How Much Surveillance Can Democracy Withstand?

The current level of general surveillance in society is incompatible with human rights. To recover our freedom and restore democracy, we must reduce surveillance to the point where it is possible for whistleblowers of all kinds to talk with journalists without being spotted. To do this reliably, we must reduce the surveillance capacity of the systems we use.

Using free/libre software, as I’ve advocated for 30 years, is the first step in taking control of our digital lives. We can’t trust non-free software; the NSA uses and even creates security weaknesses in non-free software so as to invade our own computers and routers. Free software gives us control of our own computers, but that won’t protect our privacy once we set foot on the internet.

Bipartisan legislation to “curtail the domestic surveillance powers” in the U.S. is being drawn up, but it relies on limiting the government’s use of our virtual dossiers. That won’t suffice to protect whistleblowers if “catching the whistleblower” is grounds for access sufficient to identify him or her. We need to go further.

Thanks to Edward Snowden’s disclosures, we know that the current level of general surveillance in society is incompatible with human rights. The repeated harassment and prosecution of dissidents, sources, and journalists provides confirmation. We need to reduce the level of general surveillance, but how far? Where exactly is the maximum tolerable level of surveillance, beyond which it becomes oppressive? That happens when surveillance interferes with the functioning of democracy: when whistleblowers (such as Snowden) are likely to be caught.

Don’t Agree We Need to Reduce Surveillance? Then Read This Section First

If whistleblowers don’t dare reveal crimes and lies, we lose the last shred of effective control over our government and institutions. That’s why surveillance that enables the state to find out who has talked with a reporter is too much surveillance — too much for democracy to endure.

An unnamed U.S. government official ominously told journalists in 2011 that the U.S. would not subpoena reporters because “We know who you’re talking to.” Sometimes journalists’ phone call records are subpoena’d to find this out, but Snowden has shown us that in effect they subpoena all the phone call records of everyone in the U.S., all the time.

Opposition and dissident activities need to keep secrets from states that are willing to play dirty tricks on them. The ACLU has demonstrated the U.S. government’s systematic practice of infiltrating peaceful dissident groups on the pretext that there might be terrorists among them. The point at which surveillance is too much is the point at which the state can find who spoke to a known journalist or a known dissident.

Information, Once Collected, Will Be Misused

When people recognize that the level of general surveillance is too high, the first response is to propose limits on access to the accumulated data. That sounds nice, but it won’t fix the problem, not even slightly, even supposing that the government obeys the rules. (The NSA has misled the FISA court, which said it was unable to effectively hold the NSA accountable.) Suspicion of a crime will be grounds for access, so once a whistleblower is accused of “espionage”, finding the “spy” will provide an excuse to access the accumulated material.

The state’s surveillance staff will misuse the data for personal reasons too. Some NSA agents used U.S. surveillance systems to track their lovers — past, present, or wished-for — in a practice called ”LoveINT.” The NSA says it has caught and punished this a few times; we don’t know how many other times it wasn’t caught. But these events shouldn’t surprise us, because police have long used their access to driver’s license records to track down someone attractive, a practice known as ”running a plate for a date.”

Surveillance data will always be used for other purposes, even if this is prohibited. Once the data has been accumulated and the state has the possibility of access to it, it may misuse that data in dreadful ways.

Total surveillance plus vague law provides an opening for a massive fishing expedition against any desired target. To make journalism and democracy safe, we must limit the accumulation of data that is easily accessible to the state.

Robust Protection for Privacy Must Be Technical

The Electronic Frontier Foundation and other organizations propose a set of legal principles designed to prevent the abuses of massive surveillance. These principles include, crucially, explicit legal protection for whistleblowers; as a consequence, they would be adequate for protecting democratic freedoms — if adopted completely and enforced without exception forever.

However, such legal protections are precarious: as recent history shows, they can be repealed (as in the FISA Amendments Act), suspended, or ignored.

Meanwhile, demagogues will cite the usual excuses as grounds for total surveillance; any terrorist attack, even one that kills just a handful of people, will give them an opportunity.

If limits on access to the data are set aside, it will be as if they had never existed: years worth of dossiers would suddenly become available for misuse by the state and its agents and, if collected by companies, for their private misuse as well. If, however, we stop the collection of dossiers on everyone, those dossiers won’t exist, and there will be no way to compile them retroactively. A new illiberal regime would have to implement surveillance afresh, and it would only collect data starting at that date. As for suspending or momentarily ignoring this law, the idea would hardly make sense.

We Must Design Every System for Privacy

If we don’t want a total surveillance society, we must consider surveillance a kind of social pollution, and limit the surveillance impact of each new digital system just as we limit the environmental impact of physical construction.

For example: “Smart” meters for electricity are touted for sending the power company moment-by-moment data about each customer’s electric usage, including how usage compares with users in general. This is implemented based on general surveillance, but does not require any surveillance. It would be easy for the power company to calculate the average usage in a residential neighborhood by dividing the total usage by the number of subscribers, and send that to the meters. Each customer’s meter could compare her usage, over any desired period of time, with the average usage pattern for that period. The same benefit, with no surveillance!

We need to design such privacy into all our digital systems.


Print this post

Do you like this post?

Add your reaction to this article