The Question of Digital and Cyber Surveillance on Civilians. Malak Hassaballah (General Assembly Chair) I. Introduction

Transcription

1 Committee: Issue: Student Officer: General Assembly The Question of Digital and Cyber Surveillance on Civilians Malak Hassaballah (General Assembly Chair) I. Introduction Surveillance is defined as close observation 1. With the emergence of the electronic, or cyber, communications of today, surveillance became derived as a field for cyber intelligence agencies. A cyber intelligence agency, whether governmental, governmentally influenced or not, feeds off of an Information Society, which is a society where the creation, distribution, and manipulation of data is significant as for political, economic, and cultural activities. It is where the amount of stored information grows four times faster than the world economy. 2 Through these cyber intelligence agencies occurs the surveillance on civilians, whether mass or targeted surveillance, and that is an infringement on their personal privacy as it is done without their consent beforehand. Even though privacy is called for, the call is pushed aside for the benefit of the state in countries whereas the state carries out cyber surveillance. Delegates are expected to work together to try and reach practical solutions regarding the question of digital and cyber surveillance on civilians, as well as its application and conduct. II. Involved Countries and Organizations United States of America and the National Security Agency (NSA) The National Security Agency is a cyber surveillance agency that works in correlation with the United States government. Our Signals Intelligence mission collects, processes, and disseminates intelligence information (information of military or political importance) from foreign signals for intelligence and counterintelligence purposes as well as to support military operations, 3 whereas the NSA performs services for military operations through which they conduct the act of cyber surveillance on civilians, as a part of their Signals Intelligence mission, as this agency enables Network Warfare operations to defeat terrorists and their organizations at home and abroad, consistent with U.S. laws and the protection of privacy and civil liberties. 4 This conduct was proven when leaked documents from the NSA contractor, Edward Snowden, showed the governmental strategy of tracking and receiving geo-locations of terrorists through cyber surveillance. The leak proved the filtering of phone calls, s, photos, and videos from Google, Facebook, Microsoft, and other sources as a mean of mass surveillance to lookout for national security threats. This process of data mining done by the NSA (with a secretive data-mining program called PRISM) is through firstly analyzing metadata, or tags on data, without having to analyze the contents of the data, unless there is a suspicion. The process is carried forward with looking for patterns in the data accessed by the civilian in a targeted surveillance if necessary. In confirmation of the conduct of cyber surveillance and its use in the United States, Admiral Michael S. Rogers (USN), Director of the National Security Agency, and Commander, U.S. Cyber Command said, You know, I -- the United States, like many nations around the world, clearly, we have 1 "Surveillance." The Free Dictionary. Farlex, n.d. Web. 03 July (Mayer- Schönberger & Cukier 2013) 3 "About NSA." National Security Agency Central Security Service. N.p., n.d. Web. 05 July "About NSA." National Security Agency Central Security Service. N.p., n.d. Web. 05 July

