Those of us who believe that democratic governments have a central role to play in multi-stakeholder cyberspace governance have received in the past few weeks a bracing reminder of both the hazards of this ideal in practice and the importance of broad-based civil society mobilization. Democratic states, while not sufficient for effective internet governance, are necessary parties because no other institutions have yet emerged that combine as well as they do the inclusivity, legitimacy and resources to help manage the internet effectively in the broad public interest. However, when such states violate the democratic principles that they espouse and are built on, they seriously undermine their legitimacy as well as the viability of the internet governance project overall.
Two events in February related to state surveillance in North America illustrate such problematic governmental behaviour and point to the importance of transparency for restoring trust in governance processes.
On February 26 the U.S. Supreme Court ruled against a group of human rights organizations and journalists seeking to challenge the constitutionality of the warrantless domestic surveillance program that the National Security Agency (NSA) has been conducting since 2001. Earlier that month the Canadian government announced that in light of strong public opposition, it had dropped proposed legislation mandating many of the same controversial internet surveillance features. Far from being isolated events, these cases are just two among a larger set of contentious, on-going governmental attempts to surveil individuals and criminalize many common internet activities that raise disturbing civil liberties issues and provoke popular resistance.
Shortly after 9/11, the NSA embarked on what is likely the largest domestic surveillance operation in history. On presidential order but without warrants, court orders or legislative sanction, the NSA installed fibre-optic splitters in the main switching centres of the major telecom carriers, enabling the agency to selectively intercept, store and analyse a large portion of internet communications. We only know of this surveillance dragnet thanks to brave whistleblowers formerly at AT&T (Mark Klein) and the NSA (William E. Binney, Thomas A. Drake, and J. Kirk Wiebe), determined journalists (e.g. James Bamford and Jane Mayer) and the more than 40 court cases filed against the telecommunications carriers and the government (mainly litigated by the American Civil Liberties Association (ACLU) and the Electronic Frontier Foundation (EFF)). While the federal government subsequently acknowledged the existence of the warrantless wiretapping program, it has fought to keep every aspect of it away from public scrutiny. The Foreign Intelligence Surveillance Amendments Act (FISAA) gave retroactive immunity from prosecution to AT&T, Verizon/MCI, BellSouth, Sprint and Cingular, all of which had pending court cases against them. In the cases against it, the federal government has consistently invoked a ‘state secrets’ override that has so far successfully kept all but one of them from going to trial. When FISAA passed in 2008, the ACLU immediately challenged its constitutionality on behalf of a group of journalists and human rights lawyers in Clapper v. Amnesty. The recent Supreme Court decision closed this case by finding that the plaintiffs lacked the standing to bring charges because they couldn’t demonstrate that the NSA had targeted them, nor that they had faced “certainly impending” injury by its surveillance. In other words, the constitutional issues raised by the warrantless wiretapping program have not been addressed and further it appears that they may never be, because no party would be granted standing until they can positively demonstrate they have been its victims. In a Kafkaesque twist, the government has in effect rendered its secret surveillance activities immune from legal challenge and public accountability — a clear undermining of liberal democratic norms to say the least.
In Canada, ‘lawful access’ legislation designed to give law enforcement, security agencies (such as the Communications Security Establishment Canada (CSEC), and Canadian Security Intelligence Service (CSIS)) and other branches of government similarly broad surveillance powers has been introduced into Parliament on four occasions since 2005. Each time it died on the order paper without parliamentary debate, until February 2012 when the Conservative government introduced it as Bill C-30 and began actively promoting it. Anticipating this re-introduction a broad coalition of civil liberties and on-line advocacy organizations, academics and privacy commissioners mounted the oppositional Stop Online Spying campaign that included videos, public service announcements, posters, letter writing, screenings, and an on-line petition that eventually garnered over 125,000 signatories. The major concerns highlighted in the campaign included allowing authorities access to internet subscriber information without a warrant, no substantial justification for the additional surveillance and policing powers, a requirement that telecommunications service providers install equipment to enable interception of subscriber communication and no effective reporting or accountability.
