Both the public and the information and communications technologies sectors need to be more vigilant than ever in protecting their data from hackers and the over-reach of state security organizations, said the lead counsel for National Security Agency whistleblower Edward Snowden.
Ben Wizner, director of the Speech, Privacy and Technology Project for the American Civil Liberties Union (ACLU), spoke February 9 at The State of Security event hosted by the Information and Communication Technologies Association of Manitoba (ICTAM) at the RBC Convention Centre Winnipeg. Snowden’s lawyer since July 2013, Wizner focused his talk on data and communications security — what it means both to the general public and to state-run surveillance organizations at a time when many nations are expressing more authoritarian tendencies.
What is the definition of security?
Speaking to an audience of more than 100, Wizner reflected on our often conflicting use of the word ‘security.’ For nearly 15 years, he has worked at the nexus of civil liberties and national security, litigating cases involving airport security policies, government watchlists, surveillance practices, targeted killing and torture.
“It’s a word we ask to do a lot of work in our language,” he said. “Of course there’s national security, which is about keeping us safe. To many, this is the primary function of our governments, even in free societies. This definition of security is, at best, an incomplete one. If security only or primarily meant safety from harm, then the most secure society we could create would look like a fortress, or, better yet, a prison where we could all sit safely in our fortified cells.”
Wizner argued a richer understanding of security has to include the notion of what it is we’re trying to protect.
“So sometimes, even in free societies like ours, we have to talk about security from our governments, and not just security by our governments,” he said.
Wizner pointed out how societies can work to preserve and defend their freedom as they face a range of challenges, foreign and domestic, posed by rapid technological change and a sense of creeping authoritarianism in some countries.
A discussion around data collection
“To me, the central insight of the Snowden revelations is that surveillance technologies have outpaced democratic controls,” Wizner said, adding that surveillance, thanks to location tracking via our devices, and data storage are now both trivially inexpensive.
“It’s often cheaper for governments to save and search than (it is to) selectively delete or to delete at all,” he said. “So, for the first time in human history, it’s now financially and technologically possible for governments to record and store nearly complete records of human lives — what you might call ‘comprehensive surveillance time machines’ — and of course they’re doing so.”
Wizner said it’s crucial we engage in robust public debate over data collection.
“These capabilities, I believe, represent a significant change in the dangers posed by government surveillance,” he told the audience. “In many of our societies, before the Snowden revelations and the debates of the last few years, the last significant debate about surveillance and democracy we had occurred in the 1970s when the Cold War-era abuses by our domestic security agencies came to light.”
Data security for individual citizens
Without larger-than-life characters like former FBI head J. Edgar Hoover and his ready-to-shame dossiers on everyone from senators to activists, Wizner worries citizens may not be taking government incursions into our data seriously enough.
“When the full scale of the FBI’s activities was exposed in the 1970s, we passed laws and we enacted policies to try to ensure abuses of this kind would never happen again,” Wizner said. “Those historical abuses are an important warning. But in my experience, they’re also kind of an obstacle. When the Snowden revelations began to appear in our newspapers, I think too many people shrugged their shoulders because they were expecting to read about abuses like those in the 1970s.”
Wizner said modern technology has liberated the security state from the kind of vulgar methods Hoover employed. “There’s no need to target your surveillance at dissidents when the system is collecting and storing records of everyone, which you can search later,” he said.
The NSA’s ‘collect-it-all’ approach to surveillance may be more subtle, but Wizner argued it’s just as dangerous to liberty. “Which senator or member of Congress wants to be the one who denied (the NSA) its budget or authority knowing they might be blamed for a future terrorist attack?” Wizner asked.
Wizner points to the responses to the terror attacks in Europe and the U.S. in recent years in which legislators throughout the Western world leapt at the chance to propose new surveillance and oppose limits on existing authorities. He emphasized the importance of strengthening future limits on unwarranted intrusion into our data and communications before more knee-jerk responses to crises raise the cry for back-door access to beat encryption.
Edward Snowden's early prediction
“When Edward Snowden first revealed himself as the source of the NSA revelations in June 2013, he said something that sounds eerily prescient in hindsight,” Wizner said. “He predicted in that first interview, and I’m quoting, ‘A new leader will be elected. He will find the switch, he’ll say because of the crisis, because of the dangers we face in the world, some new and unpredicted threat, we need more authority, we need more power and there will be nothing the people can do at that point to oppose it. It will be turn-key tyranny.’
“Snowden was worried a leader with authoritarian tendencies, perhaps emboldened by a public reaction to terrorist attacks, would turn the government’s colossal surveillance apparatus inward, against its own minorities or dissidents. (It’s) a nightmare scenario that seems a lot less paranoid today perhaps than it did in 2013.”
“Because of (Snowden’s) warnings, some of which we heeded, we’re actually better prepared for the current day,” Wizner said. “Our courts have set some limits on mass surveillance in the U.S. and our Congress for the first time since the 1970s has reined in rather than expanded the authority of intelligence agencies to conduct surveillance."
The golden age of surveillance?
Beyond democratic responses to domestic surveillance, Wizner said the response of tech companies and service providers is just as important as they work to close loopholes and strengthen encryption across their platforms.
“Technology companies learned that even as the U.S. government was knocking on their front door with court orders under programs like PRISM (the code name for the NSA program that collected communications from major U.S. Internet companies), it was breaking into their back doors to siphon off billions of communications,” Wizner said.
Wizner said it’s important for citizens and tech companies to take with a grain of salt security community claims that its surveillance channels are ‘going dark’ thanks to encryption. The ACLU lawyer argues they’re not working in the dark at all.
“Law enforcement authorities are operating in the golden age of surveillance,” Wizner said. “While technology may promise to secure the content of communications, it has at the same time made our lives more transparent than ever before. With little effort, police forces can determine a suspect’s exact location over a period of months, his every associate and every other digital fingerprint he leaves when interacting with technology, evidence that never existed before.”
Wizner said sophisticated criminals and terrorists already use a wide array of encryption technologies that don’t rely on intermediaries like Apple or Google. For the most sophisticated “bad actors,” investigators already must custom-tailor their responses. “The primary effect of preventing Apple and Google from offering their backdoor-proof encryption would only be to make everybody else less secure for no good reason,” he said.
The most important piece of security
Beyond fighting the government for the right to encrypt, Wizner said it’s high time those in the tech world present a clearer argument to the public about the importance of data security.
“We need to argue, in simple terms, that a secure information infrastructure is more important than one additional surveillance tool, even if that means that some criminals will escape capture,” Wizner said.
If this doesn’t resonate, Wizner said we all have to bear some responsibility. “We’re partly to blame because we’ve been part of the upside-down politics of terrorism and national security,” he said. “We, as voters and citizens, have repeatedly rewarded political leaders who inflate the threat of terrorism and we have marginalized and dismissed those who have tried to honestly contextualize it.”
Above all, Wizner said, it’s time we stepped back for a reality check. “News alert: We’re already pretty safe from terrorists,” he told the Winnipeg crowd. “You wouldn’t know it, but we live in the safest and most secure societies in the history of this planet. We should be wary of any kind of political rhetoric that leaves little room for other core values beyond safety and security.”
In this time of political upheaval, Wizner said it’s more important than ever we don’t take our democratic systems for granted. “We don’t all have to be Edward Snowden,” he said. “...but we all may need to do a little bit more than we’ve done until now.”
Sponsors of ICTAM’s State of Security event included Thompson Dorfman Sweatman LLP, the University of Winnipeg and Fortinet