taler-merchant-demos

surveillance-vs-democracy.html (36019B)

---

 <!--#include virtual="/server/header.html" -->
 <!-- Parent-Version: 1.97 -->
 <!-- This page is derived from /server/standards/boilerplate.html -->
 <!--#set var="TAGS" value="essays cultural evils" -->
 <!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
 <title>How Much Surveillance Can Democracy Withstand?
 - GNU Project - Free Software Foundation</title>
 <style type="text/css" media="print,screen"><!--
 #intro { margin: 2em auto 1.5em; }
 .toc { width: auto; }
 .pict.wide { width: 23em; }
 .pict p { margin-bottom: 0; }
 #conclusion { visibility: hidden; margin-top: 0; }
 @media (min-width: 55em) {
    #intro { max-width: 55em; }
    .toc { max-width: 51em; }
    .toc li { display: inline-block; width: 90%; }
 }
 -->
 </style>
 <!-- GNUN: localize URL /graphics/dog.small.jpg -->
 <!--#include virtual="/philosophy/po/surveillance-vs-democracy.translist" -->
 <!--#include virtual="/server/banner.html" -->
 <!--#include virtual="/philosophy/ph-breadcrumb.html" -->
 <!--GNUN: OUT-OF-DATE NOTICE-->
 <!--#include virtual="/server/top-addendum.html" -->
 <div class="article">
 <h2 class="center">How Much Surveillance Can Democracy Withstand?</h2>
 
 <address class="byline center">by
 <a href="https://www.stallman.org/">Richard Stallman</a></address>
 
 <div id="intro">
 <div class="pict wide">
 <a href="/graphics/dog.html">
 <img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the three ads that popped up on his computer screen..." /></a>
 <p>&ldquo;How did they find out I'm a dog?&rdquo;</p>
 </div>
 
 <p>Thanks to Edward Snowden's disclosures, we know that the current
 level of general surveillance in society is incompatible with human
 rights.  Expecting every action to be noted down <a href="https://www.socialcooling.com/">makes people censor and
 limit themselves</a>.  The repeated harassment and prosecution of dissidents,
 sources, and journalists in the US and elsewhere provides
 confirmation.  We need to reduce the level of general surveillance,
 but how far?  Where exactly is the
 <em>maximum tolerable level of surveillance</em>, which we must ensure
 is not exceeded?  It is the level beyond which surveillance starts to
 interfere with the functioning of democracy, in that whistleblowers
 (such as Snowden) are likely to be caught.</p>
 </div>
 
 <div class="columns" style="clear:both">
 <p>Faced with government secrecy, we the people depend on
 whistleblowers
 to <a href="https://www.eff.org/deeplinks/2013/11/reddit-tpp-ama">tell
 us what the state is doing</a>.  (We were reminded of this in 2019 as
 various whistleblowers gave the public increments
 of <a href="https://www.commondreams.org/views/2019/09/27/trumps-ukraine-scandal-shows-why-whistleblowers-are-so-vital-democracy">information
 about Trump's attempt to shake down the president of Ukraine</a>.)
 However, today's surveillance intimidates potential whistleblowers,
 which means it is too much.  To recover our democratic control over
 the state, we must reduce surveillance to the point where
 whistleblowers know they are safe.</p>
 
 <p>Using free/libre
 software, <a href="/philosophy/free-software-even-more-important.html">as
 I've advocated since 1983</a>, is the first step in taking control
 of our digital lives, and that includes preventing surveillance.  We
 can't trust nonfree software; the NSA
 <a href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">uses</a>
 and
 even <a href="https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">creates</a>
 security weaknesses in nonfree software to invade our own computers
 and routers.  Free software gives us control of our own computers,
 but <a href="https://www.wired.com/opinion/2013/10/149481/">that won't
 protect our privacy once we set foot on the Internet</a>.</p>
 
 <p><a
 href="https://www.theguardian.com/world/2013/oct/10/nsa-surveillance-patriot-act-author-bill">Bipartisan
 legislation to &ldquo;curtail the domestic surveillance
 powers&rdquo;</a> in the U.S. is being drawn up, but it relies on
 limiting the government's use of our virtual dossiers.  That won't
 suffice to protect whistleblowers if &ldquo;catching the
 whistleblower&rdquo; is grounds for access sufficient to identify him
 or her.  We need to go further.</p>
 </div>
 
