When your watch talks to your phone and the National Security Agency (NSA) can listen in, it becomes almost impossible to “meaningfully opt out of surveillance,” according to Sasha Meinrath, the founder of the X-lab and a leader in digital privacy, during a panel discussion on privacy and security on May 7 in Beirut, Lebanon.
Meinrath was joined on stage by Mohamad Najem, the co-founder of Social Media Exchange, Kevin Collier, the senior politics writer at the Daily Dot, and Reem Almasri, a researcher and writer for the Jordan-based 7iber Dot Com.
Kelli Arena, the Executive Director for the Global Center for Journalism and Democracy (GCJD) moderated the event as part of the ten year anniversary celebration for the Samir Kassir Foundation. The Skeyes Center for Media and Cultural Freedom partnered with GCJD to host the event.
The discussion quickly moved from the general idea of the Internet of Things to technology people can use to maintain their privacy. As a case in point, Mohamad Najem discussed the state of privacy laws in Lebanon. According to Najem, Lebanon does actually have several laws in place to protect the privacy of the Lebanese people, yet in practice, there are serious flaws, and many reported cases of the government essentially breaking its own laws when it comes to surveillance practices.
Almasri indicated the situation was similar in Jordan- there were laws in place, but in many cases the government was exempt from actually having to follow those laws. All the panelists agreed that a free media is essential to safeguard citizens from these practices.
In Jordan, Almasri explained, surveillance has gone even further- online monitoring has actually led to military court trials, and people are serving prison sentences for things they have posted online.
Collier added that in some ways, the same was true in the United States. He used the example of Facebook: if law enforcement officials offer Facebook a compelling warrant, the company will hand over your information, which can include where you have been, conversations, contacts, and much more. Collier also stated that Google accounts are extremely useful to law enforcement, since Google apps (even your email if it’s used on a non-Android device) track all your movements.
Again and again, each of the panelists stated that encryption of online conversations that need to be kept private was crucial. In specific, Cryptocat, an app that encrypts online conversation was suggested as a secure way to keep sensitive conversations private.
Meinrath, who is engaged on a daily basis with policy makers in the US on digital privacy issues, argued that the number one problem facing technology development and the cyber laws regulating it is ignorance. He felt strongly that there was not maleficent intent in the majority of the new cyber security laws being proposed- only gross misunderstanding of the deeper issues at hand. Additionally, many of the experts US policy makers are turning to are organizations like the NSA, which have a vested interest in being able to collect as much data as possible on people.
Since this is a global conversation, Najem was quick to point out that the US is a leader in privacy discussions, so when Edward Snowden leaked the NSA documents and forced the US to take a closer look at its own practices, it ended up being a positive move for the rest of the world.
When Arena asked the panelists if there is a difference between corporations collecting consumer data to provide targeted marketing and government-sponsored data collection, the panelists were not convinced that a distinction could, or should, be made. Almasri even pointed out that reports have indicated the NSA is one of the biggest customers for the big corporate data collection agencies, so corporate data collection can easily end up in the hands of the government anyway.
Meinrath pointed to a current law before the US Congress, called the USA Freedom Act, which has been at once heralded as the tool to reign in the NSA, and a pathetic attempt at securing our privacy rights, as a case in point that no one quite seems to know what to do about cyber surveillance. Meinrath even went on to suggest that there are provisions in the act that allows private companies to receive financial incentives for handing over data to the government, and more alarmingly, to receive legal immunity if their collections break the law.
Collier added to that idea by saying there is very little movement in the US to curb data collection, and no real outcry from the population to push for more oversight. Additionally, Meinrath added that in the general realm of international policy, spying is disallowed, but that excludes ideas of cyber surveillance.
When asked about the idea that only those who are performing illegal activities would be opposed to surveillance, Almasri turned to the audience for the answer, asking, “Who in this room doesn’t have anything to hide?” When no one in the audience raised their hand, she continued on to point out that even if an individual is not committing a crime, it is their right to keep certain things out of the public view. She added that conventional knowledge in Jordan allows that there is always a third person listening to conversations, and that citizens will often jokingly address the “eavesdroppers” when they are saying something that might get them in trouble.
When asked how the current security situation in the region (including interactions with ISIS), Reem felt strongly that activism is generally setback during times of conflict, and that people will give up privacy to maintain security.
Mohamad Najem took this thought process a few steps further as he described activists in the Arab world using self-censorship to avoid persecution. He added that there have been more than 13 cybercrime laws drafted in the region in the past year, yet there are no civil society groups, experts, or watchdogs to monitor the development of these laws. Collier added that in general, there is very little regulation globally on data collection, and that the European Union is one of the only governmental bodies that has even attempted to regulate data collection (with minimal success).
