Freedom of Expression: Interview with Gus
Director: Namita A. Malhotra, Subasri Krishnan
Duration: 00:21:34; Aspect Ratio: 1.821:1; Hue: 157.788; Saturation: 0.072; Lightness: 0.621; Volume: 0.136; Cuts per Minute: 0.556; Words per Minute: 132.595
Gus: My name is Gus Hussain (?), I'm a Senior fellow with Privacy International, a 20 year-old organization based in London that has monitored surveillance plans proposals from governments and companies around the world.
Namita: In most Asian countries, idea is that government don't use sophisticated surveillance strategies. Do you agree? Secondly, there are lots of repressive laws.
Gus: Absolutely. It's fair to say that the technical infrastructure and capabilities of governments in Asia might be less at this moment in time, it's also fair to say that they are quickly trying to adapt. And there are companies from around the world that are trying to sell the technology to the goverments in Asia, to enable, interception and communication, video surveillance, so if the technology is not already there it's coming. But its quite worrying where this technology is coming from. A lot is coming from North America, particularly from the USA and the defence contractors and the IT firms but a large amount of it is also coming from China.
Gus: So for instance in Bangladesh, we discovered a few months ago that the Chinese government was funding the development of the mobile communications network, on the condition that the Bangladeshis use Chinese telephone companies and telephone technology. Nobody in the West would trust that type of technology developed by the Chinese government but now it's being implemented across Asia. So while the capabilities might not be there right now, they are being built in. In India, for instance, the goverment has banned the use of cryptography. Technologies that would allow you to communicate securely are banned, which makes you presume that the government of India is able to actually listen to communications.
Namita: Ok. We had an incident in India where this guy made a comment about a religious figure the telephone company gave its IP address and gave the wrong IP adress, and the wrong person got arrested...
Gus: And that kind of problem is going to happen time and again, especially with the internet because with the telephone era it was relatively easy to identify the individual behind the telephone because it was a home or an office. When you move to mobile telephony, you don't know who owns which phone, particularly with the internet you don't know who is using which device at what time and so these errors are going to occur time and again.
Namita: What kinds of data are we talking about... is the state going to be able to access?
Gus: Yeah, we break up the types of data into a variety of types, for instance, informational data, so that's information about you - so, where you've been, who you've been speaking with, information about your health and then there's financial data, which is information about your financial transactions, who have you been transacting with, what are the approaches, which are the kind of bank transfers you have done recently. Then there's bodily privacy, that's where we get into the realm of fingerprints, facial recognition on video cameras but more invasive is the use of DNA for instance for criminal purposes but also for health purposes, to profile your DNA to see if you're gonna suffer from a certain type of cancer in the future.
Gus: And then finally, there's location privacy, that's the most well understood form of privacy, which is the kind of privacy around your home, that is the police cannot enter your home unless they have good reason to do so. So it's interesting to see that, in the older realm of the protection of the home, we understand those things and pass laws to regulate when and how governments can come into your home but we haven't been as good at regulating when and how governments can get access to getting your information, when it can get access to your communications and when it can get access to your medical records and your financial records. [INTERRUPTION]
Namita: Ok, this is also kind of trying to address the rhetoric around the reason why it's ok to violate privacy ... rhetoric around child porn, terrorism and the rhetoric around democracy...
Gus: In any surveillance debate, we're always faced with arguments from law enforcement, from government agencies saying we need to fight terrorism, child porn, drugs, there are all these types of wars out there that they're trying to fight and privacy gets in the way of them conducting their legitimate tasks for society. And we think that's a false equation because what we try to prevent is indiscriminate surveillance, we try and prevent surveillance where there are no safeguards. We're not saying that there can be no surveillance, we're saying that there must be a very good reason for the surveillance and when it's done it must be very targeted.
Gus: What we've seen in the past 10 years particularly around the worls is that the creation of surveillance regimes are no longer targeted. They just say, 'there's terrorism out there so we must watch all communications. There are child pornographers out there, so we must regulate the way that everybody uses the internet'. That's not the way that laws are supposed to work, that's not the way that we design our democratic institutions. We say that the state has power, and when the state needs that power, there's a well understood reason for that power.
Gus: But for some reason, that's been ignored in recent years and now finally, we're starting to see governmentts and companies starting to wake up to the risks that they've introduced into the infrastructures by allowing for this free-for-all and now saying fine, there all these grave threats out there but we also need to deal with how do we create the safeguards to make sure these surveillance methods are not abused. We see time and again, surveillance methods created for one purpose are quickly used for other purposes.
Gus: So you might say, we might want to deal with terrorists and the next thing we know, it's actually being used for common crime. Or its being used for suspicion or in Great Britain we've seen surveillance powers being used against MPs, they committed no illegal acts but it's convenient for the government to find out what the opposition is thinking of. We often think of the Nixon era as being the gross injustices of the overly powerful president who spied on his opponents. That's happening everywhere around the world and that's going to keep happening until we build those safeguards.
Namita: Looking at the recent incident in Malaysia around Ellie Wong, what went wrong and what could have been the legal mechanism to prevent that?
Gus: It's an absolute tragedy what happened to her but it's the reason I got into this business. When I was in university a very dear friend was informed that 2 years ago she was videotaped while she was having sexual intercourse with somebody. And she didn't know that she was being videotaped and quickly copies of this videotape went everywhere around the school and beyond the school. So it went to the police and this is in Canada, we went to the police and asked them what can we do to prevent this from happening again and to go after the people who have created it.
Gus: And the police were very certain to say that there's nothing you can do. This type of activity is rarely regulated and we're seeing this more and more, whether it's pornography or it's just on social networking or breach of confidence, sureillance is no longer done primarily by the state, it's now being done by friends, family members, enemies, bullies and that's creating a new regime of surveillance that's completely unregulated. And when that surveillance takes place, it's abused by the powers-that-be, abused by governments, in this case Malaysia that the photo created the end of a career of a prominent politician.
Gus: So until we start deciding as a society what we're willing to accept and what kind of restitutions we're going to give individuals when their privacy is invaded in that way, then we're going to continue to see this. But the important key to all of this, going back to the example I used, more often than not you don't know when you are under surveillance. And that's when its particularly scary. And that when we need to notify people when there's surveillance taking place, instead governments and companies are just saying we're just going to collect information whether you like it or not and we don't need to tell you about it but we'll tell you about it when you are a suspect. That's a complete reversal, again when we go back to the history of surveillance, of the protection of the home. The government needs permission to come into your home but now with informational surveillance, they're taking information without regard to telling you, notifying you or even the general population being aware.
Namita: Let's just link this to what Ronald said yesterday – the internet was never meant to be a very secure system to begin with and how people put so much online about themselves....
Gus: I'm actually quite fond of the fact that people feel they can expose themselves in that way. And I still want to live in a world where people can expose themselves as much as they choose to and they will not face ramifications from that. So I want social networking to spread around the world, and I want everyone to feel free to post photos of their children and talk about their medical histories and all of their friendships and all of that but unfortunately we live in the world where once this information is out there, its going to be used and abused. And so we're already seeing the second generation of social networking.
Gus: The first generation of social networking and creating this (?) personality around yourself , there were no safeguards, you were publishing everything you could to become popular. But now we're seeing the risks of that, the risks of seeing how companies are looking at prospective employees or active employees. Parents are monitoring children's' content. And so now social networking sites are getting smarter in a good way, they're developing better safeguards and giving more control to the individuals and saying, 'Are you sure you want to publish your birthday, how about we just publish your year or birth or month and year of birth'.
Gus: And it allows individuals to make more educated decisions of what they want to disclose. But again ideally, I would prefer a world where we could just celebrate everything about ourselves and tell anybody whatever we want. But unfortunately the powers-that-be will abuse that.
Namita: Kind of like Canada, where they leave the doors open and think no one is going to walk in! How much at risk is a person at if you Twitter, or have a Google account, or a Facebook account, or you buy a ticket online or you shop on Amazon...?
Gus: To be slightly controversial, I'd say you're not at a grave risk when companies like Google, Amazon, Microsoft, e-bay, even Twitter and Facebook, when they collect information on you, you're not grossly at risk because in the US or in the other counties where these services are hosted, there are laws, there are regulations, there are protections built in to make sure there's not abuse. And there's the media that's actively watching these companies, watching for every time that they might abuse this information.
Gus: And so you're relatively safe. Meanwhile these companies are hosted in Asia, there are no safeguards, there are no protections, they can do however they please. So its not as bad out there in the US and Europe as it is in Asia where it is completely unregulated. But having said that we are now giving information to companies to do things for us where these companies didn't exist before and that model of business didn't exist before. So in the old days when you did email, you'd have a relationship with your company or your ISP and they'd provide your email for you. And they're probably in an office down the street or the next city, they're atleast in your country.
Gus: But when you use google mail or Hotmail, this email resides in a different country and in some of those circumstances you don't have the protections. For instance, when your email is hosted in the US, as an American citizen, my email will be protected because the US government has regulations about how it can get access to your communications. But if you're a foreigner and you use email services in the US, there are no safeguards, no protections, the government can get access to it. Any other government on earth can get access to it.
Gus: That's where you face all these abuses where Yahoo has given information to the Chinese government, the arrest of a journalist. We've seen cases in every country in Asia where they get access to this information. So again, you have this gross inequality that's emerging where those in the West are relatively protected but through inaction of governments in Asia, there are no protections for citizens. That's got to be rectified, it's not fair to Asians that they don't have these protections that other people around the world do.
Namita: Someone we were speaking to from Tibet said that, someone like Google or Yahoo should have a moral responsibility, because if it comes to the equation between Google, Yahoo and China say, they have as much leverage as any other entity..
Gus: That's always been my point, I couldn't agree more with this. Sometimes we paint these companies as victims of the Chinese government or the Indian government, when they are forced to hand over this information. I don't see these companies as victims at all because these companies are very powerful and very rich. And they are constantly influencing the development of policies in these countries. Why aren't they influencing the development of policy on privacy? No they want to influence the policy on business, on financial data flows to allow for their companies to spread in countries but not pushing back enough on privacy issues or censorship issues for that matter.
Namita: There's a statement by Simon, that surveillance will become a core component of computer design... future for privacy?
Gus: You've actually nailed the issue, you often see technology as this impartial, this neutral, value free thing. But in reality, governments, companies have gotten smarter. The internet was inveted in an era when it was relatively politics free, they just wanted information to flow freely from server to server. So governments found it difficult for themselves to regulate this activity, regulate global data flows, regualte who has and doesn't have privacy. So first they tried to go out for the companies and said companies make this data accessible to us when we need it.
Gus: And companies for in most parts of the world, unfortunately in Asia pushed back and said no. So the governments said fine, we're going to go to the standards bodies, the infrastructure companies and get them to design surveillance into the technology. So there's no longer the argument, 'The internet doesn't allow us to do this', now the internet is being designed in a way to enable surveillance, to enable censorship and that's when it gets scary. Because you as a user don't know this anymore, you don't see how this is happening.
Gus: Again, go back to the image of the government coming into your home. You know when they're coming into your home, but you also know that your home is designed with security, with a lock on the door and if the police want to come in they need your permission or they need a very big rod to come in. But when you design surveillance into the infrastructure, you have no idea it's being used, even governments don't have an idea it's being used. There's a great case, awful case actually, in Greece and Italy, where they designed surveillance into the mobile telecommunications network and then a few years ago, they realized that somebody had switched on their surveillance and was monitoring the communications of the heads of the government!
Gus: The president, the PM of Greece, their communications were being monitored during the Olympics, during the high security time; not by the Greek government, we don't know who did it. We just know that the switch was flipped for 11 months. Every communication from every cabinet member in the Greek government was being watched. Nobody has any idea how that happened and we know how that happens because they designed surveillance into the infrastructure and when you do that you create risks for abuse.
Gus: So the alternative is to design privacy into the infrastructure. So that's privacy by design, privacy enhancing technologies. And we're seeing that in a few places. But unfortunately, goverments are still overly keen on designing surveillance in because they don't see the risks. When they wake up to the risk, you would hope they would design privacy into the infrastructure but by then it will be too late.