Now that we know we're being spied on, what are we going to do about it? So asks Ronald Deibert, one of Canada's leading cybersurveillance experts and director of the Citizen Lab at the University of Toronto.
In his new book Black Code: Surveillance, Privacy, and the Dark Side of the Internet, Deibert explains how liberal democracies have, "since 9/11, and with unrelenting momentum" moved toward the normalization of the "national surveillance state," which has operated with scant public accountability and independent oversight.
On Thursday, Jan. 23 at 5 p.m., Deibert will give a free public lecture at the University of British Columbia's Cecil Green Park House as part of the "Utopia/Dystopia: Creating the Worlds We Want" lecture series organized by the Creative Writing Program and Green College.
He recently spoke to The Tyee by phone. Here are some excerpts from that conversation.
What, if anything, surprised you about Edward Snowden's revelations?
"The broad contours didn't surprise me. If I had been asked if the [U.S. National Security Agency] siphoned off everything, including metadata, I would have thought so. What was most shocking was the audacity of it. The extent to which they have subverted the engineering community, especially over security standards, gave me pause, and certain types of exploits such as the Der Spiegel revelations that the NSA toolkit includes being able to penetrate computers by radio waves at a distance. That was really surprising."
Fortunately we're safe here in Canada, right?
"If by 'safe' you mean from this type of surveillance, we're not at all. We have no rights whatsoever. In the U.S. right now there are healthy debates going on around protections of rights for U.S. citizens, but as Canadians we have no formal rights in any of that process. We're treated as foreigners and have no protections from that surveillance.
"Layered underneath that, almost all of our data transmits through the United States. Most of us use Apple, Google, Facebook or Twitter, and those are U.S.-domiciled companies under U.S. law. We have our own version of the NSA, CSEC [Communications Security Establishment Canada]. In 1946 we partnered to create the 'Five Eyes,' [an intelligence-sharing agreement between Canada, Australia, New Zealand, the U.K. and the U.S.] and since then we've been partnered with the NSA. And there is far less oversight of CSEC than the NSA has.
"There is a retired judge who does an audit of CSEC once a year but the report goes to the Minister of Defence, and CSEC is not accountable to Parliament. So we have little idea what they do. That should be a major concern to every Canadian."
What concerns you most about the bigger picture of surveillance?
"That we're in the midst of an epochal transformation of communication right now that is probably the biggest in human history. That's a big thing to say when we look at the alphabet and the printing press, but in the last 10 years, with the development of social media, cloud computing and mobile communications -- those three are different in many ways but share one important characteristic: the volume of data that we used to have in filing cabinets or in our heads are now data held by private companies and stored in jurisdictions beyond our control. Not only the data that we entrust to third parties, such as through servers we trust, but a lot of data we share that we are unconscious about.
"Metadata is the best example. My mobile phone sends out a pulse that identifies it as my phone, and its geo-location, and that data doesn't evaporate. It is stored and shared with other companies and by extension anyone that company shares with. Meanwhile, we have secretive agencies whose mandate is to monitor all communication. In the old days the Cold War spy agencies were mostly concerned with each other, but now they monitor all of society. The results are profoundly disturbing and require us to step back and have a conversation about a new social contract."
But if I'm not doing anything wrong I have nothing to hide.
"The problem with that type of reasoning is that it isn't about what any individual is doing. First of all, I don't really know anyone who doesn't have something they want to keep private. Furthermore, in a healthy society you want people to have a certain degree of anonymity and freedom for private contemplation. And if we don't have a way of ensuring that this power is not abused by the state, then the potential for tyranny is great. It's not about privacy. It's about the potential for abuse of power if left unchecked."
By using so many free services -- Facebook, Twitter, Gmail, etc. -- aren't we agreeing to pay with our data, and wouldn't pushing back destroy their business model, which is to mine our data for profit?
"It's definitely a constraint on their business. We're a commodity: our habits, our thoughts, our data are a commodity; they drill for data like a source of oil. But it's our data, so we as citizens and consumers need to take control of it. There's no free lunch. We need not do away with that model, which I think has positive benefits, but we need to scrutinize it for proper checks and balances. Looking at cyber-security, almost all of the resources are being directed to the three-letter agencies. We should be directing far more resources to privacy commissioners and ombudsmen and consumer protection agencies. That type of security, which is about the security of human liberties and rights, is as critical as securing territorial boundaries and critical infrastructure."
Recently we've heard about CSEC secretly briefing oil companies, and about the spy agency's watchdogs having close ties to Enbridge and the Harper govt. What does that tell us?
"Canadian domestic politics aren't my area of expertise, but that seems the typical type of unprincipled behaviour that characterizes the Harper government. It also underscores the lack of proper independent oversight around law enforcement and intelligence. We need a wholesale rethinking or the potential for abuse is very high."
I'm a journalist. What should I do to protect my data?
"Encrypting email, removing the battery from your phone if you suspect it's going to be subject to eavesdropping, it's all a good idea. There's a huge learning curve for journalists right now. I'm astonished how many don't know the basics of using encryption on email. [He uses PGP.] I know a lot of people developing new technical means to protect data, but all of those things are potentially defeated by the volume of data that we secrete. We almost sweat data: credit card data, your cell phone acting as a digital dog tag. You can't escape it.
"So unless we turn the clock back, we need to have proper checks and balances. It's not a question of dismantling the digital infrastructure but of making it subject to rule of law. We've allotted extraordinary resources to Cold War agencies that have now turned to monitoring all of society. We haven't had a public conversation that rises to a level appropriate for a society going through such an enormous historical transformation. I think we need to start thinking beyond the wow factor of these revelations and being stunned, and start thinking about what to do about them."
Don't miss Ron Deibert's free public lecture on global surveillance and censorship this Thursday Jan. 23, 5 p.m., at the University of British Columbia's Cecil Green Park House.