Эдвард Сноуден - Permanent Record

The reaction of technocapitalists to the disclosures was immediate and forceful, proving once again that with extreme hazards come unlikely allies. The documents revealed an NSA so determined to pursue any and all information it perceived as being deliberately kept from it that it had undermined the basic encryption protocols of the Internet—making citizens’ financial and medical records, for example, more vulnerable, and in the process harming businesses that relied on their customers entrusting them with such sensitive data. In response, Apple adopted strong default encryption for its iPhones and iPads, and Google followed suit for its Android products and Chromebooks. But perhaps the most important private-sector change occurred when businesses throughout the world set about switching their website platforms, replacing http (Hypertext Transfer Protocol) with the encrypted https (the S signifies security), which helps prevent third-party interception of Web traffic. The year 2016 was a landmark in tech history, the first year since the invention of the Internet that more Web traffic was encrypted than unencrypted.

The Internet is certainly more secure now than it was in 2013, especially given the sudden global recognition of the need for encrypted tools and apps. I’ve been involved with the design and creation of a few of these myself, through my work heading the Freedom of the Press Foundation, a nonprofit organization dedicated to protecting and empowering public-interest journalism in the new millennium. A major part of the organization’s brief is to preserve and strengthen First and Fourth Amendment rights through the development of encryption technologies. To that end, the FPF financially supports Signal, an encrypted texting and calling platform created by Open Whisper Systems, and develops SecureDrop (originally coded by the late Aaron Swartz), an open-source submission system that allows media organizations to securely accept documents from anonymous whistleblowers and other sources. Today, SecureDrop is available in ten languages and used by more than seventy media organizations around the world, including the New York Times , the Washington Post , the Guardian , and the New Yorker .

In a perfect world, which is to say in a world that doesn’t exist, just laws would make these tools obsolete. But in the only world we have, they have never been more necessary. A change in the law is infinitely more difficult to achieve than a change in a technological standard, and as long as legal innovation lags behind technological innovation institutions will seek to abuse that disparity in the furtherance of their interests. It falls to independent, open-source hardware and software developers to close that gap by providing the vital civil liberties protections that the law may be unable, or unwilling, to guarantee.

In my current situation, I’m constantly reminded of the fact that the law is country-specific, whereas technology is not. Every nation has its own legal code but the same computer code. Technology crosses borders and carries almost every passport. As the years go by, it has become increasingly apparent to me that legislatively reforming the surveillance regime of the country of my birth won’t necessarily help a journalist or dissident in the country of my exile, but an encrypted smartphone might.

INTERNATIONALLY, THE DISCLOSURES helped to revive debates about surveillance in places with long histories of abuses. The countries whose citizenries were most opposed to American mass surveillance were those whose governments had most cooperated with it, from the Five Eyes nations (especially the UK, whose GCHQ remains the NSA’s primary partner) to nations of the European Union. Germany, which has done much to reckon with its Nazi and Communist past, provides the primary example of this disjunction. Its citizens and legislators were appalled to learn that the NSA was surveilling German communications and had even targeted Chancellor Angela Merkel’s smartphone. At the same time, the BND, Germany’s premier intelligence agency, had collaborated with the NSA in numerous operations, even carrying out certain proxy surveillance initiatives that the NSA was unable or unwilling to undertake on its own.

Nearly every country in the world found itself in a similar bind: its citizens outraged, its government complicit. Any elected government that relies on surveillance to maintain control of a citizenry that regards surveillance as anathema to democracy has effectively ceased to be a democracy. Such cognitive dissonance on a geopolitical scale has helped to bring individual privacy concerns back into the international dialogue within the context of human rights.

For the first time since the end of World War II, liberal democratic governments throughout the world were discussing privacy as the natural, inborn right of every man, woman, and child. In doing so they were harking back to the 1948 UN Universal Declaration of Human Rights, whose Article 12 states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” Like all UN declarations, this aspirational document was never enforceable, but it had been intended to inculcate a new basis for transnational civil liberties in a world that had just survived nuclear atrocities and attempted genocides and was facing an unprecedented surfeit of refugees and the stateless.

The EU, still under the sway of this postwar universalist idealism, now became the first transnational body to put these principles into practice, establishing a new directive that seeks to standardize whistleblower protections across its member states, along with a standardized legal framework for privacy protection. In 2016, the EU Parliament passed the General Data Protection Regulation (GDPR), the most significant effort yet made to forestall the incursions of technological hegemony—which the EU tends to regard, not unfairly, as an extension of American hegemony.

The GDPR treats the citizens of the European Union, whom it calls “natural persons,” as also being “data subjects”—that is, people who generate personally identifiable data. In the US, data is usually regarded as the property of whoever collects it. But the EU posits data as the property of the person it represents, which allows it to treat our data subjecthood as deserving of civil liberties protections.

The GDPR is undoubtedly a major legal advance, but even its transnationalism is too parochial: the Internet is global. Our natural personhood will never be legally synonymous with our data subjecthood, not least because the former lives in one place at a time while the latter lives in many places simultaneously.

Today, no matter who you are, or where you are, bodily, physically, you are also elsewhere, abroad—multiple selves wandering along the signal paths, with no country to call your own, and yet beholden to the laws of every country through which you pass. The records of a life lived in Geneva dwell in the Beltway. The photos of a wedding in Tokyo are on a honeymoon in Sydney. The videos of a funeral in Varanasi are up on Apple’s iCloud, which is partially located in my home state of North Carolina and partially scattered across the partner servers of Amazon, Google, Microsoft, and Oracle, throughout the EU, UK, South Korea, Singapore, Taiwan, and China.

Our data wanders far and wide. Our data wanders endlessly.

We start generating this data before we are born, when technologies detect us in utero, and our data will continue to proliferate even after we die. Of course, our consciously created memories, the records that we choose to keep, comprise just a sliver of the information that has been wrung out of our lives—most of it unconsciously, or without our consent—by business and government surveillance. We are the first people in the history of the planet for whom this is true, the first people to be burdened with data immortality, the fact that our collected records might have an eternal existence. This is why we have a special duty. We must ensure that these records of our pasts can’t be turned against us, or turned against our children.