Strife

The Academic Blog of the Department of War Studies, King's College London

You are here: Home / Archives for privacy

privacy

Realigning the Five Eyes (FVEY) Intelligence Alliance against China’s Threat 

by

By: Owen Saunders

The Five Eyes Alliance, also known as FVEY: Protectors of Terror or Invaders of Privacy?

Originally created as a bilateral US-UK agreement in 1946, the “Five Eyes” intelligence alliance (FVEY) allows for mutual access to classified signals intelligence (SIGINT). Canada entered into the agreement in 1948, followed by Australia and New Zealand in 1956. The initial intention of the alliance was to gather information on foreign states that presented threats to its members through various intelligence collection and sharing methods. The formal expansion of the FVEY alliance last occurred in 1956 but there are other, less formal, extensions of the FVEY alliance, such as the Nine Eyes and  Fourteen Eyes

In recent years, due to China’s significant expansion of their telecommunications sector, driven by the “Made in China 2025” initiative, the FVEY alliance has placed greater attention on understanding and addressing the rising state’s ambitions and international strategy. The two focal issues for the alliance currently are China’s implementation of the controversial National Security law in Hong Kong, and their drive towards global superiority within the information and telecommunications technology (ICT) sector as exemplified by, though not limited to, Huawei, a global ICT company based in China. Allegations of close connections and cooperation between the company and the ruling Chinese Communist Party have been made, though these are denied by both parties. 

The alliance’s perception of China as a threat is rooted in its pursuit of dominance over international telecommunications. Tensions have heightened recently over the measures undertaken by its members to prevent Huawei technology from being part of important new domestic 5G networks, and this past year over the FVEY alliance’s overt criticism of China’s authoritarian interventions in Hong Kong. The alliance’s actions can been seen as efforts not only to thwart Chinese global cyber ambitions but also to counter any spread of illiberalism. Although the National Security law itself does not affect the global telecommunications market directly, concern around it reflects fears of the potential dissemination of antidemocratic values through Chinese technological dominance.

The primary concern of the FVEY Alliance is Huawei’s potential to relay information and data that the company collects, through its global operations, to the Chinese government. Some members within the alliance have taken firm stances to prevent this by either banning Huawei technology altogether and, most recently, adopting more stringent security laws aiming to protect networks on a broader level. Such protections have expanded to include government, industry and civil society, as opposed to the original strategies of blocking the technology from only core government networks which transfer sensitive information. To date, Canada is the only member that has not made an affirmative decision to ban or restrict the Huawei technology, despite significant pressure from the United States. 

China’s new National Security Law targets the autonomy of Hong Kong by giving the Chinese government greater control over the region’s internal affairs. The law aims to exert greater influence by establishing criminal sanctions for any activities dealing with secession, subversion, terrorism, and collusion with foreign or external forces.” Many have claimed that this new law demonstrates a complete disregard for the “one country, two systems” arrangement established in 1997 when the UK returned Hong Kong to Chinese sovereignty. Since the implementation of the new law, the FVEY alliance has taken a strong stance in condemning the law, with the five foreign ministers releasing a joint statement “[urging] the Chinese central authorities to re-consider their actions against Hong Kong’s elected legislature and immediately reinstate the Legislative Council members.” The statement was heavily criticized by the Chinese government which argued that the alliance has no right to interfere in its internal affairs. 

These two examples highlight what appears to be the changing nature of the FVEY alliance and its willingness to expand its reach and functions beyond its original purpose of intelligence sharing. There is also the possibility of expanding the current membership to seven by including Germany and Japan, both of whom have expressed a desire to join. Geographical and historical significance is important in assessing a FVEY expansion given the current Sino-Japanese relationship focused on bilateral trade. The formal inclusion of Japan would likely sow greater distrust and escalate tensions with China. Expanding the FVEY alliance would also, however, help counter the support of seventy nations in the 44th session of the UN Human Rights Council for China’s National Security Law. Importantly, in line with its original mission, a formal expansion to include more states would strengthen the alliance by bringing new and vital information to the table from different governments on new security and intelligence matters, both generally and specifically regarding Chinese activities and Huawei. 

