Revelations about PRISM, a US government
program that harvests data on the Internet, has sparked concerns about
privacy and civil rights violations. But has there ever been real
privacy and security on the WWW?
IMAGINE a time before
email, when all your correspondence was sent through the post. How would
you feel if you knew that somebody at the post office was recording the
details of all the people you were corresponding with, “just in case”
you did something wrong?
I think quite a few of you would be upset about it.
Similarly,
some Americans are furious over revelations made about a system called
PRISM. In the last few weeks, an allegation has been made that the US
government is harvesting data on the Internet by copying what travels
through some of its Internet Service Providers.
The US Director
of National Intelligence has said that PRISM “is not an undisclosed
collection or data mining program”, but its detractors are not convinced
that this doesn’t mean no such program exists.
I think there are mainly two kinds of responses to this revelation: “Oh my God!” and “What took them so long?”.
The
Internet has never really been secure. Because your data usually has to
travel via systems owned by other people, you are at their mercy as to
what they do with it. The indications are that this is already being
done elsewhere.
Countries such as China, India, Russia, Sweden
and the United Kingdom allegedly already run similar tracking projects
on telecommunications and the Internet, mostly modelled on the US
National Security Agency’s (unconfirmed) call monitoring programme. For
discussion, I’ll limit myself for the moment to just emails – something
that most people would recognise as being private and personal.
I
find many people are surprised when I tell them that sending email over
the Internet is a little bit like sending your message on a postcard.
Just because you need a password to access it, doesn’t mean it’s secure
during transmission.
The analogy would be that your mailbox is
locked so only you can open it, but those carrying the postcard can read
it before it reaches its final destination. Of course, there are ways
to mitigate this. One has to be careful about what one put in emails in
the first place. Don’t send anything that would be disastrous if it were
forwarded to someone else without your permission.
You could
also encrypt your email, so only the receiver with the correct password
or key could read it, but this is difficult for most end users to do.
(For those interested in encrypting emails, I would recommend looking at
a product called PGP.)
The analogy holds up for other Internet
traffic. It’s easy to monitor, given enough money and time. And as easy
as it is for the Good Guys to try to monitor the Bad Guys, it’s just as
easy for the Bad Guys to monitor us hapless members of the public.
But
who do we mean by the Bad Guys? Specifically, should the government and
law-enforcement agencies be categorised as ‘Bad Guys’ for purposes of
privacy? Generally, the line oft quoted is “if you have nothing to hide,
then you have nothing to worry about”.
Yet, I think we all
accept that there should be a fundamental right to privacy, for
everybody from anybody. An interesting corollary to being able to
express your thoughts freely is that you should also be able to decide
when and how you make them public.
The fault in relying on
organisations that say “trust us” isn’t in the spirit of their
objectives, but in how the humans in them are flawed in character and
action.
An example quoted regularly at the moment is how the FBI
collected information about Martin Luther King because they considered
him the “most dangerous and effective Negro leader in the country”.
One
way of defining the boundaries are by codifying them in laws. For
example, the Malaysian Personal Data Protection Act prohibits companies
from sharing personal data with third parties without the original
owner’s consent.
However, this law explicitly does not apply to
the federal and state governments of Malaysia. Another clause indicates
that consent is not necessary if it is for the purpose of
“administration of justice”, or for the “exercise of any functions
conferred on any person by or under any law”.
In relation to the
revelations of PRISM, several questions come to mind: Can Internet
traffic (or a subset of it) be considered “personal data”? Is it
possible for government agencies to collect and store such data without
your consent?
And if so, what safeguards are there to ensure that
this personal data is accurate, is used correctly and is relevant for
storage in the first place?
This should be a sharp point of
debate, not just in terms of which of our secrets the government can be
privy to, but also of which of the government’s information should be
readily accessible by us.
True, there is so much data out there
that analysing it is not a trivial task. However, companies such as
Google are doing exactly that kind of work on large volumes of
unstructured data so that you can search for cute kittens. The
technology is already on its way.
Perhaps I am being
over-cautious, but it seems a bit fantastical that people can know your
deepest and darkest secrets by just monitoring a sequence of 1’s and
0’s. But, to quote science fiction author Phillip K. Dick, “It’s strange
how paranoia can link up with reality now and then”.
> Logic
is the antithesis of emotion but mathematician-turned-scriptwriter Dzof
Azmi’s theory is that people need both to make sense of life’s vagaries
and contradictions. Speak to him at star2@thestar.com.my.
Related post:
US Spy Snowden Says U.S. Hacking China Since 2009