The revelations made by whistle-blower Edward Snowden over the course of the summer of 2013 have taken the world by storm. The two major themes in this saga surprised the general public, officials and politicians alike. Firstly, the size and the extent of the alleged American, British (and later French) data-trawling practices were met with shock. Secondly, the alleged eavesdropping by the US on the European Union and on a number of European allies was equally met with consternation. Yet, as noted by a number of analysts and serving and former politicians, these practices are neither entirely new nor unique.[1] Those familiar with the previous disclosures of information-gathering programs can see the evolutionary progression from older initiatives.[2] Moreover, all governments conduct espionage, to the best of their abilities, whether for political, security, economic or technological purposes.[3]

However, in an age characterized by electronic communications, big data and corresponding metadata, what these disclosures have shed light on is the vulnerably of most information and the ease at which it may be gathered. The adage derived from the classic New Yorker cartoon with the caption, ‘On the Internet, no one knows you’re a dog’, no longer holds. Your home, the color and shine of your fur, your breed and breakfast can now easily be ascertained. Yet, judging by the reactions in the media, it seems many individuals and institutions were ignorant of the fact that so much personal and sensitive information is out there for the taking. Indeed, as John Naughton writes in the Guardian:

‘If anyone is shocked by what’s been disclosed in the last fortnight, then they haven’t been paying attention to the technology. Computer power has been obeying Moore’s Law – doubling every two years – for nigh on four decades. Network bandwidth has been tripling every year. Ditto digital storage capacity. The result is that what looked like science fiction 20 years ago is now a mundane reality.’[4]

Similarly, German politician Malte Spitz last year quite clearly explained what can be done with metadata.[5] Spitz could, on the basis of his own data requested from his services provider, reconstruct his every move made over the course of 6 months. To show the German public what data retention policies mean and make possible, he produced a visualization of his life over this period.[6] The fact that knowledge of what could be done with such information was available to the public before the eavesdropping events of 2013 yet that, internationally, no major interest groups or political parties mobilized to raise awareness regarding internet policy and civil right justifies Naughton’s argument that ‘it’s not just citizens who are behind the technological curve. Our political leaders seem similarly clueless’.[7]

This may seem to contradict what was written in the opening paragraph, but there is a distinct difference between the sensitive knowledge senior states(wo)men are privy to and the knowledge of parliamentarians or junior minister who will not possess any ‘need to know’. Also there is difference between leaders receiving intelligence end products based on data trawling practices and senior politicians truly understanding the technical issues. For the German public at least, this was made obvious when German Chancellor Angela Merkel described the internet as ‘new’ and ‘uncharted territory’.[8] Governments and parliamentarians exist to represent citizens, but if both the citizens and representatives do not understand the scope of technological change, there is a problem for society. When politicians do not possess enough expertise to be able to propose adequate checks on intelligence services and companies, nor understand the implications and possibilities technological advances could have, this poses a threat to societies. Also if citizens do not comprehend these issues, they will not know when to call for change. The Snowden affair has highlighted this worrying lack of knowledge regarding the architecture of the internet.

Digital Highways

The digital as well as physical internet is international by nature. The world’s electronic communications pass through many places and the infrastructure and companies that support its transit along the information superhighway are often not under the jurisdiction of a single country. This includes the fiber-optic cables, internet exchange points and the many servers that host the cloud (only a small part of the network traffic goes through satellites). That is why the internet is often considered a global commons. The internet is therefore not just an ethereal cyberspace but it has a physical architecture, which, as former US Senator Ted Stevens has described and Andrew Blum elaborates on, consists of ‘a series of tubes’.[9]

The allegations by Snowden suggest that the UK is tapping over 200 internet cables that, due to the historic and geographic circumstances, converge on the British Isles.[10] Yet this capability is not just one that could be possessed by the UK, the US or France or other western countries. Given the proliferation of communication cables that have traversed the globe as these maps from Telegeography shows,[11] there are many places around the globe where these cables, that carry the internet and telecoms data, make landfall. One US diplomatic cable (note that this type of correspondence derives its name from the very channels by which it used to be  transmitted: submarine cables) released by Wikileaks emphasizes their importance as crucial infrastructure to the US and definitely for many others.[12] It is therefore probable to assume that any country that harbors a cable landing site and possesses sufficient technical prowess can tap into the digital sea lines of communication. Der Spiegel estimates that

