3 things European broadcast editors and heads of news should know about Snowden's leaks
by Vian Bakir
26 October 2015
Today
is the European
Broadcast Union’s (EBU) 10th Annual News Assembly – a closed congregation
of Europe’s top broadcast editors and heads of news. They meet in Berlin to discuss
pressing issues facing European broadcasters – and one of their panels is on
Journalism post-Snowden.
I’m
one of the panelists, and my esteemed co-panelists are Annie Machon, former MI5 intelligence officer, Evan Light (of the well received Snowden
Portable Archive, Concordia
University) and Marcel Rosenbach (award-winning Journalist for Der Spiegel).
The
panel chair, journalist and author Alan Pearce, asked me what three things I
thought the EBU needed to know. Here is my reply.
1. Do journalists know enough about what digital surveillance is possible, and are they taking appropriate professional steps to ensure journalistic independence and protection of sources?
Leaks
from Snowden published or broadcast since 2013 claim that American and
British intelligence agencies bulk collect data from (a) the servers of US
tele-communications companies (via PRISM) and (b) by directly tapping
fibre-optic cables carrying internet traffic (via UPSTREAM run by the National Security
Agency (NSA) and TEMPORA run by Government Communication HeadQuarters (GCHQ)).
Reportedly,
in the UK, the content of communications is stored for three days and metadata for up to thirty days (Canadian Journalists for Free Expression,
2015). The UK’s official response to this is vague, and storage
lengths have not been confirmed by its intelligence agencies (ISC, 2015). The
UK’s Interception of Communications Commissioner’s Office (IOCCO) finds that ‘every agency has a different view on what
constitutes an appropriate retention period for material’ (May,
2015, p. 33); and government-commissioned report RUSI (2015,
p. 22) finds that British intelligence agencies keep bulk data sets for as long
as they deem their utility reasonable or legitimate. In the USA, PRISM data is stored for five years
and UPSTREAM data for two years (Simcox, 2015).
This data that is bulk collected includes
communication content such as email,
instant messages, the search term in a Google search, and full web browsing
histories. Also bulk collected are file transfers; and what is called
communications data (in the UK) and metadata (in the USA) (for instance, who the communication is from and to whom; when it was sent; duration of the contact; from where it was sent, and to where; the record of
web domains visited; and mobile phone location data) (Canadian Journalists for Free Expression,
2015).
Intelligence
agencies have analytics programs to
help them select and analyse this collected content. While intelligence
agencies are largely silent on their analytics programmes, the published
Snowden leaks have furnished details. They allegedly comprise:
-
PRINTAURA, which automatically organises data collected by PRISM;
-
FASCIA,
which allows the NSA to
track mobile phone movements by collecting location data (which mobiles
broadcast even when not being used for calls or text messages);
-
CO-TRAVELER,
which looks for unknown associates of known intelligence targets by tracking
people whose movements intersect;
-
PREFER,
which analyses text messages to extract information from missed call alerts and
electronic business cards (to establish someone’s social network) and roaming
charges (to establish border crossings);
-
XKEYSCORE,
which is an NSA program allowing analysts to search databases covering most
things typical users do online, as well as engaging in real-time interception
of an individual’s internet activity;
-
DEEP
DIVE XKEYSCORE that promotes to TEMPORA data ingested into XKEYSCORE with ‘potential
intelligence value’ (Anderson, 2015, pp. 330-332).
In
Oct 2015, in an interview
with Panorama, Snowden also
revealed how GCHQ could gain access to mobiles by sending an invisible encrypted text
message that users wouldn't see and from there deploy a ‘Smurf Suite’ of spying
tools (Panorama 2015):
-
DREAMY SMURF - can turn your phone on and off;
-
NOSEY SMURF is a ‘hot mic’ tool that can turn on your microphone
and listen in on anything you are saying or what is going on around you;
-
TRACKER SMURF can locate you with more precision than typical
methods of triangulation from phone towers.