 <div class="toc" style="clear: both">
 <hr class="no-display" />
 <h3 class="no-display">Table of contents</h3>
 <ul class="columns">
  <li><a href="#upperlimit">The Upper Limit on Surveillance in a Democracy</a></li>
  <li><a href="#willbemisused">Information, Once Collected, Will Be Misused</a></li>
  <li><a href="#technical">Robust Protection for Privacy Must Be Technical</a></li>
  <li><a href="#commonsense">First, Don't Be Foolish</a></li>
  <li><a href="#privacybydesign">We Must Design Every System for Privacy</a></li>
  <li><a href="#dispersal">Remedy for Collecting Data: Leaving It Dispersed</a></li>
  <li><a href="#digitalcash">Remedy for Internet Commerce Surveillance</a></li>
  <li><a href="#travel">Remedy for Travel Surveillance</a></li>
  <li><a href="#communications">Remedy for Communications Dossiers</a></li>
  <li><a href="#necessary">But Some Surveillance Is Necessary</a></li>
  <li><a href="#conclusion">Conclusion</a></li>
 </ul>
 <hr class="no-display" />
 </div>
 
 <h3 id="upperlimit">The Upper Limit on Surveillance in a Democracy</h3>
 
 <div class="columns">
 <p>If whistleblowers don't dare reveal crimes and lies, we lose the
 last shred of effective control over our government and institutions.
 That's why surveillance that enables the state to find out who has
 talked with a reporter is too much surveillance&mdash;too much for
 democracy to endure.</p>
 
 <p>An unnamed U.S. government official ominously told journalists in
 2011 that
 the <a href="https://www.rcfp.org/journals/news-media-and-law-summer-2011/lessons-wye-river/">U.S. would
 not subpoena reporters because &ldquo;We know who you're talking
 to.&rdquo;</a>
 Sometimes <a href="https://www.theguardian.com/media/2013/sep/24/yemen-leak-sachtleben-guilty-associated-press">journalists'
 phone call records are subpoenaed</a> to find this out, but Snowden
 has shown us that in effect they subpoena all the phone call records
 of everyone in the U.S., all the
 time, <a href="https://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order">from
 Verizon</a>
 and <a href="https://www.marketwatch.com/story/nsa-data-mining-digs-into-networks-beyond-verizon-2013-06-07">from
 other companies too</a>.</p>
 
 <p>Opposition and dissident activities need to keep secrets from
 states that are willing to play dirty tricks on them.  The ACLU has
 demonstrated the U.S. government's <a
 href="https://www.aclu.org/files/assets/Spyfiles_2_0.pdf">systematic
 practice of infiltrating peaceful dissident groups</a> on the pretext
 that there might be terrorists among them.  The point at which
 surveillance is too much is the point at which the state can find who
 spoke to a known journalist or a known dissident.</p>
 </div>
 
 <h3 id="willbemisused">Information, Once Collected, Will Be Misused</h3>
 
 <div class="columns">
 <p>When people recognize
 that the level of general surveillance is too
 high, the first response is to propose limits on access to the
 accumulated data.  That sounds nice, but it won't fix the problem, not
 even slightly, even supposing that the government obeys the rules.
 (The NSA has misled the FISA court, which said it
 was <a href="https://www.wired.com/threatlevel/2013/09/nsa-violations/">unable
 to effectively hold the NSA accountable</a>.) Suspicion of a crime
 will be grounds for access, so once a whistleblower is accused of
 &ldquo;espionage,&rdquo; finding the &ldquo;spy&rdquo; will provide an
 excuse to access the accumulated material.</p>
 
 <p>In practice, we can't expect state agencies even to make up excuses
 to satisfy the rules for using surveillance data&mdash;because US
 agencies
 already <a href="https://theintercept.com/2018/01/09/dark-side-fbi-dea-illegal-searches-secret-evidence/">
 lie to cover up breaking the rules</a>.  These rules are not seriously
 meant to be obeyed; rather, they are a fairy-tale we can believe if we
 like.</p>
 
