The international community should agree on new standards...
The international community should agree on new standards of behavior and “secure-by-default” communications processes, former National Security Agency (NSA) contractor Edward Snowden told lawmakers at a webcast Council of Europe (CoE) Parliamentary Assembly hearing on mass surveillance Tuesday. Speaking from Moscow via video link, Snowden said his earlier testimony before the European Parliament established, among other things, that: (1) The U.S. government has confirmed that its dragnet surveillance hasn’t been effective in preventing terrorism and has no basis in law. (2) The NSA has a directorate that has worked to deliberately subvert European countries’ privacy laws for mass snooping. (3) Reports are accurate of intelligence agencies using blanket surveillance not for antiterrorism activities but to spy on organizations such as the U.N. Children’s Fund and human rights groups. (4) The U.K. Government Communications Headquarters (GCHQ) collected, on a massive scale, images from webcams without any individual suspicions of wrongdoing even after it determined the information had no law enforcement uses. Some of the information was “intensely private,” Snowden said. Asked whether the NSA, GCHQ and others engage in sophisticated data-mining of the information they scoop up, Snowden said yes. The agencies use algorithms to find unknown persons of interest not suspected of wrongdoing, he said. The NSA “XKeyscore” framework permits creation of “fingerprints” that can be used to create a unique signature for an individual or group, but this is just the “smallest part” of its capability, he said. Metadata and content can both be accessed via any algorithm that analysts can put in place, Snowden said. The algorithms give analysts the ability to learn about such things as people’s sexual orientation, personal interests or computer network, he said. U.S. government claims that such searches aren’t carried out aren’t true because Snowden has personally done them with the government’s approval, he said. The algorithms allow for searches without any warrant, creating a de facto policy of “guilt by association,” he said. Systems such as XKeyscore allow the NSA to track entire populations of people who share a particular trait such as religious affiliation or gun ownership, he said. While the agency isn’t engaged in actively compiling lists of homosexuals in order to send them to camps, its activities nevertheless implicate human rights, he said. International standards are needed to guard against routine abuse of the technology, he said. The most cost-effective means to guard against the systemic violations is “pervasive encryption,” Snowden said. Hansjörg Geiger, former head of the German Federal Intelligence Service, urged rapid action to remedy the breaches of law. He proposed international agreements under the U.N. or CoE but said that because they will take many years, intelligence services now need a code of conduct that stops their unfettered spying and limits it to strictly necessary purposes. The code could be brokered by the EU or NATO, and should at the least contain four simple rules, Geiger said. They should bar economic espionage; forbid any intelligence activity on the territory of another country without its permission; allow access to data only for clearly defined purposes such as preventing terrorism; and outlaw efforts to force telecom and Internet companies to give complete access to their databanks to security services.