Online governmental surveillance has become an internationally discussed topic after Snowden’s revelations in 2013 about the National Security Agency (NSA) mass surveillance in the United States. Some talk about an “after-Snowden" or a “Snowden effect" (Smith, 2016). But actually, only a small minority of the general public seems to worry about mass surveillance , and this has been seen to be true in different countries where surveillance has been implemented. Indeed, in the US, “average Americans have sacrificed online civil liberties for national security" (Stoycheff, 2017). Likewise, “British voters don’t mind mass surveillance" (Bennett, 2016); and 85% of French people are convinced that their security will improve with the adoption of the new counter-terrorism law allowing mass online surveillance (Cornevin, 2017). Therefore, a majority of the population “under watch" feels that they are sacrificing some of their freedoms temporarily to regain security.
The population is particularly willing to make sacrifices in the context of terrorist attacks. Indeed, there is a very direct link between these events and the adoption of new counter-terrorism measures as a reaction. Also, governments develop the idea of terrorism as being an existential threat to the population. This has been the case of American authorities, stating that terrorism is threatening the US and “mass surveillance is essential to fight it" (Stoycheff, 2017). This leads to securitization: the belief that exceptional measures are needed to respond to an existential threat to the values of society (Tréguer, 2016). After the Madrid bombings of 2004, the European Parliament shifted its stance to be more tolerant of mass surveillance. In the Declaration on Combating Terrorism (25 March 2004), it adopted the Passenger Name Record (PNR), allowing data collection of all passengers flying in and out the European Union to be shared with US authorities. Additionally, after the London bombings of 2005, the EU adopted Directive 2006/24/EC, allowing the retention of EU citizens’ data by service providers of electronic communication services and networks (Maras, 2012). Following the Paris attacks in 2015, the French government justified its Intelligence Act of 2016 with the context : indeed, “The French government [announced] a €425m (£326m) programme to combat terrorism, two weeks after a series of attacks left 20 dead" (Willsher 2015). This law legalized mass surveillance on mobile phones and internet, access to metadata, hacking and big data collection, on anyone who could potentially be a threat as opposed to people who have been proven to be one (Tréguer, 2016). Mass surveillance seems to be a necessity to a majority of the general public public as terrorism grows and reaches all countries : any means used to fight it are perceived as useful. Fear is therefore the cause of the “chilling effect" of the Snowden revelations (Tréguer, 2016).
In addition, in some places such as the United States, a majority of the population does not believe they are being watched. Indeed, they do not think authorities have any interest in looking at their data, and believe that only criminals should be concerned by online surveillance, using the “nothing to hide" argument (Smith, 2016). This distinction between “us" (the ordinary citizens) and “the others" (for example, terrorists) made in official discourse makes the general public feel they are not targeted by online surveillance, and that it only applies to “our" enemies (Maras, 2012).
Some observer see here an issue : the population believes they are making small temporary sacrifices that are necessary, but they are not aware that by doing so, they are often making much bigger sacrifices (Maras, 2012). Indeed, history has shown that liberties sacrificed temporarily are not easily regained and those sacrifices can even be incorporated into permanent legislation. In the UK, for instance, the Prevention of Terrorism Acts that was supposed to be temporary became a permanent statute in 1989 (Maras, 2012). Similarly, some French left-wing leaders accused the government of incorporating emergency state measures, meant to be extraordinary, into ordinary law in the recent counter-terrorism law (Hamon, Mamère & Romagnan 2017). This is what Stoycheff calls the “boiling frog syndrome" and describes it as : “the best way to boil a frog is to place it in cool water that is slowly heated so the frog is less sensitive to danger" (Stoycheff, 2017). Therefore, according to those authors and political leaders, governments manage to make the general public sacrifice many of their freedoms without realizing what process they are involved in, and hence, without giving their consent to it.
Although the majority of citizens seem not to raise opposition to cyber mass surveillance, or at least they tolerate it since they have “nothing to hide", this situation doesn’t necessarily mean that it has positive effects on them. Firstly, cyber mass surveillance is considered by many NGOs to go against the fundamental human right of privacy which states should be protecting. For example, in 2016, ten Human Rights groups, including Privacy International and the American Civil Liberties Union, asked to the European Court of Human Rights to discuss the legality of the Mass Surveillance programs, discovered through Edward Snowden’s revelations (Goodwin, 2016).
