Law in the Internet Society

View   r17  >  r16  ...
ClementLegrandSecondEssay 17 - 22 Feb 2017 - Main.ClementLegrand
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"
Line: 8 to 8
 

Introduction

Changed:
<
<
In this paper, I will analyze the different theories proposed to ensure the protection of privacy and the the use of big data surveillance. For this purpose, I will briefly set the scene by recalling the Snowden revelations and clarifying what is meant by "big data" (when using the word "terrorism" I refer to its American legal definition). I will then analyze the US legal framework and discuss the proportionnality of the massive surveillance.
>
>
In this paper, I will analyze the use of big data surveillance as it was carried out by the NSA. For this purpose, I will briefly set the scene by recalling the Snowden revelations and clarifying what is meant by "big data" (when using the word "terrorism" I refer to its American legal definition). I will then analyze the US legal framework and discuss the proportionnality of the massive surveillance.
 

Big Data Surveillance of "Terrorism"

Changed:
<
<
Tere are many definitions of "[Big Data". The three elements that are classically associated with Big data are the three "V"s, namely, Volume, Velocity and Variety. This means that Big Data involves the processing of an important amount of data (volume), that such data includes different kind of data (vareity) and that big data is characterized by the rapidity of the processing (velocity). Through using Big Data, it is possible to determine patterns of conducts and to make predictive deductions due to the correlation of these patterns. In the recent years, surveillance through Big Data is very often associated to the prosecution and prevention of terrorrism. The Snowden revelation showed that the NSA is collecting huge amount of data and that it monitors online communication through the collaboration with private companies. In the recent years, we have seen examples of how Big data has been used by intelligence services in suspected terrorism case. If this paper will focus on the collection of information by the NSA, it is worth noting that this use of Big Data is not limited to the American intelligence services.
>
>
Tere are many definitions of "Big Data". The three elements that are classically associated with Big data are the three "V"s, namely, Volume, Velocity and Variety. This means that Big Data involves the processing of an important amount of data (volume), that such data includes different kind of data (variety) and that big data is characterized by the rapidity of the processing (velocity). Through using Big Data, it is possible to determine patterns of conducts and to make predictive deductions due to the correlation of these patterns. In the recent years, surveillance through Big Data is very often associated to the prosecution and prevention of terrorrism. The Snowden revelation showed that the NSA is collecting huge amount of data and that it monitors online communication through the collaboration with private companies. In the recent years, we have seen examples of how Big data has been used by intelligence services in suspected terrorism case. If this paper will focus on the collection of information by the NSA, it is worth noting that this use of Big Data is not limited to the American intelligence services.
 
Changed:
<
<

Analysis of the US legal framework

>
>

Snowden Revelations: Brief Analysis of the US Legal Framework

 
Changed:
<
<
Under the actual legal situation, there are very few situations in which the fourth amendement will apply to the situaiton described above. In the online world, the presence of intermediaries to provide the communication triggers the application of the third party doctrine,(resulting from the famouse case Smith V. Maryland), thereby excluding expectations of privacy on most of the online information. In my opinion, this doctrine should be modified to better fit the reality of today's society: just because and information is shared with an intermediary to transfer information to a third party does not mean that the communicants have no expectations of privacy with regard to this information.
>
>
Under the current legal situation, there are very few situations in which the fourth amendment will apply to the situation described above. In the online world, the presence of intermediaries to provide the communication triggers the application of the third party doctrine,(resulting from the famous case Smith V. Maryland), thereby excluding expectations of privacy on most of the online information. In my opinion, this doctrine should be modified to better fit the reality of today's society: just because and information is shared with an intermediary in order to transfer such information to a third party recipient does not mean that the communicants have no expectations of privacy about this information.
 
Changed:
<
<
Part of the collection of data under the PRISM program was subject to the section 702 of the Foreign Intelligence Surveillance act. To summarize, this section of the act intends to facilitate the surveillance of non-US citizens reasonnably believed to be located outside of the United States. THis provision does not allow to "intentionally" target US persons or Non-US persons known to be located in the United States. This provision is the legal basis for the PRISM program. A FISA court decided that the NSA could use information relating to US persons that were "inadvertently" collected. In an interview conducted by John Oliver (and mixing journalism with comedy, in order to raise awareness of the public), Edward Snowden mentioned that, in practice, this meant that if information relating to US persons were temporarily stored as a back up in Europe, the information will be processed by the NSA. This raises questions. How can the law create a distinction based on categories of persons (i.e. more or less corresponding to US citizens) when the functioning of the internet is so international? I wonder to which extent it is technically possible to distinguish communication on the basis of their sender/reciever. THe protection of privacy requires ecological measures, because privacy is an environment that we all share. On this assumption it seems complicated to distinguish which kind of person has a right to breath a better air than another.
>
>
Part of the collection of data under the PRISM program was subject to the section 702 of the FISA Amendment Act of 2008. To summarize, this section of the act intends to facilitate the surveillance of non-US citizens reasonably believed to be located outside of the United States. This provision does not allow to "intentionally" target US persons or Non-US persons known to be located in the United States. This provision is the legal basis for the PRISM program. A FISA court decided that the NSA could use information relating to US persons that were "inadvertently" collected. In an interview conducted by John Oliver (mixing journalism with comedy, in order to raise awareness of the public), Edward Snowden mentioned that, in practice, this meant that if information relating to US persons were temporarily stored as a backup in Europe or if the communication merely transited by a server outside of the US borders, the information will be processed by the NSA. This raises questions. How can a distinction based on categories of persons (i.e. more or less corresponding to US citizens) be effective when the functioning of the internet is so international? I wonder to which extent it is technically possible to distinguish communication on the basis of the nationality of their sender/receiver. The protection of privacy requires ecological measures, because privacy is an environment that we all share. On this assumption, it seems complicated to distinguish which kind of person has a right to breath a better air than another.
 
Changed:
<
<
The collection of domestic metadata relating to ponecalls were also conducted by the NSA pursuant to section 215 of the USA PAtriot Act. It is interesting to note that the data collected consisted in metadata. According to a long established idea, metadata is less intrusive upon one's privacy thant content. However, as I have shown abouve, throught he use of Big Data it is posible to deduct a series of correlations, which can result in discovering the content. This idea that metadata is less intrusive upon one's privacy does not entirely correspond to today's technologies.
>
>
The collection of domestic metadata relating to phone calls were also conducted by the NSA pursuant to section 215 of the USA Patriot Act. It is interesting to note that the data collected consisted in metadata. According to a long-established idea, metadata is less intrusive upon one's privacy than content. However, as I have shown above, big data makes it possible to deduct a series of correlations, which can result in discovering the content. This idea that metadata is less intrusive upon one's privacy does not entirely correspond to today's technologies. Since June 2015, the USA Freedom Act has amended the section 215 and each collection of metadata within the USA now needs a specific request to the telecommunications operators.
 
Changed:
<
<

Mass surveillance : proportionality?

>
>

Conclusion: Legality and Proportionality

 
Changed:
<
<
The above shows that the regulatory framework of surveillance should stop or should be reformed. In my opinion the costs to human privacy are too high compared to the advantages. In most cases, massive surveillance is justified by the need for security.Even though there are counterexamples where the authorities succeeded to stop the attacks before they occur, it is worth noting that in some of the recent attacks, the perpetrators were already listed as potentially dangerous and were known by the authorities (it was the case for the Paris and Brussels attacks, but also for the attacks in Orlando, where the terrorist had already been interviewed several times by the FBI).

Even more recently, the attacks were perpetrated by so called "lone wolfs", namely individuals that more or less suddenly decide on their own to commit terrorist attacks, without having previous links with a terrorist cell. This was for example the case of the attacks in Nice. According to witnesses, the terrorist got radicalized very quickly. These new kinds of terrorists raise new questions for enforcement authorities: they are difficult/impossible to detect and to prevent.

Finally, masive surveillance does not prevent terrorists from using encryption making it harder for massive surveillance to be really effective(which does not mean encryption should be regulated). Some argue that the above flaws in the security offered by massive surveillance are the proof that more surveillance should be carried out. Surveillance through data mining of online behaviors could show a correlation between certain behaviors and terrorists' behaviors, and therefore give a more or less reliable indication that a person is about to commit an attack.

In my opinion, this would imply that the entire population gives up most of its rights to privacy and of free speech, in exchange for a tool that I believe would be much less efficient than prevention campaigns, education and social policies aiming at inclusion and diversity.

>
>
When he came at Columbia in October, the new General Counsel of the NSA mentioned that the NSA abide with the American laws. The above shows that the mass surveillance program was carried out in a legal framework that did not (and still does not) fully protects against overcollection of data. Even more: the technic used require bulk collection. As mentioned by the Guardian, "in order to find the needle in the haystack, they [the NSA] argue, they need access to the whole haystack" (1). If it is clear that there is a need for regulatory reform, another question that we should ask is the proportionality of this practice. In most cases, massive surveillance is justified by the need for security. It is also worth noting that in some of the recent attacks, the perpetrators were already listed as potentially dangerous and were known by the authorities. Even more recently, the attacks were perpetrated by so called "lone wolfs", namely individuals that more or less suddenly decide on their own to commit terrorist attacks, without having previous links with a terrorist cell. This was for example the case of the attacks in Nice. According to witnesses, the terrorist got radicalized very quickly. These new kinds of terrorists raise new questions for enforcement authorities: they are difficult/impossible to detect and to prevent.
 
Added:
>
>
In my opinion, this kind of program is not proportional because it implies that the entire population gives up most of its rights to privacy and of free speech for a method that will probably prove less efficient than we would expect. Also, we need to be aware that terrorism is probably not a temporary phenomenon.
 
Changed:
<
<
>
>
(1) The hyperlink does not seem to be working within the text: https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#p/13
  #Set ALLOWTOPICVIEW = TWikiAdminGroup, ClementLegrand #Set DENYTOPICVIEW = TWikiGuest

Revision 17r17 - 22 Feb 2017 - 13:45:56 - ClementLegrand
Revision 16r16 - 22 Feb 2017 - 07:41:37 - ClementLegrand
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM