21
ISSUES: Privacy
Chapter 1: What is privacy?
With the latest WikiLeaks revelations about
the CIA – is privacy really dead?
In the wake of James Comey’s declaration that there’s no privacy in America and
more WikiLeaks disclosures, do the law and technology prove him right?
By Olivia Solon
I
n the week that WikiLeaks revealed
the CIA and MI5 have an armoury
of surveillance tools that can spy
on people through their smart TVs,
cars and cellphones, the FBI director,
James Comey, has said that Americans
should not have expectations of
“absolute privacy”.
“There is no such thing as absolute
privacy in America: there is no place
outside of judicial reach,” Comey
said at a Boston College conference
on cybersecurity. The remark came
as he was discussing the rise of
encryption since Edward Snowden’s
2013 revelations of the NSA’s mass
surveillance tools, used on citizens
around the world.
Both the Snowden revelations and
the CIA leak highlight the variety
of creative techniques intelligence
agencies can use to spy on individuals,
at a time when many of us are
voluntarily giving up our personal
data to private companies and
installing so-called “smart” devices
with microphones (smart TVs, Amazon
Echo) in our homes.
So, where does this leave us? Is privacy
really dead, as Silicon Valley luminaries
such as Mark Zuckerberg have
previously declared?
Not according to the Electronic
Frontier
Foundation’s
executive
director, Cindy Cohn.
“The freedom to have a private
conversation – free from the worry
that a hostile government, a rogue
government agent or a competitor or
a criminal are listening – is central to a
free society,” she said.
While not as strict as privacy laws in
Europe, the fourth amendment to the
US constitution does guarantee the
right to be free from unreasonable
searches and seizures.
That doesn’t mean citizens have
‘absolute privacy’.
“I don’t think there’s been absolute
privacy in the history of mankind,”
said Albert Gidari, director of privacy
at the Stanford Center for Internet and
Society. “You walk out in public and it’s
no longer private. You shout from one
window to another and someone will
hear you in conversation.”
“At the same time things are more
intrusive, persistent, searchable, they
never die. So our conception of what is
or isn’t risk from a privacy perspective
does change and evolve over time.”
The law hasn’t kept pace with digital
technologies. For example, there is
a legal theory called the “third-party
doctrine” that holds that people who
give up their information to third
parties like banks, phone companies,
social networks and ISPs have “no
reasonable expectation of privacy”.
This has allowed the US Government
to obtain information without legal
warrants.
Unlike the NSA techniques revealed by
Snowden, the CIA appears to favour a
more targeted approach: less dragnet,
more spearfishing.
The WikiLeaks files show that the CIA
has assembled a formidable arsenal
of cyberweapons designed to target
individuals’ devices such as mobile
phones, laptops and TVs by targeting
the operating systems such as Android,
iOS and Windows with malware.
It’s encouraging to note that the
Government has yet to crack the
encryption of secure messaging apps
such as WhatsApp, Signal and Confide.
However, it does not need to if it can
instal malware on people’s devices
that can collect audio and message
traffic before encryption is applied.
Gidari isn’t that surprised. “It confirms
what everyone saw in last week’s
episode of
24
. People expect these
tools to exist,” he said, adding that
people were more surprised that the