The second is an operational problem: mass surveillance is not effective as a counter terrorism strategy. As it is shown in the documentary The Maze, by the director Friedrich Moser, in fourteen of the major terrorist attacks in Europe and the United States from 2005 to 2017, there is a pattern that proves the inefficiency of cyber mass surveillance. In each attack, at least one of the attackers was know by the police and each perpetrator was part of a network and communicating through technology, leaving a digital footprint of radicalisation. However, the intelligence services couldn’t notice them, because of the overload of information, collected through mass surveillance programs (Moser, The Maze). Loss of Privacy with Cyber Surveillance
The Article 12 of the Universal Declaration of Human Rights states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks." Privacy is considered a universal human right and states are supposed to be in charge of its protection. However, with cyber mass surveillance, this human right is often at risk: while looking for terrorist and suspicious activities, States often collect huge quantities of data, while intruding on private communications. In August 2016, the FBI was found to use Stingrays (a device that collect data from cellphones calls by pretending to be a cellphone tower) in order to look for suspicious activities (Woolf, 2016).
Often, cyber mass surveillance is used as a security measure and as a tool of oppression. Below, we explore three cases in which cyber mass surveillance was abused around the world.
Turkey
According to the researcher Özgün E. Topak, in Turkey, “the AKP Party had experimented with the use of various surveillance techniques— including wiretapping, internet surveillance, and surveillance by informant/collaborator networks—to target those whom it perceived as threats to its rule." Following the declaration of the State of Emergency after the attempted coup d’Etat in July 2016, “emergency measures expanded the previously prevailing scope of surveillance to enable mass surveillance and criminalisation of the regime’s dissidents. They also allowed authorities to exercise unlimited discretionary powers to suspend fundamental rights and freedoms" (Topak, 2017). Furthermore the targets of these measures were “not only the suspected coup plotters but also dissidents, including Kurdish parliamentarians, oppositional journalists, and leftist academics." In this case, the Turkish State not only did not respect the right of privacy but it also did not respect freedom of expression and the press. In this case, mass surveillance was used as a tool of oppression.
France
France provides another example of use of cyber surveillance during a State of Emergency. After the Paris attacks in 2015, France adopted multiple cyber surveillance measures to track anyone that could be related to a possible terrorist without the need of approval from a judge (Willsher, 2015). These measures were based on profiling techniques that often targeted the French Muslim minority, but also political activists such as ecologists in the context of the COP21 (see movie Nothing to Hide). In this case the state was not only bypassing the privacy of the citizens but it was also actively discriminating.
Despite these issues, the State of Emergency, by definition, implies a temporary suspension of normal constitutional procedures, in order to regain control over a critical situation. However, what is not accepted by international law is when these measures are continued after the end of this temporary situation.
For this reason the new counter terrorism measure proposed by Emmanuel Macron’s government has been very debated (McQueen, 2017). Some of the State of Emergency measures such as “granting police the right to place individuals under house arrest without trial, raiding homes and meeting places without consulting a judge, and forbidding public gatherings" will become national laws . The cyber surveillance tools will then be used to profile any “public order" threat and they would be sufficient for the French Police to intervene.
Five Eyes
An example of cyber mass surveillance infringing on human rights during a non-State of Emergency is the Five Eyes Treaty between the United States, the United Kingdom, Australia, Canada and New Zealand. As Eliza Watt points out in her research, the bilateral treaties between the UK and the US as a part of the Five Eyes network does try to limit mass surveillance by requiring warrants only in the case of targeted citizens. However, for individuals who are not citizens of either state, this restriction does not apply. Through their surveillance measures (which include tapping of the fibre-optic underwater cables and direct access to the customer data from nine major internet firms), the UK and the US collect data of non UK/US citizens without a legal authorisation (Watt 2017).
As Myriam Dunn Cavelty points out, cybersecurity measures can result in what Jervis called a “security dilemma" (Jervis, 1978). This entails that the effort of one state to increase its security lowers the level of security of other states as well as the security of its own citizens (Cavelty, 2014).
Cyber Surveillance Is Not as Effective as promised by States
As previously mentioned, the infringement of human rights like privacy and freedom of expression is often justified by governments for ensuring security. In multiple occasions, different governments, including the ones of the UK and the US, claimed that cyber mass surveillance would allow them to anticipate and stop terrorist attacks. Even after Obama’s Freedom Act that ended the “ bulk collection of domestic phone data by the government", the NSA declared that the Act was an impediment to counterterrorism operations. Furthermore, the former director of the CIA, John Brennan, said that the attacks in Paris are a “wake-up call," and claimed that recent “policy and legal" actions “make our ability collectively, internationally, to find these terrorists much more challenging" (The New York Times Editorial Board 2015).