Evidently to boost its appeal, the government changed the name of the bill on the day of the announcement to “Protecting Children from Internet Predators Act”, but this backfired when the Public Safety Minister, Vic Toews, declared that one could either stand with the government or “with the child pornographers” prowling online. This provoked an immediate storm of protest with a large social media component. Public opinion polls showed a significant drop in public support, from a majority (56% Ipsos-Reid) shortly after re-introduction to just 23% (Postmedia News) a year later. Though with a parliamentary majority the government could have forced this bill through, they deemed the political price too high and on February 11, 2013 declared that they were dropping the legislation. While much of the surveillance covered by the lawful access bill continues quietly under the current privacy legislation and some of the key proposed measures are being re-introduced piecemeal as parts of other legislation, this declaration constituted a surprising victory for civil liberties advocates.
This outcome echoes similar campaigns in the US a year earlier around the Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA), both of which contained new surveillance measures and appeared set to pass the legislative branch until massive popular opposition forced a dramatic reversal. It remains to be seen whether the Cyber Intelligence Sharing and Protection Act (CISPA), now before Congress with similar surveillance provisions as the Canadian lawful access legislation, will also be turned back by popular opposition.
In each of these cases we can see a recurring pattern of lack of transparency of government action in relation to the surveillance and related ‘security’ measures. This lack of transparency is observed in both the process of developing surveillance capabilities and in the substance of their (proposed) enactments. Far from providing a basis for informed public decision making about matters affecting the relationship between state and citizen that is hallmark of democratic societies, we repeatedly witness the marginalization of public involvement at every stage. The familiar invocation of security and protection as taking such precedence over other considerations that it doesn’t merit discussion is wearing thin after more than a decade of exaggerated fears and little evidence of positive results. Both the US and Canadian governments appear to offer as little information as possible about proposed surveillance measures, provide bogus or at best flimsy justifications, avoid opportunities to examine or debate issues, dismiss or close down public discussion when it occurs, and actively resist critical inquiry. In stark contrast to the lack of public consultation, but well in keeping with neo-liberal norms, the leading private sector actors have in each case been heavily involved behind the scene, and at least with the intellectual property legislation, they have been prime movers pushing the state to tighten internet surveillance.
When details of state surveillance practices do emerge, they show similar patterns of governmental preemption of citizen rights previously taken for granted. These include fine-grained surveillance of individual on-line behavior, weakening or elimination of conventional norms of judicial oversight such as court orders or search warrants and a lack of mandated reporting, review requirements or other forms of public accountability.
Few would disagree that states have a legitimate interest in developing the capacity to intercept communication in the service of national security, law enforcement and protection of vital infrastructure. But when they pursue even legitimate surveillance ends with illegitimate means it invites suspicion and opposition. The recent history of secrecy, over-reach, false claims and unwarranted targeting of individuals and groups unsurprisingly brings hostile responses from those concerned for democratic values. This reaction may make governments even more wary of disclosure, thus fueling the vicious cycle we are witnessing.
However, if they were to act more in line with the ideals of openness, transparency and democracy they espouse and insist others respect, they would gain significantly in the forms of trust that are so vital for effective governance. For a start, transparent governments would earn more domestic support for the surveillance they actually do need. In addition, they would gain credibility in the international fora, such as the recent conferences Roger Hurwitz mentions in his blog post, whether making claims for national sovereignty or advancing openness and freedom.
The principle of transparency of course needs to apply to other cyberspace actors, in proportion to their power and influence. In particular the large private sector enterprises, notably the telecommunication carriers and equipment vendors, that have so closely colluded with state security agencies across ‘democratic’ as well as authoritarian regimes, would do well to be more transparent. The Transparency Reports that several major internet enterprises, such as Google and Twitter, have begun producing represent a small but promising step in this direction.
If all parties to multi-stakeholder forums insisted on greater transparency and led by example, it would contribute significantly to building the necessary trust and confidence while mitigating the ‘fortress’ approach that is so hampering the internet governance discussion. Growing transparency, especially in the area of internet surveillance, is an essential pre-condition for developing global cyberspace governance as a welcoming ‘oasis’ where everyone has a part to play, thereby enriching us all.
About Andrew Clement
Andrew Clement is a Professor in the Faculty of Information at the University of Toronto, where he coordinates the Information Policy Research Program and is a co-founder of the Identity, Privacy and Security Institute. With PhD in Computer Science, he has had longstanding research and teaching interests in the social implications of information/communication technologies and human-centered/participatory information systems development. Among his recent surveillance research projects is the IXmaps.ca internet mapping tool designed to make more visible NSA warrantless wiretapping activities. Clement is a co-investigator in The New Transparency: Surveillance and Social Sorting research collaboration. See http://www.digitallymediatedsurveillance.ca/