The challenge of cybersecurity lies in protecting people without entering their private space or making ‘national security’ an excuse to trample on their freedoms
L'affaire Snowden is the story of three governments. The first is one that claims to protect its own citizens while snooping on everybody else; the second is a government that claims to value personal freedoms above all but actively colludes with the first to violate its citizens’ freedoms and then cover up its footprints. The third is a government that simply does not seem to care about its words or the consequences they bear.
Edward Snowden’s revelations point to certain checks and balances being observed — if only on paper — by the United States government in the surveillance of its citizens. No such checks were applied to foreigners, be they in America or their respective countries. Data-mining is a complex interdisciplinary operation that involves computers looking at vast amounts of information and finding what are euphemistically referred to as “points of interest.” In the marketing industry, data-mining would help businesses target you for the sale of specific products that you might be interested in. In security, this becomes the basis for a warrant to allow a human to start scanning your personal correspondence — if you are a U.S. citizen. If you fall into the non-U.S. citizen category, no warrants are required.
What is pertinent here is how far America has strayed from its founding principles of personal freedom and political liberty. It seems the pendulum has swung so far that the debate is no longer about whether the government should have any right to monitor citizens but rather about what the standards and procedures for extraordinarily intrusive surveillance should be. Nowhere is this better reflected than in the curious volte face of Harvard law professor Alan Dershowitz on the subject. Once termed “the nation’s most peripatetic civil liberties lawyer,” post-9/11, Mr. Dershowitz was actively advocating torture, including of methods like shoving a sterilised needle under suspects’ fingernails. The debate in the public sphere has become so securitised that ‘national security’ is now a ticket to trample on every right and freedom the U.S. once held sacred. If former President George W. Bush Jr. jeopardised individual liberty with the Patriot Act, President Barack Obama has bestowed on his government the right to be a virtual presence in the lives and bedrooms of billions of people around the world, without care, remorse or even an explanation.
Another disappointment — probably indicative of this societal shift in America on the subject of privacy — is the stand of the American press on the issue. Far from Snowden’s revelations igniting a debate on privacy versus security, the media seems to have bought the security narrative lock, stock and barrel. Evidently, the developments of 1971, when Daniel Ellsberg was feted as a hero of liberty by the U.S. media for his leaks of ‘Vietnam Lies’, forcing a policy reversal on the part of the U.S. government, have been long forgotten. Every U.S. media outlet has gone to great lengths to explain the legality and due process of the PRISM spying apparatus and has almost uniformly shown Snowden in a poor light. The inescapable conclusion is that the U.S. media is probably the most socialised, managed and supine media in existence today — buying into the government’s security narrative instead of challenging it.
The United Kingdom and Europe, on the other hand, have a vibrant media which, for better or worse, challenges both ideas and authority on a daily basis. Since the Snowden leaks were made public, the German and British media in particular have mercilessly pilloried their governments for their subservience to America and their collaboration in the blatantly illegal surveillance of European Union citizens. Their attacks have been so sharp that British Foreign Secretary William Hague had to address criticism in Parliament within hours of the first revelations. Further revelations have since put him on the back foot. The ever idealistic ‘Eurocracy’ has tapped into the public outrage and labelled U.S. surveillance as equivalent to an act by an enemy government.
Governments, though, cannot be run on idealism. It was for this reason that the EU released its cyber security doctrine earlier this year. It repeatedly referred to the EU’s core values of freedom of expression and privacy. The document is ostensibly developed around these “core values.” But this is a vacuous claim, because even as this document was being released, EU countries were actively prying into the private lives of their citizens. Unlike the U.S. government which protected its own citizens by some form of due process, European governments allowed their own citizens’ privacy, enshrined in EU and national law, to be blatantly violated. It is however precisely because of a vigilant and free press that European governments are now trying everything they can to cover up their illegal actions, failing which most European leaders would probably be facing jail sentences and premature retirement.
The last story — and possibly the saddest — is that of India. A few weeks ago, India released its National Cybersecurity Doctrine which merely paid lip service to privacy. Hardly a week later, CCTV footage from the Delhi metro of couples getting intimate were found on a pornographic website. The episode summarises India’s callous approach to its citizens’ privacy — not caring about privacy, on the one hand, and the complete lack of enforcement, on the other. India ostensibly already has a privacy regime that is clubbed with the outsourcing bill, not to protect Indians but to keep the outsourcing industry competitive by guaranteeing protection to foreigners. Theoretically, another standalone privacy bill is on the anvil. However as the Delhi CCTV footage incident shows, enforcement is non-existent, as is the security of gathered data. The implications for internal security here are grave. After all, if voyeurs can get their hands on CCTV footage of public installations for a fee, imagine what kind of secrets terrorists could pry out.
This episode tells another story too; one of public apathy and voyeuristic delight, on the one hand, and lack of government sensitivity, on the other. Why haven’t heads rolled at Delhi Metro? Who has been apprehended for leaking surveillance footage? Which minister ought to resign for this incompetence and negligence? The government has been blasé about the entire Snowden episode as well. Foreign Minister Salman Khurshid played down reports on U.S. surveillance on Indian citizens, calling it “cyber-scrutiny,” while other members of the government chirped in nonchalantly that “we have similar systems in place.” It is frightening to imagine India with U.S. or EU level surveillance capabilities without having either constitutional or procedural capacities to ensure that individuals and society are not harmed.
All is fair
Indeed, our checks and balances against the violation of privacy have failed miserably. The Supreme Court has claimed there was nothing it could do about entities like Google and Yahoo which were implicit in PRISM on the grounds of their lack of local agency. This is a tendentious argument, given that Google has enough ‘local agency’ to send advertising fliers to every business marked on Google maps in India, and advertise on Delhi FM radio channels. The press for its part seldom lets the laws or privacy come in the way of a good story. The competitive impulse to dominate ‘media space’ prevents the separation of true investigative reporting from actions that would intrude and tarnish people by disclosing private details and running media trial(s). Everything and everybody is now fair game in a hyper-‘mediated’ India.
As India evolves its cyber-fibre, it has many lessons to absorb. On the one hand, enforcement is a sine qua non of any law. On the other hand, the government needs to realise that cyberspace is not your normal run-of-the-mill state highway that state agencies can regulate, patrol and police. The cyber-highway runs through our bedrooms and living rooms. The challenge of cybersecurity and governance is how to protect people in their bedrooms and in the conduct of their private lives, without having to enter their private space. This remains the ‘holy grail’ no one seeks, or wants, to discover.