However, these claims that cyber mass surveillance is a necessary tool to fight terrorism have been proven wrong multiple times. One example is the Paris attacks themselves - the attackers were already under the surveillance of the French and Belgian Secret Services but the agencies did not know how to act after the information was collected. Furthermore, as it was reported by The New York Times, “indiscriminate bulk data sweeps have not been useful". In more than two years since the N.S.A. data collection programs became known to the public, the intelligence community has failed to show that the phone program has thwarted a terrorist attack. Yet for years “intelligence officials and members of Congress repeatedly misled the public by claiming that it was effective" (The New York Times Editorial Board 2015).
Encryption has been very present in recent debates about mass surveillance inside the free internet community, or “least authoritarians" as some of them call themselves, in their meetings such as the 2017 Internet Freedom Festival (IFF) and RightsCon last March (Vet 2017). It has also emerged in the general public’s concerns. In the United States for instance, it is another “impact of Snowden’s revelations" : “consumers have been pressuring communication platforms to encrypt their services" (Smith 2016). But as most of them do not want to change their habits, it seems like their demands aim more at getting encryption for already popular platforms like it happened for Gmail through the app Mailveloppe (Smith 2016). The reason encryption is so debated is that is has been threatened by a few governments in their fight against terrorism. As security measures change from country to country, so did the fight against cryptography.
In Turkey, for instance, after the failed military coup of 2016, 75.000 of Turkish citizens had been detained and forced to quit their jobs since they had downloaded the encrypted messaging app “ByLock" (Bowcott 2017). The government accused them of being affiliated with Fethullah Gülen, who is considered the orchestrator of the coup. However, a recent legal study, commissioned by opponents of the Turkish president, affirms that the arrest was illegal and a breach of human rights (Bowcott 2017).
The fight against encryption is also becoming popular among European Governments: Germany, France and the UK have been advocating for the ban of end-to-end encryptions. In August 2016, during a joint press conference in Paris, the French Interior Minister Bernard Cazeneuve and the German Interior Minister Thomas de Maizière “called for the European Commission to change the law to afford security agencies the ability to access encrypted data" (Lomas 2016).
The United Kingdom, where the Investigatory Powers Act was made law in 2016, is also trying to have access to the encrypted data and ban end-to-end encryption. In March 2017, after the Westminster attack, Amber Rudd, the UK Home Secretary affirmed that end-to-end encryption on messaging apps is “completely unacceptable" and stated that “there should be no place for terrorists to hide." Later in June, the Five Eyes (Australia, Canada, New Zealand, the United Kingdom, and the United States) met at a summit in Ottawa in order to bypass encryption. Among the topics, they discussed the possibility of having “backdoors" for the government’s intelligence services. This option, however, is not secure enough according to opponents to this option, that argue that, in fact, it would only “create new opportunities for criminals and cyber hackers, as in the case of the recent NHS attack" (Humans rights Watch 2017). Another way for the UK government to get around end-to-end encryption is by forcing tech firms to share the data collected. According to Alec Muffett, the technical advisor of the Open Rights Group, it would be hard for them to use the current legislation: “Eventually they will lose the battle because they will never (for instance) coerce the global open-source community to comply," he said (Hern 2017).
As the fight against encryption started, the fight for its protection also raised. At an international level, multiple NGOs (such as EFF, Privacy Now, and many others) are pressuring international institutions such as the United Nations in order to protect it. In June 2015, David Kaye, the UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, affirmed that “encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artists and others to exercise the rights to freedom of expression and opinion" (Rodriguez 2017).
