The war on terror can seem pretty relentless. It’s understandable if you feel overwhelmed at times by the threat of ISIS (although you might know the group as IS, ISIL, or Daesh), for example.
Extremist groups are determined to take dominance over our lives, but we don’t have to bow to such pressure. We shouldn’t.
Nonetheless, it is affecting your privacy. The gray line between right and wrong is an ever-expanding area. Here’s how your privacy is being infringed, supposedly in the fight against terror…
Why Does This Matter?
Let’s get this out the way first: many will tell you that, if you’ve nothing to hide, you’ve nothing to be scared of.
Privacy is a human right. You don’t expect a CCTV camera to be trained permanently on your living room, so why should you expect details of your browsing history, for instance, to be monitored?
The internet was created to be anonymous. Ideally, that means that it couldn’t be compromised by politics, religion, or any other regime that intends to restrict you to an approved line of thinking. Of course, in actuality, it means you can learn more about such strictures. This is your freedom of choice.
The opposite would be a closed internet that limits ideas, a circuit whereby you can only visit certain sites, approved by an authority with an agenda.
Without your freedom, what are you?
Away from philosophical discussions of independence, storage of your private data is a big temptation for cybercriminals. Governmental agencies and medical institutions don’t even have sufficient security to protect themselves from hackers — imagine a world where your personal information is collected all the time by everyone.
In fact, maybe you don’t have to imagine it…
This is, of course, the biggest factor infringing on your rights. Governments use terrorism as an excuse for collecting your private information.
Was worried about Snooper's Charter, then realised it was a Government IT project; unlikely to actually work, even if it is ever delivered??
— MurkyGoth (@MurkyGoth) July 1, 2017
The most recent shocking example of this is The Investigatory Powers Bill in the U.K., known colloquially as the “Snooper’s Charter.” This passed in 2016 (after some minor amendments), though was still deemed unlawful by an EU court. The Bill forces telecommunications firms into keeping all their customers’ browsing histories for at least a year, and subsequently handing over that information to public bodies.
Such bodies naturally include GCHQ, the police, and the Home Office, as a way of fighting terrorism.
However, other agencies allowed to peek at the internet data of U.K. residents also include the Food Standards Agency, HM Revenues & Customs, the Gambling Commission, the Serious Fraud Office, and NHS trusts providing ambulance services.
Similar methods of data retention are either suggested or approved across the world.
Metadata has to be kept for up to two years in Australia, and can be obtained by official services without a warrant. The National Security Agency (NSA) wants “front door” access to encrypted messages. And the Yarovaya Law in Russia requires metadata collection, as well as retention of voice messages for up to six months.
As a tactic, it largely works in the favor of authorities. Secret intelligence services, such as the NSA and MI5, are charged with protecting citizens, and to do this, they need powers to collect data they deem necessary to stop threats. Fair enough, right?
But how do you define “necessary”?
Social Media Sharing
We can’t solely blame governments, though. Sometimes, it’s not even complacency that damages our right to privacy. Some corporations want to be seen to act against terrorism. Others are happy to share a lot of data, as long as it doesn’t hit the headlines.
Facebook is the former.
In the wake of terror attacks in 2017, the company announced its willingness to share “limited data” across its numerous properties. This includes the photo-sharing platform, Instagram.
We all like to think social media is a safe place, but that’s not the case. From cases of sextortion to malicious links, users leave themselves open to trouble on networking platforms. As long as you use common sense, and take necessary precautions, you should be fine.
Still, social media is used by terrorists to communicate with like-minded people and for propaganda.
Facebook aims to stop such activities from littering its service. It’s a positive attitude to have. Nonetheless, sharing personal data is an infringement on your privacy. Especially as we’re yet to determine which details of users will be passed on, under what circumstances, what safeguards are in place, how the information will then be used, and if governmental authorities will be involved.
Have you checked your Facebook privacy settings lately? It's important to keep up to date and have regular conversations with your child. pic.twitter.com/wYQTRHYC08
— Action for Children (@actnforchildren) July 28, 2017
We do know that humans form the basis for banning suspect accounts — staff at Facebook will identify malicious content, like video, certain rhetoric associated with radicalization, and “terrorist clusters” (i.e. groups of people affiliated with organizations like ISIS and Al Qaeda). Beyond that, Facebook is experimenting with artificial intelligence (AI) software that will implement methods learned from human staff to the network as a whole.
Algorithms can already identify and match faces, so will an AI be used to flag pictures on Instagram? We’ll just have to wait and see.
You Thought WhatsApp Was Private
WhatsApp appears great on the surface. This is a free messaging app that uses internet connection to send texts. It uses end-to-end encryption so third-parties can’t snoop on what’s being said.
Yes, that’s technically correct, but it’s not entirely private.
When Facebook acquired the service in 2014 for $19 billion, issues were raised over its attitude to user details. Considering all the things Facebook knows about you, further dominance over data is certainly worrying.
This led to governments apparently waging war on WhatsApp, greatly exaggerated by the media, in order to deliver a storm in a teacup. Nonetheless, it’s not as secure as you think.
That’s because Facebook’s data-sharing plan includes WhatsApp.
Again, this is being blamed on terrorists using the service precisely because its encryption methods make deciphering text largely impossible. Indeed, Facebook won’t be able to read messages or pass them on; instead, they’ll rely on metadata — details recorded about which devices sent and received SMS, where they were sent from, and at what times.
Facebook has admitted:
“[W]e do provide the information we can in response to valid law enforcement requests, consistent with applicable law and our policies.”
