Acclaimed author Evgeny Morozov is in London promoting the new edition of his book, The Net Delusion: How Not to Liberate the World. It argues that internet freedom is an illusion and that everyone’s freedom is at stake. It is timely, then, that his trip has coincided with the web surveillance row that has been shaking the coalition. Morozov met with the Spectator this afternoon, and this is what he said about ‘email snooping’:
DB: With email snooping, I’d assumed that the security services did that already?
EM: They do it already, but they do it retroactively. So they can get the information out, which is what they call communications data, which is basically email addresses and the times that you sent them and who you sent them to. To get that, they need don’t need to get a warrant, [but] they need to file a request and wait a week, months, however long it takes for the technology companies to send it. What they are talking about right now is setting up an automated system that would allow the police and the intelligence services to access the backend of Google’s Gmail or Skype and access that data in real time without bothering with anything, and who knows what kind of technical changes that would require. My fear in all of this is that it’s impossible to do it now without changing the way a lot of internet software works in fundamental ways.
DB: In what way?
EM: Right now, Google has no system for law enforcement to able to go and [use]. They do not collect this information in real time. And opening a window through which law enforcement can dig into Google’s services may require building what is known as a backdoor in Gmail or Skype. And that backdoor — of course, the argument we’ll hear is that ‘Well, the government will need a warrant to get anything other than the communications data’ — but once that backdoor is in place, basically you have an insecurity in the system built by design. So, we are requiring software providers to build insecure systems, and then those backdoors may be used by whoever. Whether it’s hackers or political parties or journalists, you don’t know. And we have cases of this happening already. There was a huge case in Greece when it happened six years ago, where people were listened to, including the Prime Minister, for six months. So we have prior examples, and that’s what bothers me. It’s a matter of essentially drilling a hole in some software programme, getting the data out, and I’m not sure that that hole will be patched every time they drill.
DB: Yes. And there are always going to be concerns about how much money and time governments are prepared to spend on filling the hole?
EM: It’s not just a matter of governments. It’s basically requiring companies to build insecurities in their systems and then no one would know. So, remember the famous Google China hacking story. So one of the hypotheses about what happened there was that the Chinese managed to hack into the security system that Google built for American law enforcement agencies. This debate has been going on in America for several years; it’s not a new debate. So there is something similar already in place in America. (Or at least, who knows: no one tells us what the NSA has access to.) But one of the theories advanced by people like Bruce Schneier, who is a very established security expert for example, is that the Chinese, when they hacked Google, they simply hacked into their backdoor built for the NSA, and they managed to spy on Chinese dissidents.
DB: Do you think this personal security argument is more powerful than the civil liberties argument [the basic objection to governments taking and holding private information]?
EM: It is a civil liberties argument as well, because the whole premise that the security agencies now rest their case upon is that they fear they will ‘go dark’, that they will lose their capacity and ability to track criminals and drug traffickers who do their communications online. And I don’t buy that premise. Because it may be the case that the agencies are not collecting this information, but this information is collected by private players. It’s collected by Facebook, Google, Skype — you name it, every second internet company. And there are more and more kinds of data being collected. Google just got a patent for an App for a phone that will analyse noise level, temperature and light conditions wherever you carry the phone. And then it will customise the ads that you see based on where your phone thinks you are and what the situation is like. So your phone is the perfect bug. It bugs everything. It bugs temperature, weather, noise, sound — you name it. And I can assure you, Google will be storing all that data on its servers in an unencrypted manner, so that they can analyse it and serve you customised ads. They’ll be tracking you everywhere you go, to serve you better ads and to show you a better route; and all of that data will be integrated under a new privacy policy to a single user database. And the question then is: right, so all of this data is being gathered and, whether they have a warrant or not, the police now have much more data to ask from the industry. So to make it easier for them to ask for it by waiving the warrant requirements is insane.
Comments