Defend Privacy, Fight Terror

Citizens are not prepared to allow privacy to become a casualty of state surveillance, argues Ann Cavoukian.
By: /
October 22, 2013
Cavoukian.jpg

Edward Snowden, a former United States National Security Agency contractor, has put the issue of online privacy on the front page by revealing the existence of multiple top secret government surveillance programs.

The exposure of these intrusive counter-terrorism programs not only implicates the US, but also Canada, revealing a close partnership between the NSA and Communications Security Establishment Canada, the agency responsible for Canada’s foreign signals intelligence.

We have learned that CSEC helped the NSA gain control of international encryption standards, weakening them considerably, thereby facilitating the building of backdoors in communications systems and programs, to enable access by the NSA.

As public uproar surrounding these revelations continues to escalate, it has become clear that citizens are not prepared to allow privacy to become a casualty of state surveillance. Public opinion is shifting.

In September, the Pew Research Center found that for the first time since 2004, Americans were more concerned about privacy and protecting their civil liberties than public safety. Similarly, the Canadian Internet Registration Authority found that approximately half of Canadians found it completely unacceptable for governments to monitor their email and online activities. Distrust of government is at an all-time high.

Strong reactions from both citizens and politicians ranging from the US to the European Union to Brazil and elsewhere have affirmed these concerns for privacy.

In this context, American politicians have introduced legislation requiring more transparency and greater accountability, and have convened hearings to question NSA practices. Further, American civil liberties groups have commenced lawsuits seeking to protect privacy and ensure greater transparency.

The Obama Administration has responded with several initiatives including its own proposals for legislative reform and the establishment of a group of experts to review intelligence practices.

Internationally, vice president of the European Commission Viviane Reding called the revelation of the NSA’s PRISM program “a wake-up call.” The president of Brazil, Dilma Rousseff, called the American surveillance program “a breach of international law” and “a situation of grave violation of human rights and of civil liberties.”

She also accused Canada of engaging in “cyberwar” and demanded answers after reports surfaced that CSEC had hacked into Brazil’s Ministry of Mines and Energy.

Canadians are also becoming more and more critical of our government’s role in sweeping global surveillance. CSEC is part of Five Eyes—an international group of intelligence agencies from Canada, the US, United Kingdom, Australia, and New Zealand—that share and co-ordinate intelligence gathering on a global scale.

CSEC’s commissioner Robert Décary, who is tasked with overseeing CSEC’s activities, recently issued a rare public criticism acknowledging that he was unable to reach a definitive conclusion about CSEC’s compliance or non-compliance with Canadian law. Jennifer Stoddart, the privacy commissioner of Canada, has also signalled that CSEC should be “more forthcoming about what they're doing, particularly what they're doing with Canadians’ data.”

In this context, I am making every effort to ensure that privacy does not become a casualty of state surveillance. On Sept. 16, my op-ed with three university professors, Ron Deibert, Andrew Clement and Nathalie Des Rosiers, appeared in The Globe and Mail, reminding Canadians that while we know very little of CSEC’s operations, we cannot be complacent. Instead, we must demand more accountability and greater transparency.

Recognizing the urgency of protecting privacy from increased state surveillance, my office has repeatedly emphasized that an important element of responsible surveillance is ensuring that appropriate judicial authorization is sought and granted before law enforcement and intelligence agencies deploy any form of intrusive technology.

Unfettered state access to surveillance technologies that are capable of indiscriminate monitoring threatens our right to a reasonable expectation of privacy, particularly where that monitoring may be continuous and persistent. The Snowden revelations only serve to crystalize this point: appropriate safeguards are essential and must be implemented to ensure that privacy does not become a casualty of state surveillance.

In addition to judicial authorization, technologies can be leveraged to provide for both surveillance and privacy. In my latest paper, Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism, I present an alternative to current counter-terrorism surveillance systems called Privacy-Protective Surveillance.

PPS offers the ability to scan the web and related databases to detect digital evidence relating to terrorist activity, while ensuring that any personally-identifying information of unrelated, law-abiding individuals is not collected.

Privacy is embedded directly into the system design and architecture, allowing for privacy and counter-terrorism to exist in tandem. In cases associated with targeted activity, PII will automatically be encrypted upon collection, analyzed securely, and only divulged to the appropriate authorities with judicial authorization.

While effective security measures are necessary to counteract terrorism, our privacy, as a basic civil liberty and pre-condition of freedom, deserves the strongest protection. We must be ever vigilant in seeking robust transparency and oversight from our government.

Privacy and security are not mutually exclusive. Not only is it possible to have both privacy and effective counter-terrorism, we should accept nothing less—our freedom is at stake.