It’s understandable if information is collated to learn more about terrorists, but the line dividing acceptable usage of details isn’t clearly defined. WhatsApp, for instance, was utilized a few years ago to organize protests (which descended into riots in many cities) against government cuts across the U.K.: could law-enforcers acquire information on similar instances in future?
Major Companies Aren’t Exempt
It’s easy to pick on Facebook, but more often than not, major companies pass on your personal information if requested.
Such requests for user data might be in the form of a subpoena (or local equivalent), ECPA Court Order, or Search Warrant. Those are all retroactive acquisitions of data — real-time requests might be through a wiretap or Traps and Trace, and must be “relevant to an ongoing criminal investigation.” In accordance with user transparency, companies typically publish statistics in regular Law Enforcement Request Reports. However, these can exclude data requested by the NSA and other intelligence services.
Apple, for example, received 1,986 U.S. Account Requests from the U.S. government in 2015 alone, and supplied limited information on 82 percent of those. The majority of requests to Apple came from people looking for stolen devices.
Meanwhile, Facebook complied with 80 percent of the 17,577 U.S. law enforcement requests between January and June 2015. In that same period, Google yielded data on 78 percent of its 12,002 requests.
For the search engine, requests have soared in just five years, while their compliance percentage has remained fairly high: in the first six months of 2010, it surrendered to 94 percent of the 4,601 requests from the U.S.
Microsoft is arguably most transparent when publishing the number of requests its received globally. In its most recent report, charting July to December 2016, it received 25,837 requests affecting 44,876 users. Of these, it complied with nearly 68 percent of content and non-content requests (the majority of these were for the latter). Rejections and cases where no data was found make up the remaining 32 percent fairly equally.
In short, most major companies comply with the majority of U.S. law enforcement requests, although the extent of details acquired cannot be known.
Hackers Fight Back
It’s worth noting that it’s not solely governments around the world fighting against terrorism. Hackers can be a force for good — but sometimes, it backfires.
You might know Anonymous as a group of unknown “hacktivists” intent on fighting oppression, and best associated with the “V” mask from V For Vendetta.
You’d think ISIS would be a fair target. Indeed, members of Anonymous have been focusing on the terrorist organization since the tragic attacks in Paris in January 2015. Anonymous has taken down thousands of related websites and Twitter accounts that spread terror propaganda.
However, most hacktivists work anonymously and consist of disparate elements. Sometimes, they get it wrong.
Now, you’d be very, very unlucky to be affected in an adverse way by Anonymous’s activities. But not long ago, one member published the name and address of a terrorist sympathiser… only to apologize soon after for getting it wrong. The victim nonetheless received death threats, and the hacktivist has since been suspended from social media.
Still, it’s very unlikely Anonymous, or similar groups will target you.
Why This Makes Everything Worse
All of this is, of course, bad for your privacy. Yet if it aids the war on terror, you might figure the positives outweigh the negatives.
But this might not be the case. Let’s remember the old adage, better the Devil you know.
The Open Rights Groups warn that these measures won’t stop terrorist groups, but will encourage them to use platforms that are harder for authorities to regulate. Notably, they’ll resort to using the Dark Web, a section of the internet that’s already rife with criminals and hackers. There, they can procure arms, find like-minded fighters, and collaborate in secret. This is instead of the “Surface Web” — which you’re using right now — consisting of pages you’ll find on all standard search engines.
Regulations on the so-called Surface Web won’t affect the people they’re apparently intended to stop.
Beatrice Berton, of the E.U. Institute for Security Studies, says:
“ISIL’s activities on the Surface Web are now being monitored closely, and the decision by a number of governments to take down or filter extremist content has forced the jihadists to look for new online safe havens. The Dark Web is a perfect alternative as it is inaccessible to most but navigable for the initiated few — and it is completely anonymous.”
Is it better terrorists use the Surface Web? It means you or I could be exposed to them, although the likelihood of doing so is minimal. Then again, it also means they’re traceable.
What Can You Do About It?
Feeling overwhelmed and helpless? That’s what it’s like when your own government is infringing on your rights. But you’re not powerless.
First of all, turn to encryption. Although it’s far from impenetrable, it’s the best way of safeguarding your data. For this, you’ll want to use a virtual private network (VPN): there’s a whole host to choose from, so shop wisely. Do you want a free one? Or is a premium alternative stronger? It really depends on your specific concerns and requirements.
You already use free encryption, however, if you’ve got WhatsApp or Facebook Messenger. Metadata can still be retrieved, as we’ve already discussed, but at least the actual contents are scrambled.
These may be the best known messaging apps, but are far from the only ones. The difficulty you’ll find is convincing your loved ones to stop using WhatsApp and instead turn to one of its competitors!
The best option to avoid snooping is to stay away from the companies selling your details. It’s not particularly simple if you’re used to going on social media, using Google Chrome, or just love Apple. Still, you’ll soon get into the habit of taking different precautions.
Should you go as far as deleting your Facebook account? It’s up to you. Bear in mind, you can still use it safely as long as you limit the amount of personal information you submit. But because Facebook tracks even those without a profile, you’d be advised to at least use an anonymous browser.
Otherwise, try a private search engine like DuckDuckGo.
This limits the amount of snooping the government can do right now. You might prefer to be more vocal about keeping your privacy — in which case, you should check out the privacy groups fighting on your behalf.
Privacy: Is it Worth It?
How much do you value your privacy? What about your safety? How do you fight the war on terror without infringing on the rights of people you intend to protect?
There are no easy answers.
Is the cost of privacy too high? Should we stick up for civil rights now more than ever? On whose shoulders does responsibility for safety and privacy lie?