Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure


A secret report warned that British spies may have put lives at risk because their surveillance systems were sweeping up more data than could be analyzed, leading them to miss clues to possible security threats. The concern was sent to top British government officials in an explosive classified document, which outlined methods being developed by the United Kingdom’s domestic intelligence agency to covertly monitor internet communications. The Security Service, also known as MI5, had become the “principal collector and exploiter” of digital communications within the U.K., the eight-page report noted, but the agency’s surveillance capabilities had “grown significantly over the last few years.” MI5 “can currently collect (whether itself or through partners …) significantly more than it is able to exploit fully,” the report warned. “This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected.” A draft copy of the report, obtained by The Intercept from National Security Agency whistleblower Edward Snowden, is marked with the classification “U.K. Secret” and dated February 12, 2010. It was prepared by British spy agency officials to brief the government’s Cabinet Office and Treasury Department about the U.K.’s surveillance capabilities. Notably, three years after the report was authored, two Islamic extremists killed and attempted to decapitate a British soldier, Lee Rigby, on a London street. An investigation into the incident found that the two perpetrators were well-known to MI5, but the agency had missed significant warning signs about the men, including records of phone calls one of them had made to an al Qaeda-affiliated radical in Yemen, and an online message in which the same individual had discussed in graphic detail his intention to murder a soldier. The new revelations raise questions about whether problems sifting through the troves of data collected by British spies may have been a factor in the failure to prevent the Rigby killing. But they are also of broader relevance to an ongoing debate in the U.K. about surveillance. In recent months, the British government has been trying to pass a new law, the Investigatory Powers Bill, which would grant MI5 and other agencies access to more data. Silkie Carlo, a policy officer at the London-based human rights group Liberty, told The Intercept that the details contained in the secret report highlighted the need for a comprehensive independent review of the proposed new surveillance powers. “Intelligence whistleblowers have warned that the agencies are drowning in data — and now we have it confirmed from the heart of the U.K. government,” Carlo said. “If our agencies have risked missing ‘life-saving intelligence’ by collecting ‘significantly’ more data than they can analyze, how can they justify casting the net yet wider in the toxic Investigatory Powers Bill?” The British government’s Home Office, which handles media requests related to MI5, declined to comment for this story. “Lack of staff and tools” The leaked report outlines efforts by British agencies to conduct both “large-scale” and “small-scale” eavesdropping of domestic communications within the U.K. It focuses primarily on an MI5 program called DIGINT, or digital intelligence, which was aimed at transforming the agency’s ability to covertly monitor internet communications. DIGINT was established for counterterrorism purposes, and “more generally for wider national security purposes,” the report said. The program was described as being focused on “the activities of key investigative targets, and on those exploitation activities that will drive greatest investigative benefits with respect to U.K. domestic threats.” The amount of data being collected, however, proved difficult for MI5 to handle. In March 2010, in another secret report, concerns were reiterated about the agency’s difficulties processing the material it was harvesting. “There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.” 97 percent of the calls, messages, and data the program had collected were found to have been “not viewed” by the authorities. The problem was not unique to MI5. Many of the agency’s larger-scale surveillance operations were being conducted in coordination with the National Technical Assistance Centre, a unit of the electronic eavesdropping agency Government Communications Headquarters, better known as GCHQ. The Centre plays a vital but little-known role. One of its main functions is to act as a kind of intermediary, managing the highly sensitive data-sharing relationships that exist among British telecommunications companies and law enforcement and spy agencies. Perhaps the most important program the Centre helps deliver is code-named PRESTON, which covertly intercepts phone calls, text messages, and internet data sent or received by people or organizations in the U.K. who have been named as surveillance targets on warrants signed off by a government minister. A top-secret 2009 study found that, in one six-month period, the PRESTON program had intercepted more than 5 million communications. Remarkably, 97 percent of the calls, messages, and data it had collected were found to have been “not viewed” by the authorities. The authors of the study were alarmed because PRESTON was supposedly focused on known suspects, and yet most of the communications it was monitoring appeared to be getting ignored — meaning crucial intelligence could have been missed. “Only a small proportion of the Preston Traffic is viewed,” they noted. “This is of concern as the collection is all warranted.” Chart: A top-secret study outlines PRESTON data collection by month. “Politically contentious” For most of the last decade, successive British governments have attempted to obtain more surveillance powers, but their efforts have met with public opposition and ultimately failed. The present government’s effort to push through a sweeping surveillance law — the Investigatory Powers Bill — is currently being considered by the Parliament. Documents provided by Snowden show that the U.K.’s intelligence and security agencies have wanted to obtain new powers to store domestic data about internet communications to address the “growing range of services available to internet users.” This reflects the position that has been adopted publicly in recent years by the government, which has argued that expanded internet surveillance is necessary to keep up with changes in technology. However, the Snowden documents also reveal a more candid internal assessment of the need for bolstered spy laws and shine light on major aspects of the U.K.’s existing surveillance apparatus that government and security officials have not publicly acknowledged in their pursuit of the new powers. In one document dated from 2012, GCHQ stated that it was “not dependent” on a new surveillance law coming into force, presumably due to the extensive capabilities already at its disposal. GCHQ added that new powers were of greater importance to the U.K.’s law enforcement agencies, which were facing “a significant decline” in ability to intercept communications due to people increasingly using internet services — as opposed to conventional landlines and cellphones — to talk or exchange messages. But passing a new surveillance law would be a “politically contentious [and] technically complex” process, GCHQ said in the document. In the meantime, therefore, it devised something of a workaround by creating a secret stop-gap surveillance solution for law enforcement officials. As part of a program named MILKWHITE, GCHQ made some of its huge troves of metadata about people’s online activities accessible to MI5, London’s Metropolitan Police, the tax agency Her Majesty’s Revenue and Customs, the Serious Organized Crime Agency (now merged into the National Crime Agency), the Police Service of Northern Ireland, and an obscure Scotland-based surveillance unit called the Scottish Recording Centre. Metadata reveals information about communications — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call. GCHQ’s definition of metadata is broad and also encompasses location data that can be used to track people’s movements, login passwords, and website browsing histories, as The Intercept has previously revealed. The MILKWHITE program was developed as early as September 2009, and it seems to have been operational under both the Labour and the Conservative-Liberal Democrat governments of that period. One of its purposes was to allow law enforcement agencies and MI5 to sift through the troves of metadata to discover internet “selectors” for their surveillance targets — meaning unique identifiers, such as a username or IP address, that can be used to home in on and monitor a person’s online activities. “It now appears it has been ‘business as usual’ for the tax man to access mass internet data for years.” GCHQ focuses primarily on intercepting foreign communications that are “external” to the U.K. But in the process of doing so — by tapping into international cables that carry phone calls and internet traffic between countries — the agency vacuums up large quantities of data on British calls, emails, and web browsing habits, too. It is this British data — some of which appears to have been made accessible through MILKWHITE — that would be of most interest to MI5, police, and tax officers, as it is their role to conduct “internal” investigations within the U.K. A GCHQ document dated from late 2010 indicated that MILKWHITE was storing data about people’s usage of smartphone chat apps like WhatsApp and Viber, instant messenger services such as Jabber, and social networking websites, including Facebook, MySpace, and LinkedIn. Access to the data was provided to law enforcement through an “internet data unit” hosted by the Serious Organized Crime Agency and it was accessible to tax investigators through what one GCHQ document described as established “business as usual” channels. By March 2011, GCHQ noted that there was “increasing customer demand” for the service offered by MILKWHITE and the agency planned to grow its capacity, seeking £20.8 million ($30.6 million) to update the program’s “advanced analytics” capabilities and to maintain its “bulk” storage of metadata records. “Bulk” is a term GCHQ uses to refer to large troves of data that are not focused on individual targets; rather, they include millions and in some cases billions of records about ordinary people’s communications and internet activity. Carlo, the policy analyst with Liberty, said the revelations about MILKWHITE suggested members of Parliament had been misled about how so-called bulk data is handled. “While MPs have been told that bulk powers have been used only by the intelligence community, it now appears it has been ‘business as usual’ for the tax man to access mass internet data for years,” she said. “This vindicates the warnings of security experts and the call by opposition parties for an urgent, independent review of bulk powers. The compromise review recently announced is a poor substitute and without the time and technical expertise, will struggle to address this issue of national importance.” GCHQ declined to answer questions for this story. A spokesperson for the agency said in a statement: “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position. In addition, the U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.” Documents published with this article: Digint Narrative Milkwhite Preston Business Processes Communications Capabilities Development Programme NTAC Overview Preston Architecture Digint Imbalance Mobile Apps Checkpoint Meeting Archives Preston Study Sign up for The Intercept Newsletter here.The post Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure appeared first on The Intercept.


