Javed Anwer, TNN Sep 9, 2012

(Christopher Soghoian is…)

Christopher Soghoian is a man on a mission to expose how governments and private companies misuse or casually handle the data they collect from users. But his work has its risks. After he found security loopholes that allowed people in the US to generate fake boarding passes, the FBI hounded him for over a month. Soghoian, who is currently the principal technologist and a senior policy analyst with American Civil Liberties Union, tells Javed Anwer that many communication companies are helping governments spy on their own people:

You have said that US companies aid in surveillance across the world. Does it mean they sell technology that enable filters like Great Firewall of China or do they share user data with governments?

Well, it depends on the company and their market. Communications companies (email providers, search engines, social networks and phone companies) are required by law to provide assistance to governments. The legal standards for when they will hand over this data vary by country and the data requested. In some places, an order signed by an independent judge is required, while in other countries, a request from the police is enough. However, as a general rule, many technology companies tend to ignore requests from governments in countries where they do not have an office. In the case of India, most technology companies seem to have offices there.

There is also a growing industry of companies that sell surveillance technology permitting the government to spy on their own citizens (and also people in other countries, in the case of international espionage). These companies sell communications intercept equipment andspyware or other hacking tools. One company on my radar right now is Septier, an Israeli surveillance vendor that sells “off the air” cellular phone intercept equipment similar to the kind used in recent wiretapping scandals in India. Their only offices outside Israel are two offices in India. These surveillance companies sell their products to governments around the world, and their capabilities are truly terrifying.

Given how these technologies are used, don’t you think western countries like the US should forbid their companies from selling their tools to governments across the world?

While western companies (and governments) may have had an advantage, and even exclusive access to surveillance technologies in the past, this is no longer the case. There are surveillance companies in India, China, Russia, producing top quality surveillance technology domestically, which they sell on the global market.

However, I do think it is extremely short sighted for western governments to permit the sale of surveillance technologies that can then be pointed back at them and used to spy on their own citizens. While US companies can sell tanks in the Middle East without any real fear that those tanks will end up back on US soil, the same is not true for surveillance software.
Where do companies like Facebook, Google, Apple and Microsoft stand? After all, they have data in which governments are interested.

These firms all assist governments in spying on their customers. The big difference among them is the degree of transparency. Apple is secretive (not a surprise, as it is secretive in all areas), and will not really discuss the scale of requests it receives or the kind of assistance if can provide.

Facebook is generally pretty open, and even has its law enforcement handbook online. However, the one negative with this company is that it won’t publish statistics on the number of requests it receives. Google publishes fairly detailed statistics on the number of requests it receives from different governments, but the company is highly secretive when probed on the specific legal standards the company follows before handing over different types of data. Microsoft has not released statistics, but will generally talk to privacy advocates about their standards and policies.

I personally find it more pleasant to deal with Facebook’s lawyers than any other company in this list. However, I still won’t trust them with my data. Twitter is by far the most transparent and pro privacy of the big technology companies. They are about as good as you can hope for.

Do backdoors exist? For example, Julian Assange has claimed that Facebook is a spy machine for the US government…

There is a big difference between a backdoor and a conspiracy.

Do I think that Facebook intentionally collects data at the behest of the FBI or another US government agency? No. Do I think that US law enforcement and intelligence agencies get to benefit from Facebook’s commercially motivated retention of vast amounts of private data? Certainly.

Facebook is now one of the most useful resources for divorce lawyers, but we don’t go around accusing Facebook of secretly being a spy machine for the divorce lawyer industry.