Thursday 6 June, the day the PRISM story broke, was a good day to be a cryptographer. The sudden prospect of mass, unwarranted surveillance delivered an electric shock to thousands who were now looking for ways to protect their privacy online. At Cryptocat, we saw nearly 5,000 new individuals starting to use our free encrypted chat software. Other privacy and encryption services saw a rise of as much as 3,000 per cent in new users.
People increasingly want to believe that technology has the answers, and the PRISM scandal only made this want more desperate. While giving a recent interview to Al Jazeera, I was met with a combative interviewer who insisted that I, as a privacy software developer, focus on how privacy software can fight PRISM. But the mass surveillance the world is facing at the hands of the NSA (US National Security Agency) is not something that can be treated with the help of a handful of open software projects. Like all epidemics, the solution lies with preventing it before the outbreak, and not relying on nimble, narrowly-targeted medicine after the disaster has occurred. This prevention can only be at the hands of political, legal, and civil discourse.
Just as it is tempting for privacy-seekers to believe that the solution against PRISM is as easy as downloading an app, it is also tempting for privacy technologists to ride on the wave of new demand for privacy. But this is not a technological problem — it’s a social, political issue that stems from the permission given to intelligence apparatuses to rise above the law. It’s a fallaciously upheld threat to a healthy international democratic mindset.
When I say that this surveillance is an international problem, I do so under the premise that we increasingly belong in a world where our workforce has been raised with the internet having the monopoly over the proliferation of culture and communication. It is in this world that we are seeing the NSA asking lawmakers to give immunity to private entities should they inadvertently break the law in order to satisfy the NSA’s surveillance requests, effectively and literally putting surveillance above the law. The NSA, which has also long argued using a so-called distinction between domestic and foreign surveillance, has seen this distinction completely lose its legitimacy in front of the revelations surrounding the PRISM program. In today’s strongly globalized world, this surveillance, free from discernment, affects everyone, be they American, Canadian or Egyptian. The centralization of Internet capital within the US aids this: it means that your private data is fair game when you use the services of any of the companies established there, such as Facebook, Google or Skype, no matter your location.
These secret programs enjoy strong co-operation from Silicon Valley. Skype, which in 2008 boasted that its strong privacy architecture prevents it from handing data to law enforcement, formed the secretive Project Chess program in 2009 which was tasked with doing just that. Apple, which still holds that it maintains customer privacy at all costs, has been implicated in more than one government surveillance and law enforcement request program. It is only now, post-PRISM, and years after these programs have been enacted, that we see these revelations discussed in the Guardian, Washington Post, New York Times and other big press. But privacy technologists and encryption software developers have long known that this kind of surveillance is likely to exist.
The argument for national security does not have to come accompanied with the violation of the privacy rights of the entire global community. It doesn’t have to come with the undermining of democratic and legislative values. But this is exactly what is happening: surveillance interests have been allowed to operate above the law and the spirit of democratic discourse. The resulting problems are far too serious to be addressed with the use of privacy tools and software, which can at most act as shims. The problem is rather more human, political and ultimately historical.