Ethics and Law in New Media/snowden

From Wikiversity

This paper addresses the effects of information leaks by Edward Snowden, former computer professional with the U.S. National Security Agency, who made public the scope and methods of surveillance carried out by NSA in the U.S. and elsewhere in the recent decade.

The paper is divided into five major parts in accordance with the number of authors.

Introduction and background[edit]

«I don’t want to live in a world where everything that I say, everything I do, everyone I talk to, every expression of creativity or love or friendship is recorded» Edward Snowden Monday 3 June 2013

Edward Snowden

Edward Snowden, b. 1983, is a former US National Security Agency (NSA) contractor who revealed secret mass international surveillance by US intelligence [1]. Currently he lives in Russia, where he has been given asylum and a three-years residence permit.

He is one of the most extraordinary whistleblowers in history. Never before has anyone scooped up en-masse the top-secret files of the world's most powerful intelligence organisations, in order to make them public. [2]

Current situation with the U.S. authorities[edit]

In an interview to The Guardian on 18 July 2014, Edward Showden showed his intention to come back to the U.S. if it were possible without dramatic consequences: “I made it very clear that I’d like to return to the United States and if the possibility for a fair trial existed, that would be something that could be pursued.” [3]

Edward Snowden in art

Life and career[edit]

Mr Snowden is reported to have grown up in Elizabeth City, North Carolina, and later moved to Maryland, near the headquarters of the National Security Agency (NSA) at Fort Meade. Studied computing at a Maryland community college. In 2003, he joined the US Army and began training with the special forces. He was discharged after breaking both his legs in a training accident. First job with the NSA was as a security guard for one of the agency's secret facilities at the University of Maryland. By 2007, he was given a CIA post with diplomatic cover in Geneva. In 2009 he left the CIA and began working at the NSA as an employee of various outside contractors, On 11 June 2009 he was formally sacked. [1]

Snowden Interview - Laura Poitras

Film legacy. Citizenfour[edit]

In January 2013 American documentary film director Laura Poitras received an anonymous email requesting her public encryption key, she says she thought little of it. Over the next three or four weeks she continued to exchange emails with the person who called himself Citizenfour. Four months later, on June 1, she boarded a plane to Hong Kong. As a result, a 12,5 minute film was broadcast, revealing Citizenfour as Edward Snowden.

Poitras has now made a documentary, Citizenfour, which she describes as the third part in a trilogy of films about post-9/11 America, telling the story behind the Snowden revelations. [4]

Life after revelations[edit]

Edward Snowden had filed requests for asylum to 27 difference countries from 19 June to 16 of July 2013 and had nearly succeeded in case of Iceland, but the parliament of Iceland eventually did not make a decision. After an attempt to get asylum in Latin America, Snowden got stuck in the transit zone of Moscow’s Sheremetyevo airport after the U.S. authorities had revoked his passport. Eventually Snowden did not board the flight to Havana he had previously booked.

AS further travel was impossible, Snowden was granted a temporary asylum and work permit in Russia in August 2013, later prolonged to 3-year residence permit.

Social life[edit]

Since becoming a media figure, Snowden had participated in at least two conferences (South by Southwest (SXSW) Interactive technology conference in Austin, Texas, and TED conference in Vancouver, British Columbia) and received an honorary position of the Rector of the University of Glasgow.

Awards[edit]

German "whistleblower prize" in August 2013; Sam Adams Award in October 2013; Right Livelihood Award of 2014; German Big Brother Awards gala on April 11, 2014. [5]

This paper[edit]

This paper is an exploration of the following questions: how people can find balance by protecting their data, how government authorities reaction on Snowden case and is there a “post-Snowden era” for companies.

Chapter 1. How people can protect their data[edit]

In 1999, Wall Street Journal and NBC asked 2000 adult Americans what they were feared the most in the coming century. Topping the list, answer was – “Loss of Personal Privacy”. Overpopulation and the Acts of Racism and Terrorism took the second and the third places in the list.[6]

Every day, while browsing harmlessly over the internet, during a coffee break at work, people see different web pages and apps integrated into social networks asking us to share our personal data with “them”. In most of the cases people don’t really know who are “they” asking users to share a story of their lives, address of the street where user grew up, phone number, and even the name of user's first lover – encoded under the title “security question”.

In an era where the new forms of online crime are rapidly emerging, topic of the data privacy in the cyber space is becoming hotter and hotter. Nowadays society is being witnessing different social experiments and swatting pranks published on the web, where the participants are literally putting themselves under the risk of being sentenced or imprisoned. As sanctions for those who are involved in an online crime are becoming stricter, people try to hide their “self” by creating fake profiles, however meanwhile this massive hysteria some people might not even know how transparent their identity can become just by one click.

