Law in the Internet Society

Privacy and Mass Surveillance of Terrorism through Big Data

-- By ClementLegrand - 09 Dec 2016


In this paper, I will analyze the use of big data surveillance as it was carried out by the NSA. For this purpose, I will briefly set the scene by recalling the Snowden revelations and clarifying what is meant by "big data" (when using the word "terrorism" I refer to its American legal definition). I will then analyze the US legal framework and discuss the proportionnality of the massive surveillance.

Big Data Surveillance of "Terrorism"

Tere are many definitions of "Big Data". The three elements that are classically associated with Big data are the three "V"s, namely, Volume, Velocity and Variety. This means that Big Data involves the processing of an important amount of data (volume), that such data includes different kind of data (variety) and that big data is characterized by the rapidity of the processing (velocity). Through using Big Data, it is possible to determine patterns of conducts and to make predictive deductions due to the correlation of these patterns. In the recent years, surveillance through Big Data is very often associated to the prosecution and prevention of terrorrism. The Snowden revelation showed that the NSA is collecting huge amount of data and that it monitors online communication through the collaboration with private companies. In the recent years, we have seen examples of how Big data has been used by intelligence services in suspected terrorism case. If this paper will focus on the collection of information by the NSA, it is worth noting that this use of Big Data is not limited to the American intelligence services.

Snowden Revelations: Brief Analysis of the US Legal Framework

Under the current legal situation, there are very few situations in which the fourth amendment will apply to the situation described above. In the online world, the presence of intermediaries to provide the communication triggers the application of the third party doctrine,(resulting from the famous case Smith V. Maryland), thereby excluding expectations of privacy on most of the online information. In my opinion, this doctrine should be modified to better fit the reality of today's society: just because and information is shared with an intermediary in order to transfer such information to a third party recipient does not mean that the communicants have no expectations of privacy about this information.

Part of the collection of data under the PRISM program was subject to the section 702 of the FISA Amendment Act of 2008. To summarize, this section of the act intends to facilitate the surveillance of non-US citizens reasonably believed to be located outside of the United States. This provision does not allow to "intentionally" target US persons or Non-US persons known to be located in the United States. This provision is the legal basis for the PRISM program. A FISA court decided that the NSA could use information relating to US persons that were "inadvertently" collected. In an interview conducted by John Oliver (mixing journalism with comedy, in order to raise awareness of the public), Edward Snowden mentioned that, in practice, this meant that if information relating to US persons were temporarily stored as a backup in Europe or if the communication merely transited by a server outside of the US borders, the information will be processed by the NSA. This raises questions. How can a distinction based on categories of persons (i.e. more or less corresponding to US citizens) be effective when the functioning of the internet is so international? I wonder to which extent it is technically possible to distinguish communication on the basis of the nationality of their sender/receiver. The protection of privacy requires ecological measures, because privacy is an environment that we all share. On this assumption, it seems complicated to distinguish which kind of person has a right to breath a better air than another.

The collection of domestic metadata relating to phone calls were also conducted by the NSA pursuant to section 215 of the USA Patriot Act. It is interesting to note that the data collected consisted in metadata. According to a long-established idea, metadata is less intrusive upon one's privacy than content. However, as I have shown above, big data makes it possible to deduct a series of correlations, which can result in discovering the content. This idea that metadata is less intrusive upon one's privacy does not entirely correspond to today's technologies. Since June 2015, the USA Freedom Act has amended the section 215 and each collection of metadata within the USA now needs a specific request to the telecommunications operators.

Conclusion: Legality and Proportionality

When he came at Columbia in October, the new General Counsel of the NSA mentioned that the NSA abide with the American laws. The above shows that the mass surveillance program was carried out in a legal framework that did not (and still does not) fully protects against overcollection of data. Even more: the technic used require bulk collection. As mentioned by the Guardian, "in order to find the needle in the haystack, they [the NSA] argue, they need access to the whole haystack" (1). If it is clear that there is a need for regulatory reform, another question that we should ask is the proportionality of this practice. In most cases, massive surveillance is justified by the need for security. It is also worth noting that in some of the recent attacks, the perpetrators were already listed as potentially dangerous and were known by the authorities. Even more recently, the attacks were perpetrated by so called "lone wolfs", namely individuals that more or less suddenly decide on their own to commit terrorist attacks, without having previous links with a terrorist cell. This was for example the case of the attacks in Nice. According to witnesses, the terrorist got radicalized very quickly. These new kinds of terrorists raise new questions for enforcement authorities: they are difficult/impossible to detect and to prevent.

In my opinion, this kind of program is not proportional because it implies that the entire population gives up most of its rights to privacy and of free speech for a method that will probably prove less efficient than we would expect. Also, we need to be aware that terrorism is probably not a temporary phenomenon.

(1) The hyperlink does not seem to be working within the text: #Set ALLOWTOPICVIEW = TWikiAdminGroup, ClementLegrand #Set DENYTOPICVIEW = TWikiGuest


Webs Webs

r17 - 22 Feb 2017 - 13:45:56 - ClementLegrand
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM