No Place to Hide

Amir Paz-Fuchs
Amir Paz-Fuchs

The following is a summary of a talk given for a book panel on Glenn Greenwald’s book, No Place to Hide (2014) at Wolfson College, Oxford in May 2015. The book provides an interesting inside look into the Snowden affair, written by the journalist with whom Edward Snowden had the most intensive contact. As a non-expert in the field of privacy and/or telecommunications, I chose to focus on three themes that are close to my heart, and on which the book touches on: trust; the involvement of private companies in the surveillance project; and the perception of Edward Snowden (and others) as whistleblowers or traitors.

 

  1. Trust

At the end of the day, one’s approach to the Snowden (and Bradley/Chelsea Manning, and similar) revelations depends on whether one trusts the government.

At stark indication of this is given in the book. Snowden’s, and Greenwald’s, basic premise is stated by reference to the words of Thomas Jefferson (1798): “In questions of power, let no more be heard of confidence in man, but bind him down from mischief by the chains of the Constitution”

And yet, our ‘confidence’ in ‘man’, and in ‘government’, is, like so many other things, partisan. Greenwald refers to polls conducted in 2006, when an earlier NSA controversy erupted, and polls conducted in 2013, in the wake of the Snowden affair. In 2005, ‘liberals and Democrats overwhelmingly viewed the agency’s program as menacing. … because they considered Bush malicious and dangerous, they perceived that state surveillance under his control was therefore threatening and that they in particular were endangered as political opponents. Accordingly, Republicans had a more benign view of the NSA’s actions. In December 2013, by contrast, Democrats and progressives had converted to the leading NSA defenders”  (p 197). In 2006 a Pew poll found 75% of Republicans approved of NSA surveillance but only 37% of Democrats did. In 2013, 64% of Democrats approved, while 47% of Republicans found them unacceptable.

  1. Public Private Partnerships: several interesting links

The basic facts: Snowden was not employed by the NSA when he made his revelations. He was first employed by Dell Corporation, and then with Booz (seriously) Allen Hamilton. He notes that he “saw first-hand that the state, especially the NSA, was working hand in hand with the private tech industry to get full access to people’s communications”. So hopefully this is sinking in: Snowden had access to this fantastic trove of information whilst he was employed by a private company. And so, even if you do trust the government, do you trust Booz Allen Hamilton?

Let’s take a step back from Snowden, and see the big picture: The NSA has 30,000 employees, but has contracts for some 60,000 employees of private corporations. 70% of the National Intelligence budget, a total of $42 billion, is spent on the private sector. On one occasion, this was presented cheerily in this lovely manner: ‘we can’t spy, if we can’t buy!”.

The ‘Partnerships’ with over 80 major global corporations are managed by the NSA’s Special Sources Operations Unit, which Snowden described as the ‘crown jewel of the organisation’. These include Facebook, Yahoo, Google, and Microsoft (p 101-2).

But what kind of “partnership” are we talking about? We can identify several:

First, there is contracting out. Governments paying corporations to take on efforts that, in the past, governments did on their own. This could range from running prisons, collecting taxes, spying on people or, in the case of Blackwater/Xe, killing them. Indeed, over the past two decades, governments have been giving private companies tasks that in past were classified as ‘inherently governmental’, and thus must be taken on by government employees. According to the Government Accountability Office, despite some uncertainty about the term, it is “clear that government workers need to perform certain warfighting, judicial, enforcement, regulatory and policy-making functions … Certain other capabilities, such as those directly related to national security, should also be kept in-house”.

But in the case of national intelligence, there is a second, more particular link. Here we have a collaboration that relies on telecommunication companies doing their thing, while, in the process, allowing governments to access the data that they hold. Some of them, like Yahoo!, put up a fight for a while. Others, like Microsoft, were happy to oblige, and even took it a step forward, by changing its computer systems to make government access easier. Just so we’re clear what we’re talking about: Outlook.com, SkyDrive (with its 250 million users) and Skype have backdoors to allow the NSA access, without even having to submit requests to the company, let alone to a judge.

