Embed Size (px)
Citation preview
Callum Craigie
Student no: 42779006
Cyber Crime Assessment 3 Research Essay:
• Mass surveillance and invasion of privacy
Edward Snowden has been called a hero, a whistle-blower, a dissident, a traitor
and a patriot. Was he justified in his actions? Is it ever justifiable for a country to
conduct this level of mass surveillance on its citizens?
In the following analysis the mass surveillance of Edward Snowden leak will be
examined. A brief description of Snowden’s involvement, justifications and
actions that led up to the mass surveillance leak will be discussed. It will be
argued firstly the leak justifiable issue, as it was a breach of social freedoms.
However mass surveillance is justified in the means of precautionary measures
in the ‘altered power dynamic’ of cyber warfare. Snowden’s reasoning will be
argued to be unjustified and a moot point to the secrecy and legality of mass
surveillance. Furthermore the justification’s for the potential hazard of a
Orwellian and totalitarian state on the outcome of mass surveillance will be
discussed.
The Snowden leak involved mass surveillance, the close observation of the
population or a considerable fraction. The modern state performs mass
surveillance upon its’ citizens for security against potential threats. Mass
surveillance is controversial as it is considered a violation of individual’s privacy,
1
political and social freedoms (ULegal.com). Edward Snowden allegedly brought
mass surveillance into the international spotlight after leaking in Hong Kong on
May 2013 documents to a journalist Glenn Greenwald. Snowden was a systems
analyst within Booz Allen contracted by the NSA, to collect and store personal
communications of the United States and other countries. Snowden was working
under the PRISM surveillance program under the administration of the NSA
(Greenwald, 2014). Under the PRISM program raw data information was
collected via metadata traffic observation. The PRISM program was created in
2007 and place under the supervision of under FISA the (U.S. Foreign
Intelligence Surveillance Court) (Director of National Intelligence, 2015). The
documents revealed the NSA and its’ foreign intelligence partners were
conducting warrantless surveillance upon their own citizens. Snowden and
media outlets revealed millions of people’s data information is being stored and
analysed without the authorisation of legislative bodies of the United States and
other countries (Mezzofiore, 2013). The Snowden leak was the alleged revealing
of unjustifiably illegal mass surveillance program, breaching United States and
foreign citizens privacy, political and social freedoms.
What warranted the NSA’s mass surveillance over American citizens was in the
means of precautionary measures in the ‘altered power dynamic’ of cyber
warfare. The ‘altered power dynamic’ refers to the potential of non-state actors
to possess offensive capabilities no different to those of states (Jurick, 2009, p.
287). Non-state cyber attacks have been continuously exacerbated by a lack of
international cooperation in dealing with cyber attacks through domestic law
enforcement (Graham, 2010, p. 93). Furthermore states that have the greatest
2
representation of non-state cyber aggressors such China and Russia have not
signed the Council of Europe Convention on Cybercrime. This has enabled states
such as China and Russia to actively encourage and to turn a blind eye to
‘people’s information warfare’, to the disadvantage to participant states to the
Council of Europe Convention on Cybercrime. The United States through the NSA
in conducting mass surveillance on its’ citizens, is complying with international
cyber law enforcement. Furthermore reducing the American domestic/foreign
chances of involvement or exposure to ‘people’s information warfare’.
Mass surveillance is necessary as targeted surveillance is ineffective. Several
cyber incidents have caused debate as to state responsibility for cyber attacks
emanating from within their own territories and potentially by their own
citizens (Sklerov, 2009). Computer network attacks are commonly conducted in
covert strategies to eliminate any indiscernible traces (Arquilla, 1999, p. 193).
Hence cyber attacks are conducted over multiple systems dispersed
geographically and across unlimited Internet zones (Hunker, 2008). Of particular
relevance was an incident in May 2007, when a distributed denial of service
attack happened upon Estonia. Government ministries, banks, news
organisations and emergency services were shut down. Co-incidentally this was
following political tensions between Russia and Estonia (Traynor, 2007). After
an extensive digital forensic and intelligence investigations two key issues were
identified. The emergence of state state-sponsored espionage of separate
hackers and the implied consent of states or territories, but with the absence of
proof or responsibility (Swanson, 2010, p. 303-333). The absence evidence
involving states or territories can be explained by the origins of the attack. The
3
2007 Estonian cyber incident revealed enemy states can conduct untraceable
and undetectable attacks upon a state, within the victim states boarders or other
unsuspecting state’s borders. To use targeted surveillance in pursuing
responsible parties would therefore be ineffective.