2 capabilities in cyber. 5 These capabilities in cyber were proven correctly when Edward Snowden, a previous contractor for the CIA who received charges for his actions and is staying in an asylum in Russia, leaks that the US extensively keeps an eye on the Internet and phones. Not only is this in the US, but also having led more than 61,000 operations hacking operations worldwide as of 2014, these include surveillance on China and Hong Kong, hitting targets like the Chinese University, public officials, and businesses. "We hack network backbones - like huge internet routers, basically - that give us access to the communications of hundreds of thousands of computers without having to hack every single one," 6 Mr. Snowden says. The leaks led to the German government calling for the US ambassador to question the eavesdropping of the NSA on Chancellor Angela Merkel s mobile phone after the German media brought it up. These claims took over an EU summit as the relationship between the allies was at question, but as Merkel discussed this form of spying over the phone with Obama, he clarified that she is not on surveillance now and will not be in the future, but the White House never denied it in the past. These incidences led to believe that the US is also conducting cyber surveillance operations beyond the borders of the US. Figure 1 Response of locals in America regarding NSA surveillance as it can be unlawful if not in tact with the universal rule of law set by the Universal Declaration of Human Rights. Islamic Republic of Iran The Islamic Republic of Iran is another country that is involved in the topic, as the government does keep surveillance digitally and in cyber means on its civilians. Internet Service Providers (ISPs) in Iran are under governmental influence, as they have to register with the government and receive licensing from the Telecommunication Company of Iran (TCI) so that the government can keep an eye on what is accessed through the Internet provided by the ISP. The most commonly used ISP, DCI, is owned by the Revolutionary Guards, a security and military organization responsible for securing the regime. These ISPs control Internet connection speed to halt the circulation of data that is found undesirable by the government while keeping a close eye on civilians and what is shared in their Information Society. 7 5 Rogers, Michael. Remarks at the New America Foundation on Cyber Security. National Security Agency/CSS. Feb Web. 5 July "Edward Snowden: Leaks That Exposed US Spy Programme." US & Canada. BBC, 17 Jan Web. 05 July "Iran." The Enemies of Internet. N.p., 08 Mar Web. 5 July

3 The Iranian government has started taking action to create a Halal Internet after cyber attacks on its nuclear installations in September This Halal Internet would be fully monitored by the government, as well as censored. The main plan is that the general public will have to use it, because as of now the governmental offices are connected to it. Moreover, in expression of the conduct of cyber surveillance that resulted in the censoring of undesirable content in accordance to the government, Iran is designing intelligent software that would give citizens restricted and controlled access to filtered social media websites, such as Facebook and Twitter, media in Iran 8 said the chief of police, Esmaeil Ahmadi Moghadam. After the cyber attacks on Iranian nuclear installations, this Halal Internet initiative could be considered an effort to prevent any other cyber attacks or misconduct, relative to governmental standards, from the users of this Internet in Iran as they are observed and the online data is being censored. People s Republic of China The People s Republic of China is heavily involved in the topic, as the government is firm in the conduct of cyber surveillance. To start off, the Internet access in China is limited to four national networks, CTNET, Chinanet, Cernet and CHINAGBN, where access to their broadband has to be rented from the state or a state-controlled company. This was later reformed in 2008 to have China Telecom, China Unicom and China Mobile, as the three national service providers, all under state control. The surveillance on these networks is taken to a very governmental level to the extent that 5 government departments are involved in the matter of censoring and monitoring the web, set up in the diagram below. 1) The Internet Affairs Bureau and the Centre for the Study of Public Opinion of the State Council Information Office. 2) The Internet Bureau and the Information and Public Opinion Bureau of the Publicity Department/ 3) The Ministry of Industry and Information Technology (MIIT), 4) The Internet Information Security Supervision of the Ministry of Public Security, 5) The Ministry of Industry and Information Technology s Internet Illegal Information Reporting Centre. Figure 2 - The division of Chinese governmental departments involved in monitoring the web. These governmental institutions perform their roles of keeping close surveillance through the censoring done by the Great Firewall of China. Not only does this tool filter foreign websites and blocks IP addresses or 8 "Iran." The Enemies of Internet. N.p., 08 Mar Web. 5 July

