Furtive Encryption: Power, Trusts, and the Constitutional Cost of Collective Surveillance

Recent revelations of heretofore secret U.S. government surveillance programs have sparked national conversations about their constitutionality and the delicate balance between security and civil liberties in a constitutional democracy. Among the revealed policies asserted by the National Security Agency (NSA) is a provision found in the “minimization procedures” required under section 702 of the Foreign Intelligence Surveillance Act of 1978. This provision allows the NSA to collect and keep indefinitely any encrypted information collected from domestic communications—including the communications of U.S. citizens. That is, according to the U.S. government, the mere fact that a U.S. citizen has encrypted her electronic communications is enough to give the NSA the right to store that data until it is able to decrypt or decode it. Through this provision, the NSA is automatically treating all electronic communications from U.S. citizens that are hidden or obscured through encryption—for whatever reason—as suspicious, a direct descendant of the “nothing-to-hide” family of privacy minimization arguments. The ubiquity of electronic communication in the United States and elsewhere has led to the widespread use of encryption, the vast majority of it for innocuous purposes. This Article argues that the mere encryption by individuals of their electronic communications is not alone a basis for individualized suspicion. Moreover, this Article asserts that the NSA’s policy amounts to a suspicionless search and seizure. This program is therefore in direct conflict with the fundamental principles underlying the Fourth Amendment, specifically the protection of individuals from unwarranted government power and the establishment of the reciprocal trust between citizen and government that is necessary for a healthy democracy

Interception: law, media, and techniques

In 2013, Edward Snowden provided journalists with copies of classified documents detailing the operations of the National Security Agency of the United States and its allies; in particular, the UK’s Government Communications Headquarters. Snowden explained that he hoped to set the conditions for a new technical literacy that would alter understandings of the relationship between digital communications and law. This thesis asks whether or not law is capable of repaying Snowden’s faith. To that end, it offers a media-theoretical genealogy of the interception of communication in the UK. Interception is presented as an effect of different sets of technical operations, mediated and processed by communication devices and networks. The thesis traces interception techniques: from their beginnings in the General Post Office; in their evolution through the operations of technical media; to their reappearance in the operations of digital media that constitute the internet. The authorisation of interception, meanwhile, has always depended upon legal techniques mediated by interception warrants. A genealogy of the interception warrant is presented through an archival study of the distinctly different practices of document production that manufactured and programmed warrants in different media epochs; from the medieval Chancery and paper bureaucracies of state institutions to the graphical user interface, which mediates between interception techniques and law today. Finally, the thesis addresses the function of legislation as it in turn addresses warrants and interception techniques. Law and legislation, it is argued, are incapable of constraining technical operations of interception because, like interception, law is already an effect of media-technical operations. The law operates not by controlling interception, but by processing it, assigning meaning to it, and protecting the secrecy of ongoing interception operations

Regulating the technological actor: how governments tried to transform the technology and the market for cryptography and cryptographic services and the implications for the regulation of information and communications technologies

The formulation, adoption, and transformation of policy involves the interaction of actors as they negotiate, accept, and reject proposals. Traditional studies of policy discourse focus on social actors. By studying cryptography policy discourses, I argue that considering both social and technological actors in detail enriches our understanding of policy discourse. The case-based research looks at the various cryptography policy strategies employed by the governments of the United States of America and the United Kingdom. The research method is qualitative, using hermeneutics to elucidate the various actors’ interpretations. The research aims to understand policy discourse as a contest of principles involving various government actors advocating multiple regulatory mechanisms to maintain their surveillance capabilities, and the reactions of industry actors, non-governmental organisations, parliamentarians, and epistemic communities. I argue that studying socio-technological discourse helps us to understand the complex dynamics involved in regulation and regulatory change. Interests and alignments may be contingent and unstable. As a result, technologies can not be regarded as mere representations of social interests and relationships. By capturing the interpretations and articulations of social and technological actors we may attain a better understanding of the regulatory landscape for information and communications technologies

Privacy and data protection in India and Germany: A comparative analysis

This research report offers a comparative analysis of privacy and data protection in Germany and India. It compares the two regimes on four counts. First, it examines how the right to privacy and/or its allied rights have developed in the two countries historically. In this, it explores the political factors contributing to the understanding and acceptability of the principles of privacy in the decades after the Second World War. Second, it delves into the instruments and forms of state surveillance employed by both the countries and analyses how the presence of parliamentary and judicial oversight on intelligence agencies impacts individual privacy. In the third section, it compares how biometric identity systems have been deployed in the two countries, the safeguards designed around the same, and the legal challenges they have thrown up. Lastly, it evaluates data subject rights as defined under the General Data Protection Regulation (GDPR) together with the Bundesdatenschutzgesetz-Neu (BDSG-Neu) and how they compare with those as defined under the Draft Personal Data Protection Bill, 2018 in the Indian context