Aleksander Wiatrowski Doctorand, University of Lapland Less Privacy, More Security?
1.PRISM and Tempora 2.Privacy 3.Xkeyscore 4.’Useful’ companies 5.Results and possible consequences 6.Conclusion Less Privacy, More Security? – PRISM
Prism (US) and Tempora (British) are both clandestine mass electronic surveillance data mining programs, Both classified and secret untill revealed by E. Snowden, Both are part of government sponsored mass surveillance programs, British spy agency collects and stores vast quantities of global messages, Facebook posts, internet histories and calls, and shares them with NSA according to E. Snowden, US NSA stores massive information with examples including , video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details, British Government Communications Headquarters (GCHQ) had probes attached to more than 200 internet links, each probe carried 10 gigabits of data a second, Both have centralized mass databanks, Data in PRISM is maintained for Archived system audit logs and backup data is stored for a minimum of two (2) years. PRISM and Tempora Less Privacy, More Security? – PRISM
Privacy is at the very soul of being human. Legal rights to privacy appeared 2000 years ago in Jewish laws. Privacy is the right to autonomy, and it includes the right to be let alone. It includes the right to control information about ourselves, including the right to limit access to that information. Most important, the right to privacy means the right to enjoy solitude, intimacy, and anonymity. Privacy as a Fundamental Human Right Less Privacy, More Security? – PRISM
Privacy is the right to control who knows what about you, and under what conditions. The right to share different things with your family, your friends and your colleagues. The right to know that your personal s, medical records and bank details are safe and secure. Privacy is essential to human dignity and autonomy in all societies. The right to privacy is a qualified fundamental human right - meaning that if someone wants to take it away from you, they need to have a damn good reason for doing so. Privacy Less Privacy, More Security? – PRISM
Out of choice, Matter of convenience, Lack of legislation or lack of respect for existing rules. Loosing Privacy Less Privacy, More Security? – PRISM
National level: constitutions and national privacy laws. International level: Treaties of Rome and Strasbourg by European Council and the Treaty on Civil Rights and Political Rights by United nations. Universal Declaration of Human Rights from 1948, Article 12: Legal framework for Privacy Protection Less Privacy, More Security? – PRISM No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
OECD and European Commision 8 priciples formulated in 1980: use limitation principle 1)The use limitation principle: the smallest possible amount of personal data should be gathered and used for the purpose given, principle of purpose specification 2)The principle of purpose specification: only personal data for strictly specified purposes should be collected and processed, 3)Quality 3)Quality: the personal data must be correct, complete and up to date. Furthermore they have to be well protected by means of security, principle of transparency or opennes 4)The principle of transparency or opennes: the people involved have the right to know what personal data are collected, to what purpose, who has access to these data, what will happen to these data when they are passed on to others, and to whom they are passed on. Legal framework for Privacy Protection (2) Less Privacy, More Security? – PRISM
US: no general privacy law (nothing in Constitution), as well as no legislation following OECD & EC principles. On the other hand, huge number of privacy-related acts.EU: The Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data (Data Protection Directive, 1995) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) US and EU legislation "Dominance" in abuses of dominant companies
American Civil Liberties Union: The ACLU is nation's guardian of liberty, working daily in courts, legislatures and communities to defend and preserve the individual rights and liberties that the Constitution and laws of the United States guarantee everyone in this country. Right to privacy - freedom from unwarranted government intrusion into personal and private affairs. ACLU Less Privacy, More Security? – PRISM
In the wake of 9/11, mass surveillance has become one of the U.S. government’s principal strategies for protecting national security. Over the past decade, the government has asserted sweeping power to conduct dragnet collection and analysis of innocent Americans’ telephone calls and s, web browsing records, financial records, credit reports, and library records. The government has also asserted expansive authority to monitor Americans’ peaceful political and religious activities. ACLU Less Privacy, More Security? – PRISM
“They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” Less Privacy, More Security? – PRISM Benjamin Franklin, shortly before February 17, 1775 as part of his notes for a proposition at the Pennsylvania Assembly Better known paraphrased: “ Any society that would give up a little liberty to gain a little security will deserve neither and lose both.”
“You can’t have 100-percent security and also have 100-percent privacy and zero inconvenience. We’re going to have to make some choices as a society.” Less Privacy, More Security? – PRISM Part of US President’s Barack Obama statement to reporters on the Affordable Care Act at Fairmont Hotel in San Jose, California, on June 7, 2013.
“But we don't have 100% security, so can we have our privacy back?” Less Privacy, More Security? – PRISM Anonymous user ,
Less Privacy, More Security? – PRISM
“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program is about. (…) What the intelligence community is doing is looking at phone numbers, and durations of calls; they are not looking at people’s names and they’re not looking at content. (…) If the intelligence committee actually wants to listen to a phone call they have to go back to a federal judge, just like they would in a criminal investigation.” Less Privacy, More Security? – PRISM
Revealed on July Formerly secret computer system used by the United States National Security Agency for searching and analyzing Internet data about foreign nationals across the world. The program is run jointly with other agencies including Australia's Defence Signals Directorate, and New Zealand's Government Communications Security Bureau. There is a claim that even low-level analysts are allowed to search the private s and phone calls. Xkeyscore Less Privacy, More Security? – PRISM
The Guardian's Glenn Greenwald revealed that is is possible to “listen to whatever s they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst.” abcnews.go.com The NSA sums up the program best: XKeyscore is its "widest reaching" system for developing intelligence from the Internet. The program gives analysts the ability to search through the entire database of your information without any prior authorization — no warrant, no court clearance, no signature on a dotted line. An analyst must simply complete a simple onscreen form, and seconds later, your online history is no longer private. The agency claims that XKeyscore covers "nearly everything a typical user does on the Internet.„ cnn.com Xkeyscore (2) Less Privacy, More Security? – PRISM
Dominant IT Companies’ Role Less Privacy, More Security? – PRISM
Dominant IT Companies involvement Less Privacy, More Security? – PRISM
Microsoft: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” Facebook: “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.” Google: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data,” Apple: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.” Google, Apple and Facebook Outright Deny They’re Helping the NSA Mine Data Less Privacy, More Security? – PRISM
Burying down both security and privacy, Giving green light to Dominant IT Companies, Opening new dangerous paths, Diminishing the significance of data protection legislation, Bigger Dominant IT Companies’ role (?), Loosing trust. Results and possible consequences Less Privacy, More Security? – PRISM
ECHELON Schengen Information System INDECT Golden Shield Project Public Information Network Security Monitoring Bureau Frenchelon NATGRID Centralized Monitoring System (CMS) DRDO NETRA SORM Titan traffic database Onyx Interception Modernisation Programme Tempora UK National DNA Database (NDNAD) Impact Nominal Index Nationwide Suspicious Activity Reporting Initiative PRISM X-Keyscore Fairview DCSNet Main Core NSA call database Intelligence Community (IC) Financial Crimes Enforcement Network Terrorist Finance Tracking Program Tailored Access Operations Boundless Informant Special Collection Service (SCS) Stellar Wind Stuxnet GhostNet ”The Soviet Union, East Germany, and other totalitarian states rarely respected the rights of individuals, and this included the right to privacy. Those societies were permeated by informants, telephones were assumed to be tapped and hotel rooms to be bugged: life was defined by police surveillance. Democratic societies are supposed to function differently.” W. Diffie, S. Landau, PRIVACY ON THE LINE, MIT 2007, p. 143.
Less Privacy, More Security? – PRISM