There
is another range of programs to alter
the very fabric of digital communication through online covert action (this
reported by Greenwald
(2014) in The Intercept). This includes publication of fake
materials and deceptive content designed to influence users’ thoughts and
behaviour. Eg:
-
‘CLEAN SWEEP’ is said to
be able to ‘Masquerade Facebook Wall Posts for individuals or entire countries’; ‘
-
GATEWAY’ can ‘artificially increase traffic to a
website’;
-
‘SLIPSTREAM’ can inflate
page views on websites’.
-
‘CHANGELING’ provides the
‘Ability to spoof any email address and send email under that identity’; ‘
-
HAVOK’ is a ‘Real-time website cloning technique
allowing on-the-fly alterations’;
- ‘SPACE
ROCKET’ is a programme covering insertion of media into target networks.
Some of these tools are aimed at ‘extremists’
and include
surveillance and disruptive intervention tools such as:
-
‘SILVERBLADE’ which is
said to report extremist material on DAILYMOTION;
-
‘SILVERFOX’ which is a list provided to industry of live
extremist material files hosted on FFUs [Free File Upload services];
-
‘SILVERLORD’ which
disrupts video-based websites allegedly hosting extremist content through
'concerted target discovery and content removal';
-
‘BUMPERCAR+’, an
automated system that supports BUMPERCAR operations used to ‘disrupt and deny
internet-based terror videos or other material’.
The digital surveillance, then, is a highly complex, abstract and secretive arrangement. It involves citizens, global telecommunications companies, and multiple nations' intelligence agencies, potentially permeating all aspects of our digital lives (Bakir 2015).
Governments say such blanket surveillance is legal, proportionate and necessary to prevent terrorism and organised crime online. While it rarely explains (via the press) how the blanket surveillance actually helps, it seems that there are at least two aspects. Firstly, it allows new threats (concerning criminal or terroristic activity) to be detected, by enabling new targets to be identified (eg through telephone numbers or email addresses) (ISC 2015). Secondly it allows reassembly of specific communications: the way digital information travels around the world (broken up into multiple packets of data and only reassembled at the end destination) requires a 'collect all' mentality to ensure an entire single communication is retrievable intact (RUSI 2015).
The digital surveillance, then, is a highly complex, abstract and secretive arrangement. It involves citizens, global telecommunications companies, and multiple nations' intelligence agencies, potentially permeating all aspects of our digital lives (Bakir 2015).
Governments say such blanket surveillance is legal, proportionate and necessary to prevent terrorism and organised crime online. While it rarely explains (via the press) how the blanket surveillance actually helps, it seems that there are at least two aspects. Firstly, it allows new threats (concerning criminal or terroristic activity) to be detected, by enabling new targets to be identified (eg through telephone numbers or email addresses) (ISC 2015). Secondly it allows reassembly of specific communications: the way digital information travels around the world (broken up into multiple packets of data and only reassembled at the end destination) requires a 'collect all' mentality to ensure an entire single communication is retrievable intact (RUSI 2015).
Questions raised:
-
Does the
press really understand the extent of what is possible regarding digital
surveillance?
-
Are
journalists encrypting their communications as a matter of standard protocol,
to protect themselves and their sources?
-
Is the press
adequately challenging governments’ definitions of ‘extremists’ who may be
being surveilled? After all, one government’s ‘extremist’ may be another
government’s ‘political activist’.
2. Is Public Opinion on the debate of privacy v. national security adequately reflected in the press?
Governments
frame the debate as one of privacy v. national security – if you want better
national security you need to give up some of your rights to privacy. For
instance, the UK’s Intelligence and Security Committee states in its report, Privacy and Security: A Modern and
Transparent Legal Framework:
‘we do not subscribe to
the point of view that it is acceptable to let some terrorist attacks happen in
order to uphold the individual right to privacy—nor do we believe that the vast
majority of the British public would’ (ISC 2015, p. 36).
But
the European public rejects this dichotomy. The public wants increased national security (as delivered by
surveillance) and it also wants
increased privacy and greater oversight of surveillant powers.