What are the data I might unintentionally share and how can I protect it?[edit]

In order to make people aware of the potential risks, one of the German websites which introduces Data Protection Policy [7] has published a text about what kind of data is being collected from the guests when they are visiting the webpage and how is these data used afterwards. This can be generalized on some other websites as well. Below is the list of what exactly is being shared by the user in vast cases:

  • IP address;
  • Date & Time of Access;
  • Name & URL of downloaded file;
  • Volume of data transmitted;
  • Indication whether the download was successful;
  • Data identifying the browser software and an operating system;
  • Web site from which the actual site was accessed;
  • Name of your internet service provider;
  • Orders (if you make any order of an information, material or any other goods via the website);

How to protect myself?[edit]

First of all by entering in an agreement with the website, it should be told that the data will not be transmitted to the third party. According to the policy there might be some other methods of protecting the privacy, for instance refusing all the cookies, however this might restrict the usage of the website.

The text of a user agreement also emphasizes an importance of verifying an account via e-mail, which according to the service owner, guarantees that only you yourself will be using your identity in a cyber space. And the least, but not the last, lots of websites suggest that users from time to time should re-read the latest version of the user agreement and privacy policy.

Data Privacy after Snowden[edit]

According to the survey carried out in US [6] where an adult internet users were asked of based on what they have learned about government surveillance from the Snowden revelations if they agreed with the three statement below:

  1. I am less inclined to use e-mail
  2. I have done less shopping online
  3. I have done less banking online

19 % of respondents answered that they had done less online banking and where less inclined to use e-mail. 14 % admitted that they had done less shopping online – which basically means that the majority of US citizens have not changed their habits of online banking.

One thing is when the conversation is about private matters however we face much more complicated phenomena when the e-commerce is being drawn in the process.

The Snowden Effect[edit]

In most of the surveys carried out in US, regarding the Snowden’s case, people were asked mostly about private matters. According to the answers it was easy to assume that citizens were scared of the fact that any kind of personal information about them might be owned by government or the telecommunication companies. Therefore the fear that this information might have been used against them someday was the driving force while changing their online behavior. However not much of the surveys were carried out regarding the change of the online behavior in relation with internet banking. Phenomena which is causing consumers to change their online behavior in ways that could undermine their ability to realize the full benefits and costs savings of electronic banking – is named as the Snowden Effect. This effect in the end of course leads to the distrust of the customers that on its own causes the harm to the online business and to the service providers.

Professionals from the banking field suggest to take the Snowden Effect into consideration, however not to accept it as something vital. According to them, such rebels as Snowden are coming and going, while the market and the business still goes on existing.

In November 2013 Washington Post asked a large sample of US citizens the question if after the revelations about NSA they personally have done something to protect their privacy?! – 25 % of the respondents answered that they did.

Probably it’s too early to measure the outcome of those revelations on the large scale, however one thing is obvious – people are definitely starting to be concerned about privacy matters when something done by them in the best is to penetrate and disturb their comfort zones in the present or in the future.

Chapter 2. Government surveillance and privacy[edit]

Blowing the whistle on public surveillance unveiled NSA’s former actions and as well created a challenge for the intelligence agencies to continue their assignments in the new, pressured and monitored environment.

NSA’s wish for information grew during the tenure of General Keith Alexander, whose unofficial motto was “Collect it all”. During his command of the past 10 years the NSA started collecting as much information as possible and thus even gathering information about random people who the NSA got no useful information from [1]. Such strategy, where the government agency received information on both potential terrorists and ordinary people, enabled to collect data in massive amounts - at one point the NSA collected 97 billion e-mails and 124 billion phone calls in just 30 days [1].

The new procedure practiced by the NSA was presented at the annual Five Eyes alliance conference in 2011. As seen from the posture of the new data collection mentality, it is vital to have indications about everything, learn about everything, possess and process everything and in the end exploit the data in order to have more insights to start the cycle all over. The following chart illustrates the cycle of data collection by the NSA:

Legal activities[edit]

Unveiling such massive exploitation of information by the governments created massive discussions about the ethics and legal aspects of such monitoring all around the world. Although NSA was sued and proven to have failed to comply with many laws regarding mass surveillance, some of the areas they operated in were all in accordance with the law. Main laws that enabled NSA to legally operate were the US Code Section 215 and Section 702 [8].

Section 215, (a part of the Patriot Act of 2001), enables the FBI to apply for the FISA (Foreign Intelligence Surveillance Act) court for an order to third parties to turn in information (records, documents, etc.) for investigation. [8] Section 702 allows the NSA to collect data about non-US citizens, but during that process data about the US citizens gets often collected as well. [8]

Regardless of conducting the surveillance legally or illegally, the documents presented by Snowden created a global discussion about the necessary proportion, depth and methods of mass surveillance. Many countries, including the UK, Germany and Australia, started overlooking their legislation in order to determine the loopholes that would put the safety of the online communication of their citizens at risk. [8] In that light Hansjörg Geiger, former head of Germany’s Federal Intelligence Service, proposed a codex that would regulate gathering and processing intelligence between allies. [9]

Allies concerned[edit]

The fear of being monitored by NSA has put allies of the U.S. to protect themselves from their partner. For an example the Netherlands is preparing reports on such surveillance and wishes to consult Snowden as well to learn about the potential restrictions Europe should impose on state surveillance while still having effective means on fight against terrorism. [9]

The approach where allies start protecting themselves from one-another is extremely reactive and negative. Organizations should rather focus on cooperation and not on preventing potential interceptions by their partners. [10] Although gathering information about random people is incorrect, limiting the capability of collecting intelligence can also be seen as potentially threatening. The key is in the balance between the interests of the government and the privacy of the people as was also mentioned by the President of the U.S. [11]

The most important aspect would be maintaining the trust of the American people and the audience around the world to still be effective in the long run. [11] For that the U.S. is starting to make changes in their processes and legislation: the President has already issued the Presidential Policy Directive PDD-28 (Signal Intelligence Activities) [5] that states that signal intelligence must not be collected in bulk and the overall protection of data, auditing and quality of data processing need to be improved. [12]

In terms of further surveillance the NSA and other organizations will have a complicated task in legitimizing (or at least assure the legitimacy) of their actions while the public is now highly alerted about constant monitoring. [13] Another task for the intelligence agencies is to assure the security of their data and files since the “Snowden effect” might bring followers to perform similar actions.

Chapter 3. U.S. companies in post-Snowden era[edit]

The Snowden case had an impact not only on to the attention to secret services' activities, but also to the way businesses act, particularly U.S. companies as the revelations mostly focused on U.S. government agencies such as NSA. Among the data published thanks to Snowden's leaks, were also accounts about the way U.S. companies cooperate with government agencies during secret surveillance and wiretapping.

Companies in the United States of America have long history of legal cooperation with law enforcement agencies. The Omnibus Crime Control and Safe Streets Act of 1968 (Title III of the act, to be exact) was the first modern U.S. law that set rules for wiretapping. However until the surveillance violations by President Nixon were brought to daylight by the Church Committee in 1975, the real scope of government surveillance activities remained relatively unknown. In a certain way, there is nothing new about Snowden's revelations. The 1975 report of the Church Committee revealed that U.S. government agencies (CIA) had spied on U.S. citizens by secretly opening letters sent by mail [14].

Encrypt it all[edit]

To demonstrate the effect of Snowden case on businesses, let's first have a look at two widely used products, the two most popular operating systems for mobile devices, released after Snowden's revelations.

The two leading mobile operating systems, Android (developed by Google) and iOS (developed by Apple), have data encryption turned on by default in their latest versions. iOS 8, revealed on June 2nd 2014, and Android 5, presented to the public three weeks later, both feature data encryption in order to protect their users.

While majority of both Android and iOS platform users still have older versions of the operating systems, consequent updates and renewal of mobile devices would mean that most users will eventually use a mobile device with data encryption. And Android and iOS devices combined count for 96% of the global market as of spring 2014 [15].

Introduction of default encryption on mobile devices, although not a key feature in the eyes of general public, nevertheless had made FBI, one of the leading government agencies in the field of security, react explicitly. In his speech delivered at a Washington think-tank Brookings Institution, FBI Director James B. Comey called default data encryption 'a worse challenge to law enforcement and national security officials' [16].

In his speech Comey pointed out that even while FBI and other agencies can still legally access user data uploaded to the cloud managed by Apple or Google, the information stored and encrypted directly on mobile devices will be out of range. Comey went on to refer to cases investigated by the FBI when criminals were brought to justice only thanks to the access to their data on mobile devices.

Cloud and hardware impact[edit]

Another effect of the Snowden's revelation on businesses was their more suspicious stand regarding storing data in a cloud managed by U.S. and EU-based companies. In post-Snowden era, it was clear that no data is safe in the cloud, because law enforcement agencies can have access to it. This made a number of companies in the US and elsewhere question and reconsider their plans to place their data to cloud storage [17]. While such conclusions were made by NTT Communications, an ICT company that may have interest in attracting customers to its own data management solutions, the scale of its operations and the scope of the survey conducted make the findings look feasible.

These changes in business behavior have financial dimension, they can can be measured in lost (millions of) dollars. The losses suffered by the U.S. cloud computing industry could amount to $22 billion to $35 billion in 2013-2016 as a result of the revelations about the NSA’s electronic surveillance programs [18]. The money lost by the U.S. companies will eventually end up as revenues of their European and Asian competitors.

Yet another dimension of the Snowden revelations was the alleged level of hardware interception. One of the photos published in Glenn Greenwald's book 'No Place To Hide' shows alleged NSA operatives opening a package with Cisco networking equipment in order to install spying hardware into it. Cisco CEO John Chambers reacted by sending an open letter to U.S. President Obama asking him to make sure the government activities are duly regulated and that NSA should follow higher standards of conduct [19]. Failing to do that, according to Chambers, would erode consumer faith in U.S. technology sector.

Chapter 4. Legal and ethical aspects[edit]

The chapters above give a good clue about who Mr. Snowden was and how did he influence the world, what were his actions, why did he do this and what the future will bring after such an information hurricane about misdoings of the government of the United States of America and organisation called National Security Agency (NSA).

For some Edward Snowden is a hero and for some a traitor who will never be able to live in his home country. He has fled and after trying to get asylum in different countries he is in hiding currently in Russia. So were his actions ethical?

Among different definitions of ethics, the quote of former justice of the U.S. Supreme Court Potter Stewart look the most suitable for our paper: “Ethics is knowing the difference between what you have a right to do and what is right to do.” As Edward Snowden stated in his revelation video, he only wanted to inform the public of the misdoing of NSA because as a system administrator for such kind organization he saw things that were abusive. He had noone to complain to and so he decided to blow the whistle. [20] He has gathered a massive amount of secret data and now releasing it to the public trough his sources. [21]

Hero or traitor?[edit]

For common people, Snowden's whistleblowing may look ethical. On the other hand, leaking such kind of information as an employee is definitely not ethical from the employer's point of view. [22]

Contracts regulate relations between companies and employees. The requirement to sign non-disclosure or confidentiality agreement depends upon the position and the access to sensible or secret information. Edward Snowden did sign a confidentiality agreement that he was obliged to follow, but still he decided in favor of the breech. By this action he betrayed his employer from ethical point of view and broke the law from the legal point of view.[22]

As a result, Edward Snowden had been charged [26] by the US government with theft of government property (18 USC § 641)[23], unauthorized communication of national defense information (18 USC § 793(d))[24] and willful communication of classified communications intelligence information to an unauthorized person (18 USC § 798(a)(3))[25].

Taking into account the previous paragraph, it is really getting harder to find arguments for protecting Snowden. Laws are laws, and they need to be followed, besides, breaking a law can also be unethical. However this brings us to the other part of the story. Was NSA acting ethically by collecting this kind of information and was this almighty government agency following the rules?

We have to look back several years to get in starting point. This was the aftermath of the 9/11 terrorist attacks in the U.S., when president Bush administration announced Patriot Act that gave NSA the power to collect telephone calls and emails to prevent terrorism acts from happening again. Although by the U.S. Constitution NSA was not allowed to spy on US citizens [21], history had proven that laws had previously failed to restrict activities of secret services. After all, the Church Committee had revealed CIA's international mail surveillance operation HTLINGUAL already in 1975.

“The Internet has made a hash of the tidy distinction between foreign and domestic surveillance. Today, citizens of France, Brazil and Nigeria routinely use Facebook, Gmail, and other American online services to communicate. Americans make calls with Skype. And much Internet traffic between two foreign countries often passes through the United States.” As Washington Post tech blogger Timothy Lee gives an explanation which gives us an idea where NSA hides to when they are asked about these kind of actions. [27]

So going back to the start of this article you see that there are several different ways you can digest this story and think about it on the legal and ethical side. As much as there are different people there are different understandings and judgments. Edward Snowden broke the rules and disobeyed the law by collecting and leaking the information that he had access to. But he did it for the good cause. And as we all know no good deed goes unpunished.

Conclusions[edit]

Edward Snowden will forever remain not only in the history of scandals around secret services, but also in the history of information society as a highly controversial figure whose revelations had massive effect not only on private individuals, but also on business and ITC industry. The Big Brother sentiment once again was brought under the eyes of general public at the scale hardly imaginable before, which has definitely had an educational effect. Thanks to Snowden, the question of data encryption has become a topic not only for a computer science magazine, but also for a general interest newspaper.