In light of these collective moves directed at China, coupled with the possible expansion of the alliance, the question is raised whether the alliance is at risk of diverting from and even subverting its original, practice-focused mandate of information collection and sharing? Specifically, in attempting to use its communal influence to pressure China through collective diplomatic and policy measures, does it risk diverging from the initial technical intentions of the organization?

By making collective statements such as those condemning China’s national security law, the alliance appears to be moving toward a more proactive and overtly political mode of operating on the global stage in contrast to its initial intentions and decades-old practices. Furthermore, adding another two (or more) formal members to the coalition could be seen as establishing a new, more powerful and politicized threat, potentially resulting in escalating tensions with an ever more economically and politically powerful China. After years of operating in the shadows, this new role for the alliance could threaten the old by its very visibility and assertiveness, increasing the likelihood of retaliatory responses. While it is not possible to accurately predict whether the data sharing ambitions of the alliance will be detrimentally impacted by the changes, the imperatives behind such changes can be understood.

The dynamics of the world have changed with the increasing and more varied use of digital technology, both in intelligence gathering and in the importance of technology in economic growth. It can be argued that this new role on the part of the alliance, whether it be through expansion, coordinated domestic policies, or greater diplomatic pressure, is a recognition of the growing importance of digital intelligence and power. The FVEY alliance has, in this author’s view, shifted accordingly to address the novel challenges of today.

Owen is currently pursuing his MA in International Peace and Security at King’s College London, Department of War Studies. He found interest in this topic in writing his undergraduate thesis and through the completion of an Undergraduate Student Summer Research Fellowship (USSRF) at Queen’s University, supervised by Dr. Christian Leuprecht. 

Owen is a Staff Writer at Strife.

Strife Series on Intelligence in the digital age, Part II – Surveillance, data protection and the right to privacy

by

By: Felix Manig

Security camera installations are seemingly ubiquitous in our modern lives.

Counterterrorism efforts in the digital age are characterized by the ability of certain governments to systematically intercept, collect and analyze metadata and private information worldwide. Through the disclosure of classified information on covert global surveillance programs in 2013, the ex-NSA contractor Edward Snowden initiated an important debate on the balance between national security and civil liberties. While proponents of extensive surveillance legislation argue that these measures are necessary in the 21st-century fight to uncover and neutralize terrorism plots, the indiscriminate interception and retention of personal data poses serious challenges to international human rights law.

Surveillance and human rights law

Article 17 of the International Covenant on Civil and Political Rights asserts the right to privacy and prohibits states from unlawful and arbitrary interference with the privacy of individuals within their jurisdiction. The Covenant clearly states that any search, surveillance or collection of data about a person must be lawful and authorized. Furthermore, once personal information is collected, states and their relevant agencies must ensure the protection of data against unlawful or arbitrary access. It is evident that governments have an obligation to develop legitimate counterterrorism measures and the rights of victims of terrorism should be the focal point when discussing the proportionality of such strategies.  However, governments with the necessary capabilities have institutionalized operations and legislation which is simply not compatible with the Right to Privacy under article 17.

And we do not have to look far for drastic examples. In November 2016, the British government passed the Investigatory Powers Bill, better known as ‘The Snooper’s Charter’, which is arguably the most extreme surveillance law in the western world today. The bill provides British intelligence agencies with extensive powers of snooping, recording and hacking of communications data, forces service providers to store details of customer online movement for 12 months, and makes this information accessible to dozens of public authorities. This bill, which astoundingly attracted little public outcry, effectively removes the right to online privacy and was scrutinized by the European Court of Justice.

Tensions between intelligence agencies and private technology enterprises

Despite the introduction of such worrying legislative measures, intelligence agencies have voiced concern that they are losing the technological edge over potential terrorists as tech companies are increasingly focusing on developing sophisticated encryption tools and software to reassure their customers’ privacy concerns. The rift between agencies and tech giants surfaced publically when Apple rejected an FBI order to unlock the iPhone used by the San Bernadino shooter Syed Farook. Other companies like Google and Facebook consequently doubled down on statements denying law enforcement agencies a backdoor access to their servers and products. Understandably, those with bad intentions can equally access proprietary encryption software and drop off the radar to avoid eavesdropping. Yet, it appears that major companies have formed a consensus to place a premium on user privacy and security, and warned of the potential implications of providing agencies with access to virtually any of their products. This move is likely to spread through companies dealing with vast amounts of user data as their customers are becoming increasingly wary about privacy concerns. Many messaging services such as ChatSecure or WhatsApp have options to encrypt content its users write and share. By using a virtual private network (VPN), users can circumvent geo-restrictions, censorship, and increase their security when online. Lastly, so-called ‘proxy servers’ hide the online traffic of devices and provide anonymity.

