Professional Documents
Culture Documents
By Nick Ashton-Hart
The Internet we depend upon will suffer irreversible damage - along with our
societies and economies - if we dont
The public discussion of surveillance one year on from the Snowden revelations remains a search for the
biggest sinner. New stories outing countries and companies are great transparency and essential for
healthy societies but they have a side effect that isnt so benign: they create an evergreen source of new
justifications for security services to demand more money for a surveillance and counter-surveillance
arms race.
While it now seems the US may accept further limits on how its security services can treat their own
people, other countries are increasing, not reducing, their capacity to surveil online. None are likely to
agree meaningful protection for non-citizens as that is the political equivalent of unilateral disarmament.
We need a paradigm shift away from a world where everyone is fair game for unlimited surveillance by
every country except (perhaps) our own.1 That requires very powerful interests to give up power they
have which wont happen unless they get something they need more in exchange. A look at the
landscape should give us some cause for hope:
1. Security services must have access to the communications of those who are a real danger, yet that
access is rapidly being curtailed by widespread implementation of encryption. Users both commercial
and individual are demanding companies secure their data and the services are responding2: meanwhile
standards bodies are aggressively working to build privacy by design into key elements of the Internet.
Both will make it increasingly difficult for security services to get access to data - something they have
long feared.3
2. The private sector and the open source community will outspend, and outcode, even the largest security
services to restore users trust and protect trade secrets. There are simply too many of us and we have
vastly greater resources4.
3. There is a genuine law enforcement need for information - and collaboration - that is a step change from
the analogue era. Just as they do for the rest of us, networked technology makes it easier for criminals
to collaborate across national boundaries in real-time. Tackling this requires faster access to information
across jurisdictions to arrest suspects before they can get away or commit an attack (in the case of
1 I addressed this paradigm problem last November in We Have a Paradigm for Surveillance That's
Broken, Fit Only for the Analogue Past
2 For example, Google recently released a safer email transparency report; it shows a very significant
increase in the last year of the percentage of email that is encrypted during transit between its email
servers and those of others; this makes third party attempts to capture readable email in transit
extremely difficult and expensive at a minimum.
3 The US Attorney-General Janet Renos 1999 testimony to the US Congress in July makes this very
clear.
4 The NSA Black Budget for 2013 released in the Snowden cache shows overall spending of US$11
billion per year (a quarter of the total) to defeat adversarial cryptography and exploit Internet traffic.
Meanwhile, security spending in 2013 by the private sector is estimated at US$6.8 billion, expected to
increase ten-fold to US$680 billion - nearly the equivalent of the US defence budget - over the next
decade.
terrorism), and to stop criminals country hopping to evade law enforcement. We all have an interest in
ensuring legitimate access for these purposes, but if the non-governmental world cant trust law
enforcement agencies (LEAs) because they piggy-back on security services to get data in the dark
then LEAs will also end up encrypted out of data they need - and we will all suffer5.
4. There is a danger to the rules-based trading system the world economy depends upon6. All trade
agreements contain national security opt outs, or exceptions. Over the last several years security
exceptions in many bilateral trade agreements have become wider in scope; countries are proposing
even broader exceptions in current negotiations. Post-Snowden, countries are limiting access to their
markets7 using exceptions due to over-aggressive secret services. The world economy depends upon a
predictable and rules-based trading system - and trade rules should not be abused as a tool for security
services (whether to help or to avoid them) or an excuse for data protectionism. Moreover, the networked
economy increasingly is the backbone of the entire economy; measures which distort or impede it will
ultimately impact everyone.
5. Last, but not least: we all want to feel safe, but we dont want to live in a George Orwell novel. We want
our societies to stand for universal human rights, and large majorities dont want to see the perversion of
those values, let alone further erosion of our own rights, in secret. We will accept reasonable access by
governments to information about us (and it is in our interest to do so), but we want to know what access
they have, who can get to what, and how, and to see transparently how many requests and of what kinds
have been made of the private sector companies that hold information about us.
So how could we move forward? I think we would need three pillars of activity, and good interprocess/pillar communications to ensure each can see how they create an overall sustainable result:
The Human Rights and Social Justice Dimension: The UNs Human Rights Council is in the midst of
discussing data protection and privacy in the context of surveillance. Including in that existing work a
discussion on principles that MLATs should embody that would respect universal human rights norms
would be logical.
The Law Enforcement and Public Safety Dimension: A similar discussion jointly run by INTERPOL and
the UN Office on Drugs and Crime (UNODC) on the law enforcement needs for MLATs in the Internet
age would be highly beneficial; these are the places where law enforcement already meets to collaborate
on transnational enforcement and cooperation.12
The Economic Dimension: the WTO could (and should) have a conversation on the trading aspect of
national security exceptions. A key - and sensitive - question this would need to address is: Should use
of security exceptions in the WTO agreements be a free pass with no objection really possible by other
WTO Members when used over-broadly - or should it work like the exceptions for privacy where the
measure taken must follow rules of proportionality and countries are subject to the rulings of the Dispute
Settlement Understanding? My sense is that real progress on this question would depend upon how the
law enforcement discussions proceed, but that doesnt mean a conversation has to wait.
These conversations would have to have multi-stakeholderism built-in. Key elements require good
technical advice and the buy-in of the private sector, law enforcement agencies, and civil society. That
buy-in wont happen if governments marginalize other constituencies.
Of course there is no guarantee of success. There never is. This is not a recipe for ending all
surveillance, or limiting unlawful surveillance; thats never going to happen. What this could do is give all
stakeholders the potential to gain something that they really need, and in doing so, to create a paradigm
for surveillance that is far better than the one we have now, in every respect.
Ultimately, we all have too much to lose from the path we are on now, and everything to gain by
changing course.
Nick Ashton-Hart is Executive Director of the Internet & Digital Ecosystem Alliance (IDEA), based
in Geneva. You may find him on Twitter @nashtonhart.
12 UNODC administers the treaty referenced in the immediately-preceding footnote; amongst its
objectives is strengthening mutual legal assistance and its Working Group on International Cooperation
meets next in October 2014.