The flurry of commentary on Edward Snowden's revelations goes some way to affirming why privacy is a critical aspect of a healthy society. Beyond that debate, we must face the reality that an individual's expectation of privacy has been badly eroded. The task of restoring it cannot be left with the institutions that vigorously dismantled it.
We must support and build these cultures of privacy and transparency, contributing at every level available to us. This lies with us as one of the prominent civil duties of our age.
We have seen the failure of putative regimes of oversight. Swathes of the political establishment resist attempts to address this grave matter, as they typically do with accusations of fallibility or misdirection. It is an expansive problem which tests the legitimacy and structure of government. Governments which lack transparency and oversight and incorporate undemocratic partitions are democratically 'deformed'.
I nevertheless take the liberty of accepting that this failure highlights a limiting factor on good government. We must ask what can fill the breach for the sake of privacy and its corollaries. It instructs and reminds us that individuals, civil society and other groups must assert authority to constrain hubristic power.
Privacy, transparency or both?
Snowden stunned populations who found themselves disrobed by the data dissections he unveiled. Spies have turned state resources against their own people defying constitutional and parliamentary oversight in doing so. There is distress at the unprecedented Panopticon suddenly coming into view.
It is thanks to a whistleblower, a vulnerable crusader for transparency, that we now know. It took a historic breach in the secrecy of government to reveal this extraordinary breach in the privacy of the people. Our personal demands for privacy entail struggles for transparency. Notably, Snowden's urgent act for transparency required keen attention to his own privacy (strong email encryption et al). The former required the latter.
There are those insisting on absolute individual privacy and full government openness, out of a sense of human need, distrust of authority and otherwise. Opposing are those who say that individuals should only seek privacy when hiding something nasty and thus don't deserve it. Government, they say, mainly protects the good and needs its hand hidden to stay ahead of villains. More moderate permutations of these positions are the norm.
That discussion is as alive now as ever. Some, proclaiming the long-term inevitability of all-pervasive surveillance hope that we will benefit from the deluge of data exposing government corruption. From the police to the Pentagon's nether-regions, the watchers should expect to be watched ever more. Who knows where the next Snowden will strike or if surveillance will eventually leave shadows nowhere.
For now, as governments turn on themselves with allegations of misconduct, it's clear that, whatever your stance on the methods, we are sorely due more government transparency and more personal privacy. Thankfully, there is a profusion of trends and technologies that enable both, intertwining as they do.
Whistleblowing has reinforced its preeminence in the repertoire against abuse of power. Yet legislation to protect whistleblowers is insufficient and critically weakened by caveats on national security leaks. Campaigns to improve such legislation may have some use and protections must be strengthened for those, such as Snowden, who go public. The ecosystem of technical platforms for safe, anonymous leaks is bolstered on one side as press bodies develop solutions for their needs, yet elsewhere poisoned as persecution of Wikileaks and associates proceeds.
We must highlight the contradiction when authorities prosecute a whistleblower, yet take his revelations as the basis for profound and searching reform. Extending this logic, we may add that even those claiming Snowden was wrong to talk, deserve and will benefit from the knowledge that their privacy is no longer theirs.
Many journalists have given robust outlets to whistleblowers. That work and wider notions of open information is evolving with increased user participation, emphasis on shared datasets, visualisations and more. We're seeing the gap between journalists, whistleblowers, activists and others close. The shifting, mingling boundaries of these domains produce a lively range of new forms.
Initiatives that champion the value of open data for all institutions are winning the argument and showing that prosperity follows from honesty and facts. These effects and techniques are being felt in various domains.
Tinkerers will whip up confections of other kinds in other fields, for example ingenious registers to alert us to otherwise secret government subpoenas affecting organisations we deal with. They will show us inspired, non-technical workarounds for our technical problems. There is scope for any of us to take on these tasks. In time for The Day We Fight Back, I have set up the basic cryptopals.org community to match email encryptors, new and veteran, with pen pals to practice the discipline.
Projects for the people
Free Software, the open data movement, web anonymity schemes like TOR, Wikipedia, Wikileaks and the provision of APIs (application program interface) for data access are all tools, templates and groups offering very different ways for people to regain power in the digital era. Projects like these meet our digital needs in various ways. As individuals, we must take responsibility for our own privacy as email users, gratuitous social sharing and increasingly active online personas.
Collectives to support and educate each other should be lauded and grown. Hackerspaces (open clubs of digital makers), Cryptoparties (digital self-defence skillshares) and Facebook alternative Diaspora are all grass roots formations - whatever helps us along the road to digital self-defence competency.
Flyer for a crypotparty from Pireten Partei.
Culturally, we must make the concerns of privacy well understood and cherished. We are told of an upcoming generation raised to contentedly broadcast every moment through the internet's channels. But can anyone really be happy with that indelible, detailed diary, particularly when mined for patterns by marketers and who-knows-what by spooks? The discomfort will grow with the imminent advent of predictive policing and whatever next. The distaste should stir folks as do perverts by the playground and eyes in the sky.
The frontline: Project PM
Project PM and its latter incarnation Echelon2 make for a stirring case study featuring various planks of this active-citizen-data landscape. A journalist of activist bent, Barrett Brown, focusing on caches of documents hacked by Anonymous from intelligence firms Stratfor and HBGary, set up a wiki platform for citizens worldwide to collectively explain the shadowy and influential cyber-security complex. His efforts explicitly draw on the spirit of President Eisenhower who urged that "we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military–industrial complex".