The third link actually goes the other way, and offers one answer to the question: why did the companies agree? It falls under the ‘you scratch my back’ philosophy. At the basic level, the government offers protection from legal liability. At the height of the earlier NSA wiretapping scandal, President Bush asked Congress to grant telecommunications companies immunity from civil liability. He said

In order to be able to discover the enemy’s plans, we need the cooperation of telecommunication companies. If these companies are subject to lawsuits that could cost them billions of dollars, they won’t help us; they won’t protect America.

But, of course, it goes further: One of the documents from the Snowden files includes a powerpoint slide entitled “Serving Our Customers”. Those customers include the Departments of Agriculture, Treasury, Justice and Commerce. Add this to the fact that the vast majority of spying is motivated not by the effort to subvert terrorism, and not even by political ploys, but rather by economic concerns, and you get a mutually beneficial, quid-pro-quo relationship. One such example is the intensive spying on a Brazilian mining giant, to serve the interests of the Canadian government, by virtue of the fact that the Brazilian company is a major competitor of a Canadian company.

A fourth link relates to the personal level. Companies like Booz Hamilton and AT&T employ hordes of former top government officials, and hordes of top official are past (and future) employees of corporations. Growing the surveillance state ensures that government funds keep flowing, and that the revolving doors remain greased (p 168). There is a fantastic loss of public money in such cases. Officials get the training in the public sector, then leave for a private company, only to come back as an external consultant for a pay package that is significantly more generous.

And I saved the best for last: campaign contributions. After the American House of Representatives narrowly defeated a bill to restrict the NSA’s spying program, a study revealed that those who voted against the bill received twice as much campaign contributions from defense contractors as those who voted in favour. But I’m sure this is just a coincidence.

  1. Snowden (or Manning): Whistleblower, Patriot, Spy or Traitor

There’s an interesting development in the book, about one-third of the way through (p 88-89). Up to that point, in the week during which the extent of the illegal activities of the NSA came to light, journalists, pundits, and politicians attacked the government with a vengeance. Once Snowden revealed himself, however, he suddenly was the target, a ‘shadowy’ figure who ‘betrayed his obligations, committed crimes and fled to China”.

So there is an interesting psychological move here: in the abstract, it is clear that was the government was doing was wrong. The same thing goes for the Manning revelations. But once the leaks are attached to a face and a name, something within us ticks, and we start thinking that, notwithstanding the wrongs perpetrated by the government, that individual did something wrong, and even more so. He breached his contracted, did not abide by his loyalty oaths, and broke the law. We can’t have everyone doing that. That’s anarchy.

  Arguably, our unease about whistleblowers and leaks is related to the fact that there are different kinds: from the intentional, ideological leak to harm your country; through a leak motivated by financial (or other) gain; and on to selfless, morally compelled motivations to expose government wrongdoing.

So here’s the first legal question: when looking at the protection that a whisteblower should (or shouldn’t receive), should motive matter? Motive doesn’t appear in whistleblowing legislation in the UK or the US, but courts in the US sometimes refer to it nonetheless.

Another interesting criterion is the object of the leak – who is it leaked to? Perhaps this is motive by proxy, striking a difference between a leak to the national papers, and thus informing the general public; and leaking directly to a foreign government, perhaps even in secrecy.

A third legal point is the differentiation in the level of protection given to different employees. In particular: should government employees be given heightened, or lower, protection? In the US their protection is more robust, but this protection does not apply to national security issues, and (just to be clear) does not apply to contractors.

Fourth,  here (also) there is the matter of prosecutorial discretion. And perhaps in this case it is even more troubling that in most other cases. For the truly problematic leaks are actually at the highest level. Here’s a nice (and when I say nice, I don’t mean it): In 2008, Haaretz published a report according to which senior Israeli officers planned and executed targeted killings in violation of the rules set by the Israeli Supreme Court for this tactic. The 20 year old soldier who sent Haaretz the documents, Anat Kam, was found, arrested, and indicted for espionage. She agreed to a plea bargain and was sentenced to 4.5 years in prison. Contrast this with the following:

In 1995, at the height of peace talks between Israel and Syria, Benjamin Netanyahu exposed the existence of a top secret document written by the head of the negotiations team, to thwart the talks. A few years later, he revealed that he was in on the assassination of Haled Mashal in Jordan, an attempt that Israel never took responsibility for; as well as for other top secret activities in Syria. As Amir Oren, Haaretz’s senior security correspondent, wrote: “Had a junior soldier or journalist let this kind of information out, he would have been tried for breach of security”.

