EFF Mass Surveillance Plan
Electronic Frontier Foundation (EFF), the Electronic Frontier Foundation is a non-profit human rights organization founded in July 1990 in the United States with the aim of protecting the rights embodied in the Constitution and the Declaration of Independence in connection with the advent of new communication technologies. Founders - John Gilmore, John Perry Barlow, Mitch Kapor.
There is a problem with the cessation of mass surveillance. The organization conducting the most close and deeply penetrating observations, the National Security Agency, is bound by the laws of the United States.
This is good for Americans. US laws and its Constitution protect US citizens and legal residents from surveillance not backed up by a warrant. That is, legally, we can oppose home surveillance or mass listening.
In addition, the US Congress is elected by the Americans. It turns out that representatives in Congress owe their jobs to citizens, and public pressure from voters can influence the adoption of laws in the future - laws that can prevent the NSA’s most egregious practices.
But what about all the other people? 96% of the world's population are citizens of other countries and live outside the borders of the United States. They do not vote for congressmen. And US laws protect only citizens of a country. What can the EFF do to protect billions of people peeped by the NSA outside the US?
We want to present you with a detailed plan for this, which we have been working on for a very long time. Decide if you want to participate in order to change the world.
The plan is not designed for a couple of weeks or months. This is a battle that will go on for years. The plan will have to be constantly revised when we gradually understand the tools and agencies involved in mass surveillance, and when more and more people report abuse in this area.
Introduction: mass surveillance of the NSA, DSP (government communications center) and others
The NSA is trying to collect as much information as possible about the digital activities of people around the world. The approach of the former director of the NSA is simple: “We collect, tag, and store. Looking for information, if necessary. ”
The NSA alone cannot handle this. She relies on a network of international partners to help gather information - especially intelligence from Australia, Canada, New Zealand and the UK (collectively known as Five Eyes). In addition, the United States cooperates at various levels with Belgium, Denmark, France, Germany, Israel, Italy, Japan, Holland, Norway, Singapore, Spain, South Korea, Sweden, and possibly some other countries. There are countries such as Russia and China, in which observations are conducted independently and without any connection with the United States. Some governments (including the United States) spend billions of dollars to develop tools aggressively used against innocent people. Some work without special supervision and legal restrictions.
Although whistleblowers and journalists focused on the NSA and the DSP, it is not necessary to assume that other states would not want to join them. Agencies always need data and work to expand their capabilities.
We primarily work against the NSA, because we know how they work, and we have the most legal and political instruments to influence it. Of course, knowledge about the practice of surveillance of other agencies in the USA and abroad will not hinder us in order to prevent the global epidemic of surveillance. Read materials on the reform of the law on international surveillance and the fight against this through encryption on the side of the user .
Mass surveillance is promoted by technology companies, especially large ones. They often give very little attention to security, or it is implemented very poorly. Sometimes they even deliberately help the NSA collect data on millions of people (as an example, AT&T). In other cases, technology companies may legally require NSA access to their servers.
The NSA works on the basis of several laws and presidential decrees , justifying massive surveillance. Congressional laws may diminish these opportunities, and the Supreme Court also has the power to slow down surveillance.
Since US laws do not protect people in other countries, what can we do to protect non-Americans Internet users?
Our plan is this. Please note that the steps are not sequential - we work on them in parallel.
1. Put pressure on technology companies to improve their systems' wiretap protection
Today, there are questions about the degree of cooperation between technology companies and the NSA.
In some cases, companies seek to help the NSA. Thanks to the whistleblowers, we know that AT&T has a secret room in their building on Fols Street, San Francisco, where a
Some companies go further by deliberately weakening the security of their systems to facilitate surveillance. This clearly follows from NSA documents.
And what about the large companies - Google, Facebook, Yahoo and Microsoft? The information comes in different. Data from Snowden suggests that Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple voluntarily participate in the PRISM program. The NSA has access to the servers of these companies, and these companies take part in the surveillance of users.
In turn, companies deny this and even formed a lobby that seeks to limit this practice to spying on specific people for legitimate purposes and to stop collecting general data from the Internet.
