While there has been a lot of noise over the ECJ ruling invalidating Safe Harbor based on NSA spying among other things, there has not been much talk about what the EU countries are doing. Basically, it is no different than what we are doing.
Given that most communications live on the Internet, you certainly cannot expect any country’s intelligence service to ignore that fact.
There was a good opinion piece in the Times the other day by Nils Muiznieks, Council of Europe Commissioner for Human Rights. Among other things, he said:
- France adopted a surveillance law that permits major data collection without prior judicial authorization. At least the NSA and FBI have to deal with the FISA Court here. While it may not be as robust as we like, it likely requires agents to justify their data collection activities.
- Germany adopted a new data retention law requiring telecommunications operators and Internet Service Providers to retain connection data for 10 weeks.
- The British government intends to increase the authorities’ powers to conduct mass surveillance and bulk data collection.
- Austria is discussing a new law that would create a new security agency and allow it to operate with limited external control while collecting and storing data for up to six years.
- The Netherlands is considering legislation allowing dragnet surveillance, mass data collection and decryption and intrusion into the computers of non-suspects.
- And finally, Finland is considering weakening the Constitution to ease the adoption of a bill granting military and intelligence services the power to conduct mass surveillance with little oversight.
Given all this, it does not look like what the NSA and other agencies in our intelligence community are doing anything outside the norm.
Now this does not mean that we should not be concerned and that there should not be as much transparency as possible.
It also means that we should assume that our communications are being monitored and if that is a concern for us, we are responsible for doing something about it.
I also assume that, except for the stupid terrorists, the terrorists are already aware of this and creating different techniques for dealing with it. And, to be honest, while catching the stupid ones is good for PR, they are not the ones who can do the most damage.
What Nils does say is that, out of fear, we are willingly giving up any privacy that we might have in this digital age.
As Thomas Jefferson said 200+ years ago (I guess he was a bit ahead of his time):
Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.
(Note: Google attributes the quote to both Franklin and Jefferson, but I think Jefferson is the correct attribution).
You may recall that when General Alexander testified before Congress about the mass data collection, there really were not very many attacks that had been prevented as a result of mass data collection.
In the long term, the intelligence agencies world wide are going to need to think outside the box and start to come up with different ways to track down terrorists.
Part of the challenge with mass data collection is the word mass. The more data there is, the more compute power you need (think of the new NSA data center in Bluffdale, UT which has over 1 million square feet of office and data center space). The more data there is, the more leads that you have to track down. The more leads you have to track down, the more analysts and agents you need. You get the idea.
One prediction says that fixed Internet data will grow by 40% between 2015 and 2017 (from 47 petabytes per month to 67 petabytes per month), but mobile traffic will grow by almost 250% in that same time (from 3+ petabytes per month to 9 petabytes per month). Assuming this trend continues and the use of encryption continues to grow, the amount of computer power required, storage space required and people required will become unmanageable.
Clearly, the answer is not more mass surveillance and mass data collection.
We shall see if the intelligence community is up to the challenge and can do that without destroying personal privacy. It is a tall order.
Information for this post came from a New York Times opinion piece.