This
is the key finding from the 9 nations EU study on Surveillance,
Privacy and Security (SurPRISE) in 2014 of
2000 citizens from nine European countries (Austria, Denmark, Germany, Hungary,
Italy, Norway, Spain, Switzerland, UK)
and their attitudes towards surveillance-oriented security technologies and
privacy.
It finds:
o
The EU public think that
although certain surveillance technologies are effective for combating national
security threats and should be used, that they compromise human rights and are
abused by security agencies. These concerns especially apply to deep packet
inspection[i].
(Less so for Smart CCTV[ii] and
smartphone location tracking[iii].)
o
An ongoing study by Digital Citizenship and Surveillance Society
Project (DCSS) finds that in the UK, it
is younger people & ethnic minorities who are most concerned about lack of
transparency & consent when it comes to state surveillance of digital
communications.
o
SurPRISE has
identified the criteria for what makes security-oriented surveillance technologies
acceptable for EU publics:
§ Targeted rather than blanket surveillance,
§ Clear communications to citizens about what is going on,
§ Strong regulatory oversight.
Questions raised:
-
Is the press
doing enough to reflect the EU public's desire for targeted rather than blanket
surveillance, clear communications to citizens about what is going on, and
strong regulatory oversight?
-
Are public
views on privacy and security (that
they want both, and don't see these as things to be traded-off) being taken
into account in press coverage?
-
Is the press
adequately scrutinising or challenging intelligence agencies’ surveillance
powers?
-
Is the press
adequately scrutinising or challenging government regulation on surveillance?
3. Is the relationship between intelligence agencies and the press too close?
a) Why
did it take so long for us to learn about this surveillance?
i. There’s
blanket government secrecy on intelligence issues, which mainstream press
largely seems not to challenge. This arises from the secrecy of intelligence
agencies and their political masters that makes it difficult for journalists to
obtain and verify information. Importantly, no journalist or editor wants to be
accused of compromising national security by blabbing state secrets.
ii. National
security whistle-blowers find it hard to get their story out there.
Edward Snowden tried for months to get his
favoured reporter, Glenn Greenwald, to download and learn encryption protocols
so he could tell him what material he had to leak. He only succeeded by going
through Greenwald’s trusted contact, documentary-maker Laura Poitras (2014) (resulting in her documentary,
CitizenFour).
To
take another example, Bradley/Chelsea Manning tried to contact many US news
outlets with his military intelligence logs on the Afghan War and the Iraq War – but only Wikileaks would take
it.
b)
Is the mainstream press willing and able to challenge government’s intelligence
claims?
The UK’s
intelligence oversight committee argues that intelligence agencies’ ‘bulk
data collection’ does not constitute mass surveillance since British
intelligence agencies do not have ‘the
resources, the technical capability, or the desire to intercept every communication
of British citizens, or of the internet as a whole’
(ISC, 2015, p. 2). However, this
reassurance is hardly future-proof given the rapidity of technological and
analytical Big Data developments (as the ability to collect, connect and derive
meaning from disparate data-sets expands) (Lyon,
2014); given secret intelligence-sharing relationships between ‘Five Eyes’ countries (UK, USA, Australia,
New Zealand, Canada) and beyond (Emmerson,
2014); and given that governmental ‘desire’ is susceptible to change,
especially following terrorist atrocities.
Yet, are these areas probed by the mainstream
press? It
would seem not. The ongoing Digital
Citizenship and Surveillance Society Project (DCSS) study finds that UK
mainstream press cover government’s demands for social media firms to do more
to fight terrorism rather than the human right to privacy that this infringes;
while any privacy infringements covered are those of MPs rather than the
general public.