To begin with - not bad, but this is far from what companies can do. Technology companies can strengthen their systems to complicate surveillance, and offer users the ability to encrypt communications at a level at which even their providers will not be able to listen to them. It is also important that companies resist attempts to create backdoors in their hardware or programs.
These same companies are aware of surveillance requests, which are kept secret from the press and ordinary people. These companies have every chance to fight for their users in court (as Yahoo did ). After all, companies spend millions on lobbying for laws that are convenient to them. Instead, they could help reform and anti-spy laws.
How can we make companies fight court surveillance and strengthen their systems against surveillance? We are trying to achieve transparency and inform about all cases in which companies play on the side of the government. Therefore, we are proud that we support the Reset the Net campaign , which should encourage companies to protect user data. Also look at the HTTPS Everywhere campaigns and our email encryption work , as well as the Who Has Your Back campaign .
We need to cultivate responsibility among those who develop products to which people trust valuable private data. Those who create computers, network equipment, programs, etc., must well understand their responsibility to users who trust them. They must refuse to create backdoors and eliminate existing ones if they find them. We must exert public pressure on them, forcing them to bear this responsibility in full.
2. Create a global movement promoting user-side encryption
Pushing tech giants to guard our digital lives and changing laws and regulations will be difficult, and it will be slow. But everyone can start using encryption in just a few minutes. Encrypted chats, mail, secure web, and document transfer are powerful ways to make mass surveillance more difficult.
If you do not have your own team of engineers who will show you how to use encryption from inside to outside, then we have specially created for you the resource Surveillance Self Defense, explaining in detail how to use encryption. It is intended for people who want to do this, but don’t know how. We will continue to distribute and translate these materials and conduct a campaign to promote them.
The more people around the world realize the threat and understand what can be done to protect themselves, and what kind of help can be expected from companies and the government, the better we will be able to propagate the necessary changes.
3. Encourage the creation of safe communication tools
Many secure tools are inconvenient for ordinary users. Those that are comfortable are usually unsafe. We want to change this so that people do not have to exchange security for convenience. We run the Campaign for Secure and Usable Crypto campaign, and made the Messaging Security Appraisal page , where we rated them using several criteria. We want to encourage the creation of new technologies that will be both safe and easy to use for ordinary people, while campaigning for large companies to implement practices that increase safety.
4 Reform of Decree 12333
Most do not know about him, but decree 12333 allows the NSA to monitor people outside the United States. Although Congress is considering amendments to the Patriotic Act [a federal law passed in the United States in October 2001 that gives the government and the police wide powers to oversee citizens], there was almost no debate about decree 12333. The decree was initiated by Reagan in 1981, and we launched a campaign to reform it.
5 Develop guiding legal principles for the possibility of monitoring and maintaining privacy with the help of scientists and legal experts around the world
The campaign was launched before the Snowden affair. It began with the document “ International Principles for the Application of Human Rights to the Supervision of Communications ”. "13 principles", as they are also called, should work both locally and globally. They explain why the legalization of mass surveillance is wrong. We hope to prove that mass surveillance is not needed and its use is disproportionately large.
6. Find international partners who can help with local surveillance reform, and offer them support and advertising.
The goal is to encourage and support activists and lawyers around the world who agree with the 13 Principles, and to support their actions to combat increased surveillance. We are already working, for example, with activists from Australia, Mexico and Paraguay.
Especially EFF focuses on working with countries that share similar information with US services. We share with our partners the tactics, strategies and methods known to us in the struggle and disclosure of such vicious actions.
In some countries, such a struggle is difficult politically and socially, and activists are stigmatized as pedophiles and terrorists. In at least one of the countries we work with, anonymity is prohibited by the constitution. For some of our partners, public debates on this subject are fraught with loss of freedom or even worse consequences.
7. Stop the uncontrolled extension of NSA powers
Decree 12333, although it gives the NSA some authority, there are other laws besides it. The NSA often unfairly claims that certain laws allow them to monitor all Internet users with little or no oversight of the NSA’s actions. These documents include the FISA Amendments Act [Non-US People Tracking Act] and the Patriot Act.