4 certain domains if needed, but also utilizes Deep Packet Inspection (DPI) technology to detect keywords that would heighten the undesirability of a certain foreign-based virtual private network (VPN). 9 Even though the Great Firewall is a tool for censoring, censoring is a direct result of the government surveillance on what the civilians access digitally to prevent undesirable content from reaching them. The use of the Great Firewall of China was practiced when Instagram was blocked for Chinese users during the 2014 Hong Kong prodemocracy protests. To prevent the spread of protests locally, the government blocked Instagram. This was also to avoid the reminder of Tiananamen Square, whereas the student protests called for democracy too, but Chinese authorities massacred them on June 4, 1989, and there is now no digital documentation of it due to censoring. In the past two days, we can see a lot of people holding phones and taking pictures of different (Hong Kong protest) scenes on Instagram, Facebook and sharing it around," said King-wa-Fu, assistant professor at the University of Hong Kong and a witness. "It's a huge amount of pictures posted in a short period of time, 10 and they did not reach Chinese users. The Chinese people reacted to this with an uprising interest in Virtual Private Networks (VPNs) on their social media, which are types of software enabling them to overcome the Great Firewall by rerouting to Internet servers beyond Chinese borders. Illustrations of how to download VPNs were viral. That sudden interest remained under government control, though, because foreign VPNs are illegal, and only those approved by government for businesses are legal, in addition to the slow connection speed and high fees. At the same time, Sina Weibo, a popular micro-blogging site (an online blog for short posts and updates) in China was kept under surveillance and 152 of 10,000 posts by Chinese civilians were blocked with Hong Kong as the most common tag or term used. However, depending on the extent of the influence of a digital user the government can react differently as up to 30 journalists and 60 keen Internet users are imprisoned due to a post the government took as a threat. This activeness of cyber surveillance on civilians is how China is involved in the topic. Five Eyes During World War Two, the United States Army and Navy developed intelligence (valuable military or politics-related data) from electronic signals and systems with the British and the Dominions of Canada, Australia, and New Zealand. 11 This sharing of intelligence between the five English-speaking countries developed further into a bilateral agreement UKUSA, which was a secretive global surveillance arrangement. The arrangement is among the United States National Security Agency (NSA), the United Kingdom s Government Communications Headquarters (GCHQ), Canada s Communications Security Establishment Canada (CSEC), the Australian Signals Directorate (ASD), and New Zealand s Government Communications Security Bureau (GCSB). Basically, under this agreement, they built a surveillance network to be able to observe global communications. Interception, collection, acquisition, analysis, and decryption are conducted 12 by multiple 9 "China." The Enemies of Internet. N.p., 08 Mar Web. 5 July Park, Madison. "China's Internet Firewall Censors Hong Kong Protests." CNN Cable News Network. 30 Sept Web. 05 July < 11 "UKUSA Agreement " National Security Agency/CSS. N.d. Web. 05 July < 12 What is the Five Eyes? Privacy International. N.d. Web. 05 July

5 intelligence agencies of each Five Eyes State in separate parts of the globe. They share data among each other as to work in shared operations. The Five Eyes collaborated and established collection and analysis programs. One senior member of Britain's intelligence community said in expression of the extreme collaboration, "When you get a GCHQ pass it gives you access to the NSA too. You can walk into the NSA and find GCHQ staff holding senior management positions, and vice versa. When the NSA has a piece of intelligence, it will very often ask GCHQ for a second opinion. There have been ups and downs over the years, of course. But in general, the NSA and GCHQ are extremely close allies. They rely on each other." 13 Privacy International (PI) Privacy International is a non-governmental organization based in London, England in Despite the activity of the United Kingdom s Government Communications Headquarters (GCHQ) in cyber surveillance in respect to the Five Eyes alliance, the organization, PI, advocates for privacy. The organization strives to work with human rights advocates in twenty countries to prevent unlawful surveillance by revealing companies that enable it. Basically, the organization ensures that cyber surveillance is in tact with the rule of law that is derived from The Universal Declaration of Human Rights, 'No one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence.' PI performs much of their task through campaigns to raise awareness and multiple researches. Privacy International is currently running 4 projects simultaneously, Big Brother Incorporated, Eyes Wide Open, Global ARM, and Global Privacy Agenda, all different in structure, but targeting the same major goal of advocating for privacy. III. Focused Overview of the Issue With the development of the digital and cyber worlds as areas of information and data exchange, cyber surveillance has been taken up as a tool to keep an eye on civilian interactive activity to work with the data derived of this conduct in favor of the conducting body. As digital and cyber communications further evolve, the question of digital and cyber surveillance has risen as a dispute in our time. 1) Purpose of Cyber Surveillance Conduct Digital and cyber fields have increasingly become mediums for data control and analysis. Due to the significance of this data, whether it is advantageous or disadvantageous in a given scenario, there are corporative and governmental surveillance strategies; mass and targeted surveillance, where both strategies are effective in areas such as criminal investigations, protection of national security, and combating cybercrime. Firstly, mass surveillance is when surveillance is carried out as software searches through network communications to trace specific data as a form of indiscriminate monitoring. It is firstly used for consumer marketing research whereas intelligence companies and ISPs sell data to private sectors that desire further data on their consumers. Moreover, regarding governmental utilization, mass surveillance puts everyone is a position where they are viewed a suspect. It is to fight national security threats, terrorism and cyber crime < 13 What is the Five Eyes? Privacy International. N.d. Web. 05 July < 5

6 through geo-location, as a method to locate the source of the misconduct and take action upon that, by tracking and analyzing metadata. Secondly, targeted surveillance is the type of surveillance concerned with monitoring a specific target or a certain piece of data associate with said target. Targeted surveillance digs deeper into the subject s cyber networks at it gives access to all information stored on a computer in addition to online accounts. The violation of privacy inflicted by targeted surveillance is much bigger than in mass surveillance. Figure 3 Although lacking much content, this chart derived from public surveys in the US shows how surveillance has increased in performance extremity and significance as a topic today due to the influence of digital and cyber communications on civilians. 2) Right To Privacy Technologies have made access to data easier, which can eventually normalize digital and cyber surveillance on civilians, through which there are infringements on their privacy. However, universal sets of laws aim to protect this right that was granted to humans in the Universal Declaration of Human Rights (UDHR) adopted by the United Nation s General Assembly in Article 12 states that no one should be subjected to arbitrary interference with his or her privacy, family, home or correspondence, being protected of do by law. Article 19 states that everyone has the right to freedom of though and the right to receive and impart information through any media and regardless of frontier. Legal worldwide standards regarding the restriction of the right to privacy in articles such as Article 12 are usually vague, thus comes the lawfulness of cyber surveillance to question. Basically, Article 12 states that no one should be a victim of random surveillance that is not systemic (to protect their privacy) as cyber surveillance in such a case would be unlawful, however these standards do not outline when this interference on his or her privacy is not arbitrary. European Convention on Human Rights was adopted later to give more depth to the right to privacy mentioned in the UDHR and when this right can be looked past, stating: There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. This convention was a better outline of cases when a user is exempted of their privacy under cyber surveillance, although not fully sufficient. However, still, a judicial or executive body, according to legal 6

7 standards, should authorize infringements on privacy conducted, beforehand. If the conduct of cyber surveillance is for any purposes outside of what is enlisted in the outline, it is unlawful and considered a violation of the UDHR and a breach of it. 3) Conflicts Due To Digital and Cyber Surveillance Cyber surveillance has caused a conflict between the government and the governed. The base of this conflict is a mislead government due to cyber surveillance that, at times, is not very reliable and can cause false accusations on innocent people in a targeted surveillance if used solely. In the United States, six false accusations were made in 2013 on innocent people due to a mistake in the reveal of secretive data on the Internet. Sir Paul Kennedy, the US retiring commissioner for official investigating, claimed that 979 errors were made in interception of communications operations, which highly involve cyber surveillance. These false accusations had their toll on civilians as their willingness to search for personal information has decreased in caution of being convicted of cybercrime. 14 Through digital surveillance, there can be access to monitoring of global communications (like the Five Eyes did) and this can move many political and military tactics based on the intelligence developed from such surveillance, however whether this can be misleading for a government is in question as, again, there can be errors in the interception of communications on a digitally global level, which can cause conflicts for said government. IV. Key Vocabulary Cyber: Relating to electronically connected networks for communications. Cyber surveillance is a method through which intelligence agencies can observe data shared among civilians. Data mining: It is going through very large amounts of data in search for useful information. Data mining cannot occur without cyber surveillance so that the intelligence agency can observe through the data derived from digital or cyber connections in order to sift for a certain piece of information among what the civilians share within these connections that come as a medium for what is being mined for. Metadata: Metadata is a set of data that describes other data. It is basically a tag on data that is used during data mining instead of analyzing the contents of the piece during mass surveillance. Censor: To examine data officially and suppress unacceptable parts of it. Censoring can be a result of cyber surveillance as the government can censor what is undesirable in the context of a threat to the national security for example. Internet Service Providers (ISPs): an organization that provides services enabling a user to access and use the Internet. In some cases, the ISPs are governmentally influenced and used for surveillance, such as what occurs in Iran. V. Important Events & Chronology Date (DD/MM/YYYY) Event 02/09/1945 World War Two ends leaving the Five Eyes states in tact for development in 14 Travis, Alan. Six people falsely accused of crimes after errors in internet data disclosure. The Guardian. 18 July July < 7

