This panel's moderator, Jillian York, has been on the Middle East/Africa team of Global Voices for five years. She is Director for International Freedom of Expression at the Electronic Frontier Foundation.
Jillian asks people to show their hands if they think their government is monitoring our electronic communications. Only a few people, from Peru and Switzerland, think that maybe their governments aren't doing it.
First up is Rob Faris, research director at the Berkman Center for Internet & Society, who apologises about how depressing the topic is. He shares a series of problems he thinks we need to tackle in order to tackle the issue of surveillance:
- Internet surveillance is a necessary tool for law enforcement
- Transparency are hard to do successfully
- This is a global problem. The number of requests for personal information in the US is counted in the millions
- It occurs in many places; it's not just a black box in the network. It's on the client side, the server side, and everywhere in-between
- Mobile phones are very insecure, but digital communications are generally insecure
- The wall between private and public communication is very blurry
- Awareness of surveillance practices and security is between fair to very poor
Rob suggests several points of intervention:
- Educating the public; this is the most promising area
- Convincing companies (Encrypted GMail, the Google transparency report)
- Convincing governments, which isn't making much progress
Next, Afef Abrougui tells us about surveillance in Tunisia. Until recently, Tunisia was one of the worst players in surveillance, she says. The former regime spent enormous resources on censorship and surveillance. Foreign companies would use Tunisia as a test-bed, offering free technology to the government. The government would routinely look into the emails and communications of activists.
On January 14, 2011, when Ben Ali left the country and the state security was dissolved, people assumed that surveillance ended. Afef shares several examples of surveillance even though the Social Networks. Last March, the government asked Facebook to shut down five accounts that were criticising the army. She points out that they could not have done that unless they were monitoring social media. Mobile communications are the second example. Recently, Winston Smith, a prominent blogger who works for Nawaat, was videotaping outside the court during investigations about those who were killed during the uprising. His cameras were confiscated.A Tunisian general remarked to him that they were monitoring his communications and wanted him to stop covering the case.
Mohamed El Gohary of Egypt talks about the day that Egyptians stormed the main security headquarters. They found partially-destroyed records that the Egyptian government had been keeping: tweets, emails, and Skype conversations among Egyptians and between Egyptian and Syrian Activists. These records were released as the “Amn Dawla Leaks.” At some universities, records were kept on every phone call. The Egyptian army has recordings of phone calls which they share with the police. In the security headquarters, they found evidence of surveillance technologies provided by Western companies. Mohamed thinks that those levels of surveillance may be limited at the moment, but that such surveillance is very likely to resume.
Our final speaker is Ellery Biddle, who writes for GV Latin America and works for the Center for Democracy and Technology. When we talk about Latin America, we need to recognise that many Latin American democracies have emerged from dictatorships where surveillance was expected practice. She thinks the expectation of surveillance continues, but that it is motivated by attempts to fight organised crime. In many of these countries, the challenge is to prevent them from taking surveillance too far. Furthermore, cartels also carry out their own surveillance. Educating users about security is very important in such environments. Ellery also directs our attention to US funding of government surveillance in Latin America. Panama, Paraguay, Columbia.
Jillian asks if there is any legitimate for companies to seek profit by selling surveillance technology to countries. She doubts whether any of those companies will ever join something like the Global Network Initiative. Boycotts aren't very effective against these companies.
Rob responds that yes, perhaps, if the people of a democracy want it, a company could sell surveillance tech to a government. That's where accountability and transparency might offer opportunities for public oversight. That has broken down in the US, but we can still work to create that transparency.
Mohamed points out that legal surveillance is hard without a good judiciary. Afef remarks that legitimate uses of surveillance are often an excuse for illegitimate ones, especially without oversight. In Tunisia, it's important to start the discussion in parliament and develop actual legislation on the topic.
Gilad Lotan remarks that the public support for surveillance depends on how much the public trust their government. In Israel, people don't mind the surveillance because they believe that their government is using surveillance for good purposes. A participant from Pakistan points out that in Pakistan, the government has required the police to get warrants before surveillance or ad-hoc blocking. But she's doubtful that the police will actually go to the judges. Mohamed agrees that a corrupt judiciary makes a system useless.
How do we fight against unlawful surveillance? Mohamed suggests a combination of documenting surveillance, activism, and legal challenges.
Ellery argues that governments need to try to write “tech neutral” laws, however challenging that is. She reminds us that the main electronic surveillance law in the US was written in the 1980s. Companies find it very difficult to interpret and implement these laws, and that can be dangerous.
Questions & Discussion:
Alex, from Kenya, points out that people always want to pass risk to others. Trust for governments is often just denial. He encourages everyone to create multiple identities to flood surveillance systems, or to develop identity management technology platforms which preserve privacy.
Juliana from Columbia reminds us that citizens do want a solution to the drug war. Sometimes, governments spy on people they suspect to be criminals. All the same, she's concerned that governments won't know where to stop.
A participant from Greece points out that the US and the UK have been tracking traffic data. He mentions the new NSA surveillance center and argues that there is no meaningful difference between countries in their use of surveillance systems.
Another audience member tells a recent story of $80m USD stolen from banks around the world which was only discovered through surveillance technologies like deep packet inspection.
“What is surveillance?” asks another member of the audience. If you want to purchase US dollars, you now have to declare your itinerary. Governments collect information about your home to decide how much tax you should pay. Credit card companies know what you're purchasing. Is this surveillance? Yes. We may not like it, but we have to live with it.
Kevin, from Australia, points out that CCTV is now monitored online. GPS and mobile communications systems, he claims, record and transmit our locations. He urges us to turn our devices off.
A participant named Danny thinks it's dangerous to make an equivalence between more security and less privacy. In most of the networks we're talking about, the things that people who own those networks are concerned about has nothing to do with the internal content of data. The transaction agreement we have is that they take our data and like a postman, deliver it to the other side of the world. There's no reason they should care about what's in our packets. He says that crimes aren't committed by bits; the crime happens elswehere. If we make tools to protect activists, might criminals use them as well? Yes. But if we don't, then only criminals will have those tools.
Jillian asks the audience to suggest immediate steps. For participants in the room who might be under immediate threat of surveillance, what might we do now?
Mohamed talks to us about basic security. A basic install of Windows has hundreds of insecurities. We should update our systems and use good antivirus. Afef speaks to us about Tor, a suite of tools which protect anonymity online.
Rob points out that these techniques are fairly well known, but that people often don't use them. Security often takes second or third place to ease of use and communication. He thinks that training will fill the gaps too slowly. Rob argues that more widespread progress needs to happen through partnerships with the companies that could make Internet communications more secure.
Ellery reminds us that surveillance is a particular risk in places where people are still increasing their digital literacy. In those communities, great improvements could be made through public outreach and cultural changes in security practices.
A participant asks if we think that countersurveillance against the companies who watch us will help us create change? Jillian agrees. In the longer term, Rob says, we need better transparency laws and better protections for whistleblowers who leak that kind of information.
Jillian concludes by talking about a library she's making of security guides. She asks participants to send her security guides so she can share them and get them translated. You can find her on twitter at @jilliancyork.