Alongside this regular privileging of government sources is a lack of critical
attention to intelligence-planted domestic propaganda, where intelligence
sources hide behind a cloak of anonymity (Lashmar 2013). Concerning Snowden, an
attentive reader (step up, MediaLens)
may notice what looks like attempts to directly plant intelligence-sourced
propaganda in the British mainstream press. For instance, in June 2015, the Sunday Times
reported that Snowden had endangered the lives of American and British spies
because Russia and China had decrypted his stolen files. As noticed by critics
online, however, the report contained highly contradictory information – within
the same sentence. For instance:
‘One senior Home Office official accused
Snowden of having “blood on his hands”, although Downing Street said there was “no
evidence of anyone being harmed”.’
Note
that all government and intelligence sources in this story are anonymous. Furthermore,
the NSA would not be drawn to comment.
Questions raised:
-
Is the press
doing enough to challenge blanket government secrecy on intelligence issues?
-
Is the press
doing enough to enable national security whistle-blowers to blow the whistle?
-
Should the
press be more careful in which sources it regularly privileges (ie politicians),
and which issues therefore dominate the press’ agenda (ie the need for social
media firms to do more to fight terrorism and the need for MPs’ privacy, but
not the right of the public to privacy)?
-
Is the press
able to keep on top of intelligence claims, and offer adequate scrutiny
(especially issues that combine abstract, complex technologies, global
companies, international relations, and domestic national security)?
-
Should the
press continue its agreement with intelligence agencies and political aides to
keep them anonymous when citing their intelligence claims – particularly when
no evidence is presented to back up the claims?
References
Anderson,
D. (2015). A question of trust: Report of the investigatory powers review. OGL.
Retrieved from
https://terrorismlegislationreviewer.independent.gov.uk/a-question-of-trust-report-of-the-investigatory-powers-review/
Bakir, V. (2015). 'Veillant panoptic assemblage': mutual watching and resistance to mass surveillance after Snowden. Media & Communication 3(3).
Canadian Journalists for Free Expression. (2015). Snowden surveillance archive. Retrieved from https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/about.html
Canadian Journalists for Free Expression. (2015). Snowden surveillance archive. Retrieved from https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/about.html
Hintz,
A. et al. (2015). Digital Citizenship and Surveillance Society Project (DCSS).
Retrieved from http://www.dcssproject.net/
Emmerson,
B. (2014) Report of the Special Rapporteur on the promotion and protection of
human rights and fundamental freedoms while countering terrorism (UN Doc
A/69/397). Retrieved from
http://s3.documentcloud.org/documents/1312939/un-report-on-human-rights-and-terrorism.pdf
Greenwald,
G. (2014). Hacking Online Polls and Other Ways British Spies Seek to Control
the Internet. The Intercept, July 14. Retrieved from
https://theintercept.com/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/
ISC.
(2015). Privacy and security: A modern and transparent legal framework. (House
of Commons). Retrieved from: http://isc.independent.gov.uk
Lashmar,
P. (2013). Urinal or conduit? Institutional information flow between the UK
intelligence services and the news media. Journalism, October
Lyon,
D. (2014). Surveillance, Snowden, and big data: capacities, consequences,
critique. Big Data & Society, July–December, 1-13.
Panorama.
5 October. 2015. Retrieved from www.bbc.co.uk/iplayer/episode/b06h7j3b/panorama-edward-snowden-spies-and-the-law
Pavone,
V., Esposti, S. D., & Santiago, E. (2015). D2.4—Key factors affecting
public acceptance and acceptability of SOSTs. Surprise. Retrieved from
http://surprise-project.eu/
RUSI.
(2015). A Democratic licence to operate: Report of the independent surveillance
review. London: Royal United Services Institute for Defence and Security
Studies.
Simcox,
R. (2015). Surveillance after Snowden: Effective espionage in an age of
transparency. London: The Henry Jackson Society.
[i] DPI opens and
analyses messages as they travel through the digital network, identifying those
that may pose particular risks.
[ii] Smart CCTV features digital cameras, which are linked together
in a system that has the potential to recognise people’s faces, analyse their
behaviour and detect objects.
[iii] Smartphone location tracking analyses location data from a mobile phone, to glean
information about the location and movements of the phone user over a period of
time.