Furthermore, Collier added that there is no tool to tell you how much of your data is subject to surveillance, and Almasri added that apps we use every day, like Facebook, should be able to tell users how their data is being used.
But while there appears to be a lack in technology to track data usage, the technology used to collect and analyze it is incredibly sophisticated. Almasri used the well-known example of the father who went to a Target store manager, angry his teen daughter had been receiving ads targeted to expecting mothers. He had to return to the store manager with an apology after his daughter confessed that she was indeed pregnant. The algorithms used to mine data are incredibly sophisticated, and growing more so by the day. Reem also mentioned a current case in the US Supreme Court against Google- they are accused of spying on teens’ email accounts and profiling them without their consent.
To further delve into the complicated issue of balancing technological advances with security concerns, the discussion turned to biometric identification. Najem used the example of the Lebanese plan to integrate a biometric passport system and argued that while in theory, this seems like a fail proof way to identify citizens, there are already grave security concerns. He alleged that the NSA has in fact already hacked the private company that is developing the biometric software, and could possible already have backdoor access to any information the company processes.
Collier agreed that biometric authentication could be a good move, but insisted that “anything is hackable,” leaving doubts to the safety of our information anywhere in the digital environment. Meinrath added to that by saying, “biometrics are a great username and a terrible password.” By this, he meant that we cannot change our biometric signatures, so if it is hacked, there will be almost no way to recover your identity. He cautioned that biometrics needed to be used with caution, and with additional layers of security.
From technology, the conversation again moved to concepts of censorship, and how the governments around the globe are trying to censor their citizens in the online environment. Collier insisted that it is only in rare cases that a government will actually admit to outright censorship. In most cases they will blanket accusations in other crimes. And in fact, the broadly written cybercrime laws around the globe often leave government wide berth to prosecute anyone using a computer if the government thinks they are a threat. In Lebanon, for example, Najem pointed out that more than 50 websites have been blocked, yet not on every server, and not in all areas. The censorship in Lebanon in particular seems to be more personalized, rather than policy, according the Najem.
In regards to government interference or oversight with privacy concerns, Almasri insisted the call is not for governments to be out of the picture, but rather to allow for transparency so that citizens know what data is being collected and how it is being used. Najem agreed, stating that surveillance did not need to be stopped entirely- “but it should be proportionate and necessary.”
An audience member asked the panelists whether it is possible for entities like the NSA to farm out data collection to other countries, and Meinrath responded by saying that it was already happening- and referred back to Almasri’s earlier comments that the NSA was sharing information with the governments of Jordan and Egypt.
Almasri again pointed towards the need to have an engaged and informed citizenry in order to monitor the laws that are being drafted regarding their privacy.
When the panel was asked to offer one piece of advice to the audience on how to keep their information private online, the unanimous answer was encryption. Almasri and Collier disagreed as to whether everything should be encrypted, or only sensitive information, and Najem added that changing passwords, in addition to encryption, was key to staying safe. Meinrath encouraged the audience to look at the tools offered by the Electronic Frontier Foundation (EFF) to see how they can make themselves safer online. He added that keeping information secure is not only beneficial to the individual, but also to the community they operate in.
Ayman Mhanna, the Director of the Skeyes Center, asked the panelists if we, as a society, are now being “trapped in a world where we cannot escape data collection.” He used the example of insurance companies giving customers discounts to install driving monitors in their vehicles. Meinrath’s simple answer was, “yes.” He added that governments have to be enlightened and responsible to help their citizens avoid these traps. Almasri disagreed though, and again stated that it was the citizen’s responsibility to demand information on how their data is being used. Najem added to this by saying that laws will never catch up to technology, so discussions about this must continue as social norms change and new laws are drafted. He continued by posing the question of, “what is the definition of cybercrime,” and argued that there is a lack of clear definitions that allows those in power to exercise subjective judgement over what they will prosecute and what they will not. Almasri agreed by saying “we need to understand how privacy and information laws translate to daily life.”
When the idea of “informed consent” was brought up, Meinrath argued that it was impossible to really give informed consent in an online environment because “there is no way to really know what you are consenting to.” He continued on though, by saying that technology (specifically apps for smart phones) is available that allows users to limit the information that is being shared, and that users need to be more aware of these available protections.
The final question from the audience asked the panelists what kind of surveillance was being done on journalists. The panelists all agreed that journalists, as a population, are being surveilled more aggressively than many other populations, and the documents Snowden released showed the NSA is actively surveilling journalists both in the US and abroad.
In the end, Arena stated that it was up to the younger generations to keep the governments accountable, to press for transparency, and to keep questioning the policy makers. The panelists agreed that this conversation must be ongoing in order to better serve the global citizenry.
GCJD IN THE NEWS
Global Center for Journalism and Democracy
Dan Rather Communications Building, Room 201, Huntsville, TX 77340
Phone: (936) 294-4399