The road ahead

In their fight against terrorism, it is crucial for governments to take this balance seriously. The Investigatory Powers Bill flies in the face of the principle of proportionality and fails to protect individuals from arbitrary targeting. Ben Emmerson, Special Rapporteur on counterterrorism and human rights for the UN, has made important recommendations for the way forward. He calls for detailed and evidence-based public justification for the systematic surveillance of the online community, stresses the need for strong and independent oversight bodies to assess existing programs, and proposes case by case decision-making on the proportionality of interfering with an individual’s data.

If unchecked, the current technological capabilities of intelligence services have serious negative impacts on the privacy of everyone relying on modern technology in their daily lives. In the end, the question of surveillance and privacy falls in line with the greater theme of balancing liberty and security. There is an argument to be made that sacrificing more freedoms to ensure our security is a false choice. The NSA itself has failed to provide compelling evidence that its programs had directly thwarted any terrorist attack, thereby posing serious questions about effectiveness.

The question of liberty versus security is clearly an ideological one with no easy answers. Nonetheless, this debate is now more necessary than ever. Until this debate takes place in a meaningful and serious way, all that ordinary citizens can do is take small steps to protect themselves and their data when accessing the internet.

Felix (@felix_manig) is a postgraduate in International Relations at King’s College London. He focuses on conflict resolution strategies, political violence, and human rights. Outside of academia, he is Series Editor at Strife and advocates for human rights defenders across the world at Peace Brigades International. 

This Strife series focuses on intelligence in the digital age and will have contributions by Jessica Malekos Smith on Russian intelligence operations; on TOR and the challenges around anonymity by Charlie Campesinos; on Proprietary vs Open source encryption by Hemant S; on digital surveillance by Felix Manig and finally an interview with Prof David Omand of King’s College London on intelligence reforms in the UK. 

Image credit: http://www.riams.org/2012/10/31/changes-to-ripa-removal-of-surveillance-powers-2/

Feature image credit: http://bordc.org/news/baltimore-polices-secret-surveillance-comes-light/

Deconstructing the panopticon

by

By Andreas Haggman:

Anonymous graffiti on the wall of the British Museum, London
Anonymous graffiti on the wall of the British Museum, London

Surveillance is always a contentious issue. Whether in the physical realm (CCTV cameras) or digital realm (phone tapping, electronic snooping), proponents and opponents trade blows over arguments of necessity and efficacy versus invasion of privacy and erosion of liberty. While there are no clear-cut answers as to the ethical and practical utility of public surveillance, it is obvious that the issue sparks passionate debate.

The Snowden leaks have made evident the breadth and depth of digital surveillance techniques available to modern intelligence agencies. The gist of what has been revealed so far is that every electronic device is liable to surveillance intrusion, whether this be at a metadata or content level. The scope of this is somewhat frightening and quite difficult to come to terms with. CCTV cameras have a visible presence which, perhaps, contributes to some sense of security. Digital surveillance techniques, by contrast, are invisible which – it can be contended – makes it more difficult to garner a sense of security from them. In addition, we are treated to the positive effects of CCTV on numerous television programmes (such as Crimewatch) which reinforce their contribution to public security. There is no digital equivalent of this, partly due to classified information and partly because one can’t see electronic signals, so our only options are either media speculation or official reports – neither of which is an overly attractive alternative for reliability.

The surveillance programmes which have come under closest scrutiny are the NSA’s PRISM and GCHQ’s Tempora. Both of these take advantage the fact that the US (primarily) controls the physical backbone of the Internet. In having access to the hardware through which the majority of the world’s Internet traffic passes, the NSA and GCHQ have been able to intercept vast quantities of data using techniques such as tapping fibre optic cables and setting up fake servers. As an example, the Quantum programme, which makes use of the latter technique, intercepts targets’ requests for a webpage and sends a cached version of the page back infected with malware which installs a surveillance programme on the target’s computer (a useful explanation with leaked diagrams can be found on The Intercept).