 <p>In addition, the state's surveillance staff will misuse the data
 for personal reasons.  Some NSA
 agents <a href="https://www.theguardian.com/world/2013/aug/24/nsa-analysts-abused-surveillance-systems">used
 U.S. surveillance systems to track their lovers</a>&mdash;past,
 present, or wished-for&mdash;in a practice called
 &ldquo;LOVEINT.&rdquo; The NSA says it has caught and punished this a
 few times; we don't know how many other times it wasn't caught.  But
 these events shouldn't surprise us, because police have
 long <a href="https://web.archive.org/web/20160401102120/http://www.sweetliberty.org/issues/privacy/lein1.htm#.V_mKlYbb69I">used
 their access to driver's license records to track down someone
 attractive</a>, a practice known as &ldquo;running a plate for a
 date.&rdquo; This practice has expanded
 with <a href="https://theyarewatching.org/issues/risks-increase-once-data-shared">new
 digital systems</a>.  In 2016, a prosecutor was accused of forging
 judges' signatures to get authorization
 to <a href="https://gizmodo.com/government-officials-cant-stop-spying-on-their-crushes-1789490933">
 wiretap someone who was the object of a romantic obsession</a>. The AP
 knows
 of <a href="https://apnews.com/699236946e3140659fff8a2362e16f43">many
 other instances in the US</a>.
 </p>
 
 <p>Surveillance data will always be used for other purposes, even if
 this is prohibited.  Once the data has been accumulated and the state
 has the possibility of access to it, it can misuse that data in
 dreadful ways, as shown by examples
 from <a href="https://falkvinge.net/2012/03/17/collected-personal-data-will-always-be-used-against-the-citizens/">Europe</a>,
 <a href="https://en.wikipedia.org/wiki/Japanese_American_internment">the
 US</a>, and most
 recently <a href="https://www.cbc.ca/news/world/terrifying-how-a-single-line-of-computer-code-put-thousands-of-innocent-turks-in-jail-1.4495021">Turkey</a>.
 (Turkey's confusion about who had really used the Bylock program only
 exacerbated the basic deliberate injustice of arbitrarily punishing
 people for having used it.)
 </p>
 
 <p>You may feel your government won't use your personal data for
 repression, but you can't rely on that feeling, because governments do
 change.  As of 2021, many ostensibly democratic states
 are <a href="https://www.theguardian.com/commentisfree/2021/aug/21/beware-state-surveillance-of-your-lives-governments-can-change-afghanistan">ruled
 by people with authoritarian leanings</a>, and the Taliban have taken
 over Afghanistan's systems of biometric identification that were set
 up at the instigation of the US.  The UK is working on a law
 to <a href="https://www.theguardian.com/commentisfree/2021/aug/09/police-bill-not-law-order-state-control-erosion-freedom">repress
 nonviolent protests that might be described as causing &ldquo;serious
 disruption.&rdquo;</a>  The US could become permanently repressive in
 2025, for all we know.
 </p>
 
 <p>Personal data collected by the state is also likely to be obtained
 by outside crackers that break the security of the servers, even
 by <a href="https://www.techdirt.com/2015/06/12/second-opm-hack-revealed-even-worse-than-first/">crackers
 working for hostile states</a>.</p>
 
 <p>Governments can easily use massive surveillance capability
 to <a href="https://www.nytimes.com/2015/06/22/world/europe/macedonia-government-is-blamed-for-wiretapping-scandal.html">subvert
 democracy directly</a>.</p>
 
 <p>Total surveillance accessible to the state enables the state to
 launch a massive fishing expedition against any person.  To make
 journalism and democracy safe, we must limit the accumulation of data
 that is easily accessible to the state.</p>
 </div>
 
 <h3 id="technical">Robust Protection for Privacy Must Be Technical</h3>
 
 <div class="columns">
 <p>The Electronic Frontier Foundation and other organizations propose
 a set of legal principles designed to <a
 href="https://necessaryandproportionate.org">prevent the
 abuses of massive surveillance</a>.  These principles include,
 crucially, explicit legal protection for whistleblowers; as a
 consequence, they would be adequate for protecting democratic
 freedoms&mdash;if adopted completely and enforced without exception
 forever.</p>
 
 <p>However, such legal protections are precarious: as recent history
 shows, they can be repealed (as in the FISA Amendments Act),
 suspended, or <a
 href="https://www.nytimes.com/2009/04/16/us/16nsa.html">ignored</a>.</p>
 
 <p>Meanwhile, demagogues will cite the usual excuses as grounds for
 total surveillance; any terrorist attack, even one that kills just a
 handful of people, can be hyped to provide an opportunity.</p>
 