The millions of internal emails have allowed for the exposure of hitherto unknown surveillance systems, plots against activists and alarming channels between government and backwater business. The increasing dependence on private firms to carry out surveillance contracts has created an opaque, costly, mission-creeping monster.
Described as a "distributed Think-Tank", ProjectPM has hinged on this novel intersection of hacking, journalism, crowd-sourcing (by wiki) and secure communications. Aside from journalistic nous and courage, Brown's innovation lay in mobilising these modern forms of data access and collaborative insight.
Its success in unearthing secrets might be measured by the force with which authorities have sought to bury Brown. Having languished in federal jail for over a year, he now faces 105 years of incarceration for a range of offences cascading from the Stratfor situation. Brown's gung-ho style has made it easy to pile a string of unrelated charges on him, but it's hard not to conclude that his primary transgression was to effectively investigate the cyber-security complex. Officially, the prosecution alleges fraud due to the fact that credit card details were present in the hacked cache to which Brown provided links for research purposes. It is also indicative of intent that Brown and his legal team have been barred from speaking to the press on the case.
The episode, aside from showing the brute reaction to those challenging this worrying powerhouse in the public interest, will have chilling effects on journalism. Technically, Brown may be seen as having been prosecuted for 'sharing a link' to the files, a practice which is common fare for journalists and others.
The proprietary status of the data dumps it centred on is similarly significant. The Stratfor files, much like Snowden's trove, are stolen documents in the lens of the law. However, the motivation for their theft was to uncover the more dubious, more serious transgressions of the intelligence contracting industry and its government clients. These transgressions include senior spies lying to Congress under oath, data collection of a kind ostensibly rejected by the governments involved and a culture of breaking, bending and technically outstripping the law.
That is the point of whistleblowing and the hacktivism facilitating Project PM. Without such extraordinary scrutiny, the criminality and mendacity of the security services would almost certainly have continued and worsened. It is argued that the mass interception of web communications, that is state-sponsored hacking, is useful to the prevention of terrorism. In this case, citizen hacking has been critical in uncovering, if not preventing, the anti-democratic abuse of surveillance and other powers.
Jeremy Hammond, the hacker jailed for his role in obtaining the documents, has submitted a plea in the language of civil disobedience. As the public interest comes to rely on these unusual avenues to expose elements of government, we must look to revise our notions of legitimate activism. Where honesty and oversight are nought, and whistleblowers absent, hackers and their associates may be the only hope for the possibility of progress.
The work's not all dangerous
Whilst ProjectPM exhibits the risks of facing up to power, the broader spectrum of valuable work includes actions anyone can partake in without embroilment in the frontline. The open data movement, secure web communications and taking responsibility for our own and other peoples' data will all move us towards a preferable state of affairs. Courageous activism is critical given the circumstances but other work will also be necessary to fulfil the large-scale objective of rescuing privacy.
Those already pushing to improve the public stock of skills and knowledge in this area deserve our participation. We should hope for concern and action from everyone with an interest in privacy and the idea of democracy.
That goes to all individuals. We use, buy, work, express, learn and live with technology. We have a responsibility to do it well, just as we are responsible for knowing to drive a car without losing control. However, unlike moving metal hunks at high speed, the repercussions of carelessly using technology are not gory; playing loose with data and creating a culture where that's the norm brings us more subtle, less palpable threats.
Whether society en masse will rise to the challenge is another question, in some respects comparable to the challenge of climate change and its demands on a similar nexus of actors. The intangibility of the data surveillance problem, our ready submission to the convenience of services which compound it, plus the hectic pace of technical developments which complicate it all make individual action harder. Every day, through choice and compulsion, our lives integrate and depend more on this growing, digital edifice which assists, enriches and closely tracks our lives.
Pessimists like Schneier warn of the historically visible burden on the technically impoverished as power attempts to resolve threats from technological advances. While we may keep striving to build energetic cultures against the abuse of power, the onslaught of technology will continue to challenge them. The era of 'things' and drones, for example, brought to the size of insects, creeping around backyards and bedrooms is imminent. The scale of the privacy problem is set to magnify. The urgency of our response to such incursions will need to grow commensurately.
Efforts to curb surveillance must continue no matter the chances of success. The damning issues so far revealed are alarming, and there will be further breaches of trust that remain hidden, the unknown unknowns. From the possibility of spies tampering with web data as well as viewing it, to the unimaginable toys of the cyber-sec industry commanding untold sums yet operating in eerie secrecy.
Eisenhower, speaking with the rare candour of a statesman on the precipice of duty, hoped his words would ring out from the heart of government into the honourable plains beyond. "Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defence with our peaceful methods and goals so that security and liberty may prosper together."
At this dark historical juncture, we see slivers of a ghastly underbelly reshaping the terms of our social existence, redefining aspects of what we know as humanity. As we do, hope urges us to take stock of the great body of ingenuity, collaboration and sacrifice coming together to salvage those progressive principles.
Recap of projects covered
www.tellsafely.org – UK campaign for defence of whistleblowers
http://okfn.org/ – Open Knowledge Foundation
http://www.cryptopals.org/ – Find a pen pal to encrypt email with
https://thedaywefightback.org/ – Global day against mass surveillance
https://en.necessaryandproportionate.org/text – Principles for Human Rights and surveillance
https://www.torproject.org/ – Anonymous web browsing
http://hackerspaces.org/wiki/Hackerspaces – Hackerspaces, digital maker collectives
http://www.cryptoparty.in/ – Digital self-defence skillshares
https://en.wikipedia.org/wiki/Diaspora_(social_network) – Facebook alternative
http://wiki.echelon2.org/wiki/Main_Page – Investigating the cyber security complex