Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union, took the stage at OURSA on Tuesday to discuss the state of modern surveillance and hacking performed by the U.S. government, arguing that both cross the line of traditional legal searches.
“Increasingly, modern surveillance is mass surveillance,” Granick said. “We used to target people for surveillance because of their political opinions or their religion or their race. Now the mainstream is being surveilled.”
This mass surveillance is not only mainstream, but it’s still mostly secret from the public, said Granick. This is
“People should care about this,” Granick said, “because any issue we may care about — be it racism, the environment, poverty and so on — will require
Granick cited government actions in countries such as Egypt and Ethiopia over the last few years against human rights activists. These governments were performing surveillance on activists and using that information to hack them. And government hacking is an extension of surveillance, said Granick.
It’s also clear governments use hacking in this way because democratic countries are starting to pass laws that make hacking legal, such as in the United Kingdom.
“At least in the UK they call it ‘equipment interference.’ I appreciate the honesty,” Granick said.
Search warrants are cutting it
The U.S. doesn’t currently have specific hacking laws, though the U.S. government uses hacking for law enforcement and intelligence operations. Instead, noted Granick, the U.S. relies on the same legal process for hacking that it does for regular searches — the warrant. While warrants are crucial, they don’t cover enough ground.
“Government hacking is different from regular searches in five particular ways that the warrant requirement can’t really address,” Granick said.
Those ways include the amount of data being collected; the invasiveness of the techniques the government uses to hack and surveil, such as turning on the cameras and microphones on personal laptops and smart devices; and, the falsification of data.
Jennifer Granicksurveillance and cybersecurity counsel, ACLU
“If this information is being collected for criminal prosecution purposes, how can we know that the very act of accessing the computer hasn’t changed the information that’s there in ways that impinge upon the defendants’ rights?” Granick posed. “How can the defense test that theory and see that the evidence is not altered in any way if the government insists on keeping the exploit and the vulnerability secret? It interferes the with due process rights of the defendant in the criminal justice system.”
The fourth way in which government hacking is out-of-scope with regular search warrants is the potential cybersecurity harms.
“When you have the government as an incentivized attacker on the network, that is a very different thing from having the government be on the side of
Granick said another threat to cybersecurity is when the government doesn’t share information about vulnerabilities or exploit with the vendors or manufacturers so that they could fix the problem.
The final problem, Granick said, is that of public trust.
“In order to serve malware, we’ve seen the government pretend to be an
Based Blockchain Network