 <p>If limits on access to the data are set aside, it will be as if
 they had never existed: years worth of dossiers would suddenly become
 available for misuse by the state and its agents and, if collected by
 companies, for their private misuse as well.  If, however, we stop the
 collection of dossiers on everyone, those dossiers won't exist, and
 there will be no way to compile them retroactively.  A new illiberal
 regime would have to implement surveillance afresh, and it would only
 collect data starting at that date.  As for suspending or momentarily
 ignoring this law, the idea would hardly make sense.</p>
 </div>
 
 <h3 id="commonsense">First, Don't Be Foolish</h3>
 
 <div class="columns">
 <p>To have privacy, you must not throw it away: the first one who has
 to protect your privacy is you.  Avoid identifying yourself to web
 sites, contact them with Tor, and use browsers that block the schemes
 they use to track visitors.  Use the GNU Privacy Guard to encrypt the
 contents of your email.  Pay for things with cash.</p>
 
 <p>Keep your own data; don't store your data in a company's
 &ldquo;convenient&rdquo; server.  It's safe, however, to entrust a
 data backup to a commercial service, provided you put the files in an
 archive and encrypt the whole archive, including the names of the
 files, with free software on your own computer before uploading
 it.</p>
 
 <p>For privacy's sake, you must avoid nonfree software; if you give
 control of your computer's operations to companies, they
 are <a href="/malware/proprietary-surveillance.html">likely to make it
 spy on you</a>.
 Avoid <a href="/philosophy/who-does-that-server-really-serve.html">service
 as a software substitute</a>; in addition to giving others control of
 how your computing is done, it requires you to hand over all the
 pertinent data to the company's server.</p>
 
 <p>Protect your friends' and acquaintances' privacy,
 too.  <a href="https://bits.blogs.nytimes.com/2014/05/21/in-cybersecurity-sometimes-the-weakest-link-is-a-family-member/">Don't
 give out their personal information</a> except how to contact them,
 and never give any web site your list of email or phone contacts.
 Don't tell a company such as Facebook anything about your friends that
 they might not wish to publish in a newspaper.  Better yet, don't be
 used by Facebook at all.  Reject communication systems that require
 users to give their real names, even if you are happy to divulge yours,
 since they pressure other people to surrender their privacy.</p>
 
 <p>Self-protection is essential, but even the most rigorous
 self-protection is insufficient to protect your privacy on or from
 systems that don't belong to you.  When we communicate with others or
 move around the city, our privacy depends on the practices of society.
 We can avoid some of the systems that surveil our communications and
 movements, but not all of them.  Clearly, the better solution is to
 make all these systems stop surveilling people other than legitimate
 suspects.</p>
 </div>
 
 <h3 id="privacybydesign">We Must Design Every System for Privacy</h3>
 
 <div class="columns">
 <p>If we don't want a total surveillance society, we must consider
 surveillance a kind of social pollution, and limit the surveillance
 impact of each new digital system just as we limit the environmental
 impact of physical construction.</p>
 
 <p>For example: &ldquo;smart&rdquo; meters for electricity are touted
 for sending the power company moment-by-moment data about each
 customer's electric usage, including how usage compares with users in
 general.  This is implemented based on general surveillance, but does
 not require any surveillance.  It would be easy for the power company
 to calculate the average usage in a residential neighborhood by
 dividing the total usage by the number of subscribers, and send that
 to the meters.  Each customer's meter could compare her usage, over
 any desired period of time, with the average usage pattern for that
 period.  The same benefit, with no surveillance!</p>
 
 <p>We need to design such privacy into all our digital
 systems&nbsp;[<a href="#ambientprivacy">1</a>].</p>
 </div>
 
 <h3 id="dispersal">Remedy for Collecting Data: Leaving It Dispersed</h3>
 
 <div class="columns">
 <p>One way to make monitoring safe for privacy is
 to keep the data dispersed and inconvenient to
 access.  Old-fashioned security cameras were no threat to privacy(<a href="#privatespace">*</a>).
 The recording was stored on the premises, and kept for a few weeks at
 most.  Because of the inconvenience of accessing these recordings, it
 was never done massively; they were accessed only in the places where
 someone reported a crime.  It would not be feasible to physically
 collect millions of tapes every day and watch them or copy them.</p>
 
