@gdonovan: #NSA director @ #hacker conference: “In this room is the talent our nation needs to secure cyberspace” #cyberdominance http://t.co/06RK9HZG

Competing Narratives: Internet Freedom, National Security and Social Reproduction

Evgeny Morozov has an excellent post at Foreign Policy that addresses the competing narratives emerging around WikiLeaks. Namely, WikiLeaks as an internet freedom issue vs WikiLeaks as a national security issue.

Discussing these narratives in the context of the pro-WikiLeaks DDoS attacks “organized” by Anonymous, Morozov touches on the same point I made yesterday:

I don’t think that their attacks are necessarily illegal or immoral . . . I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don’t criminalize all sit-ins, I don’t think we should aim at criminalizing all DDoS . . . The danger here is obviously that if the narrative suddenly becomes dominated by national security concerns, we can forget about DDoS as legitimate means of expression dissent — that possibility would be closed, as they would be criminalized. (emphasis added)

Morozov also discusses how the dominance of a national security narrative around this issue could rationalize more state-based surveillance of everyday cyberspatial behavior:

I seriously doubt that U.S. authorities would be able to effectively go after Anonymous, in part because there are too many people involved, they are scattered all over the globe, and attributing cyber-attacks to them would be impossible (and would surely require reading a lot of chat transcripts from IRC). The only other possible policy response at their disposal is to make it easier to trace such attacks in the future — most likely by empowering the likes of NSA/Cyber Command. I would imagine that after the current cyber-attacks on credit card companies — even if they didn’t cause much damage — this would enjoy bipartisan support in the United States. (emphasis added)

Two points worth adding to Morozov’s analysis:

  • It’s not only likely the U.S. will use this event to enact pro-surveillance policies that strengthen the role of the NSA/Cyber Command in everyday internet use, but virtually guaranteed (no pun intended). However, these security initiatives are never achieved through policy alone, social production is always necessary to normalize these policies and socialize a public into compliance (or at least attempt to). Since young people are among the most active internet participants and — let’s face it — will be using the internet much farther into the future than today’s adults, they will be a primary target. “Get ’em while they’re young” is a common phrase for a reason.
  • While the U.S. government has yet to arrest anyone affiliated with the recent DDoS attacks, the Netherlands’ recent arrest of a 16 year 0ld — for doing little more than encouraging people to ping servers via an IRC chatroom — is a sign of things to come and an example of this social production.  Based on how the U.S. has thus far framed “file-sharing” as “stealing music” and singled out certain youngsters for unjustified and disproportionate punishment, we have a glimpse of what’s around the corner. Watch WikiLeaks/Anonymous (the distinction is almost irrelevant in the public imagination) become the new internet predator, and online civil disobedience the new cyberbullying.

wiretapping – at&t’s new marketing strategy

I’ve been meaning to write about this for a while now, but what with article deadlines, ecycolpedia entries, the NUDA Summer School, and Euro-SSIG, I’m just now getting around to it. Back in June, at&t briefly flirted with simplify. organize. liberate?the idea of using the scandal surrounding their illegal wiretapping of U.S. citizens’ domestic and international communications as an actual marketing strategy. At the time I took screen shots and video of the campaign that was mockingly dubbed by at&t as “The Online Liberation Movement (sm).” Shortly after going live at&t pulled the entire campaign in light of public outrage.

“The Online Liberation Movement (sm),” with its “simplify. organize. liberate.” motto,  is a collection of fictitious individuals who seek cyber-liberation through at&t’s online billing system (of course). Most interesting is “Ms. Suspicious,” a member of the “movement” who is presented as a paranoid, privacy-obsessed and “suspicious” customer. Below is a video recording I made of the ad, note Ms. Suspicious’s “keep out!” post-it on her laptop and the poster behind her of Uncle Sam’s hand covering a man’s mouth above the words “SILENCE means security.”

So, why is Ms. Suspicious so damn… suspicious? It couldn’t have anything to do with at&t’s illegal partnership with the NSA to spy on Americans, their development of a mass surveillance programing language,  their recent censorship of Pearl Jam, or their anti-free speech “can’t-criticize-us” contracts that all their customers must abide by. Nope, Ms. Suspicious is just some freaky civil libertarian who needs to calm down and find liberation through at&t’s new online banking system…

congressional oversight

via secrecy news:

The Government Accountability Office maintains an office at the National Security Agency but it remains unused since no one in Congress has asked GAO to perform any oversight of the Agency, the head of GAO disclosed last week.

Despite multi-billion dollar acquisition failures at NSA and the Agency’s controversial, possibly illegal surveillance practices, Congress has declined to summon all of its oversight resources such as GAO to address such issues…

… “We still actually do have space at the NSA. We just don’t use it and the reason we don’t use it is we’re not getting any requests, you know. So I don’t want to have people sitting out there twiddling their thumbs,” Mr. Walker said.

global privacy standards

While browsing washingpost.com I came across this gem: “Google Calls for International Standards on Internet Privacy.” The article discusses Peter Fleischer’s (Google’s global privacy counsel) recent call for the development of international privacy standards. The article does a fairly good job at presenting the nuance of the privacy debate – summarizing Fleischer’s argument (that current “fragmentary international privacy laws” are burdensome to companies and harmful to citizens, thus a coherent set of minimum privacy standards should be established at a global level) while addressing Google’s mediocre privacy policies.

Discussing the recent Google/DoubleClick merger and fears that it will “aggregate too much consumer data in the hands of one company,” the article notes:

Google, under investigation for violating global privacy standards, is calling for international privacy standards,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a critic of the DoubleClick merger. “It’s somewhat like someone being caught for speeding saying there should be a public policy to regulate speeding.

Fleischer’s argument, in its entirety, can be found here. His point that data should be given the same consideration as other global flows in the informational age – namely copyrights, airplanes and pandemics – is certainly worth entertaining.

In today’s inter-connected world, no one country and no one national law by itself can address the global issues of copyright or airplane safety or influenza pandemics. It is time that the most globalised and transportable commodity in the world today, data, was given similar treatment.

Global standards which recognize the right to privacy as a basic human right in the informational age is certainly needed. Additionally, I would argue that the mass collection and aggregation of consumer data should be public record – whether assembled by the State or commerce, information on the public should be public information. Current standards at Google and Microsoft is to anonymize consumer data after 18 months. Once anoymized why not make these data sets public record?

In citing the APEC Privacy Framework, which “suggests that privacy legislation should be primarily aimed at preventing harm to individuals from the wrongful collection and misuse of their information,” Fleischer suggests that the “preventing harm” principle be applied to the proposed global privacy standards. But as the washingtonpost article points out, a focus on “preventing harm” is different than a focus on “privacy as a right.” Whereas a focus on “preventing harm” burdens consumers with the responsibility to prove they have been harmed, a focus on “privacy as a right” implies preventative policies that ensure a consumer or citizen’s right to privacy is not violated. How does a consumer prove they have been harmed let alone prove that their privacy has been violated?

I’m with Fliescher when he says:

Data is flowing across the Internet and across the globe. That’s the reality. The early initiatives to create global privacy standards have become more urgent and more necessary than ever. We must face the challenge together.

But looking at the recent NSA wiretapping fiasco which has allowed the illegal surveillance of innocent citizens, precisely because those spied on have no means to prove they were spied on, alarms me. We know telecommunication companies like at&t participated in government surveillance but because no consumer has yet to demonstrate harm – or even that they specifically were spied on – the surveillance program remains. In my opinion, any global privacy standard must – at a minimum -include the right to privacy.