References[edit]

  1. [1] Greenwald, G. (2013). No Place To Hide. New York: Metropolitan Books.
  2. [2] Harding, L. (2014). The Snowden Files: The Inside Story of the World's Most Wanted Man. Guardian Faber Publishing.
  3. [3] Edward Snowden interview. http://www.theguardian.com/world/2014/jul/18/-sp-edward-snowden-nsa-whistleblower-interview-transcript
  4. [4] The Holder of Secrets. http://www.newyorker.com/magazine/2014/10/20/holder-secrets
  5. [5] https://edwardsnowden.com/
  6. [6] Data privacy after Snowden and Target. ESET Tech Brief. http://static3.esetstatic.com/fileadmin/Images/US/Docs/Business/vertical/techbrief_data_privacy_after_snowden_and_target-implications_for_credit_unions.pdf
  7. [7] http://www.fraunhofer.de/en/data-protection-policy.html
  8. [8] Free Snowden. (n.d.). Impact. Retrieved 11 02, 2014, from Free Snowden: https://www.freesnowden.is/impact
  9. [9] MacDonald, A. (2014, 04 07). Edward Snowden testifies by video-link at hearing on ‘mass surveillance’. Retrieved 11 02, 2014, from Parliamentary Assembly: http://www.assembly.coe.int/nw/xml/News/News-View-EN.asp?newsid=4960&lang=2&cat=5
  10. [10] Ashford, W. (2014, 02). How NSA spying disclosures influence security strategies. Retrieved 11 02, 2014, from ComputerWeekly: http://www.computerweekly.com/feature/How-NSA-spying-disclosures-influence-security-strategies
  11. [11] Litt, R., & Joel, A. W. (2014, 10 17). Interim Progress Report on Implementing PPD-28. Retrieved 11 02, 2014, from Office of the Director of National Intelligence: http://icontherecord.tumblr.com/
  12. [12] Office of the Director of National Intelligence. (2014). Safeguarding the personal information of all people. Tysons Corner: Office of the Director of National Intelligence.
  13. [13] Moody, G. (2013, 07 25). What Edward Snowden Has Given Us. Retrieved 11 2, 2014, from TechDirt: https://www.techdirt.com/articles/20130725/07050423940/what-edward-snowden-has-given-us.shtml
  14. [14] Activities, I. (1976). the Rights of Americans, Book II, Final Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities. https://archive.org/stream/finalreportofsel01unit#page/282/mode/2up/search/mail
  15. [15] Worldwide Smartphone Shipments Edge Past 300 Million Units in the Second Quarter. IDC press release. http://www.idc.com/getdoc.jsp?containerId=prUS25037214
  16. [16] Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? Speech by FBI Director James B. Comey at Brookings Institution, Oct 16th 2014. http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course
  17. [17] http://nsaaftershocks.com/
  18. [18] How Much Will PRISM Cost the U.S. Cloud Computing Industry? http://www2.itif.org/2013-cloud-computing-costs.pdf
  19. [19] Cisco chief urges Obama to curb NSA surveillance activity, Reuters, May 18 2014. http://www.reuters.com/article/2014/05/18/us-cisco-systems-nsa-idUSBREA4H0C720140518
  20. [20] Edward Snowden reveals himself as NSA leaker. http://www.washingtonpost.com/world/national-security/edward-snowden-reveals-himself-as-nsa-leaker/2013/06/10/f5791c4a-d1fb-11e2-8cbe-1bcbee06f8f8_video.html
  21. [21] The Legal Story of the Year, and Next Year Too: Edward Snowden. http://verdict.justia.com/2013/12/27/legal-story-year-next-year-edward-snowden
  22. [22] The Ethics of Whistleblowing part I. http://mises.org/library/ethics-whistleblowing
  23. [23] 18 U.S. Code § 641 - Public money, property or records. http://www.law.cornell.edu/uscode/text/18/641
  24. [24] 18 U.S. Code § 793 - Gathering, transmitting or losing defense information. http://www.law.cornell.edu/uscode/text/18/793
  25. [25] 18 U.S. Code § 798 - Disclosure of classified information. http://www.law.cornell.edu/uscode/text/18/798
  26. [26] What are the current charges on the US indictment for Edward Snowden? https://edwardsnowden.com/frequently-asked-questions/
  27. [27] The NSA is trying to have it both ways on its domestic spying programs. http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/22/the-nsa-is-trying-to-have-it-both-ways-on-its-domestic-spying-programs/