frets about the sensitivity of spies exposed to explicit material, as opposed to that of the innocents being unwittingly monitored in this way.”

I believe that this is the passage she refers to:


Now spare a thought for the poor spy who has to look at someone “masturbating into chopped liver or apple pie”.

Then spare a thought for everyone who values “their right to onanistic anonymity” specifically or their right to privacy more generally, the people who unwittingly appear in a database of GCHQ mugshots without having done anything wrong. Consider that this might be you. Now go away and have a proper think about it. Preferably not in front of your webcam.

Or hang on, perhaps you should. Perhaps we should start a webcam flashmob, taking the flashing bit in the mob quite literally, and traumatize the poor dears at GCHQ even further – except I am not sure that would be legal and as far as the law is concerned, while the spooks may be able to find a way around it, I am not sure that we can.

At least they already have our mugshorts stored. Should save everybody a bit of hassle. All hail Optic Nerve.