How Governments and Telecom Companies Work Together on Surveillance Laws
It isn’t a coincidence that the U.S., Canada, Australia, and the U.K. are proposing similar laws to permit monitoring of Internet communications.
The 3rd Generation Partnership Project
The 3rd Generation Partnership Project unites six telecommunications standards bodies, including ETSI and ATIS, which meet regularly and host a series of quarterly plenary meetings. Jargon and acronym-laced minutes from 3GPP meetings published online occasionally offer a fascinating glimpse into the scale of international collaboration on upgrading surveillance capabilities.
During meetings in Estonia and Italy in 2010 and 2011, for instance, it was revealed that law enforcement representatives from the United Kingdom, Canada, and the Netherlands expressed reservations about adopting so-called “man-in-the-middle” attacks—a kind of hacking—to intercept communications as they are being sent over IMS networks. The United Kingdom in particular was said to be concerned that performing an “active attack” to spy on people “may be illegal” under British law. The U.K. was reportedly working on a separate method of intercepting IMS communications so it would not have to resort to man-in-the-middle attacks.
In recent weeks 3GPP meetings have focused on the “challenges for interception” posed by cloud storage of data. The group is trying to find a solution that will enable law enforcement agencies to monitor, and have access to, cloud data as part of their investigations.
The Telecommunications Industry Association
The TIA is a trade group based in Washington, D.C., which works to address policy issues and set standards for the telecommunications industry. Formed in 1988, the group operates a series of committees and subcommittees—attended by companies including Sprint Nextel, Nokia Siemens Networks, and Verizon Wireless—which deal with issues covering electronic surveillance. The TIA is currently helping develop standards for interception of VOIP and data retention alongside ETSI and ATIS. Interestingly, it has also been pressuring authorities in India to adopt global standards for surveillance, calling on the country’s government to create a “centralized monitoring system” and “install state-of-the-art legal intercept equipment.”
The Global Standards Collaboration
The Global Standards Collaboration plays a significant role in bringing together organizations from across the world to facilitate “global standardization” of telecommunications infrastructure.
Representatives from the United States, Europe, Japan, China, Europe, Canada, and Korea attend annual GSC meetings, where they discuss and vote on issues affecting the industry—including upgrading surveillance capabilities. Crucially, in 2003 the GSC approved a resolution that called for “global cooperation and collaboration on lawful access and interception.” This was a collective commitment made by all participating organizations—among them ETSI, the TIA, and ATIS—to work toward “common, harmonized, shared systems of law” relating to communications interception.
Convention on Cybercrime
The Council of Europe’s Convention on Cybercrime has been signed and ratified by 19 countries, including the United States and the United Kingdom. Canada has also signed—but not ratified—the treaty, and Australia intends to sign. The convention codifies a commitment to establish a system of mutual assistance for issues related to computer crime. This includes measures related to enabling real-time surveillance of communications content.
A Canadian parliament report in 2006 noted that the convention’s call for “harmonization of lawful access legislation” was a factor in its own push for new surveillance powers. The report also stated that Canada had based a proposed surveillance bill, C-74, on “legislation existing in other countries, primarily the United States, the United Kingdom and Australia.”
Designed to ensure that law enforcement agencies could legally intercept any communication regardless of the technology used to send it, C-74 never became law due in part to opposition from the public and civil liberties groups. But Bill C-30, currently being pursued by Canada’s government, is essentially a second generation version of C-74 and would implement many of the same powers.
The latest developments in the United States, Canada, the United Kingdom, and Australia, could well be part of a tradition dating back more than 60 years. In his book GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency, academic Richard J. Aldrich noted that after World War II, a series of surveillance and intelligence-related treaties, alliances, and agreements were made between the countries, leading to the creation of “a complex spider's web of cooperation” that is still in existence.
Unlike in previous decades, though, the proposed expansion of surveillance today is inward-looking: domestic, not foreign. It is linked not to combating state-level threats but to unprecedented technological advances. With more people communicating online than ever before, authorities say they are losing the ability to track and monitor suspects and that secrecy is necessary to conceal their techniques from criminals.
Given this, it makes some sense that governments and technology firms are working together to find solutions. The problem is that the relationship is tainted by a lack of openness.
I’m not suggesting here that we’re in the depths of some sort of grand conspiracy, and nor am I arguing that the FBI should reveal intricate details about its surveillance methods or divulge the inner workings of its most complicated interception technologies—things that might actually be a benefit to serious criminals. What I’m saying is that without greater levels of public scrutiny or input, officials will sow mistrust—and end up defeating themselves. Already some are proposing “surveillance-proof” Internet providers, in part fueled by well-founded fears about clandestine mass snooping programs.
The deeply rooted tension between sweeping demands for increased online surveillance and privacy concerns of citizens is not going to disappear soon, and there are no quick fixes or easy answers. What’s essential is honest debate on surveillance between all sides in all countries. But that debate can’t and won’t happen until governments and telecom companies can at least commit to being more transparent about the scale and purpose of their collaboration.
This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.
Ryan Gallagher is a journalist who reports from the intersection of surveillance, national security, and privacy for Slate's Future Tense blog. He is also a Future Tense fellow at the New America Foundation.