8 their post-war relationship The Five Eyes alliance starts with the UKUSA agreement. 10/12/1948 The Universal Declaration of Human Rights is adopted by the General Assembly The European Convention on Human Rights was adopted. 04/11/1952 The National Security Agency (NSA) is established. 11/09/2001 The bombing of the Twin Towers, New York. 26/10/2001 The Patriot Act was signed into US law, signifying strengthening domestic security and cyber agencies, like NSA, in order to identify and counter terrorism Privacy International (PI) organization is established in London, England. 20/11/2013 The General Assembly (third committee) ratifies the resolution The Right To Privacy in the Digital Age. 26/09/2014 The Hong Kong pro-democracy Protests start. VI. Past Resolutions and Treaties Resolution A/C.3/68/L.45/Rev.1: The Right To Privacy in the Digital Age 20 November 2013 This resolution, ratified by the members of the 3 rd Committee of the General Assembly as it passed with a majority, emphasizes on the right to safety as granted in the UDHR and the importance of not violating that right. However, this resolution is not sufficient, as it does not ensure the implementation of such solutions input. This is because clause 4, sub clause 2 calls upon states: To take measures to put an end to violations of those rights and to create the conditions to prevent such violations, including by ensuring that relevant national legislation complies with their obligations under international human rights law. Basically, the sub-clause protects privacy of civilians by ensuring that government action, which includes cyber surveillance, does not clash with the obligations of human rights laws. These laws only allow exemption of having to preserve a user s privacy as long as it is not a case of arbitrary interference, such as the UDHR. These international human rights laws are very vague as to the outline of when a user is exempted of their privacy under cyber surveillance. Without this outline, cyber surveillance can continue without borderlines that will set when it becomes unlawful and when it would not, and so unlawful cyber surveillance will continue to be a violation of civilian s privacy, rather than protect it as this resolution calls for. Resolution A/HRC/RES/26/13: The Promotion, Protection and Enjoyment of Human Rights on the Internet 14 July 2014 This resolution, ratified by the members of the Human Rights Council (HRC), promotes the use of Internet for different means, while tries to protect users at the same time. However, similar to the resolution mentioned prior to this, this resolution is still not sufficient. Clause 5: Calls upon all States to address security concerns on the Internet in accordance with their international human rights obligations to ensure protection of freedom of expression, freedom of association, privacy and other human rights online, 8

