The quintessential norm in the digitalized era is this: a user is either scrolling through social media feeds, reading an online article, or streaming a YouTube video. All of a sudden one stumbles upon an advertisement that is unfathomably close to the wants, desires, or needs. It stammers the user while they diffidently wonder: Am I being watched? Are they hearing me? This raises concerns for one of the very basic human rights i.e., the right to freedom and privacy. These rights render individuals’ the ability and security to control and regulate information about their personal lives on public platforms.
Privacy is a very basic human right accepted in various local and global conventions, predominantly mentioned in the UN Declaration of Human Rights and the Universal Accord on Political and Civil Rights. The right to privacy falls under private law because it is regarded as a natural birthright of every individual protected and enforced by the constitutional law. The reason why privacy is such an essential and fundamental right is because it is a prerequisite for other rights—independence and liberty— to exist in human society. Therefore, in various studies, a strong correlation between self-respect, liberty, and privacy is maintained. Thus, it goes without saying that honoring individuals’ privacy means acknowledging individuals’ birth right to autonomy and freedom.
However, in today’s digitalized world, even in most of democratic countries, people feel disenfranchised by this essential right—the right to freedom and right to privacy. Surveys across the world depict that people, and rightly so, feel that they no longer have control over their personal data. Now ever than before, more and more people are echoing their concerns regarding monopoly over data. They believe that tech giants and powerful governments are invading their privacy and using their personal data behind the veil of surveillance and security.
The buzzword surveillance is derived from the French root verb surveiller, which means ‘to watch over’. Whether we use it figuratively or literally, surveillance entails scrutinizing individual’s every move either, arguably, for the sake of preserving security — maintaining law and order — or ensuring that individuals’ do not deviate from the ‘standard’ norm of the society. Thus, conceptually, surveillance does both: enables and constrains, protects and controls. It lies on the brink of violating basic human right(s) and maintaining peace. Contextually, digital surveillance, a contested term, is broadly defined as “the act of real-time and retrospective viewing, processing and cataloging of online footprint against the will and/or knowledge of the actor(s) to whom such data belong”. This definition depicts two facets of digital surveillance: data leviathan and violating human right(s).
To explain the notion of data leviathan and power of information, Alvin Toffler, an eminent futurologist, wrote a book in 1990 titled “Powershift — Knowledge, Wealth and Violence at the edge of the 21st Century”. In his book, he illustrated three types of power:
- Force (violence power)
- Wealth (monetary power)
- Knowledge (powerful form of power)
Toffler concluded that although across history the power of force wielded the scepter cardinal, there will come a time where information will become the primary source of power. In today’s time, one can vanquish a person’s wealth, status quo or power ranking by overpowering them in cyberspace. We have ushered in a new era of “Digital Cold War” where digital supremacy is raging in the face of 5G wireless technology. Therefore, we are currently witnessing a paradigm shift from swords and guns to something far more potent. By avoiding bloodshed and colossal costs of full-fledged war, we have found ourselves in an extremely precarious situation, a future where powerful nations are using the information as leverage against each other.
Instances of Mass Surveillances
In early June of 2013, an American whistleblower and former CIA agent, Edward Snowden, revealed to The Guardian newspaper that the US National Security Agency (NSA) had been grilling telecommunication giant Verizon to “hand over” records of tens of millions of Americans. Later in the day, it was brought to the news that the United States had cached and collected nearly 200 million text messages on a daily basis worldwide. The NSA programme known as Dishfire is said to extract and store data including location roaming and travel alerts, contacts, caller history, and financial history from online payments and bank alerts.
The following day, articles in The Guardian and the Washington Post started to flood in, alleging that NSA has also tapped direct access to the servers of the biggest technology companies like Microsoft, Apple, Google, Facebook, YouTube, and Yahoo. These companies tracked online communication in a surveillance program known as PRISM. This gave NSA open access to emails, photographs, documents, and other various sensitive users’ data stored in major tech companies. Similarly, GCHQ Britain’s electronic eavesdropping agency, the counterpart of US, was also accused of following a similar trajectory of breaching information via Prism. Later, the report confirmed that data collection done by GCHQ was much larger than that done by the US as GCHQ “tapped into 200 fibre-optic cables” which gave it the “ability to monitor up to 600 million communications every day”.
Quite recently, an investigation carried out by 17 media outlets, sponsored by Amnesty International and led by Forbidden Stories, divulged that the NSO (Pegasus) software was implanted into the mobile phones of individuals by the governments of many countries around the world. An Israeli cyber intelligence company called NSO group manufactured Pegasus spyware ostensibly for governments and its agencies to spy on its own citizens, foes, and even allies. The spyware gets installed automatically through a link and gains total control over the target’s phone. It illegally gets access to messages from Skype, Telegram, WeChat, Apple’s iMessages, and WhatsApp.
The Pegasus program, in its advanced form, does not notify the target when a link is sent to their phone. Subsequently, the link infects target’s phone by sending back data, including all call catalog, photos, messages, locations, and audio/video recordings. According to The Washington Post, the spyware also renders the ability to access target’s camera and microphone at any second to create covert recordings. Amnesty International, after running detailed forensics, found out that out of 67 smartphones 37 were “targeted by Pegasus spyware”.
