Last week I wrote about an inquiry being conducted by the Intelligence and Security Committee of Parliament into the laws that govern the UK’s intelligence agencies (now closed, I’m afraid.) That’s just one sign of the tectonic shift that has taken place in this area in the wake of Edward Snowden’s revelations about massive, global surveillance being carried out by the NSA and GCHQ.
Indeed, recent revelations suggest that in some respects, GCHQ is far more aggressive than the NSA in terms of actively attacking targets, rather than simply tracking them, as I also discussed last week. There, I noted that lawyers believe people working at GCHQ could well find themselves regarded as accessories to murder. Significantly, a story on the new publication The Intercept provides us with more details about how metadata – the stuff that the UK government always likes to call “just” metadata – is actually central to determining who dies in drone strikes:
The National Security Agency is using complex analysis of electronic surveillance, rather than human intelligence, as the primary method to locate targets for lethal drone strikes – an unreliable tactic that results in the deaths of innocent or unidentified people.
According to a former drone operator for the military’s Joint Special Operations Command (JSOC) who also worked with the NSA, the agency often identifies targets based on controversial metadata analysis and cell-phone tracking technologies. Rather than confirming a target’s identity with operatives or informants on the ground, the CIA or the U.S. military then orders a strike based on the activity and location of the mobile phone a person is believed to be using.
As the Guardian revealed a couple of weeks ago, using mobile phones to obtain location information is a GCHQ speciality:
The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned.
A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.
So successful was this effort that one 2008 document noted that "[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
Given the close co-operation between the NSA and GCHQ, it is therefore highly likely that people working for the latter are deeply implicated in the deaths of many innocent civilians that are routinely killed in drone attacks, either through error or simple indifference to the “collateral damage” caused when “targets” are hit.
That culpability lends an additional urgency to the need to rein in this surveillance, which is completely out of control in terms of proportionality and accountability, UK government claims to the contrary. Although ministers may parrot the line that everything is being conducted according to the law, that justification collapses when you take into account that the relevant law dates back to 2000 – the Regulation of Investigatory Powers Act. So the fact that GCHQ’s activities comply with that law is irrelevant, since the law was never meant to address the situation we find ourselves in today, where surveillance is being conducted on an unprecedented scale that makes traditional oversight meaningless.
The Parliamentary inquiry referred to above is just a small part of the reacton to Snowden’s leaks. Indeed, it’s a strikingly small part, because governments have been very reluctant even to acknowledge that there is a problem here at all. It’s not hard to see why.
Most Western governments knew about what the NSA and GCHQ were up to, at least among the higher echelons, because they were almost certainly drip-fed information that was of relevance to them. Even for politicians it would be a bit rich to denounce surveillance operations that they benefited from. This has led to a widespread attempt to slow things down so as to put off the awful day when they are forced to choose between supporting the illegal but highly-useful surveillance of the world, or standing up for their own populations that have been its victims.
That choice is even more stark for the British government. It has not only been a recipient of US information, but also of its money, which buys various services from GCHQ:
The US government has paid at least £100m to the UK spy agency GCHQ over the last three years to secure access to and influence over Britain’s intelligence gathering programmes.
The top secret payments are set out in documents which make clear that the Americans expect a return on the investment, and that GCHQ has to work hard to meet their demands. “GCHQ must pull its weight and be seen to pull its weight,” a GCHQ strategy briefing said.
The funding underlines the closeness of the relationship between GCHQ and its US equivalent, the National Security Agency. But it will raise fears about the hold Washington has over the UK’s biggest and most important intelligence agency, and whether Britain’s dependency on the NSA has become too great.
Given this widespread reluctance, the question then becomes: what can we do then? The answer has to be to apply pressure until governments sit up, take notice, and respond. We’ve examples of how that has worked in the past. One was against the US “Stop Online Piracy Acta” (SOPA) in 2012, which led to the great SOPA Blackout on January 18, 2012. Almost immediately, SOPA (and its sister bill PIPA) were withdrawn.
But things didn’t stop there. As I detailed in a post at the end of 2012, the events around SOPA sparked the ACTA protests in Europe, which culminated in huge petitions and mass demonstrations across the continent. The European politicians took fright, and ACTA died on 4 July 2012.
The events around SOPA and ACTA therefore give us a blueprint for action: to raise awareness among the public until politicians feel the heat and respond. That’s the thinking behind today’s "The Day We Fight Back" action. It’s not a Web blackout – that’s something that can probably only be deployed once if it is not to become devalued – but a day of conscious-raising that is designed to kick-start a broader engagement with the fight to end mass surveillance:
A broad coalition of activist groups, companies, and online platforms will hold a worldwide day of activism in opposition to the NSA’s mass spying regime on February 11th. Dubbed “The Day We Fight Back”, the day of activism was announced on the eve of the anniversary of the tragic passing of activist and technologist Aaron Swartz. The protest is both in his honor and in celebration of the victory over the Stop Online Piracy Act two years ago this month, which he helped spur.
Participants including Access, Demand Progress, the Electronic Frontier Foundation, Fight for the Future, Free Press, BoingBoing, Reddit, Mozilla, ThoughtWorks, and more to come, will join potentially millions of Internet users to pressure lawmakers to end mass surveillance — of both Americans and the citizens of the whole world.
Here in the UK, the Open Rights Group is also launching a new campaign today, called "Don’t Spy on Us":
As part of this global day of action against mass surveillance, Open Rights Group, Liberty, English PEN, Privacy International, Article 19 and Big Brother Watch are coming together to launch Don’t Spy on Us.
On Tuesday, we’ll be launching Don’t Spy On Us and calling for:
an independent inquiry into UK surveillance to report before the General Election
a new law that will fundamentally reform the way GCHQ carries out mass surveillance
Those two demands sum up neatly what needs to be done. We need transparency about what has been done in our name, to the fullest degree compatible with reasonable secrecy, and we need a new law that will update RIPA for the digital age. The fight-back starts now.
Find your next job with computerworld UK jobs