‘[r]oughly half a dozen countries maintain intelligence agencies like the NSA that operate on a global scale. In addition to the Americans, this includes the Russians, Chinese, British, French and — to a lesser extent — Israelis and Germans. They have all placed the Internet at the heart of their surveillance operations.’[13]

This being said, cables do not necessarily need to make landfall on or traverse a nation’s territory as a prerequisite for access. According to Snowden, the US gained access to a firm with headquarters in Hong Kong, which owns extensive submarine cable networks in the Asia-Pacific.[14] Moreover, tapping into the tubes does not only occur when cables make landfall. As former NATO Supreme Allied Commander Europe James Stavridis pointed out,

‘the use of “underwater drones” might someday allow […] the exploitation of underwater fiber-optic cables deep on the ocean floor. This could one day provide a rich environment for intelligence collection, “blinding” communication pathways, and the conduct of cyber operations.’[15]

A similar practice was conducted during the Cold War by manned submarines.[16] The use of drones could make this process more prolific and less complex,[17] especially as in the future it is likely that there will be a proliferation of drone technology.

Exchange Points and Supply Chains

Cables are not the only crucial part of the cyber architecture; so too are internet exchange points (IXP), also known as the ‘backbone’ of the internet. These data choke points are located throughout the world, as this map by Telegeography shows.[18] Depending on their size, these exchanges handle local and regional traffic between internet service providers. They remove the need for data to take lengthy detours via overseas servers. The Chinese University of Hong Kong (CUHK) runs Hong Kong’s key internet exchange (HKIX). Snowden alleges that the US gained access to this exchange, stating that ‘[w]e hack network backbones – like huge Internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one’.[19] Similarly, Der Speigel describes how the Bundesnachrichtendienst (BDN), the German intelligence agency, monitors the largest hub in Europe located in Frankfurt.[20] Snowden’s revelations furthermore led members of the Netherlands House of Representatives to ask one of the biggest IXP in Amsterdam to provide clarification on the practices, consequences and legal frameworks related to the possibility of wire-tapping of Internet traffic.[21] Such practices may not even happen with the knowledge or consent of the companies operating cables, exchanges or other services. As one experts puts it,

‘[t]he Internet is really driven by a series of transactions… [which]work because trust is the very foundation of the Internet. Having an unknown, unauthorized party access to what is essentially private communications erodes that trust, and with it, the very foundation of what makes the Internet work.’[22]

This is a trust that many companies would not think of jeopardizing, although some media outlets inferred that alleged access gained by the US to HKIX could indicate a backdoor into the systems though a built-in function in the hardware operated there.[23] Similar concerns about this type of cyber-attack via backdoors in software and hardware lay at the base of separate warnings made by the US House Intelligence Committee and the UK Intelligence and Security Committee, who expressed concern about awarding infrastructure contracts to certain Chinese telecoms giants.[24] This problem is, however, endemic to the defense, communications and technology industries given the globalized nature of supply chains.[25] Governments and corporations will need to continue to put more emphasis on the security of their global software and hardware supply chains. Large-scale electronic information-gathering of the type disclosed by Snowden need neither be unique nor limited to Western agencies. Again, it is plausible to presume that with sufficient knowhow and resources any country could partake in this data free-for-all.

Education

Ultimately, people will need to develop a greater understanding of the physical and digital geography of data. As storage capacity has increased, private companies, for their own purposes and often with our consent, have gathered increasing amounts of information on their clients. Timothy Garton Ash notes that ‘[t]his commercial accumulation of intimate personal information is worrying in itself.’[26] For one reason, we have seen in recent years that this very personal information has gotten into the hands of criminals who have hacked into companies such as Sony and Linkedin amongst others.[27] For another reason, Ladar Levison, the owner of the now defunct encrypted email service provider Lavabit warned that ‘without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.’[28]

Most recently, many have realized just how much access governments and companies may have to personal information. What was predicted by Malte Spitz came to fruition with the revelations of PRISM and XKeyscore.[29] This type of information gathering gives organizations and governments the power to survey societies, to see what they are up to, what networks and groups are doing and which individuals are most active within them. This information is very sensitive and can be a powerful tool to be used for the good of society i.e. by protecting it from terrorist threats and espionage; but it can also be used as a more nefarious tool for totalitarian governments to control their societies and pick out those who are standing up for their rights.