The brilliancy or wickedness, name it whatever you want, of Pegasus spyware is precisely this: it cannot be traced back to the agency using it and this has become an integral facet for clandestine governance/acts. Thus, Pegasus is the prime and recent case in point to depict “how vulnerable we all are to digital prying. Our most personal information — photos, text messages and emails — is stored on our phones. Spyware can reveal directly what’s going on in our lives bypassing the encryption that protects data sent over the internet”.
However, the most baffling and abstruse revelation from the NSO CEO Shalev Hulio was that Facebook was interested in procuring the Pegasus software. Hulio stated that “Facebook representatives approached NSO in October 2017 and asked to purchase the right to use certain capabilities of Pegasus” Had Facebook been granted access to this spyware, we would have bid our already minuscule privacy an ultimate goodbye.
What Does This All Mean?
These surveillance exercises disclosed by Snowden and Pegasus project distinctly depict that, if not absolutely then, to a large extent the states – particularly Canadian, British, Israeli, American, and other organizations – partake in astoundingly extensive digital surveillance within the country and across the globe. This magnitude of digital surveillance means that our data is vulnerable at the hands of those who can access it with just a single click.
Snowden in his video claimed that the “… NSA targets the communications of everyone …’’and ‘‘… filters, analyzes, measures them and stores them for periods of time simply because it’s the easiest, most efficient and most valuable way of achieving these ends’’. Similarly, Pegasus spyware has enabled human rights violations on a massive scale. According to Secretary General of Amnesty International Agnès Callamard, “The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” .
These instances depict that whatever we disclose on the internet, whoever we communicate with, wherever we go, all of our personal information is usable data either for the sake of meeting political goals or in defense of ‘‘national security’’. While private oligarchies or governments claim that these practices are used for terror investigation, it’s all very clear how technologies enable and sustain systemic abuse. David Kaye, the United Nations Special Rapporteur on freedom of expression and opinion, stated that the United Nation “has condemned unlawful and arbitrary surveillance as an infringement of fundamental human rights – yet acknowledges the practice continues unabated, not least because it is shrouded in secrecy”.
What Needs to be Done?
A multimillion-dollar question on the tip of thousands of cybersecurity experts, policymakers, government officials, security analysts, and civilians is: “How should digital power be managed?” According to the reports, the number of people using the internet is over 4.66 billion, with almost 8,75,000 new users every day. With this exponential increase in cyberspace users, formulation and implementation of stringent cyber laws is crucial.
According to Van Dijick, professor at Utrecht University, in cyberspace, anyone can go anywhere and everywhere with impunity. She goes on further to explain ‘Rhineland’ model [of social-market political economy], which states that “you have the state, you have the market and you have civic society but in the digital space right now, there’s only privatised, market space”. Subsequently, powerful actors overtake without any “articulation of public values, such as privacy, security and the accuracy of public information”.
But things could still turn around provided that some powerful actors, mostly from government and civil society, take a hard stance against regimes that practice surveillance, tech companies who sell information, and political leaders who manipulate digital space to gain political leverage. On an individual level, these spywares are so powerful that ordinary people can do nothing to protect themselves. In response to a question about how people can protect themselves, Snowden said, “What can people do to protect themselves from nuclear weapons. This demonstrates that the viable solution here for ordinary people is to work collectively by holding the government and tech companies’ agencies liable for every act. This is not a threat that we can mitigate individually as it’s us versus billion-dollar companies.
Therefore, governments must impose stringent global moratoriums to ensure accountability and liability. The General Data Protection Regulation (GDPR), a golden standard in data protection and privacy, is the toughest and newest set of rules established to give EU citizens more control over their data. The GDPR framework is set on the principles of data protection, accountability, data security, consent, and people’s privacy rights. Under the terms of GDPR law, “not only do organizations have to” ensure “that private data is collected legally and under strict conditions”, but also “those who collect and manage it are obliged to protect it from misuse and exploitation” or else face hefty fines. This enforcement of GDPR erected a seismic global take on how governments, organizations, and individuals must demand more rigorous and stringent digital protection laws. The new law acts as a beacon of hope for digital users as it does both: curbs digital surveillance and builds digital trust. Most importantly, the hailers of democracy need to preserve it by avoiding over-centralization of information and intelligence. Maintaining security and respecting one’s privacy are not mutually exclusive acts. Hence, democracies need to take initiative to serve as an example for the world to follow by coming up with the privacy-surveillance balance where an equilibrium must be established between an impetuous administrative that engrosses in conducts of inflating power, and an inquisitive masses that is adamant in intersecting abuse, manipulation, corruption, and deceit. Nonetheless, all the policy makers, human rights activists, and the general public echoes the sentiments that the revelations made by Snowden and other whistleblowers must act as a catalyst for change. We no longer can afford to give impunity to any surveillance industry, tech giants or powerful governments and we can no longer afford a laissez-faire attitude from the state officials with an endowed heed in utilizing technological innovations to commit human rights infringements.
Mahnoor Zakir is a student of Economics & Political Science. She has a special interest in succinctly analyzing political developments and international affairs. She is also an intern at Global Foundation of Cyber Studies and Research, Washington D.C, USA.