9 The clause basically encourages states to address security concerns, which is done through cyber surveillance, while referring to international human rights obligations. Again, these obligations do not have clear outlines, as of the UDHR for instance, to clarify when a user is exempt of their privacy under what counts as still lawful surveillance that is used to maintain national security. This scenario, alike in resolution A/C.3/68/L.45/Rev.1, does not necessarily prevent unlawful cyber surveillance that will eliminate the privacy that is called for in clause 5, privacy and other human rights online. VII. Failed Solution Attempts Independent organizations based in member states of the United Nations, that share similar goals with the PI, which include restoring privacy and preventing unlawful cyber surveillance, are not being very effectively responded to by states and their governments, while the governments continue to issue surveillance for specific benefits aimed at state sovereignty. At the same time, these independent organizations cannot interfere in the country s international policies, as organizations do not have the power or jurisdiction to do so. They can only pressure and call for change. As is, the issue at hand is a violation of the human rights people are entitled to through the UDHR in terms of human privacy, regarding governmental or governmentally influenced agencies practicing surveillance on citizens, despite claims that it is a tool to fight terrorism and crime. This is because the conflict does not only extend to having cyber surveillance or not, but also to what extent surveillance should be permitted and monitored under which body. VIII. Possible Solutions Delegates are expected to look at the issue as a whole including its different aspects when writing a resolution. The delegates should consider why cyber surveillance is done, but more importantly how it is done, as the people are entitled to the rights to privacy under international law. Setting an outline as to when a civilian is exempted of their privacy in order for cyber surveillance to be conducted in a targeted surveillance strategy is vital in order draw a line to when the surveillance becomes lawful under international law standards or becomes unlawful under said standards. At that, the delegate can then form an opinion, based on country policies and governmental activity, of whether the country is for or against lawful cyber surveillance as an activity of conduct on civilians as the delegation is a member of the General Assembly, which adopts these international law standards, regarding privacy, and supposedly abides by it. Delegates can also establish a universal set of guidelines to be adopted other than those that already were, in accordance to what they see appropriate and sensible, under their country policies, for other member states to abide by as well. Delegates can also consider the conduct of cyber surveillance on civilians as a marketing research tool, whereas the intelligence agency or ISP sells data regarding civilians to enterprises that would utilize this data for more personal information as to be familiar with its demographics. This type of mass surveillance is unlawful as it is arbitrary and not systemic. Delegates could try to eliminate unlawful cyber surveillance acts in order to reach a consensus regarding where their delegations stand on the question of cyber surveillance on civilians. Finally, delegates are expected to write comprehensive resolutions, including the most significant aspects of the issue to their country and globally. IX. Useful Links 9

10 Verri, Gabriela Jahn, Luiza Bender, and Eduardo Dondonis. "GOVERNMENT AND CORPORATIVE INTERNET SURVEILLANCE." (n.d.): 1-33.UFRGSMUN UFRGS Model United Nations. Web. 04 July "Third Committee Draft Proposals per Agenda Item." General Assembly of the United Nations Social, Humanitarian & Cultural - Third Committee. United Nations, n.d. Web. 03 July "The Privacy International Network." Network. Privacy International Organization, n.d. Web. 3 July X. Works Cited Astruc, Maeli. UN Human Rights Council Takes Actions On Internet Rights, Corporations. Intellectual Property Watch. 14 July July < "China." The Enemies of Internet. N.p., 07 Mar Web. 05 July < Cowls, Josh. "DIGITAL CITIZENSHIP AND SURVEILLANCE SOCIETY." N.p. 1 July Web. 2 July "Iran." The Enemies of Internet. N.p., 08 Mar Web. 05 July < Park, Madison. "China's Internet Firewall Censors Hong Kong Protests." CNN Cable News Network. 30 Sept Web. 05 July < "PRESERVING PRIVACY IN THE INFORMATION SOCIETY." UNESCO. N.d. Web. 05 July < Seifi, Farnaz. "'Intelligent Software' Set to Control Social Media." N.p. 9 Jan Web. 1 July

11 "The Five Eyes." The Five Eyes. N.p., n.d. Web. 05 July < "The Iran Primer." The Revolutionary Guards. N.p., n.d. Web. 05 July < Travis, Alan. Six people falsely accused of crimes after errors in internet data disclosure. The Guardian. 18 July July < "UN Adopts Resolution on Right to Privacy in the Digital Age." United Nations General Assembly. 23 Dec Web. 28 June < Verri, Gabriela Jahn, Luiza Bender, and Eduardo Dondonis. "GOVERNMENT AND CORPORATIVE INTERNET SURVEILLANCE. N.p., n.d. Web. 25 June What is the Five Eyes? Privacy International. N.d. Web. 05 July < 11