Internet has enabled the possibility of ubiquitous networks, in which information processing has been integrated into everyday objects to enable seamless activities without users being aware of it (via smartphones, mobiles…). The current PRISM scandal has alerted public opinion about the extent and the abuses of such a ubiquitous surveillance that seems difficult to stem in spite of growing claims in favour of augmented privacy… unless a reciprocal principle of ubiquitous transparency is set up. Transparency reports are only the beginning of this process, and they have the merit of pointing at the risks to democracy if surveillance is allowed to go rampant.
The risks of transparency erosion
When transparency and accountability are lacking, the risks are numerous, at all levels of governance. The very technical foundations of the Internet may be affected or even undermined if governments develop their own security mechanisms to circumvent the existing ones. Hacking strategies, scrambling systems, encryption, sensors and viruses of all kinds can impact the architecture of the net. They can also induce competing states to engage in a cyberwar that may be damaging for the transborder advantages of the current Internet as a critical resource for development. They can modify the broadband infrastructure layer that connects networks and routers and reduce the scope and security at the core of the Internet backbone, which can have deep implications for policy perspectives.
A larger risk lies in the impact of erosion on the global interoperability and openness of the Internet, two principles that have laid the foundations of digital value for the world community at large. Technically, interoperability requires attention to standards at the design level of a programme and can have significant impact on usability, with economic, political and social consequences; openness combines the technical layer and the legal and content layer of freedom of expression and right to information (against censorship and surveillance). They both are becoming pillars of governance and jeopardizing them may lead to Internet mayhem.
The risk of conflict of interest is also quite present, as always when industry gets involved in policy-making. The pure players lobbies are being quite active to frame and shape legal decisions worldwide, not just in the USA, as exemplified by the EU-US negotiations on data protection agreement and the generalized spying on political leaders and European economic groups revealed by PRISM. The political and social costs of transparency erosion can also lead to lack of public deliberation and have a chilling effect on expression; it can also have inhibiting effects on creativity and productivity (self-censorship).
The solutions towards ubiquitous transparency and accountability
Such risks point to a need to review confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for service providers, law enforcement agencies and users at large. The new context of PRISM and general surveillance has had the positive effect of re-engaging national governments in regulation, of focusing policy-making on to accountability claims and of reframing some of the norms by which the netroots can influence policy effectively, with increased obligations for reporting. The problem needs to be addressed at several levels of intervention, that have started before PRISM but for which PRISM can be a meaningful catalyst: the right to information, the regulatory authority, the peer-to-peer leveraging of civil society and finally media and information literacy for the larger empowerment of the public.
1/ The Right to Information (RTI)
In recent years, the Right to Information has been successfully construed as a complement to the right to freedom of expression. The purpose, amongst others, is to promote transparency and open information flows in certain sectors such as information related to scientific information, environmental matters, public budgets, extractive industries and the use of natural resources. Internet as a critical resource could be added to that list.
The RTI framework is characterized by a number of principles that could be used for transparency reports: maximum disclosure, obligation for public bodies to publish key information, limited scope of exceptions, processes to facilitate access to government-held information, open meetings, disclosure taking precedence over secrecy laws, protection for whistleblowers, together with low costs for information access, and the promotion of open government. Additional actors have come under the scope of RTI since the 1990s, such as companies that are owned or controlled by the state and private entities that perform a public function or are recipients of substantial government funding. This should be extended to include the pure players as well as the Telco’s and the ISPs (see Frau-Meigs, UNESCO “Exploring the Evolving Mediascape” report, 2013 available here).
2/Public-interest regulatory authority
There is a need for a mechanism or instrument that ensures that transparency reports are produced with clear criteria and with independence (far from the pressure of media, politics or economics). Going for a policy-making mechanism may mean to look at existing regulatory agencies because governments are not willing to create new institutions. It is important to identify national and intergovernmental monitoring bodies, at regional level to provide for cooperative, multi-stakeholder spaces.
Citizens need sense-making mechanisms for looking at the data or else the statistics will just be unused and will put in the shadow other important issues, such as terms of service (that can be problematic for the private sector). The reports from different actors/Stakeholders need to be created as a standard setting process. They have to be organised according to objectives and circumstances duly described by the law, as well as the suspected crimes by nature, by service (asking for interception), by operator (on the territory and also outside) and also by decision (suppression, acceptation, effect or not). All reports should be public (they are not in all countries, including the USA). And citizens should have the right to complain, in public court or bureau, with violations reviewed in adversary proceedings.
3/ Peer-to-Peer leveraging
Fears about mass data surveillance have preoccupied civil society for a while, especially after media disclosures of such non-military spying programmes as ECHELON (1988) and STELLARWIND (2008). As a result of these early disclosures, P2P technology was developed to empower individuals to protect themselves. P2P enables the repurposing of innovations made for completely different reasons. End-users can create solutions to counter the threat, thus fully exerting their right of leverage. The computer community has released several strong cryptographic software tools such as Pretty Good Privacy (PGP), in response to government pressure. Making cryptography available online, especially via PGP that works on open standards, can redirect the control over privacy protection from the government to the end-users.
P2P leveraging can also be exerted offline, as creative solutions are also being set up by the netroots at the political and legal level of intervention. Civil society movements such as “Restore the Fourth” have emerged to denounce the onslaught on individual privacy, to restore due process about unreasonable searches and seizures and to hold public officials accountable if responsible for undue surveillance. Watchdog Organisations such as The Electronic Frontier Foundation have filed lawsuits against the NSA to end unconstitutional surveillance; others such as Transparency International, Human Rights Watch and Amnesty International have called attention to the case of windblowers and the need to protect them, as in the case of Snowden, bereft in Russia for lack of a proper solution.
4 /Media and Information Literacy (MIL)
The current civic apathy of the larger public can be turned into civic agency by early exposure to Media and Information Literacy. Education takes time and its results are not easily and quickly seen, which explains partly the slow move by governments to implement MIL programmes in schools. Yet education is the best filter and it provides for the possibility for self-protection against intrusion and disclosure. It also encourages young people to practice peer-transparency and to request for accountability from politicians and businesses alike.
With this repertoire of strategies, transparency could thus be less ideological and more pragmatically effected. Yet Transparency 2.0 will remain a dystopian view if not sustained by accountability in Internet governance. Accountability needs to be construed as a normative notion, as an obligation to perform and report, so that citizens can see as much of their leaders as their leaders can see of them. Accountability would then be based on democratic consent and its underlying human rights values.