 <p>Nowadays, security cameras have become surveillance cameras: they
 are connected to the Internet so recordings can be collected in a data
 center and saved forever.  In Detroit, the cops pressure businesses to
 give them <a
 href="https://eu.detroitnews.com/story/news/local/detroit-city/2018/01/23/detroit-green-light/109524794/">unlimited
 access to their surveillance cameras</a> so that they can look through
 them at any and all times.  This is already dangerous, but it
 is  going to get worse.  Advances in <a href="#facial-recognition">facial
 recognition</a> may bring the day when suspected journalists can
 be tracked on the street all the time to see who they talk with.</p>
 
 <p>Internet-connected cameras often have lousy digital security
 themselves, which means <a
 href="https://www.csoonline.com/article/2221934/cia-wants-to-spy-on-you-through-your-appliances.html">anyone
 can watch what those cameras see</a>.  This makes internet-connected
 cameras a major threat to security as well as privacy.  For privacy's
 sake, we should ban the use of Internet-connected cameras aimed where
 and when the public is admitted, except when carried by people.
 Everyone must be free to post photos and video recordings
 occasionally, but the systematic accumulation of such data on the
 Internet must be limited.</p>
 
 <div class="infobox" style="margin-top: 1.5em">
 <p id="privatespace">(*) I assume here that the security
 camera points at the inside of a store, or at the street.  Any camera
 pointed at someone's private space by someone else violates privacy,
 but that is another issue.</p>
 </div>
 </div>
 
 <div class="announcement comment" role="complementary">
 <hr class="no-display" />
 <p>Also consider reading &ldquo;<a
 href="https://www.theguardian.com/commentisfree/2018/apr/03/facebook-abusing-data-law-privacy-big-tech-surveillance">A
 radical proposal to keep your personal data safe</a>,&rdquo; published in
 <cite>The Guardian</cite> in April&nbsp;2018.</p>
 <hr class="no-display" />
 </div>
 
 <h3 id="digitalcash">Remedy for Internet Commerce Surveillance</h3>
 
 <div class="columns">
 <p>Most data collection comes from people's own digital activities.
 Usually the data is collected first by companies.  But when it comes
 to the threat to privacy and democracy, it makes no difference whether
 surveillance is done directly by the state or farmed out to a
 business, because the data that the companies collect is
 systematically available to the state.</p>
 
 <p>The NSA, through PRISM,
 has <a href="https://www.commondreams.org/news/2013/08/23/latest-docs-show-financial-ties-between-nsa-and-internet-companies">gotten
 into the databases of many large Internet corporations</a>.  AT&amp;T
 has saved all its phone call records since 1987
 and <a href="https://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html?_r=0">makes
 them available to the DEA</a> to search on request.  Strictly
 speaking, the U.S.  government does not possess that data, but in
 practical terms it may as well possess it.  Some companies are praised
 for <a href="https://www.eff.org/who-has-your-back-government-data-requests-2015">resisting
 government data requests to the limited extent they can</a>, but that
 can only partly compensate for the harm they do to by collecting that
 data in the first place.  In addition, many of those companies misuse
 the data directly or provide it to data brokers.</p>
 
 <p>The goal of making journalism and democracy safe therefore requires
 that we reduce the data collected about people by any organization,
 not just by the state.  We must redesign digital systems so that they
 do not accumulate data about their users.  If they need digital data
 about our transactions, they should not be allowed to keep them more
 than a short time beyond what is inherently necessary for their
 dealings with us.</p>
 
 <p>One of the motives for the current level of surveillance of the
 Internet is that sites are financed through advertising based on
 tracking users' activities and propensities.  This converts a mere
 annoyance&mdash;advertising that we can learn to ignore&mdash;into a
 surveillance system that harms us whether we know it or not.
 Purchases over the Internet also track their users.  And we are all
 aware that &ldquo;privacy policies&rdquo; are more excuses to violate
 privacy than commitments to uphold it.</p>
 
 <p>We could correct both problems by adopting a system of anonymous
 payments&mdash;anonymous for the payer, that is.  (We don't want to
 help the payee dodge
 taxes.)  <a href="https://www.wired.com/opinion/2013/05/lets-cut-through-the-bitcoin-hype/">Bitcoin
 is not anonymous</a>, though there are efforts to develop ways to pay
 anonymously with Bitcoin.  However, technology
 for <a href="https://www.wired.com/wired/archive/2.12/emoney_pr.html">digital
 cash was first developed in the 1980s</a>; the GNU software for doing
 this is called <a href="https://taler.net/">GNU Taler</a>.  Now we need
 only suitable business arrangements, and for the state not to obstruct
 them.</p>
 
 <p>Another possible method for anonymous payments would
 use <a href="/philosophy/phone-anonymous-payment.html">prepaid
 phone cards</a>.  It is less convenient, but very easy to
 implement.</p>
 
 <p>A further threat from sites' collection of personal data is that
 security breakers might get in, take it, and misuse it.  This includes
 customers' credit card details.  An anonymous payment system would end
 this danger: a security hole in the site can't hurt you if the site
 knows nothing about you.</p>
 </div>
 
 <h3 id="travel">Remedy for Travel Surveillance</h3>
 
 <div class="columns">
 <p>We must convert digital toll collection to anonymous payment (using
 digital cash, for instance).  License-plate recognition systems
 <a href="https://www.eff.org/deeplinks/2018/11/eff-and-muckrock-release-records-and-data-200-law-enforcement-agencies-automated">
 recognize all cars' license plates</a>, and
 the <a href="http://news.bbc.co.uk/2/hi/programmes/whos_watching_you/8064333.stm">data
 can be kept indefinitely</a>; they should be required by law to notice
 and record only those license numbers that are on a list of cars
 sought by court orders.  A less secure alternative would record all
 cars locally but only for a few days, and not make the full data
 available over the Internet; access to the data should be limited to
 searching for a list of court-ordered license-numbers.</p>
 
 <p>The U.S. &ldquo;no-fly&rdquo; list must be abolished because it is
 <a href="https://www.aclu.org/news/national-security/victory-federal-court-recognizes-constitutional">punishment
 without trial</a>.</p>
 
 <p>It is acceptable to have a list of people whose person and luggage
 will be searched with extra care, and anonymous passengers on domestic
 flights could be treated as if they were on this list.  It is also
 acceptable to bar non-citizens, if they are not permitted to enter the
 country at all, from boarding flights to the country.  This ought to
 be enough for all legitimate purposes.</p>
 
 <p>Many mass transit systems use some kind of smart cards or RFIDs for
 payment.  These systems accumulate personal data: if you once make the
 mistake of paying with anything but cash, they associate the card
 permanently with your name.  Furthermore, they record all travel
 associated with each card.  Together they amount to massive
 surveillance.  This data collection must be reduced.</p>
 
 <p>Navigation services do surveillance: the user's computer tells the
 map service the user's location and where the user wants to go; then
 the server determines the route and sends it back to the user's
 computer, which displays it.  Nowadays, the server probably records
 the user's locations, since there is nothing to prevent it.  This
 surveillance is not inherently necessary, and redesign could avoid it:
 free/libre software in the user's computer could download map data for
 the pertinent regions (if not downloaded previously), compute the
 route, and display it, without ever telling anyone where the user is
 or wants to go.</p>
 
 <p>Systems for borrowing bicycles, etc., can be designed so that the
 borrower's identity is known only inside the station where the item
 was borrowed.  Borrowing would inform all stations that the item is
 &ldquo;out,&rdquo; so when the user returns it at any station (in
 general, a different one), that station will know where and when that
 item was borrowed.  It will inform the other station that the item is
 no longer &ldquo;out.&rdquo; It will also calculate the user's bill,
 and send it (after waiting some random number of minutes) to
 headquarters along a ring of stations, so that headquarters would not
 find out which station the bill came from.  Once this is done, the
 return station would forget all about the transaction.  If an item
 remains &ldquo;out&rdquo; for too long, the station where it was
 borrowed can inform headquarters; in that case, it could send the
 borrower's identity immediately.</p>
 </div>
 
 <h3 id="communications">Remedy for Communications Dossiers</h3>
 
 <div class="columns">
 <p>Internet service providers and telephone companies keep extensive
 data on their users' contacts (browsing, phone calls, etc).  With
 mobile phones, they
 also <a href="https://web.archive.org/web/20210312235125/http://www.zeit.de/digital/datenschutz/2011-03/data-protection-malte-spitz">record
 the user's physical location</a>.  They keep these dossiers for a long
 time: over 30 years, in the case of AT&amp;T.  Soon they will
 even <a href="https://www.wired.com/opinion/2013/10/the-trojan-horse-of-the-latest-iphone-with-the-m7-coprocessor-we-all-become-qs-activity-trackers/">record
 the user's body activities</a>.  It appears that
 the <a href="https://www.aclu.org/news/national-security/it-sure-sounds-nsa-tracking-our-locations">NSA
 collects cell phone location data</a> in bulk.</p>
 
 <p>Unmonitored communication is impossible where systems create such
 dossiers.  So it should be illegal to create or keep them.  ISPs and
 phone companies must not be allowed to keep this information for very
 long, in the absence of a court order to surveil a certain party.</p>
 
 <p>This solution is not entirely satisfactory, because it won't
 physically stop the government from collecting all the information
 immediately as it is generated&mdash;which is what
 the <a href="https://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order">U.S. does
 with some or all phone companies</a>.  We would have to rely on
 prohibiting that by law.  However, that would be better than the
 current situation, where the relevant law (the PAT RIOT Act) does not
 clearly prohibit the practice.  In addition, if the government did
 resume this sort of surveillance, it would not get data about
 everyone's phone calls made prior to that time.</p>
 
 <p>For privacy about who you exchange email with, a simple partial
 solution is for you and others to use email services in a country that
 would never cooperate with your own government, and which communicate
 with each other using encryption.  However, Ladar Levison (owner of
 the mail service Lavabit that US surveillance sought to corrupt
 completely) has a more sophisticated idea for an encryption system
 through which your email service would know only that you sent mail to
 some user of my email service, and my email service would know only
 that I received mail from some user of your email service, but it
 would be hard to determine that you had sent mail to me.</p>
 </div>
 
 <h3 id="necessary">But Some Surveillance Is Necessary</h3>
 
 <div class="columns">
 <p>For the state to find criminals, it needs to be able to investigate
 specific crimes, or specific suspected planned crimes, under a court
 order.  With the Internet, the power to tap phone conversations would
 naturally extend to the power to tap Internet connections.  This power
 is easy to abuse for political reasons, but it is also necessary.
 Fortunately, this won't make it possible to find whistleblowers after
 the fact, if (as I recommend) we prevent digital systems from accumulating
 massive dossiers before the fact.</p>
 
 <p>Individuals with special state-granted power, such as police,
 forfeit their right to privacy and must be monitored.  (In fact,
 police have their own jargon term for perjury,
 &ldquo;<a href="https://en.wikipedia.org/w/index.php?title=Police_perjury&amp;oldid=552608302">testilying</a>,&rdquo;
 since they do it so frequently, particularly about protesters
 and <a href="https://web.archive.org/web/20131025014556/http://photographyisnotacrime.com/2013/10/23/jeff-gray-arrested-recording-cops-days-becoming-pinac-partner/">
 photographers</a>.)
 One city in California that required police to wear video cameras all
 the time
 found <a href="https://www.motherjones.com/kevin-drum/2013/08/ubiquitous-surveillance-police-edition">their
 use of force fell by 60%</a>.  The ACLU is in favor of this.</p>
 
 <p><a
 href="https://web.archive.org/web/20171019220057/http://action.citizen.org/p/dia/action3/common/public/?action_KEY=12266">Corporations
 are not people, and not entitled to human rights</a>.  It is
 legitimate to require businesses to publish the details of processes
 that might cause chemical, biological, nuclear, fiscal, computational
 (e.g., <a href="https://DefectiveByDesign.org">DRM</a>) or political
 (e.g., lobbying) hazards to society, to whatever level is needed for
 public well-being.  The danger of these operations (consider the BP
 oil spill, the Fukushima meltdowns, and the 2008 fiscal crisis) dwarfs
 that of terrorism.</p>
 
 <p>However, journalism must be protected from surveillance even when
 it is carried out as part of a business.</p>
 </div>
 
 <h3 id="conclusion">Conclusion</h3>
 
 <div class="reduced-width">
 <p>Digital technology has brought about a tremendous increase in the
 level of surveillance of our movements, actions, and communications.
 It is far more than we experienced in the 1990s, and <a
 href="https://hbr.org/2013/06/your-iphone-works-for-the-secret-police">far
 more than people behind the Iron Curtain experienced</a> in the 1980s,
 and proposed legal limits on state use of the accumulated data would
 not alter that.</p>
 