It is perhaps lucky that many of the governments mentioned in connection with these eavesdropping affairs are democratic and accountable governments. This is because their citizens will have the opportunity to ask questions, push for reforms and gain more transparency about what access is given to private information and how their civil liberties will remain guaranteed. Awareness must be raised among those who will be affected by digital policy making, but who will have little knowledge of technical issues and the ways in which data can be collected and used. It is partly up to governments to provide transparency and a basic understanding of data retention and partly up to the citizens to learn about technology, its consequence for society and civil rights. Spitz, for example, calls for citizens to claim their digital self-determination. Functioning and accountable democratic governments should be constrained by a desire to protect civil liberties. Yet it is highly probable that less accountable but technologically-advanced regimes are conducting similar programs. What would have happened if such data trawling programs were at the disposal of authoritarian regimes during the Arab spring, the Velvet revolution or the Color revolution?

Even so, the internet is a global phenomenon. The servers that host it store personal data throughout the globe and can be accessed by other governments than the one the owner of the information is represented by. As a result, citizens will need to be more aware of the risks that could come with imparting their information to the internet where access to their data is not only regulated by the laws of their own country, due to the fact that data travels over different line and across geographic lines to get to their destinations and as many companies are multinational. As Gen Hayden noted

‘Let’s keep in mind that in a global telecommunications infrastructure, geography doesn’t mean what it used to mean…The Internet lacks geography, so I wouldn’t draw any immediate conclusions with regard to some of those numbers that have been put out there as to who’s being targeted and who isn’t.’[30]

Indeed, what is most worrying is the lack of understanding among the general public of the implications of society’s ever-increasing reliance on the digital world. The EU Justice Commissioner Viviane Reding called the surveillance a wake-up call for us to advance on our data protection reform for both the private and the public sector.[31] Indeed, it is important that the international community, politicians, businesses and citizen alike take stock of the current state of affairs and increase their awareness of cyber security. Programs should be started or reinforced to educate students, employees and citizens. The benefits of the digital age have come to us so easily and swiftly that many adults and adolescents have not been sufficiently educated in their secure use. Digital illiteracy is a growing problem.

Yes, our younger generations are growing up enjoying an array of digital devices, but many do not understanding what personal information not to share, nor do they have the ability to effectively and critically evaluate how to use information. As Ben Hammersley recently noted in the Guardian: ‘The most important life skill we’ll be teaching our children over the coming decades will be cyber-hygiene.’[32] The knowledge of how computer infections take place and what to do about them will be essential. Moreover, coding and other cyber skills are highly sought after in job markets, yet there is an increasing lack of cyber skills. The young and old seem inadequately prepared, and lack the necessary understanding of technology, cyber awareness, information security and skills to operate effectively in cyber space.[33] Finally, communications skills will become essential when trying to bridge the gap between young and old, initiated and uninitiated. Given the technical nature of the subject matter, communicating its impact clearly and intelligibly to (possibly less cyber-aware) senior-level staff, who are responsible for important decisions regard cyber affairs, will be crucial.

Conclusion

Given the degree of technological surprise felt by many, this seems more than necessary as those responsible for the regulation of information technology and infrastructure may, at present, not be able to adequately understand and address these issues. As Paul Kurtz, who served on the US National Security Council explains, ‘[m]ost people don’t realize how information moves around the globe… and there are vulnerabilities all along the line’.[34] The fact remains that on different levels, data from governments, corporations and citizens will remain vulnerable due to the very geography of the net and the fact that, to many, it is simply terra incognita. As this article has argued, it is of vital importance that people and politicians alike now make the effort to critically explore this terrain in order to gain an appreciation for how data can be collected, how it can be used and ultimately, how it can be protected.

Written by Henry Philippens

Henry Philippensis currently an independent security and defence analyst. He has worked at numerous international organizations and think tanks and has published on international security issues. He holds MA degrees International Relations and History, respectively from the War Studies Department – King’s College London and from the University of Leiden.

References

Share.

About Author

e-International Relations

e-International Relations is the world's leading website for students of international politics. We publish a range of original content including articles, blogs, student essays, book reviews and research news listings.

Comments are closed.