These revelations have led to accusations of Big Brother states and invocations of Jeremy Bentham’s old construct of the panopticon. Humans instinctively revert to physical metaphors as they are easier to understand and relate to than digital concepts. Often used in relation to incarceration facilities, a panopticon is a building with a focal vantage point from which every cell – arranged around the internal perimeter – can be viewed. While the imagery conjured is certainly powerful, there are also two critical flaws which undermine the applicability of this picture to reality: mutual visibility and constraint.

Firstly, in the traditional panopticon, jail guards stationed in the central tower can view prisoners through their transparent cell door (whether this be made of iron bars or Perspex). Likewise, prisoners can see the guards and so they know when they are being watched. The watchers and the watched therefore have mutual visibility of each other. In the digital realm of Quantum Insert, the prisoner does not know they are being watched because the cell door is not transparent. The door can instead be likened to a screen on which the guards in the central tower project an image. To the prisoner, the image shows the guards having their backs turned, when in reality they are intently watching that particular cell. The lack of mutual visibility is therefore an important difference between the panopticon construct and digital surveillance.

Secondly, a traditional panopticon is a jail in which prisoners are trapped by physical constraints. There are actual impediments like walls which stop the prisoner from moving around within the panopticon to avoid the guards’ gaze and stop them from leaving the panopticon altogether. In the digital world, these physical constraints are not present. Users are free to walk away from or switch off their computers, thus avoiding surveillance. It can be argued that in an increasingly interconnected world, going completely offline is becoming increasingly difficult and it therefore becomes more difficult to avoid surveillance. Whilst this is certainly true, more difficult does not equal impossible. Using a computer, a smartphone, a mobile phone or even a telephone is a choice. Granted, choosing to not do so is a significant disadvantage in the modern world, but it is still a choice over which we ultimately have control. In the panopticon, prisoners do not have a choice and they do not have control. To say that the digital surveillance exercised by intelligence agencies resembles a panoptic state is therefore an illogical attempt at imposing a physical concept on a digital world.

Having deconstructed the panopticon, the problem becomes re-imagining a construct which more accurately reflects the current state of affairs. The great problem for political philosophy is that it has yet to incorporate the technological advancements of the 21st century. The advent of video recording was embraced by thinkers and has been expediently conveyed in works such as Orwell’s 1984 or the film The Truman Show. However, the difficulty of constructing an image from something we cannot see (digital signals) hinders the digital surveillance debate from metamorphosing into an easily relatable concept.

The contentiousness of surveillance will continue to provoke fierce debate. It is clear that new technologies endow authorities with unparalleled tools for monitoring activity in the digital realm. In describing this state of affairs we must be careful, however, of invoking imagery, concepts and constructs offered by our predecessors. Ideas are always conceived in context, so what was applicable in the past does not necessarily translate to the present. Therefore, while we do not live in a Bentham’s panopticon, the time is certainly ripe for the modern generation to critically reflect on the technologies they live with.

____________________

Andreas Haggman is a MA student in Intelligence and International Security at King’s College London. His academic focus is on cyber security, particularly the development of weaponised code and organisational responses to cyber security issues.

The problem with curtains

by

By Andreas Haggman:

A. Van Dam cartoon modified by N. Gourof
Arend van Dam cartoon, respectfully modified by the Webmaster, Strife

 

Edward Snowden’s revelations have prompted fierce debates in both the intelligence world and the cyber domain more generally. Opinions and analyses on the impact of the revelations can be found at every level of publication from academic journals to online discussion forums. The outcome of the debates with regards to the long-term operations of intelligence agencies is still unclear. However, what has already manifested itself is the public relations nightmare resulting from the much-maligned electronic snooping, conducted in particular by United States’ NSA and UK’s GCHQ signals intelligence agencies. Chiefly thanks to The Guardian’s publications, there have been outcries from the general public of foul play and invasions of privacy on the part of intelligence agencies.