And Israel is by no means an exception. As one journalist quipped: “The ship of state is the only ship that leaks from the top”.

Who Wants to be Forgotten?

Andres Guadamuz
Andres Guadamuz

Back when the Court of Justice of the European Union decided the case of Google Spain, one of my first comments was that we needed some time to have a look at the way the decision is going to be applied and implemented. It’s been just under 6 months since the ruling, and we are starting to get a fuller picture of who wants to make use of the right to be forgotten, and what may be the implications for the future.

The first development worthy of mention is that a national court has used Google Spain to answer a request to remove links to potentially damaging information. A court in the Netherlands has denied a request by the owner of an escort agency who was convicted for attempted incitement of arranging a contract killing, a matter which is currently under appeal (excellent report of the ruling here). The subject wanted links to the reports of the crime removed from search results, but the Dutch court refused the request with a very interesting analysis of the interaction between privacy and freedom of expression . The court commented:

“The [Google Spain] judgment does not intend to protect individuals against all negative communications on the Internet, but only against ‘being pursued’ for a long time by ‘irrelevant’, ‘excessive’ or ‘unnecessarily defamatory’ expressions.”

I thoroughly agree with this interpretation of Google Spain. The intention was always to remove links which may cause an excessive invasion of privacy. The court concluded:

“The claimant now has to bear the consequences of his own actions. One of the consequences of committing a crime is that a person can be in the news in a very negative way and this will also leave its tracks on the Internet, maybe even for a very long time.”

It is difficult to tell, but I would not be surprised if national courts take this approach in future cases, and the fear expressed time and time again by many commentators that Google Spain will be misused by criminals and other undeserving recipients may very well be unfounded.

The second big development has been that Google has released its transparency report for European privacy requests for search removals, which makes for some very interesting reading. Google received 146,938 requests and google-right-to-be-forgottenevaluated 498,830 URLs for removal, of which 58% were not removed.

Unsurprisingly, it received more requests from the largest countries in the EU (France, Germany, UK and Spain), with the UK accounting for 18,597 alone. What is interesting is the type of requests being received. These are some of the examples cited by Google:

  • “A victim of rape asked us to remove a link to a newspaper article about the crime. The page has been removed from search results for the individual’s name.”
  • “We received multiple requests from a single individual who asked us to remove 20 links to recent articles about his arrest for financial crimes committed in a professional capacity. We did not remove the pages from search results.”
  • “We received a request from a crime victim to remove 3 links that discuss the crime, which occurred decades ago. The pages have been removed from search results for her name.”
  • “An individual asked us to remove links to articles on the internet that reference his dismissal for sexual crimes committed on the job. We did not remove the pages from search results.”

google-rtbfJust from this quick snapshot we could argue that the Right to be Forgotten (RtbF) is being used by two types of people. First there are the criminals who would like to have links to references of their offfences removed from search engine result; these requests seem to be usually denied. Then there are requests to more serious privacy threats, such as the aforementioned rape victim; those requests are usually granted, and we could argue that in this regard the right to be forgotten is working as intended.

Google also released a list of most links removed by recipient website. I found it surprising that the main site which has links removed is Facebook, with over 3,000 links. This is logical when you think about it, these are links to embarrassing pictures and comments made on Facebook which are probably available in the open  web. The second website is Profile Engine, a site that I was not familiar with, which gathers information held about you online (apparently I still work at Edinburgh, and have an IQ of 120 according to that site).

It is still too early to conclude categorically one way or the other, but based on both developments highlighted above, it would seem that the fears from US freedom of speech advocates about the potential damage caused by the RtbF were unfounded. In my view the right is working exactly as it is supposed to, and it will give a tool to gain a bit more privacy wherever a serious breach may occur.

However, Google will probably continue to fight against the right to be forgotten. There is always a possibility that users will realise that they are not getting the full Internet, and will move to another search engine.

Dr Andres Guadamuz is Senior Lecturer in Intellectual Property Law at the University of Sussex