The NSA in conducting a level of mass surveillance is acting within precautionary
means. A cyber attack or cyber war unlike conventional warfare does not involve
the mass movement of tanks and solders across boarders. A cyber attack can
emerge in a foreign territory, with no link to the state sponsoring it. For example
civilians may conduct cyber attacks from an office block in the Netherlands
against the United States on behalf of the People’s Republic of China (Report of
the UN Secretary General, 2011). It is an issue of ‘imputed territorial
responsibility’, were the threshold of state involvement in a cyber attack is of
much greater utility than the ‘effective control’ and as a requisite burden of proof
in the self-defence of the alleged perpetrator state (Kanuck, 2010, p. 1592).
Furthermore in establishing any form of self-defence in the deterrence of alleged
non-state actors no clear guidance of appropriate international response is
given. For example the right of a state to conduct self-defence in the event of an
‘armed attack’ is defined in Article 51 of the UN Charter. However Article 51
further explains to execute self-defence, clear guidance as to when the armed
attack occurred and to what state was responsible. In setting the cyber espionage
threshold so low, it is an enormous burden upon all states to prevent or prove a
cyber attack is been or has been conducted within their own territories or
others. Hostile states exploit private individuals as a ‘convenient covers’ for
cyber attacks, with the advantage of ambiguity. In using non-state proxy servers
4
that can be anywhere in the world, acting as prevalent in of conventional warfare
(Lubell, 2010, p. 98). Therefore the NSA within precautionary means is reducing
the chances of American citizens or private individuals been exploited as
‘convenient covers’ to hostile states means of ambiguous cyber warfare
measures.
The NSA in collecting information by mass surveillance was using the most
efficient pursuit and deterrence measures of cyber attacks. Snowden
hypocritically admitted the efficiency of mass surveillance. In 2013 in a Hong
Kong interview Snowden is recorded stating; “the NSA specifically targets the
information of everyone, it’s the easiest, most efficient and most valuable way to
achieve these ends” (Freedom of Press Foundation, 2013). According to Hunter
commanders in seeking to pursue the cyber attack perpetrators, conduct post
event tracing by way of an ‘IP trace back’. The IP address of the attacking system
is narrowed down to a location through the assistance of Internet Service
Providers (Hunker, 2008, p. 6). However counterproductively trace back
techniques are reliant upon the storing of data logs by routers, requiring
commercial and international cooperation in providing access to those routers
(Graham, 2010, p. 97). Due to the high volume of data travelling through routers
the logs are only kept temporarily, to save storage space (Chaikin, 2006, p. 246).
Furthermore Internet Service Providers may not cooperate with authorities in
providing IP addresses for of privacy concerns and domestic legal liabilities
(Young, 2010, p. 190). Therefore targeted surveillance would be a difficult
pursuit process; many investigations of cyber attacks would lead to boundaries
of uncooperative parties. The NSA in collecting this information by mass
5
surveillance instead of targeted surveillance is avoiding non-cooperative parties
by collecting data before potential issues arise.
To argue Americans or the international community needed to know about mass
surveillance being a secret is a moot point. Mass surveillance has been exercised
to knowledge of the public and has being legally constitutionally valid for
decades. The Patriot Act is amongst the most publicly recognised and legal
government acts permitting mass surveillance. The Act was of the United States
Congress, signed into law by President Bush in 2001 and continuously extended.
The Patriot Act gave FISA further authority to monitor United States citizens by
“bugging of all will” (Brzezinski, 2004, p. 68). FISA was notably already following
for its’ original primary purpose of the monitoring of foreign citizens, under the
Foreign Intelligence Act of 1978 (Harper, 2014, p. 1134). Furthermore Executive
Orders of Presidents have issued the NSA permission to access Americans’ data
by ‘clandestine means’. “Executive Order 12333, originally issued 4 December
1981, delineates the NSA/CSS roles and responsibilities. In part, the Director,
NSA/Chief, CSS is charged to: Collect (including through clandestine means),
process, analyze, produce, and disseminate signals intelligence information and
data for foreign intelligence and counterintelligence purposes to support
national and departmental missions. Furthermore the executive order was
amended in 2008 to be further used in the protection of American civil liberties
(NSA, 2015). For counterintelligence purposes mass surveillance can be
conducted within the reasoning of precautionary and efficiently reasons of
pursuit, as stated previously.