Senator Tells Funny J. Edgar Hoover Story to Warn Against Expanded FBI Surveillance Power


Sen. Patrick Leahy, D-Vt., warned colleagues Thursday to think hard before expanding FBI surveillance powers, sharing a cautionary tale about his own experiences with former FBI Director J. Edgar Hoover. “I know we’ve had some wonderful people in our government, but I worry anytime you give a lot of extra powers. There’s always potential for abuse,” Leahy said at a Senate Judiciary Committee meeting Leahy said he was on the board of the National District Attorney’s Association when he met with Hoover, now best known for surveilling anti-war protestors, Martin Luther King, and others. FBI Director James Comey has said he keeps a copy of Hoover’s request to wiretap King on his desk as a reminder of the FBI’s past mistakes. “We were all over six feet tall”— except Hoover, Leahy said. “But we were all looking up at him. The legs of our chairs had been cut off, and his had been built up. He was talking about all these people he had to investigate … [saying] it’s these hippies who are really communists.” “I’m glad I didn’t have a Volkswagen,” Leahy said, recalling how Hoover identified “hippies” with those particular vehicles. “I was always having nightmares thinking what would a man like that do with enormous enhanced powers in the digital age. I’m sure you share my concerns, so let’s work together,” he concluded. The legislation at issue is the Electronic Communications Privacy Act Amendments Act of 2015 — a widely supported bill that would require a warrant when law enforcement wants to access the contents of emails older than 180 days. But a controversial amendment — the reason for Leahy’s protest — has held things up. Sen. John Cornyn, R-Texas, originally offered the amendment, which would allow the FBI to considerably expand the range of data it can request simply by sending companies secret requests for information in the form of national security letters, or NSLs. Those letters do not require a court order. If the amendment passed, the FBI would be authorized to get ahold of data like email headers and URL browsing history without ever asking a judge — and the company wouldn’t be allowed to talk about it. Cornyn insisted that the amendment is “Director Comey’s number one legislative priority” and would only allow access to information about online behavior, not any content. He assured the Judiciary Committee the new power would be “tightly controlled by the FBI and the inspector generals to make sure they’re not used frivolously.” Sen. Mike Lee, R-Utah, co-sponsor of the overall bill, said Cornyn is downplaying the importance of metadata. “The fact that it’s just metadata doesn’t dismiss the problems,” he said. “If the government can look into exactly what website someone is visiting, they can tell a whole lot about that person.” Another complication is that, as the Intercept reported last week, the FBI has been continuing to request email metadata and browsing records from companies like Yahoo, despite the fact that a Justice Department opinion in 2008 said it wasn’t authorized to demand them. The Cornyn amendment would formalize that power. Lee and Leahy pulled the bill from consideration to continue working with the committee to try and eliminate the controversial amendments. Related: Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records FBI Kept Demanding Email Records Despite DOJ Saying It Needed a Warrant Sign up for The Intercept Newsletter here.The post Senator Tells Funny J. Edgar Hoover Story to Warn Against Expanded FBI Surveillance Power appeared first on The Intercept.


NSA Looking to Exploit Internet of Things, Including Biomedical Devices, Official Says


The National Security Agency is researching opportunities to collect foreign intelligence—including the possibility of exploiting Internet-connected biomedical devices like pacemakers, according to a senior official. “We’re looking at it sort of theoretically from a research point of view right now,” Richard Ledgett, the NSA’s deputy director, said at a conference on military technology at Washington’s Newseum on Friday. Biomedical devices could be a new source of information for the NSA’s data hoards—“maybe a niche kind of thing…a tool in the toolbox,” he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents. When asked if the entire scope of the Internet of Things, billions of interconnected devices, would be “a security nightmare or a signals intelligence bonanza,” he replied: “both.” “As my job is to penetrate other people’s networks, complexity is my friend…,” he said. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.” When the agency is looking to exploit different new devices, NSA has to prioritize its resources—usually focused on the “bad guys’” tech of choice, rather than popular gadgets in the U.S, Ledgett explained. That’s why the NSA wasn’t able to help the FBI crack the iPhone of the San Bernardino shooter, Syed Rizwan Farook, he said—because the agency hadn’t invested in exploiting that particular model of phone. “We don’t do every phone, every variation of phone,” he said. “If we don’t have a bad guy who’s using it, we don’t do that.” Ledgett isn’t the only intelligence official to identity the growing Internet of Things as a possibility for global spying. The Director of National Intelligence himself said during a Senate hearing on worldwide threats in February that interconnected devices could be useful “for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.” Clapper’s office has since cautioned in a letter to Senator Ron Wyden, D-Ore. that “information obtained from a refrigerator, a washing machine, or a child’s toy” can’t replace other types of signals intelligence, like the content of terrorists’ communications. Ledgett also said it wasn’t the agency’s place to mandate security standards for companies when it comes to new devices. But NSA can’t ignore the potential that biomedical devices might be hacked by outsiders, too. Ledgett said no NSA employee has needed an Internet connected biomedical device yet—but that when it does happen, it will be a concern for an agency that doesn’t allow for cell phones. “We haven’t figured that out yet,” Ledgett said. Sign up for The Intercept Newsletter here.The post NSA Looking to Exploit Internet of Things, Including Biomedical Devices, Official Says appeared first on The Intercept.


Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records


A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy. If passed, the change would expand the reach of the FBI’s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs—most commonly information about the name, address, and call information associated with a phone number or details about a bank account. Since a 2008 Justice Department ruling, the FBI has not been allowed to use NSLs to demand “electronic communication transaction records” such as email subject lines and other metadata, or URLs visited. The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of its provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.” Wyden’s office would not clarify whether the provision would also allow the FBI to demand web-surfing histories and other such information. It’s unclear how or when the provision was added, although Sens. Richard Burr, R-N.C, —the committee’s chairman—and Tom Cotton, R-Ark., have both offered bills in the past that would address what the FBI calls a gap and privacy advocates consider a serious threat to civil liberties. “At this point, it should go without saying that the information the FBI wants to include in the statue is extremely revealing—URLS, for example, may reveal the content of a website that users have visited, their location, and so on,” Andrew Crocker, staff attorney for the Electronic Frontier Foundation wrote in an email to The Intercept. “And it’s particularly sneaky because this bill is debated behind closed doors,” Robyn Greene, policy counsel at the Open Technology Institute, said in an interview. In February, FBI Director James Comey testified during a Senate Intelligence Committee hearing on worldwide threats that the FBI’s inability to get email records with NSLs was a “typo”—and that fixing it was one of the FBI’s top legislative priorities . Greene warned at the time: “Unless we push back against Comey now, before you know it, the long slow push for an [Electronic Communications Transactional Records] fix may just be unstoppable.” The FBI used to think that it was in fact allowed to get email records with NSLs, and did so routinely until the Justice Department under George W. Bush told the FBI they had interpreted their powers over broadly. Ever since then, the FBI has tried to get that power and been rejected, including during negotiations over the USA Freedom Act. The FBI’s power to issue NSLs is actually derived from the Electronic Communications Privacy Act—a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications – not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week. Sen. John Cornyn, R-Tex., is expected to offer an amendment that would mirror the provision in the intelligence bill. Privacy advocates warn that adding it to the broadly supported reform effort would backfire. “If [the provision] is added to ECPA, it’ll kill the bill,” Gabe Rottman, deputy director of the Center for Democracy and Technology’s freedom, security, and technology project wrote in an email to The Intercept. “If it passes independently, it’ll create a gaping loophole. Either way, it’s a big problem and a massive expansion of government surveillance authority.” NSLs have a particularly controversial history. Justice Department Inspector General Glenn Fine in 2008 blasted the FBI for using NSLs supported by weak evidence and documentation to collect information on Americans, some of which “implicated the target’s First Amendment rights.” “NSLs have a sordid history. They’ve been abused in a number of ways, including… targeting of journalists, and…use to collect an essentially unbounded amount of information,” Crocker wrote. One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters’ existence to anyone, much less the public. Sign up for The Intercept Newsletter here.The post Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records appeared first on The Intercept.


FBI Chooses Secrecy Over Locking Up Criminals


The Federal Bureau of Investigation’s refusal to discuss even the broad strokes of some of its secret investigative methods, such as implanting malware and tracking cellphones with Stingrays, is backfiring — if the goal is to actually enforce the law. In the most recent example, the FBI may be forced to drop its case against a Washington State school administrator charged with possessing child porn because it doesn’t want to tell the court or the defense how it got its evidence—even in the judge’s chambers. The FBI reportedly used a bug in an older version of the free anonymity software Tor to insert malware on the computers of people who accessed a child-porn website it had seized. The malware gave agents the ability to see visitors’ real Internet addresses and track them down. Defense lawyers for Jay Michaud of Vancouver, Wash., argued they had the right to review the malware in order to pursue their argument that the government compromised the security of Michaud’s computer, leading to the illicit material ending up there unintentionally. U.S. District Court Judge Robert Bryan in Tacoma agreed. “The consequences are straightforward: the prosecution must now choose between complying with the Court’s discovery order and dismissing the case,” Michaud’s defense attorneys wrote in a brief filed last week. The FBI’s lawyers took what they described as the “unusual step” in late March of asking the judge to reconsider his order, repeating earlier arguments that revealing the full details of the technique would be “harmful to the public interest.” The information might damage future investigations by allowing potential targets to learn about the FBI’s tactics, its attorneys argued, and might “discourage cooperation from third parties and other governmental agencies who rely on these techniques in critical situations.” The bureau sometimes pays third parties for exploitable security flaws, which lose their market value when they are made public and get fixed. FBI officials declined to comment to The Intercept about their legal strategy. In their frequent public arguments against unbreakable encryption, FBI officials have been arguing that public safety takes precedence over personal privacy. But if this case gets dropped, the “defendant walks because the Government has decided that its secrecy trumps someone else’s becoming a victim of Crime Everyone Hates,” Scott Greenfield, criminal defense lawyer, wrote in his blog Simple Justice. “The FBI would rather let a criminal go free than actually follow a court order designed to ensure a fair defense” even though revealing the bug “would almost certainly not help the defense,” tweeted Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California. And this isn’t the first time FBI has expressed “its preference for secrecy over public safety,” tweeted Amie Stepanovich, U.S. policy manager for digital rights group Access Now. Indeed, the FBI’s insistence on keeping certain surveillance tools secret —particularly the Stingray, or IMSI catcher, which imitates a cellphone tower to secretly grab up data about nearby phones – is letting criminals go free. In Baltimore, 2,000 convictions may be overturned because of evidence that the police and the FBI purposefully withheld and then lied about the capabilities of the technology. And last week, a city judge in Baltimore reluctantly tossed out key murder evidence gathered after the use of a cell site simulator because the police, who had been concealing use of the device as part of a nondisclosure agreement with the FBI, used it without getting a search warrant. She called it an “unconstitutional search.” Journalists have also reported on cases in New York and Florida where the FBI instructed prosecutors to offer a deal or drop the case entirely to hide details about the technology. In Milwaukee, the FBI simply tried to hide its use entirely from the record. At least 20 local agencies have signed non-disclosure agreements when they purchase Stingrays, according to privacy advocate Mike Katz-Lacabe who keeps track. The American Civil Liberties Union and other groups have chronicled federal and local law enforcement use of Stingrays in at least 23 states. “We still don’t know all of the law enforcement agencies that actually have StingRay/HailStorm/DRTbox devices,” Katz-Lacabe wrote in an email to The Intercept. “With a few exceptions, we don’t know how they are used by each agency or how frequently. We don’t know their full range of impact on nearby phones as we don’t know the technical capabilities of the amplifiers and antennas that are used with the devices. We don’t know which agencies are using equipment that can actually intercept calls instead of just track them. I think that more cases will be thrown out as defense attorneys, judges, and the public learn about the technology that law enforcement has tried to keep secret,” he wrote. Nathan Wessler, an attorney with the ACLU’s Speech, Privacy, and Technology Project, says the FBI’s openness about Stingrays seems to have gotten a little better since the DOJ updated its Stingray policy in September 2015 to increase privacy protections and legal requirements. “It looks like the DOJ policy has had an effect at least on what the FBI is telling judges when it seeks judicial authorization. The FBI should have exercised at least this level of candor with judges starting years ago, but at least there’s evidence that they’re doing so now,” he wrote in an email to The Intercept. And yet, he wrote: “The biggest continuing problem involving FBI secrecy about Stingrays is at the state and local level, where the FBI’s non-disclosure agreement has kept judges, defense attorneys, and the public in the dark.” When it comes to hacking tools, the FBI’s secrecy is “still intense,” Wessler concluded. Sign up for The Intercept Newsletter here.The post FBI Chooses Secrecy Over Locking Up Criminals appeared first on The Intercept.


