Confidentiality and mass surveillance

These are preliminary notes based on collaborative research in the Digital Security and Awareness folder at Zotero. This post is not legal advice and is offered for educational purposes only.

James Risen and Laura Poitras report in the New York Times on February 15, 2014: “Andrew M. Perlman, a Suffolk University law professor who specializes in legal ethics and technology issues, said the growth of surveillance was troubling for lawyers. […] “Given the difficulty of finding anything that is 100 percent secure, lawyers are in a difficult spot to ensure that all of the information remains in confidence.”” [1]

In an April 2008 article in the Oregon State Bar Bulletin, T.H. Nelson and Mark J. Fucile write: “As a general proposition, when a lawyer knows or reasonably suspects that communications are being intercepted by the government (whether legally or not), the lawyer needs to take steps such as face-to-face meetings with clients and disabling cell phones or pagers that might otherwise be subject to electronic surveillance or tracking that would allow advance placement of “bugs.” [2]

T.H. Clarke and L.D. Andara, writing for a LexisNexis blog on July 24, 2013 suggest “the client needs to be informed of the risks inherent in all communications, and to give their informed consent to proposed modes of communication having been advised of the potential risks.” [3]

Kurt Opsahl and Trevor Timm, writing at the EFF Deeplinks blog on June 21, 2013, suggest that the risks include: “In sum, if you use encryption they’ll keep your data forever. If you use Tor, they’ll keep your data for at least five years. If an American talks with someone outside the US, they’ll keep your data for five years. If you’re talking to your attorney, you don’t have any sense of privacy.” [4]

Larson and Shane report in the New York Times on September 5, 2013 that the NSA “has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.” [5]

Timberg and Soltani report in The Washington Post on December 13, 2013 that “[e]ven with strong encryption, the protection exists only from a phone to the cell tower, after which point the communications are decrypted for transmission on a company’s internal data network. Interception is possible on those internal links, as The Washington Post reported last week.” [6]

Dominic Rushe reports in the Guardian on August 14, 2013: “People sending email to any of Google’s 425 million Gmail users have no “reasonable expectation” that their communications are confidential, the internet giant has said in a court filing.” [7]

Ed Pilkington reports in the Guardian on February 2, 2014, per the Committee to Protect Journalists (CPJ), that “the NSA could develop the capability to recreate a reporter’s research, retrace a source’s movements and listen in on past communications,” and according to CPJ internet advocacy coordinator Geoffrey King, “[i]t could soon be possible to uncover sources with such ease as to render meaningless any promise of confidentiality a journalist may attempt to provide.” [8]

According to Mikki Barry on September 10, 2013: “As attorneys, each one of us should be screaming bloody murder about this potential breach of attorney/client privilege at its very core. It’s not that it is “possible” to get our privileged information, our work product through Google Apps, both the “metadata” and the content of our correspondence, etc., it has already happened, and continues to this day. We KNOW our communications have been compromised. The question now is what to do about it.” [9]

Nadia Kayyali writes at the EFF Deeplinks blog on February 22, 2014: “The American Bar Association has responded to these allegations by urging the NSA to clarify its procedures for minimizing exposure of privileged information” and “ABA president James R. Silkenat writes in his letter to NSA Director Keith Alexander: “The attorney client privilege is a bedrock legal principle of our free society.”” [10]

Read the rest of this entry »

courage and a back up plan

During the development of a presentation entitled “Information Literacy, Privacy, & Risk: What Are the Implications of Mass Surveillance for Libraries?” for the 2014 Online Northwest conference, my group considered a question asked by the keynote speaker, Andromeda Yelton: “what obstacles stop us from learning, and how do we get around them?”

In the context of the conference presentation, potential obstacles include chilling effects on learning due to fears related to mass surveillance – will students self-censor their research and writing due to fear that it might one day be used against them?  Our discussions about how we can support students reminded me of training and experience from my previous work with survivors of abuse, and I wrote this note in one of our planning documents:

Lessons learned from other abusive systems – what do survivors of domestic violence know that might be helpful for students, faculty and librarians?  Victims believe that they can control when the abuse occurs – survivors know that it isn’t how it works.

There is a lot of background discussion for this note, but the general idea is that for chilling effects related to fears about mass surveillance, there is a well-worn path in the anti-violence advocate community to consider when thinking about our responses as educators.

Gabe had suggested that I really should check out Andromeda Yelton’s blog, and after reading a post about the experiences of identifiably female writers, I added a quote below the note:

wow: “Let’s say that again: I live in a world where being myself in public, talking about things I care about under my own name in public, is a specific choice which requires both courage and a backup plan.”

This is a beautiful way to put it.  The choice to write anyway, to research freely, to live out in the open even though tangible threats may exist – these are all specific choices requiring both courage and a backup plan.

The framework of choice also implies respect for individual autonomy in making decisions about how public to be – it wouldn’t be an act of bravery if there were no risks.  As educators, we can consider serving as role models for courage in the learning experience, and we can work on figuring out what a ‘backup plan’ means in the context of mass surveillance.

The Online Northwest conference was unfortunately cancelled due to the weather, but we’ll publish our presentation slides soon at the conference website – including quotes from Andromeda Yelton’s post described as a possible template for how to respond to chilling effects and risks of self-censorship.

This post reflects collaborative research and discussion with Gabe Gossett and Brian Davidson for class projects and preparation for the 2014 Online Northwest conference.

Read the rest of this entry »