Friday, 6 March 2015

Do you Hear the People Sing: Legal responses to Surveillance

"The thieves took my browser history!"
Rumours of firmware-level government spyware have technophile friends concerned, but how can a government use it against you?

Given the level of sophistication required to infect the manufacturing stage, the prime suspect is the U.S. government, whose electronic surveillance framework was last modified by the famous Patriot Act. A few points about the prescribed limitations and procedures:

  • A (Secret) FISA Court Order may permit the surveillance of a foreign power.
  • The President may authorise one-year surveillance for foreign intelligence, but not on a U.S. citizen. 50 U.S. Code § 1802
  • A communication's Routing and addressing information, not held to be protected by the Fourth Amendment (Smith v Maryland) can be collected under court order, grand jury, or subpoena, 18 U.S.C. 2703(c)(1)(C).
  • The content of communications - subject to Fourth Amendment protection - may be accessed with a search warrant after establishing probable cause. S 211 Patriot Act.
If this sounds scary, consider:
  • Although FISA proceedings and the information gathered can be kept secret, using it as evidence will make the extent of surveillance public, essentially 'giving the game away'.
  • Court orders are generally not retrospective for the purposes of procedural fairness, so any information gathered up to the point of application may never be able to be the subject of the order.
  • There are civil and criminal penalties for illegally obtained information. 50 U.S. Code § 1809, 1810
  • Furthermore, unlawfully obtained evidence may be suppressed 50 U.S. Code § 1806. This accords with current (State) case law where illegally obtained evidence gave the Court the discretion to exclude it (O'Brien, Councilman). 

Will you join in our crusade?

A greater privacy threat lies in outsourcing panopticon. A foreign country without the resources of the U.S. may rely on U.S. surveillance of its citizens, who being foreigners are less protected by the U.S. Constitution. In similar fashion, the U.S. may collect shared information from other governments who operate beyond its legal limitations.

Despite the UKUSA Agreement, and other bilateral treaties encouraging surveillance sharing, there are no provisions in the U.S. Code allowing such. Leading illegally obtained information shared from a U.S. agency as evidence will raise the question of whether and to what extent the agency has breached U.S. law. Would the NSA accept a call to testify and substantiate what they shared in a foreign trial if they knew they could expose themselves to criminal or civil liability at home?

Will you give all you can give?

There are similar problems with multilateral information sharing. Doing so will alert citizens to the fact that their own government is unable or unwilling to protect them from foreign surveillance. In fact, governments such as Australia anticipate information sharing in their wiretap laws. (Telecommunications (Interception and Access) Act 1979, s11A)).

Interception in Australia must generally be by warrant, with civil and criminal penalties if this is breached. However, a holder of 'properly obtained' information can share it if 'reasonably necessary' (Telecommunications (Interception and Access) Act 1979, s177)).

On a side note, Australia's privacy principles allow sharing of private information without fear of prosecution on the reasonable suspicion of criminal activity. (NPP 2.1) So much for the convict ethos of 'no dobbing'.

When tomorrow comes

What use then is illegally obtained surveillance? In a tautological manner, it may open avenues of investigation - a fishing expedition - and lead to legally obtained surveillance. Regardless of legality, many of us find surveillance distasteful.

There are technical barriers to surveillance like encryption, but if someone can make your own hard drive snitch on you then most of us would be out-gunned. And let's face it, we wouldn't encrypt our data or communications even for the geek cred. The simplest privacy tools will always be cumbersome in an era where we have come to expect increasing convenience.

Singing the song of angry men

Mitigation is prevention's back up strategy, and it's simple. If you can't stop the jack-boots through your door, you can make them pay for it in Court. Seek to exclude surveillance evidence. Insist that eavesdroppers be called for cross examination at public expense. Counter-claim under civil and criminal law. Most importantly, have a cash stash, or legal costs insurance that includes pursuit, so that you can lawyer up in a jiffy.

We could all burden ourselves with workarounds, or speak in hushed tones,  but it would take few test cases to turn the investment in global surveillance from an exercise in power into a misallocation of resources.

Also read: the tension between cybersecurity and surveillance.

No comments:

Post a Comment