ORGcon 2014
What is Big Tech doing about mass surveillance?
Some notes from the UK’s biggest digital rights conference, this year focussing on government surveillance
Saturday, 15 November, 2014: Several hundred people interested in digital rights congregate at King’s College London’s Waterloo campus, for the Open Rights Group’s 2014 conference. I am proud to have been elected to the board of ORG in 2013, having been a founding member of the Advisory Council, so I figured I should share some of my notes from the conference.
I’ve already written about Cory Doctorow’s opening keynote, but there were many other sessions across the day. To avoid these pieces becoming too long and unwieldy, I’m covering an individual session in each piece. I didn’t attend this session myself, so apologies for the somewhat sketchy write-up.
While I was in the session “Surveillance, whistleblowing and the media”, the main lecture theatre session in the 1100–1150 timeslot was a discussion on how corporates deal with surveillance requests and how they have responded to the NSA and GCHQ revelations, featuring Prof. Ian Brown from the Oxford Internet Institute and Tom Gaffney, technical director for UK and Ireland at ORGcon sponsors F-Secure.
A problem we found throughout the day was the connectivity from the main lecture theatre, so I have very little information about this session. I do know, however that Ian recommended the EFF’s Secure Messaging Scorecard:
There wasn’t a slideshow presentation to share, but Ian did share with me his cue-card notes, which I have presumptuously expanded into some notes based on my guesses of what they discussed:
Encrypted links
One of the things we learned from Snowden was that the NSA and GCHQ were spying on the data centre links of the big Internet players, under a programme known as MUSCULAR. Because these were supposedly-private connections, these big players had assumed they didn’t need to protect them further.
As a result of these revelations, Google, Facebook, Microsoft and Yahoo! have all encrypted these links. The EFF maintains an Encrypt the Web report, detailing all the major players’ efforts to protect our data on their networks.
End-to-end encryption
Google and Yahoo! are partnering on end-to-end encryption, so that users’ emails are encrypted at every step — from an SSL browser session on our computers through datacentre links, as I’ve just explained, to an interoperable standard.
Legal actions
Most of the big players have called for greater government disclosure of electronic surveillance. In particular, there’s the Reform Government Surveillance campaign, but also legal action (and legal threats) from Twitter, Yahoo!, Google, Microsoft and Facebook, for example.
In a similar vein, Yahoo! took its case to the FISA court after being threatened with daily fines of $250k over refusing NSA requests they described as “unconstitutional and over-broad”. Likewise, Microsoft has been held in contempt for refusing to provide non-US data to federal authorities.
Transparency reports
All sorts of companies have started releasing regular transparency reports, detailing the number of requests for userdata and censorship requests under court orders and subpoenas: Vodafone, Verizon, Microsoft, Yahoo!, Facebook, Google, Apple, Twitter, LinkedIn, Dropbox, CloudFlare, Wikimedia.
As the EFF aspired to nearly two years ago as a part of their Who Has Your Back? campaign, transparency reports are becoming the new normal. As Louis Brandeis put it: “Sunlight is said to be the best of disinfectants; electric light the most efficient policeman”.
For now, that may have to suffice, though I might expand this piece if I get more information about the sessions I didn’t attend myself.
ORGcon 2014 was generously sponsored by F-Secure and Andrews & Arnold Ltd. The Open Rights Group exists to preserve and promote your rights in the digital age; we are funded by hundreds of people like you.
This article is dedicated to the public domain under the terms of the Creative Commons Zero licence. Please translate, copy, excerpt, share, disseminate and otherwise spread it far and wide. You don’t need to ask me, you don’t need to tell me. Just do it!