New Study Shows Mass Surveillance Breeds Meekness, Fear and Self-Censorship


A newly published study from Oxford’s Jon Penny provides empirical evidence for a key argument long made by privacy advocates: that the mere existence of a surveillance state breeds fear and conformity and stifles free expression. Reporting on the study, the Washington Post this morning described this phenomenon: “If we think that authorities are watching our online actions, we might stop visiting certain websites or not say certain things just to avoid seeming suspicious.” The new study documents how, in the wake of the 2013 Snowden revelations (of which 87% of Americans were aware), there was “a 20 percent decline in page views on Wikipedia articles related to terrorism, including those that mentioned ‘al-Qaeda,’ “car bomb’ or ‘Taliban.’” People were afraid to read articles about those topics because of fear that doing so would bring them under a cloud of suspicion. The dangers of that dynamic were expressed well by Penny: “If people are spooked or deterred from learning about important policy matters like terrorism and national security, this is a real threat to proper democratic debate.” As the Post explains, several other studies have also demonstrated how mass surveillance crushes free expression and free thought. A 2015 study examined Google search data and demonstrated that, post-Snowden, “users were less likely to search using search terms that they believed might get them in trouble with the US government” and that these “results suggest that there is a chilling effect on search behavior from government surveillance on the Internet.” The fear that causes self-censorship is well beyond the realm of theory. Ample evidence demonstrates that it’s real – and rational. A study from PEN America writers found that 1 in 6 writers had curbed their content out of fear of surveillance and showed that writers are “not only overwhelmingly worried about government surveillance, but are engaging in self-censorship as a result.” Scholars in Europe have been accused of being terrorist supporters by virtue of possessing research materials on extremist groups, while British libraries refuse to house any material on the Taliban for fear of being prosecuted for material support for terrorism. There are also numerous psychological studies demonstrating that people who believe they are being watched engage in behavior far more compliant, conformist and submissive than those who believe they are acting without monitoring. That same realization served centuries ago as the foundation of Jeremy Bentham’s Panopticon: that behaviors of large groups of people can be effectively controlled through architectural structures that make it possible for them to be watched at any given movement even though they can never know if they are, in fact, being monitored, thus forcing them to act as if they always are being watched. This same self-censorsing, chilling effect of the potential of being surveilled was also the crux of the tyranny about which Orwell warned in 1984: There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You have to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized. This is a critical though elusive point which, as the Post notes, I’ve been arguing for years, including in the 2014 TED talk I gave about the harms of privacy erosions. But one of my first visceral encounters with this harmful dynamic arose years before I worked on NSA disclosures: it occurred in 2010, the first time I ever wrote about WikiLeaks. This was before any of the group’s most famous publications. What prompted my writing about WikiLeaks back then was a secret 2008 Pentagon Report that declared the then-little-known group a threat to national security and plotted how to destroy it: a report which, ironically enough, was leaked to WikiLeaks, which then published it online. (Shortly thereafter, WikiLeaks published a 2008 CIA report describing (presciently, it turns out) how the best hope for maintaining popular European support for the war in Afghanistan would be the election of Barack Obama as President: since he would put a pretty, popular, progressive face on war policies.) As a result of that 2008 report, I researched WikiLeaks and interviewed its founder, Julian Assange, and found that they had been engaging in vital transparency projects around the world: from exposing illegal corporate waste-dumping in East Africa to political corruption and official lies in Australia. But they had one significant problem: funding and human resource shortfalls were preventing them from processing and publishing numerous leaks. So I wrote an article describing their work, and recommended that my readers support that work either by donating or volunteering. And I included links for how they could do so. In response, a large number of American readers expressed – in emails, in the comment section, at public events – the fear to me that, while they support WikiLeaks’ work, they were petrified that supporting them would cause them to end up on a government list somewhere or, worse, charged with crimes if WikiLeaks ended up being formally charged as a national security threat. In other words, these were Americans who were voluntarily relinquishing core civil liberties – the right to support journalism they believe in and to politically organize – because of fear that their online donations and work would be monitored and surveilled. Subsequent revelations showing persecution and surveillance against WikiLeaks and its supporters, including an effort to prosecute them for their journalism, proved that these fears were quite rational. There is a reason governments, corporations, and multiple other entities of authority crave surveillance. It’s precisely because the possibility of being monitored radically changes individual and collective behavior. Specifically, that possibility breeds fear and fosters collective conformity. That’s always been intuitively clear. Now, there is mounting empirical evidence proving it. Sign up for The Intercept Newsletter here.The post New Study Shows Mass Surveillance Breeds Meekness, Fear and Self-Censorship appeared first on The Intercept.