ORGcon 2014

What is Big Tech doing about mass surveillance?

Some notes from the UK’s biggest digital rights conference, this year focussing on government surveillance

Cory Doctorow photographed by Dave Morris at ORGcon 2012; used to promote the event.

Saturday, 15 November, 2014: Several hundred people interested in digital rights congregate at King’s College London’s Waterloo campus, for the Open Rights Group’s 2014 conference. I am proud to have been elected to the board of ORG in 2013, having been a founding member of the Advisory Council, so I figured I should share some of my notes from the conference.

I’ve already written about Cory Doctorow’s opening keynote, but there were many other sessions across the day. To avoid these pieces becoming too long and unwieldy, I’m covering an individual session in each piece. I didn’t attend this session myself, so apologies for the somewhat sketchy write-up.

Professor Ian Brown is Associate Director of Oxford University’s Cyber Security Centre, and Professor of Information Security and Privacy at the Oxford Internet Institute, as well as a founding member of the ORG Advisory Council. His research is focused on surveillance, privacy-enhancing technologies, and Internet regulation.

While I was in the session “Surveillance, whistleblowing and the media”, the main lecture theatre session in the 1100–1150 timeslot was a discussion on how corporates deal with surveillance requests and how they have responded to the NSA and GCHQ revelations, featuring Prof. Ian Brown from the Oxford Internet Institute and Tom Gaffney, technical director for UK and Ireland at ORGcon sponsors F-Secure.

A problem we found throughout the day was the connectivity from the main lecture theatre, so I have very little information about this session. I do know, however that Ian recommended the EFF’s Secure Messaging Scorecard:

https://twitter.com/digi_ad/status/533584590527799296

There wasn’t a slideshow presentation to share, but Ian did share with me his cue-card notes, which I have presumptuously expanded into some notes based on my guesses of what they discussed:

Encrypted links

An NSA slide on Google Cloud Exploitation, from the Snowden revelations. Being a work of the US federal government, the slide is not eligible for copyright protection.

One of the things we learned from Snowden was that the NSA and GCHQ were spying on the data centre links of the big Internet players, under a programme known as MUSCULAR. Because these were supposedly-private connections, these big players had assumed they didn’t need to protect them further.

As a result of these revelations, Google, Facebook, Microsoft and Yahoo! have all encrypted these links. The EFF maintains an Encrypt the Web report, detailing all the major players’ efforts to protect our data on their networks.

End-to-end encryption

Are you really telling me you’ve never wanted an excuse to include a picture of an Enigma machine in a blog article? Photo by the CIA and, thus, ineligible for copyright protection.

Google and Yahoo! are partnering on end-to-end encryption, so that users’ emails are encrypted at every step — from an SSL browser session on our computers through datacentre links, as I’ve just explained, to an interoperable standard.

Legal actions

The E Barrett Prettyman Federal Courthouse in Washington DC, location of the FISA court. Photo by AgnosticPreachersKid, from the Wikimedia Commons, licensed CC-BY-SA.

Most of the big players have called for greater government disclosure of electronic surveillance. In particular, there’s the Reform Government Surveillance campaign, but also legal action (and legal threats) from Twitter, Yahoo!, Google, Microsoft and Facebook, for example.

In a similar vein, Yahoo! took its case to the FISA court after being threatened with daily fines of $250k over refusing NSA requests they described as “unconstitutional and over-broad”. Likewise, Microsoft has been held in contempt for refusing to provide non-US data to federal authorities.

Transparency reports

An FBI badge & gun; photo by the FBI, from the Wikimedia Commons. Subpœnas are not an easy subject to illustrate, let alone to find public domain or CC images of.

All sorts of companies have started releasing regular transparency reports, detailing the number of requests for userdata and censorship requests under court orders and subpoenas: Vodafone, Verizon, Microsoft, Yahoo!, Facebook, Google, Apple, Twitter, LinkedIn, Dropbox, CloudFlare, Wikimedia.

As the EFF aspired to nearly two years ago as a part of their Who Has Your Back? campaign, transparency reports are becoming the new normal. As Louis Brandeis put it: “Sunlight is said to be the best of disinfectants; electric light the most efficient policeman”.

For now, that may have to suffice, though I might expand this piece if I get more information about the sessions I didn’t attend myself.

ORGcon 2014 was generously sponsored by F-Secure and Andrews & Arnold Ltd. The Open Rights Group exists to preserve and promote your rights in the digital age; we are funded by hundreds of people like you.

This article is dedicated to the public domain under the terms of the Creative Commons Zero licence. Please translate, copy, excerpt, share, disseminate and otherwise spread it far and wide. You don’t need to ask me, you don’t need to tell me. Just do it!