6
The Executive Orders and congressional acts were on the public record and
furthermore were issued by an Executive with the democratically elected
authority to do so. The Patriot Act nor the Executive Orders have not being
successfully challenged constitutionally in the Supreme Court. Over thirty years
after the executive orders were implemented the 4th estate claims the orders to
be unconstitutional, however no ruling of the illegality of the orders exists
(Network World, 2014). Furthermore although in apparent breach of the UN
declaration of human right rights article twelve, neither the U.N nor the
international community has objected to mass surveillance (U. N Universal
Declaration of Human Rights, 2015). Quoted to be ‘the globalisation of American
law’, the EU Parliament in 2005 after making mass surveillance illegal following
the Madrid and London bombings, legalised mass upon EU citizens. There are
only allegations and with no Supreme Court rulings to make the Executive orders
or the NSA’s mass surveillance pursuits unconstitutional, with limited
international rejection (Eggert, 1983, p. 611-644). Thus Americans and the
international community needing to know about mass surveillance being a secret
is a moot point.
Mass surveillance and to the degree it is used and collected can be argued to be a
valid point. An Orwellian society refers to George Orwell’s novel 1984 of a
societal condition where the state has eliminated free society. The Orwellian
state controls society through surveillance, propaganda, misinformation, and
manipulation of the past and the denial of truths (Drabble, 2000, p. 726). The
authorisation and monitoring of the mass surveillance state has raised the issue
of the proportionality to the extent of the production of misinformation,
7
manipulation, elimination of free society and the creation of a totalitarian state
(Spector, 2015, p. 1).
Rusbridger editor of the Guardian newspaper highlights the extent to which
mass surveillance can have disproportionate outcomes between privacy, security
and freedom. The potentially Orwellian issues were highlighted, consent as to
what new technologies have been and can be deployed to collect and analyse
their digital lives is question remains unanswered. The mass surveillance laws
were passed in an analogue era, before citizen’s lives became more digitalised.
The private sector, the digital economy and the integrity of the web remain an
issue, as to what extent individual’s private information and financial data is
exchanged. Furthermore the issue of the creation of deliberate false information
by unmonitored classified intelligence courts (Rusbridger, 2014). FISA acting as
a secret court previously has ruled some mass surveillance actions by the NSA to
be in breach of federal law and the constitution. However to what mass
surveillance action the NSA breached is unknown, furthermore to what the NSA
is been permitted to do by FISA is unknown (Butler, 2013, p. 67). The use of mass
surveillance under FISA an unmonitored court, can potentially lead to Orwellian
and totalitarian state governance. Therefore one can argue Snowden is a
Whistle-blower as he has highlighted potentially FISA and the NSA can act
unconstitutionally and illegally, without public knowledge.
In conclusion mass surveillance in in no doubt an invasion of privacy, however it
is a necessary evil. Snowden’s actions are justifiable as it was brought to public
attention the extent of mass surveillance. But Snowden’s argument was flawed as
8
it was not secret the United States government had the authority to do so and
within legal means. Furthermore the United State Government was complying
within international cyber law enforcement, reducing the chances of
involvement or exposure of American’s to the ‘altered power dynamic’. Mass
surveillance is a much more efficient precautionary and pursuit method to avoid
American citizen’s been exploited for ambiguous cyber warfare means. NSA was
following its’ Executive, congressional and constitutional valid orders. Snowden’s
and any other allegations questioning illegality of mass surveillance have yet to
be successfully proven. The most apparent issue is the proportionality of mass
surveillance. Although legally and constitutionally valid, there is the potential of
a totalitarian or Orwellian state to emerge. The possibility of misinformation,
manipulation and elimination of free society is a possibility. Permitted closed
courts such as FISA could potentially abuse their authority as the extent of their
mass surveillance remains disclosed. Mass surveillance is potentially hazardous
and justifiable, but is a necessary evil.
9
Bibliography:
Books and Academic Studies:
Arquilla. J, Ronfeilt. D and Zanini. M, (1999). The Advert of Netwar: Analytic
Background, Studies in Conflict Terrorism, Routledge.
Brzezinski. M, (2004). Fortress America: On the front lines of Homeland Security:
An inside look at the coming surveillance state, Bantam.
Drabble. M. (2000). Oxford Companion to English Literature, Oxford University
Press, Ed. 6.
Greenwald. Glenn, (2014). No place to hide: Edward Snowden, the NSA, and the
US intelligence state, New York Metropolitan Books/Henry Holt.
Hunker. J, Hutchinson. B and Margulies. J. (2008). Role and Challenges for
Sufficient Cyber-Attack Attribution, Institute for Information Infrastructure
Protection, accessed 25/05/2015.
