Keeping an eye on the digital spies

When news broke in June of the NSA’s secret PRISM digital surveillance program, I was in Israel with a group of Australian venture capitalists and entrepreneurs. In one presentation, an American senior executive of a global data security company railed against an irresponsible media. He believed the fourth estate was over-reacting to the revelations that the American government was tracking the digital movements and phone conversations of its own people and those abroad.

“The wolf is at the door,” said Art Coviello, the executive chairman of RSA Systems, the security division of EMC Corporation. He was referring to terrorism: cyber and otherwise. He implored that “if we do not start trusting our governments”, the very foundations of democracy were threatened.

In the Internet age, “the wolf” is not easily recognisable. It comes in many guises: in the form of a tech-savvy class of politically motivated cyber terrorists; financially motivated white collar criminals; and in the form of private internet companies tracking your every keystroke, often without your knowledge or consent.

But as the NSA PRISM project shows, the wolf can also reveal itself in the form of democratic and non-democratic governments over-reaching with new high-tech powers of surveillance. This mass surveillance, claim government and regulatory agencies, is all conducted under the auspice of protecting their citizens’ safety.

The Internet-driven world is a complex and little understood place. Headlining this complexity are digital-age activists and whistleblowers such as Julian Assange, Chelsea Manning and Edward Snowden. Snowden leaked the extent of the NSA’s PRISM program to The Guardian. They were viewed as either heroes or villains for their actions.

Their revelations have ignited an increasingly impassioned and divided international debate, not just about the NSA’s activities, but also about digital data protection and personal privacy versus national security in a digitally networked world.  

The new era has also sparked debate about activism and the role of the fourth estate. There are even calls for the prosecution of journalists, such as The Guardian’s Glenn Greenwald, who broke the PRISM story. Before PRISM, there was Wikileaks. Senior members of the US Republican party demanded nothing less than the assassination of its founder, Julian Assange.

Like many disruptive technologies, the internet’s power is a double-edged sword. It can be a tool for liberation, as we saw with the Arab Spring. It breaks down borders, expands business markets and provides a platform for entrepreneurship and new globally linked social connections.

But it is also a tool for more insidious forms of terrorism, theft and surveillance. Policy and lawmakers everywhere are struggling to come up with fair solutions that maintain a balance between individual liberty and privacy and corporate and national security.

“From a social and cultural perspective, the opportunities the Internet presents for improved interaction and inclusion seem endless,” says Chris Disspain, the CEO of the .au Domain Administration (auDA). “But there are many new threats as well as opportunities. Individuals, lawmakers and administrations are only just beginning to sort through all the grey areas. For the most part, we are playing catch-up.”

These issues will be debated at the upcoming Australian Internet Governance Forum (auIGF) in Melbourne on Oct 16-17 and hosted by auDA.  Australian and international experts will discuss the role the Internet plays in breaking down borders. This includes how it presents both opportunities for new levels of inclusion in every commercial and private endeavour and poses challenges to individuals and national administrations.

Disspain is on the international board of ICANN, the global caretaker of the Internet domain infrastructure. He is also a member of the UN Secretary General’s Internet Governance Forum’s (IGF) Multi-stakeholder Advisory Group. That’s a mouthful for saying, simply, that Disspain is one of many who are deep in the trenches of assessing things like privacy policy and the myriad legal issues presented by the networked world.

Every country reacts differently to revelations like the PRISM program and the changing nature of privacy and censorship because of its unique experience. In recent history, America has had McCarthy, Nixon and Hoover; Germany has had Hitler and the Stasi; the Middle East has the ongoing ramifications of the Arab Spring.

Australia so far has seemed the lucky country. Most of our public experience regarding digital privacy and policy complexity has been centred on Internet filtering and censorship. There was also last year’s controversy over the proposed Data Retention plan, which would allow the web and telecommunications data of all Australians to be stored and monitored for two years. That initiative, which was headed for a parliamentary inquiry, has stalled.

So, while we haven’t yet felt the Orwellian weight of mass digital surveillance, without awareness and vigilance it could easily head that way. Our digital – and physical movements – are being tracked and our privacy is being eroded. The implications for Australians will be felt for years to come. Already there is national security legislation aimed at helping to fight crime that many may view as over-reach.

These changes include allowing authorities to access anyone's computer to get to a suspect's device, or to ''enter a third-party premises for the purposes of installing a surveillance device''. Under the Telecommunications Intercept and Access Act, bureaucrats can access your data and metadata without a warrant and without your knowledge.

“Most people would expect there would be a warrant served by a judge or a magistrate in order to track and access data, but there’s not,” says Alastair MacGibbon from the Centre for Internet Safety.

MacGibbon was featured in a recent Four Corners program about surveillance, data tracking and life in the digital age. The program highlighted myriad issues of which most Australians — even tech-savvy teenagers — would be unaware. Banks, digital marketers, commercial organisations, police and government departments are collecting vast amounts of information about us.

Suspected of a crime or not, no one really knows what happens with their data once it is collected by a company or the government. If it is being collected, it will be used in some way — to our benefit or not. Most of us have never read a digital service privacy policy and most would not understand it if they did.

As IT News recently reported, Australia’s Privacy Act currently only covers personal information, effectively exempting what is called, “de-identified” data and metadata.

“The stuff that we call metadata barely existed two decades ago,” said Greens Senator Scott Ludlam. “At the time of the Australian Identity Card debate, nothing was known of metadata, and the ability to collect vast amounts of it simply didn’t exist.”

Just how society and governments deal with this new complexity is unknown. But these issues will continue to ignite divisive debate.  Today, policy, law and the role of the courts and regulatory oversight have not nearly kept up with technology. Updating for the digital age is a head-spinning task. Brace yourself — it’s going to be a bumpy ride.

Watch Paul Twomey, former CEO of ICANN, and MD of Argo Pacific, an cybersecurity consulting firm on the challenges of internet security