In defence, the UK government’s stance was to assert that those who have nothing to hide have nothing to fear. GCHQ’s digital hoover may sweep up an unprecedented amount of internet traffic, but if you simply form part of the proverbial dust you will be ejected unmolested at the other end. If, on the other hand, you have more sinister objects strewn all over your digital floor, these will be caught in the filter and you will be dealt with accordingly.

Many commentators have noted that this explanation is not sufficient to justify large-scale privacy invasions. In a survey, Daniel Solove collated a number of responses to this issue, with one objection being particularly resonant. The complaint was the blunt question ‘So do you have curtains?’ The reasoning behind this is that if we follow the UK government’s logic, law-abiding citizens have no need to obscure from view what they do in their own homes. Because they don’t fear any reprisals for wrongdoing (since they do no wrong), they have no need to hide their actions.

At first glance the argument is compelling, but the analogy fails because of the inherent problem that it does not distinguish between privacy and secrecy. ‘Privacy,’ Eric Hughes stated in A Cypherpunk’s Manifesto, ‘is the power to selectively reveal oneself to the world.’ The key word here is ‘selectively’. Something that is hidden from everyone is a secret; something that is hidden from people you choose is private. Curtains, by their nature, entail privacy – you can choose when they are open and closed – and no one thinks anything of it when they are closed. However, if they were permanently drawn closed they would be tools of secrecy and, indeed, arouse some suspicion in the neighbourhood. For our purposes, it is this last point which is problematic.

The electronic equivalent of curtains is encryption. With so-called public key encryption protocols, two people are able to communicate without any outsider being able to read the content of the messages being passed. This can be used with discretion, so sending an unencrypted email equates to having curtains open, and sending an encrypted email entails having them closed. The problem here is that whereas curtains are a societally accepted privacy tool, encryption maintains a dubious status outside cyber security-aware circles. Because the default approach for the vast majority of people is to not actively encrypt their data and communications, those who do encrypt can be viewed with suspicion; especially those who encrypt consistently – that is, have their curtains closed all the time.

The issue, then, is that in encryption we have tools endowing us with the ability to create privacy in the digital domain, yet our attitude towards these tools means they are thought of as tools for secrecy. This is in contrast to the analogous curtains, which are accepted as tools of privacy.

All of this seems to be a great contradiction. Government organisations and corporations use encryption to protect the data they hold about us and for this we are thankful; indeed this is something we have come to demand. Similarly, many email providers encrypt the messages we send despite us not actively choosing to do so, which we nevertheless welcome. So those institutions of which we increasingly request transparency, we simultaneously embrace for their use of (perceived) secrecy tools.

This contradictory stance has stringent implications for security. If encryption is embraced at an organisational level, governments and corporations are able to maintain integrity of data, therefore keeping it secure. When this data concerns, for example, national infrastructure or defence details, security of data is directly connected to security of the state. On a personal level, however, if encrypting one’s own data is seen as illegitimate and not widely practiced, the same logic implies negative connotations for personal security.

In liberal democratic states this presents a problem. Such states espouse individual values and hold the safety of people in high regard. If personal security is compromised, upholding the values and safety falls to those entities whose security remains intact – that of governments and corporations. However, it is in the public interest to maintain some measure of control of their own security, for completely relying on others could be dangerous, lest the interests of the public and the interests of other entities (governments and corporations) unexpectedly diverge.

This line of reasoning is suspiciously Palmerstonian and, I suspect, would sit well with anti-gun control activists (particularly in the US). It could also be argued that at this point the analogy is overstepping its limits: encryption concerns only data on computers and extrapolating effects in the digital world to the physical world is stretching it too far. But this argument looks at the problem too abstractly. The data concerned often has a direct effect on the physical world, so encryption of this is necessary to maintain personal security.

The point here is that we need curtains. We need them not for any sinister purpose, but to maintain control over our privacy and personal security. In the digital world encryption offers these curtains. Unfortunately, until the taboo of encryption is overcome, personal security will remain in the hands of other entities. If we want to to seize control it is up to us, collectively, to embrace the protection offered by encryption.

 

Andreas Haggman is a MA student in Intelligence and International Security at King’s College London. His academic focus is on cyber security, particularly the development of weaponised code and organisational responses to cyber security issues.