If proper oversight is not developed, Snowden’s legacy will have served only to reinforce one thing: the intrusiveness of global surveillance.
By Didier Bigo
Feb 11, 2016
The Snowden disclosures of 2013 – through the sheer scale of the documents leaked to investigative journalists, and the precision of the data residing within the documents themselves – have partly changed the rules of the game for the signals intelligence (SIGINT) services working in western democracies. But they have also had paradoxical effects.
The possibility of denying the existence of personal data interception and all the surrounding communication data related to this, together with the denial of investigative journalism concerning the reality and intensity of sensitive data exchange between the different western intelligence services, has been eliminated. Now, if secret services refuse to recognise that they have undertaken such practices, they are the ones not to be believed by the public. ‘Truth’ is on the side of the whistle-blower.
The ‘truth regime’ is changing: the ‘reason of the state’ has to bow before the necessity of ‘publicity’ in democracies.
Perhaps the terminology of ‘mass surveillance’ – if the term is considered to mean the total and permanent surveillance of everyone – is exaggerated, with regards to the practices of the alliance of SIGINT services in western countries. Nevertheless, the type of signal intelligence interception undertaken by the formal alliance around the NSA, the “Five Eyes”, has been carried out on a large scale and highly intrusively, especially against those who were not national citizens.
This surveillance was done secretly, against the will and knowledge of the individuals, as well as against the will of the internet providers who wanted, for the most part, to protect their clients’ privacy, or at least, not to be obliged to report their activities. And the public now knows this. They no longer believe that this large-scale surveillance has been carried out solely as a counter-terrorism measure; and even the fatalists cannot deny the scope of this data harvesting.
The fact that data is intercepted and exchanged between the different SIGINT secret services of different countries cannot be contested any more. It has been made evident by the Snowden disclosures, and by the work of investigative journalists and lawyers. If some national courts have been too deferential in criticising their own national secret services, international bodies have been almost unanimous in recognising the fact that transnational exchange of data between SIGINT intelligence services has taken place, even if they have sometimes diverged on their conclusions regarding the harm or the benefits caused by this huge exchange of data, and the way it has been processed (data mining, data retention, profiling, predictive algorithmic analytics, and so on).
So, for the public, the traditional declarations that intelligence services work only nationally and do not exchange data with their counterparts cannot be trusted any more. National security is constructed via a transnational modality of data acquisition, worldwide.
Police collaboration – in terms of the interception of sensitive information – takes on a global reach, or at least aims to. Alliances of intelligence services have become a major player, destabilising the roles of both traditional diplomats and military personnel. Maximising all sorts of data for ‘Total Information Awareness’ has become the mantra of a discourse of prevention that is reorganising the police, the military and diplomats as the adjuncts of the intelligence services.
This has developed on the assumption that, when it comes to prediction, the technology of SIGINT intelligence services puts them ahead of those human intelligence services still reliant on undercover operations. And so, within this internal competition surrounding predictive ability, SIGINT services are themselves ready to recognise the collective nature of acquisition. Their ‘lines of defence’ have changed: no longer denying the fact of large-scale data collection, but rather claiming the necessity of mass collection to read ‘weak signals’ and discover unknown suspects. And so they have lobbied their national governments, and prepared counter-moves to their critics, up-scaling their tools in order to be the best service in this international ‘coopetition’ (cooperation-competition).
The alternative before us
After 2014, the central controversy is no longer the question of whether large-scale data is intercepted or not, it is about the legitimacy of intercepting data on such a scale and by such intrusive methods. This can be formulated as an alternative. Are these interceptions and the construction of profiles threatening the very existence of privacy and democratic life by the creation of a ‘chilling effect’? Or are they ultimately benign, sufficiently focused on their targets, and therefore able to avoid considerable numbers of ‘false positives’ (victims of intrusive surveillance for the wrong reasons) because of the capacity of the programme to learn from initial errors?
Are these interceptions a necessity in the new context of a war on terror, where Armageddon lurks round the corner? Or are they the dark side of any government, even democratic ones, which also needs to be fought against?
The debate is still raging. On the one side, the SIGINT services are insisting that, where they have accumulated data, it was not in any case an unlawful or criminal activity, but rather a useful ‘a-legal’ operation: an operation outside the frame of the law, but not illegal. And they plead to be allowed to continue their operations, but under a new legal framework explicitly authorising them to do it. They ask their governments to change the laws on intelligence services to ‘protect’ them against the courts and the change of public mood that now supports whistle-blowers.
On the other side, the NGOs that are relaying the Snowden disclosures, the net-community, the hackers who defend the right to anonymity, all insist on the fact that the intrusiveness of the surveillance is far greater than any necessity and proportionality required. They fight against the erosion of anonymity with newer and better forms of encryption, and they ask for new laws on intelligence drastically limiting the power of signals intelligence and other secret services. They oppose the practice of secrecy and denial promoted by the rhetoric of national security, arguing instead for the democratic case behind Juvenal’s principle: who will guard the guardians?
The debate is therefore moving slowly from the activities of the services themselves to the ‘legalisation of their activities’ and to the possibility of proper oversight, keeping a watchful eye not only on the national interception of data, but also on the transnational exchange of data between the different SIGINT intelligence services, on the role of private companies in the constitution of these data-banks, on the tools necessary to transform this data into information relevant for intelligence purposes, and on the dissemination of the results.
This can be considered as the second phase of the Snowden disclosures. The different governments, especially in Europe, and even more where legislation was non-existent, have been obliged to answer to this clamour for more information, more clarity and publicity regarding the activities of secret services, especially when it comes to the use of raw materials, personal and communication data.
But, at the same time, they have been very attentive to the lobbying of their own secret services to become more efficient, especially where the Snowden disclosures have clearly shown the asymmetry between the capacities of the “Five Eyes” and that of the other western services, who were either completely outside this network of information exchange, or, having believed they were partners on an almost equal footing, now realise that they were treated at best as local informants, and at worst, as targets for the most powerful of the “Five Eyes” (the NSA and GCHQ, especially).
Paradoxically, the countries whose citizens were ‘the victims’ of personal data collection (Brazil, Germany, France) have seen a reinforcement or creation of legal structures to deal with intelligence services beyond their use as technological tools for military operations, and these have led to some recognition of their existence, their missions and activities, the tools they were using, as well as the possibility of creating a certain kind of oversight, or at least a code of conduct, for the professionals of these services, including the relations they have with private providers.
But this legalisation has been completed with another central objective: that of limiting the gap between the capacities of the “Five Eyes” and the other services. Therefore, we have seen, to the outrage of the lawyers and NGO communities supporting accountability and democratic transparency, a series of measures allowing the SIGINT services to have more personnel, more missions, and more tools increasing their capacity to place large areas or large groups of people under surveillance without personalised warrants, and often an extension of the notion of national security beyond its traditional reach, by including a range of societal or economic concerns.
In addition, it seems that the creation of oversight bodies has not been set up in some countries for the sharpening of inspection, but mainly for creating an additional buffer zone between the political responsibility and the practical activities of these services.
Thorough research concerning these new laws regarding intelligence services, and especially SIGINT intelligence, based on a comparative perspective that can limit the idiosyncratic elements proper to each legal system, is badly needed.
Certain elements concerning the possibility of general rules of accountability for overseeing the different intelligence services have been proposed. Other elements concerning the necessity to determine collectively what national security cannot cover, in terms of impunity, have also been formulated, as well as some elements concerning access to electronic data by third country law enforcement authorities. It is also necessary to remember the equal rights of internet users in the face of SIGINT services: whatever their nationalities, they have all become ‘digital citizens’.
Finally, it appears that the most important violations of human rights are generated by the transnational alliance of the different secret services: both their practices and the secrecy with which they work. Even if it is difficult to imagine, it may be necessary to place on the agenda the idea of the creation of a European or international oversight committee, with specific powers of enquiry in the case of severe breaches of human rights (extra-judicial killing and torture, for instance), coordinating different national oversight bodies.
If these changes are not made, the Snowden disclosures will have served only to reinforce one thing: the intrusiveness of global surveillance.
This article is published in association with the Criminal Justice Centre at the Department of Law, Queen Mary University of London. The CJC’s members are drawn from both the legal profession and academia, researching the impact of securitisation on human rights. The Centre is one of the coordinating institutions of the European Criminal Academic Network.