Bennett, A. (2016). Actually, British voters don’t mind mass surveillance. The Telegraph. Retrieved from: http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/12179248/Actually-British-voters-dont-mind-mass-surveillance.html
Bowcott, O. (2017, September 11). Turks detained for using encrypted app 'had human rights breached'. Retrieved November 05, 2017, from: https://www.theguardian.com/world/2017/sep/11/turks-detained-encrypted-bylock-messaging-app-human-rights-breached
Cavelty, M. D. (2014). Breaking the Cyber-Security Dilemma: Aligning Security Needs and Removing Vulnerabilities. Science and Engineering Ethics, 20(3), 701-715. Retrieved from: https://www.ncbi.nlm.nih.gov/pubmed/24781874
Cornevin, C. (2017). 57% des Français sont favorables au projet de loi antiterroriste. Le Figaro. Retrieved from: http://www.lefigaro.fr/actualite-france/2017/09/26/01016-20170926ARTFIG00258-57-des-francais-sont-favorables-au-projet-de-loi-antiterroriste.php
Editorial Board. (2015, November 17). Opinion | Mass Surveillance Isn't the Answer to Fighting Terrorism. Retrieved October 22, 2017, from: https://www.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.html
Ferenstein, G. (2013). Public supports NSA spying on their email, neighbours and foreign leaders. Tech Crunch. Retrieved from : https://techcrunch.com/2013/11/05/poll-public-supports-nsa-spying-on-their-email-neighbors-and-foreign-leaders/
Greenberg, K. J. (2016). Counter-radicalization via the Internet. SAGE journals. Retrieved from: http://journals.sagepub.com/doi/abs/10.1177/0002716216672635?journalCode=anna
Goodwin, B. (2016, September 29). NGOs challenge UK and US mass surveillance in human rights court. Retrieved November 07, 2017, from: http://www.computerweekly.com/news/=450400044/NGOs-challenge-UK-and-US-mass-surveillance-in-human-rights-court
Hamon, B, Mamère, N, Romagnan, B. (2017). Contre la loi de sécurité intérieure. Libération. Retrieved from: http://www.liberation.fr/debats/2017/09/28/contre-la-loi-de-securite-interieure_1599615
Hern, A. (2017, March 29). UK government can force encryption removal, but fears losing, experts say. Retrieved November 05, 2017, from: https://www.theguardian.com/technology/2017/mar/29/uk-government-encryption-whatsapp-investigatory-powers-act
Humans Rights Watch, Perils of Back Door Encryption Mandates. (2017, June 26). Retrieved November 05, 2017, from: https://www.hrw.org/news/2017/06/26/perils-back-door-encryption-mandates
Lomas, N. (2016, August 24). Encryption under fire in Europe as France and Germany call for decrypt law. Retrieved November 05, 2017, from: https://techcrunch.com/2016/08/24/encryption-under-fire-in-europe-as-france-and-germany-call-for-decrypt-law/
Maras, M-H. (2012). The social consequences of a mass surveillance measure: What happens when we become the 'others'?. International Journal of Law, Crime and Justice, 65-80. Retrieved from: http://www.sciencedirect.com/science/journal/17560616/40/2?sdc=1
McQueen, University of Stirling. (2017, October 20). Inside Emmanuel Macron's draconian anti-terrorism law. Retrieved October 22, 2017, from: https://theconversation.com/inside-emmanuel-macrons-draconian-anti-terrorism-law-83834
Moser, F. (Producer & Director). The Maze [Motion Picture]. Austria.
Rodriguez, K. (2015, June 17). Strong Encryption and Anonymity Are The Guardians Of Free Expression. Retrieved November 05, 2017, from: https://www.eff.org/deeplinks/2015/06/strong-encryption-and-anonymity-are-guardians-free-expression
Smith, C. (2016). The Snowden effect: Three years after Edward Snowden’s mass-surveillance leaks, does the public care how they are watched?. SAGE journals. Retrieved from: http://journals.sagepub.com/doi/abs/10.1177/0306422016670343
Stoycheff, E., Wibowo, K. A., Liu J., & Xu K. (2017). Online Surveillance’s Effect on Support for Other Extraordinary Measures to Prevent Terrorism. Mass Communication and Society, 1-16. Retrieved from: http://dx.doi.org/10.1080/15205436.2017.1350278
Topak, Özgün E. 2017. The Making of a Totalitarian Surveillance Machine: Surveillance in Turkey Under AKP Rule. Surveillance & Society 15(3/4): 535-542. Retrieved from: https://ojs.library.queensu.ca/index.php/surveillance-and-society/article/view/6614
Tréguer, F. (2017). Intelligence Reform and the Snowden Paradox: The Case of France. Media and Communication, 5(1). Retrieved from: https://www.wethenet.eu/wp-content/uploads/Tr%C3%A9guer-Intelligence-Reform-and-the-Snowden-Paradox-final.pdf
Watt, E. (2017). ‘The right to privacy and the future of mass surveillance’. The International Journal of Human Rights , 21(7). Retrieved from: http://www.tandfonline.com/doi/abs/10.1080/13642987.2017.1298091
Willsher, K. (2015, July 24). France approves 'Big Brother' surveillance powers despite UN concern. Retrieved October 22, 2017, from: https://www.theguardian.com/world/2015/jul/24/france-big-brother-surveillance-powers
Woolf, N. (2016, August 26). Stingray documents offer rare insight into police and FBI surveillance. Retrieved October 22, 2017, from: https://www.theguardian.com/us-news/2016/aug/26/stingray-oakland-police-fbi-surveillance
Willsher, K. (2015, January 21). France boosts anti-terror measures in wake of Paris attacks. The Guardian. Retrieved from: https://www.theguardian.com/world/2015/jan/21/france-anti-terror-measures-paris-attacks-manuel-valls