Privacy is a three-way relationship … or is it four+? 30 May 2014Posted by Tony Law in Impact of IT, ITasITis, Social issues, Social media, Tech Watch, Technorati.
Tags: Snowden NSA moglen privacy security
I’ve been reading, and I recommend, Eben Moglen’s two-part essay in The Guardian about Edward Snowden. Not the first comment but probably one of the most extensive and authoritative. Moglen is professor of law and legal history at Columbia University, and is the founder and leader of the Software Freedom Law Center (SFLC). He’s entitled to say “I told you so” since his Guardian bio lists an earlier article for the paper some three years ago. The SFLC itself is approaching its tenth birthday; it was founded by Moglen and others in February 2005.
This extended essay covers three full pages in each of two days’ papers so it’s not short reading. The consensus among those who broadly support Snowden’s action is that he has revealed a security industry operating beyond democratic control and subverting the very nature of democratic government. It exposes a supposed elite group who believe that the population at large is, or shelters, “the enemy” (terrorists is the current hate-word) and therefore, in a world where universal surveillance and analysis is possible, such surveillance is to be fully deployed. It’s a bit like The Section in Stieg Larsson’s Millennium trilogy, but at a much higher level and operating with the full power of the subverted state.
And it’s not just the American NSA, though that’s Snowden’s origin. It’s not even just the major western allies of the US. China takes the same attitude: and though politically on the opposite side to the US, on this issue it lines up behind the same attitudes.
Moglen makes a powerful point which ought to be obvious but isn’t. Privacy is not a two-way relationship (between me and Facebook, or me and Gmail, or me and Twitter, or whoever).
If I send or receive email via Google (as an example only, but they are probably the biggest) then the person to whom I send, or from whom I receive mail also falls within Google’s all-encompassing range. They have not signed an agreement with Google, but Google knows about them. Facebook knows who I post to, whose postings I read, which non-friends I look up from time to time. Twitter knows … and so on. What does WordPress know about this blog and you, my readers?
Which is ok so far as these and other providers are trustable. But Snowden avers that, with or without their consent, they are not.
There is much more analysis in the article, but let’s stick just to this one point. The privacy relationship inherent in email is at least three way: myself, my service provider and my correspondent. But there is no relationship of explicit trust or consent between my correspondent and my provider.
Moglen asserts that we have been diverted into believing that privacy is a two way relationship. It’s not.
And of course where governments step in, either by court order or by extra-legal surveillance, this relationship becomes at least four way with the fourth partner, in all probability, unrecognised and unknown.
As a lawyer, Moglen analyses two broad threads to bring the situation under control.
First: user action. This does include community development of encryption software, for example, to which governments have not either sub-poena’d or stolen the keys, or built-in back doors. But it also include major commercial interests: the security (privacy) of their online commercial transactions is a fig-leaf. They must have people who realise this; it’s been pointed out often enough in the press. But it will probably take a disaster to galvanise enough pressure to force action.
Second: legal action. The US, in particular, is prone to expensive litigation and extensive damages settlements. Let’s open up one or two of these based on breach of trust. I hope I’m not misrepresenting Moglen’s argument here, but certainly he – as a lawyer – sees scope for lawyerly involvement.
I’ve scratched the surface. If these are issues that concern you, read Moglen’s essay in the Guardian online. Then go, as I myself have not yet done, to Moglen’s own SFLC archive where the longer version is held: four presentations given last autumn at Columbia and given their own URL. Read and think and, if you’re in a position to do so, act.
And yes, this blog post will be flagged on both Facebook and Twitter …
• Privacy under attack: the NSA files revealed new threats to democracy, Guardian, 27 May 2014
• Eben Moglen: Guardian contributor bio, with links to the 2011 article<
• Snowden and the Future, Eben Moglen, Columbia, Oct-Dec 2013
• Software Freedom Law Center
• Stieg Larsson’s Millennium trilogy (Wikipedia)