URL: http://www.thei3p.org/docs/publications/whtiepaper-attribution.pdf
Lubell. N. (2010). Extraterritorial Use of Force Against Non-state Actors’, Oxford
University Press.
10
Spector. H. (2015). Education and the Question of Totalitarianism, Studies in
Cultural Politics of Education, Routledge.
Journals:
Butler. A. (2013). Stand Up to Clapper: How to Increase the Transparency and
Oversight of FISA Surveillance, New England Law Review, Vol. 48.
Chaikin. D. (2006). Network investigations of cyber attacks: The limits of digital
Evidence, Crime, Law and Social Change, Vol. 46, No. 5.
Eggert. S. D. (1983). An Assessment of the Validity of the Warrantless National
Security Searches, Duke Law Journal, Vol. June 1983, No. 3.
Graham. D. E. (2010). Cyber Threats and the Law of War, Journal of National
Security Law and Policy, Vol. 4, No. 1.
Harper. N. (2014). FISA’s Fuzzy Line between Domestic and International
Terrorism’, The University of Chicago Law Review, Vol. 81, no. 3.
Jurick. J. P. (2010). Cyberwar and Customary International Law: the Potential of a
Bottom-up Approach to an International Law of Information Operations, Chicago
Journal of International Law, Vol. 9, No. 1.
11
Kanuck. S. (2010). Sovereign Discourse on Cyber Conflict Under International
Law, Texas Law Review, Vol. 88, No. 7.
Sklerov. M. J. (2009). Solving the Dilemma of State Responses to Cyber attacks: A
Justification for the Use of Active Defenses Against State Which Neglect Their
Duty to Prevent, Military Law Review, Vol. 201.
Swanson. L. (2010). The Era of Cyber Warfare: Applying International
Humanitarian Law to the 2008 Russian-Georgian Cyber Conflict, Loyola of Los
Angeles International and Comparative Law Review, 2010, Vol. 32.
Young. M. D. (2010). National Cyber Doctrine: The Missing Link in the
Application of American Cyber Power, Journal of National Security Law and
Policy, Vol. 4.
Official Reports and Documents:
Director of National Intelligence. (2015). Facts on the Collection of Intelligence
Pursuant of Section 702 of the Foreign Intelligence Surveillance Act, Director of
National Intelligence facts, accessed 21/05/2015.
URL: http://www.dni.gov/files/documents/Facts%20on%20the%20Collection
%20of%20Intelligence%20Pursuant%20to%20Section%20702.pdf
NSA. (2015). About NSA, The Mission, accessed 23/05/2015.
URL: https://www.nsa.gov/about/mission/index.shtml
12
Report of the UN Secretary General. (2011). Developments in the Field of
Information and Telecommunication in the Context of International Security, July
15, Doc No. A/66/152, p. 34, accessed 21/05/2015.
URL:
http://daccess-dds-ny.un.org/doc/UNDOC/GEN/N11/416/91/PDF/N1141691.
pdf?OpenElement
International Treaties, Declarations and Case Law:
USLegal.com. (2015). Mass surveillance law and legal definition, accessed
21/05/2015.
URL: http://definitions.uslegal.com/m/mass-surveillance/
U.N. Org, (2015). The Universal Declaration of Human Rights, Article 12, accessed
21/05/2015.
URL: http://www.un.org/en/documents/udhr/
Media Sources:
Freedom of Press Foundation. (2013). Prism Whistle Blower, Edward Snowden
in his own words, published June 9, accessed 23/05/2015.
URL: https://www.youtube.com/watch?v=3P_0iaCgKLk
13
Mezzofiore. G. (2013). NSA Whistle Blower Edward Snowden: Washington
Snoopers and Criminals, The International Business Times, June 27, accessed
24/05/2015.
URL: http://www.ibtimes.co.uk/nsa-whistleblower-edward-snowden-479709
Network World, (2014). Executive Order 12333 lets NSA unconstitutionally
collect American’s communications, July 21, retrieved 24/05/2015.
URL:
http://www.networkworld.com/article/2456226/microsoft-subnet/executive-
order-12333-lets-nsa-unconstitutionally-collect-americans-
communications.html
Rusbridger. A. (2014). Snowden is no Leftie, The Spectator UK, January 18,
accessed 29/05/2015.
URL: http://www.spectator.co.uk/features/9116531/alan-rusbridger-edward-
snowden-is-no-leftie/
Traynor. I, (2007). Russia Accused of Unleashing Cyber war to Disable Estonia,
The Guardian, May 17, accessed 19/05/2015.
URL: http://www.guardian.co.uk/world/2007/may/17/topstories3.russia
14
