Reports of the National Security agency’s surveillance programs based on documents leaked by Edward Snowden have been embarrassing for some, enraging to others. But to governments and security services in developing economies they will prove inspirational, according to a report (PDF) from the University of Toronto’s Citizen Lab, which studies online security and privacy.
The report warns that governments that already impose authoritarian controls on the Internet, such as China, India, and Saudi Arabia, may now seek to boost those efforts with NSA-style bulk collection programs that trample on civil liberties.
Ron Deibert, director of Citizen Lab, writes in the report that:
“No doubt one implication of Snowden’s revelations will be the spurring on of numerous national efforts to regain control of information infrastructures through national competitors to Google, Verizon, and other companies implicated, not to mention the development of national signals intelligence programs that attempt to duplicate the US model.”
Deibert says that many companies already face “complex” and “frustrating” requests from “newly emerging markets” for data on their users. He believes that the NSA revelations will cause those to become even more common, with unwelcome results.
“Many countries of the global South lack even basic safeguards and accountability mechanisms around the operations of security services, and their demands on the private sector could contribute to serious human rights violations and other forms of repression.”
India, the United Arab Emirates, and Saudi Arabia, for example, have already demanded that BlackBerry add interception technology to its services, notes Deibert. He says that insisting that companies add such “backdoors” to their services introduces serious security risks, because they could be discovered and abused by others.
Citizen Lab has evidence to back up that argument. In 2008, researchers in the group that the Chinese version of Skype, Tom-Skype, had been modified to help the Chinese government’s surveillance efforts. The program sent chat logs to a government server if certain keywords were typed, but that server was not password protected. Anyone could download millions of personal conversations collected by the authorities, which included credit-card numbers and other sensitive information.
Deibert doesn’t argue that security services should never access data held by Internet companies. But he maintains that can be done without hard-wiring backdoors into communications services. Rather he would prefer agencies to be restricted to requesting specific, limited information about certain accounts on a case-by-case basis, rather than harvesting bulk data for later processing as we have learned the NSA does.
A gene-edited pig’s heart has been transplanted into a human for the first time
The procedure is a one-off, and highly experimental, but the technique could help reduce transplant waiting lists in the future.
A horrifying new AI app swaps women into porn videos with a click
Deepfake researchers have long feared the day this would arrive.
The worst technology of 2021
Face filters, billionaires in space, and home-buying algorithms that overpay all made our annual list of technology gone wrong.
The metaverse has a groping problem already
A woman was sexually harassed on Meta’s VR social media platform. She’s not the first—and won’t be the last.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.