Electronic Surveillance

Who is watching you?

In Reddit’s 2014 transparency report, buried in the tables of data, was a paragraph that specified that the site had “never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information.”. The following year, Reddit user 'sylf' noticed it was, curiously, absent. It was a sobering reminder to us that nothing, not even our memes and cat GIFs, were protected.

These ‘Warrant canary’ systems, like the extra paragraph present in Reddit’s transparency notice, notify users when a service provider has received a secret ‘national security letter’ requesting private user data. Named for the use of the brightly colored bird by coal miners to alert them to the presence of toxic gases in mine shafts, tech companies employ this crude method to work around the gag orders that often comes with said letters, preventing companies legally from speaking about the request. Upon receiving a letter request, the canary would be deleted, or ‘killed’, to alert users. Other companies that have also ‘killed’ their canaries since implementing them include Tumblr, Google, and Apple.

Most would be familiar with the Snowden scandal, when the intelligence agent exposed the existence of mass surveillance programs operating by intelligence agencies in Australia, New Zealand, Canada, the US and the UK. These programs, such as PRISM, run by the NSA, and TEMPORA, by GCHQ, empowered the bulk collection and analysis of phone records, emails, and web browsing data. Despite their supposed objective of investigating terrorism and criminal activity, these programs provided near unlimited access to sensitive private data, with limitations so generally worded as to be purposefully irrelevant. Snowden personally mentioned the ‘daily’ passing of nudes amongst the analysts as a ‘fringe benefits’ of working in the NSA’s program. In the wake of the scandal came calls for greater internet transparency and the curtailing of government authority in conducting surveillance.

And yet, 3 years later, the outcome of this discourse looks bleaker than ever. In the US, as highlighted by Reddit, the transparency movement has failed to deter intelligence agencies from secretively procuring sensitive private data without court approval, or notice to the users. It gets worse here in the UK, with the Investigative Powers Act 2016 receiving royal assent on the 26th of November last year. This Act codifies and streamlines existing surveillance laws and programs into law. These powers include the bugging of phones and computers, the legal obligation upon service providers to assist relevant authorities in bypassing encryption, recording by service providers of phone and internet logs for up to 12 months for use by law enforcement and other public agencies. So, rather than moving towards extinguishing existing illegal surveillance programs, lawmakers have, instead, moved to formally legalize them.

Without persistent public pressure, it seems an unfortunate reality that the outcry for a more secure private life has been mostly disregarded. I feel that there’s been an irreconcilable compromise to our rights to ‘privacy’ when authorities are empowered to rifle through our lives like binders on a shelf. One may only hope down the road that another expose like Snowden’s will result in more effective changes.

This Article was written by Samuel Goh Kean Hau (1st year, LLB Law), in conjunction with Dicta 2017. 

Ben Lin