It is the fight against such abuses that our team of lawyers is engaged in. We prove in court that surveillance without appropriate warrants is illegal and unconstitutional.
8. Make surveillance laws and procedures more transparent
One of the problems in the fight against surveillance is that we do not know the details that we do not know. Whistleblowers reveal some facts, but what if there are procedures and practices that we don't know anything about? What if the NSA works with some agencies and collects information using methods that we have not heard of at all?
It is incredibly difficult to change the world of surveillance when we do not have a general picture of what the government is doing and how it justifies these actions in terms of laws.
In this regard, we:
- are working on reforming the classification system of government actions
- we are using the act on free access to information in order to gain access to government documents
- we help partners in other countries put pressure on the United States so that they have to somehow justify their activities
- we conduct educational activities, talking about the benefits of the disclosures and their important role in our struggle. This includes support for organizations like Wikileaks, and people like Mark Klein, Edward Snowden and others.
Global Platform - Global Solutions
Mass surveillance affects people around the world, even where there is no Internet access. But laws and courts are divided by country. This means that we need a whole set of tactics to fight. This plan should give you an idea of how US laws and regulations affect people around the world and how we can protect people outside the US.
We are not only fighting some elements of the American administration - we are also opposed to the unsightly state of privacy of today, and against the desire of corporations to put their paw on the media surveillance.
We are constantly improving our plan, but we wanted to help our friends understand how we think so that you can figure out how several of our small campaigns fit into a common strategy: to secure private communication for people around the world.
For your part, you can join a local organization fighting for digital rights - in each country there are already a lot of them. If your country doesn’t have one, consult us about how to organize it. You can send inquiries to companies to increase your protection against government espionage, and support companies that do so. You can sign the petition for Decree 12333 and tell more people about it. You can use encryption for your protection and increase the cost of mass surveillance, and teach this to your friends and colleagues. You may refuse to support or collaborate with surveillance efforts and promote privacy protection in the organizations you are a member of.
Appendix: Laws and decrees to be changed
The best way to end the NSA’s massive surveillance is to change US laws so that they clearly talk about the illegality of surveillance without warrants. However, this is not easy. The NSA relies on a set of different laws and decrees to justify its actions.
Here are those of which we can confidently say about the change.
Section 215 of the Patriotic Act entitled “Business Records”
Read the law
What it does : Simply put, the government can make any “items” that “are relevant” to the investigation be presented.
Why it matters : The NSA uses this section to justify the massive collection of telephone records of millions of Americans. There are also proposals to collect other information - financial records and bank card data.
How to stop : One way is to pass a decree similar to the Freedom Act, which would clearly say that such use of section 215 is illegal. It could not be held in the Senate in 2014, so it must be re-held in 2015.
The second way: to prevent the renewal of this section of the Patriotic Act, which automatically expires every few years. The next extension is due in June 2015, provided Congress re-authorizes this section. We are conducting a major campaign to prevent this authorization.
Section 702 FISA Amendments Act
What it does : this section is designed specifically for the NSA to be able to conduct surveillance without warrants in the United States if the intended surveillance goals are abroad.
Why it matters : The NSA relies on this section to support the PRISM program. On the one hand, the NSA obliges Internet giants to provide communication between users, and on the other hand, it connects to traffic through AT&T and other providers. Acting in this way, the NSA not only listens to surveillance objectives, but also “accidentally” collects the communication of millions of people, both Americans and foreigners.
How to stop: There are no promising decrees yet. We are working on disseminating information about this. By 2017, when this section will need re-authorization, we will prepare a campaign for its destruction.
What it does: A presidential decree refers to what the NSA does and by what right intelligence agencies conduct most of their operations.
Why it matters: this decree is the NSA’s main pillar that it uses to justify its surveillance, including mass surveillance, abroad.
How to stop: the president can cancel the presidential decree. Therefore, we are campaigning for President Obama to issue a new decree confirming the rights of people around the world and end the mass surveillance.
Pressure through financing
Each year, Congress approves a defense budget. During the discussion, there is heated debate about the need to finance one or another activity, during which it is possible to adopt an amendment that will cancel any form of surveillance.