 <p>Companies are designing even more intrusive surveillance.  Some
 project that pervasive surveillance, hooked to companies such as
 Facebook, could have deep effects on <a
 href="https://www.theguardian.com/technology/2015/aug/10/internet-of-things-predictable-people">how
 people think</a>.  Such possibilities are imponderable; but the threat
 to democracy is not speculation.  It exists and is visible today.</p>
 
 <p>Unless we believe that our free countries previously suffered from
 a grave surveillance deficit, and ought to be surveilled more than the
 Soviet Union and East Germany were, we must reverse this increase.
 That requires stopping the accumulation of big data about people.</p>
 <div class="column-limit"></div>
 
 <h3 class="footnote">End Note</h3>
 <ol>
 <li id="ambientprivacy">The condition of <em>not being monitored</em>
 has been referred to as <a
 href="https://idlewords.com/2019/06/the_new_wilderness.htm">ambient
 privacy</a>.</li>
 
 <li id="facial-recognition">In the 2020s, facial recognition deepens
 the danger of surveillance cameras.  China already identifies people
 by their faces so as to punish them,
 and <a href="https://www.theguardian.com/global-development/2022/sep/05/iran-government-facial-recognition-technology-hijab-law-crackdown">Iran
 is planning to use it to punish women who violate religion-imposed
 dress codes</a>.</li>
 </ol>
 
 <div class="infobox extra" role="complementary">
 <hr />
 <!-- rms: I deleted the link because of Wired's announced
      anti-ad-block system -->
 <p>A version of this article was first published in
 <cite>Wired</cite> in October&nbsp;2013.</p>
 </div>
 </div>
 </div>
 
 </div><!-- for id="content", starts in the include above -->
 <!--#include virtual="/server/footer.html" -->
 <div id="footer" role="contentinfo">
 <div class="unprintable">
 
 <p>Please send general FSF &amp; GNU inquiries to
 <a href="mailto:gnu@gnu.org">&lt;gnu@gnu.org&gt;</a>.
 There are also <a href="/contact/">other ways to contact</a>
 the FSF.  Broken links and other corrections or suggestions can be sent
 to <a href="mailto:webmasters@gnu.org">&lt;webmasters@gnu.org&gt;</a>.</p>
 
 <p><!-- TRANSLATORS: Ignore the original text in this paragraph,
         replace it with the translation of these two:
 
         We work hard and do our best to provide accurate, good quality
         translations.  However, we are not exempt from imperfection.
         Please send your comments and general suggestions in this regard
         to <a href="mailto:web-translators@gnu.org">
         &lt;web-translators@gnu.org&gt;</a>.</p>
 
         <p>For information on coordinating and contributing translations of
         our web pages, see <a
         href="/server/standards/README.translations.html">Translations
         README</a>. -->
 Please see the <a
 href="/server/standards/README.translations.html">Translations
 README</a> for information on coordinating and contributing translations
 of this article.</p>
 </div>
 
 <!-- Regarding copyright, in general, standalone pages (as opposed to
      files generated as part of manuals) on the GNU web server should
      be under CC BY-ND 4.0.  Please do NOT change or remove this
      without talking with the webmasters or licensing team first.
      Please make sure the copyright date is consistent with the
      document.  For web pages, it is ok to list just the latest year the
      document was modified, or published.
      
      If you wish to list earlier years, that is ok too.
      Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
      years, as long as each year in the range is in fact a copyrightable
      year, i.e., a year in which the document was published (including
      being publicly visible on the web or in a revision control system).
      
      There is more detail about copyright years in the GNU Maintainers
      Information document, www.gnu.org/prep/maintain. -->
 
 <p>Copyright &copy; 2013-2019, 2021, 2022 Richard Stallman</p>
 
 <p>This page is licensed under a <a rel="license"
 href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
 Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
 
 <!--#include virtual="/server/bottom-notes.html" -->
 
 <p class="unprintable">Updated:
 <!-- timestamp start -->
 $Date: 2022/09/17 18:24:26 $
 <!-- timestamp end -->
 </p>
 </div>
 </div><!-- for class="inner", starts in the banner include -->
 </body>
 </html>