Reports of the National Security agency’s surveillance programs based on documents leaked by Edward Snowden have been embarrassing for some, enraging to others. But to governments and security services in developing economies they will prove inspirational, according to a report (PDF) from the University of Toronto’s Citizen Lab, which studies online security and privacy.
The report warns that governments that already impose authoritarian controls on the Internet, such as China, India, and Saudi Arabia, may now seek to boost those efforts with NSA-style bulk collection programs that trample on civil liberties.
Ron Deibert, director of Citizen Lab, writes in the report that:
“No doubt one implication of Snowden’s revelations will be the spurring on of numerous national efforts to regain control of information infrastructures through national competitors to Google, Verizon, and other companies implicated, not to mention the development of national signals intelligence programs that attempt to duplicate the US model.”
Deibert says that many companies already face “complex” and “frustrating” requests from “newly emerging markets” for data on their users. He believes that the NSA revelations will cause those to become even more common, with unwelcome results.
“Many countries of the global South lack even basic safeguards and accountability mechanisms around the operations of security services, and their demands on the private sector could contribute to serious human rights violations and other forms of repression.”
India, the United Arab Emirates, and Saudi Arabia, for example, have already demanded that BlackBerry add interception technology to its services, notes Deibert. He says that insisting that companies add such “backdoors” to their services introduces serious security risks, because they could be discovered and abused by others.
Citizen Lab has evidence to back up that argument. In 2008, researchers in the group that the Chinese version of Skype, Tom-Skype, had been modified to help the Chinese government’s surveillance efforts. The program sent chat logs to a government server if certain keywords were typed, but that server was not password protected. Anyone could download millions of personal conversations collected by the authorities, which included credit-card numbers and other sensitive information.
Deibert doesn’t argue that security services should never access data held by Internet companies. But he maintains that can be done without hard-wiring backdoors into communications services. Rather he would prefer agencies to be restricted to requesting specific, limited information about certain accounts on a case-by-case basis, rather than harvesting bulk data for later processing as we have learned the NSA does.
Here’s how a Twitter engineer says it will break in the coming weeks
One insider says the company’s current staffing isn’t able to sustain the platform.
Technology that lets us “speak” to our dead relatives has arrived. Are we ready?
Digital clones of the people we love could forever change how we grieve.
How to befriend a crow
I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.
Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not
Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.