Home / Blogs

We Have a Paradigm for Surveillance That’s Broken, Fit Only for the Analogue Past

As each day brings new revelations about surveillance online, we are starting to see increasing activity in national legislatures intended either to establish more control over what the security services can do to their nationals (in countries like the US), or to limit access by foreign secret services to the personal information of their citizens (countries like Brazil). Unfortunately, neither of these approaches address the underlying problem: we have a paradigm for surveillance that’s fit for the analogue past, not the digital present, let alone the future.

We are all common global digital citizens—and also common digital foreigners, because there are virtually no legal limits on countries’ surveillance of foreigners. In the analogue past, this wasn’t a problem. National phone lines were physically difficult for a foreigner to tap; national legal systems limited what countries could do to their own citizens; countries could only post so many spies in their embassies abroad.

The digital world has turned this upside down, as it is now possible for one analyst to electronically process the activities of millions irrespective of the physical location of the analyst or the subjects. To make things worse, allegations are coming to light that sound like “data rendition,” where countries are outsourcing mass surveillance to evade national oversight systems just as some once outsourced torture.

Previous fights about online regulation such as ACTA in Europe and SOPA/PIPA in the US featured a strong reaction against using the Internet in a technically damaging way to solve a problem for the benefit of a single interest group. The same dynamic is at play here, just on a much bigger scale: security services are undermining encryption and key Internet addressing systems (this latter in a way remarkably similar to the SOPA/PIPA proposals) to conduct mass surveillance in a way that undermines the very system that the economy and society worldwide increasingly depend on.

The debate is largely focused on negatives, on how to keep foreigners from doing things to “our people.” This is understandable but it won’t solve the real problem—and it obscures the very broad common interests we have, irrespective of geography:

  • We want increasing trust in online interaction, whether commercial or social;
  • There’s a universal recognition that the development and spread of the Internet to those who have yet to go online—more than half the human family—is essential;
  • All societies want to see legitimate law enforcement whether online or off, and expect effective oversight of security services’ activities to ensure they are not disproportionate;
  • We want as much transparency in government activities as we can reasonably get.

Last, and most profoundly: we want our national constitutional human rights protections to have real meaning. Who wants to live in a world where everything we say or do online is fair game for government (or anyone else’s) snooping?

We must find a way to bring these common needs to bear as the current debate will not lead to positive ends for the Internet, let alone for healthy balanced societies. This presents the Internet community with the greatest challenge it has ever faced: will we use our knowledge of the networked world to educate policymakers and others, helping them understand how to balance interests while limiting the unintended negative consequences of well-meaning measures designed to protect their citizens? Will we, if other measures fail, bring to bear the passion that we found in the SOPA and PIPA debates globally to insist on a paradigm for security that protects nationally-recognized rights and doesn’t further damage the Internet’s economic and social potential?

Governments have a responsibility not to allow surveillance to get out of control. Right now, they’re not living up to it. In the digital age, their responsibility cannot be fulfilled by measures that stop at national borders. Real solutions require collaboration with other countries and the global milieu of stakeholders integral to the Internet. This will sound like heresy to national security officials as those issues have historically been reserved to a relative few (high) officials. That must now end, if for no other reason than pragmatism: revelations of surveillance are provoking the private sector and standards organisations to dramatically increase the encryption of all online traffic from email to Wikipedia searches. This will result in an ever-decreasing amount of traffic being sent in the clear—which almost certainly will end up reducing access for legitimate security purposes in the end.

If national leaders fail to meet this challenge—and we must understand, this is an incredibly difficult one—we will all remain common digital foreigners, condemned to an increasingly Orwellian nightmare of limitless surveillance.

By Nick Ashton-Hart, Associate Fellow, Geneva Centre for Security Policy

The views expressed in this article are his alone. Find him on Twitter at @nashtonhart.

Visit Page

Filed Under


Reality Check Anthony Rutkowski  –  Nov 12, 2013 12:50 PM

Essentially all nations have been engaging in widespread electronic surveillance since the first bit moved across a network in the 1840s.  The conversion to digital transport occurred in the 1970s.  What we have now is simply a traitorous theft of slideware from two countries that has been made public and that describes alleged capabilities.

What seems to be occurring is that most other nations are experiencing a certain amount of surveillance envy. As is typical when this occurs, the relevant agency budgets increase in countries worldwide, commercial businesses consider the expanded global opportunities, and collaboration increases in most technical bodies to acquire and exchange forensics (except maybe in the IETF).  Commercial and government production of meta data analysis from network based activity is an essential part of the world in which we live, and providers will continue to implement systems that meet their needs and provide the surveillance capabilities required in almost all nations.  Regions like the EU will still maintain its Data Retention Directive.  Scott McNealy got it right two decades ago - “get over it.”

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix