Profile - 06 Nov 2013
Without a Trace
Berlin’s role in data surveillance and the NSA scandal: an interview with Constanze Kurz
JÖRG HEISER Did the scope of the NSA surveillance scandal come as a surprise to the Chaos Computer Club – which you are a spokesperson for – or to the prominent Internet activist scene here in Berlin?
CONSTANZE KURZ I wouldn’t necessarily have expected that informants were planted in companies or that companies were being put under pressure and were cooperating beyond the legal minimum. Nor that the security agencies were asking for access to masterkeys and in some cases were being given them.
JH Do you know of any German citizens who’ve had trouble entering the US having accessed non-criminal data?
CK Oh yeah, lots. Just look at all the active Wikileaks supporters. There are no charges against them, but some of them aren’t allowed into the US anymore – and not just there. This is a form of repression against which there’s no legal defence. You can’t even find out which blacklist you’re on: you just get sent back to wherever you came from, and that’s it. To take another example, the American artist Hasan M. Elahi, who was born in Bangladesh and grew up in New York, was put on an FBI terrorist watch list in 2002. After that he had problems whenever he tried to cross international borders. He got so scared of ending up in Guantanamo that he started meticulously documenting every detail of his life online, posting loads of photos of everything [trackingtransience.net] – as a sort of protection against disappearing unnoticed. This all happened long before any hipsters started blathering about ‘post-privacy’.
JH It seems we’re caught in a dilemma between, at one end, the kind of radical online transparency Elahi used to protect himself and, at the other, the crypto parties where people learn how to be anonymous online.
CK I’ve actually become quite exasperated with the idea that transparency can protect anyone.
JH But don’t dissidents in places like China and Russia also protect themselves from attacks through radical transparency? Think of Ai Weiwei’s assistants filming his every move.
CK Yes, but that didn’t stop him from being thrown into solitary confinement for 81 days and then banned from leaving China. I really don’t think transparency changes much.
JH But the only other option is even more encryption of your own data, which is ultimately just private amusement without much political impact, isn’t it?
CK Data is money – that’s a bigger leverage than the environmental movement has ever had. If more and more people approach their own data in a more conscientious way, it will change the market. And it’s through these individual efforts that political changes become possible. Until
we manage to sensitize a significant portion of the public to this point, our demands will never have any political muscle.
JH Isn’t there also a need for some conventional lobbying? Like convincing the big German software or car companies to exert pressure to make digital corporate espionage more difficult?
CK These companies have been aware of this for a long time. That’s clear from their press releases about securing IT infrastructures and protecting themselves through encryption. Clearly mindsets are shifting. You can also see it in American providers’ quarterly earnings. US companies are scared, especially in the field of cloud computing.
JH Are we all just going to have to get used to having at least two online identities – a public one under your real name and a private, anonymous one?
CK You see a lot of people doing that already, especially teenagers. They know their parents and teachers are watching them on Facebook, so they’ll have one clean-cut-looking profile under their real name – one that can also be vetted by potential employers. Then somewhere else they’ll have the fake-name, dirty-flirty profile. That’s become pretty standard.
JH Does the Internet activist subculture feel threatened by the prospect of the Edward Snowden revelations bringing the scene into the mainstream?
CK This has been going on since before Snowden, and it’s a process that’s basically been completed at this point: the ‘look, we told you so’ moment has arrived. But the sheer callousness, audacity and variety of surveillance activities has really deflated any possible sense of vindication. The feeling is more: sure, I told you so, but even I didn’t know how bad it really was.
JH Why is Berlin so prominent in this discussion? Is it because of the Chaos Computer Club? Or is it the connection to American critics of the US spy agencies like programmer Jacob Appelbaum, who’s in touch with Snowden, and filmmaker Laura Poitras, who got the whole Snowden story going?
CK For a long time there’s been a scene in Berlin that people like Appelbaum could immediately plug into, a scene with a genuine shared mindset that goes beyond the purely technological. Appelbaum’s a hacker first and foremost. He’s been spending time here in Berlin for many years. He speaks very good German and he considered coming to Berlin even before harassment at the border and other intimidation attempts started.
JH How is the American hacker world different from the German scene?
CK One of the main reasons Poitras and Appelbaum use Berlin as a place of retreat is that so much of the American hacker scene is in some way compromised or corrupted. A lot of the hackers there are known to have – at least at some point – worked for the government, security agencies or the companies that do contract work for them. German hackers are much more removed from this complicity. The outlook here is also more international. Whether you hold it against them or not, the fact is that the Americans take a much more insular, inward-focused view of a lot of things. Another thing is: you can say what you will about the German state, but for the most part we’re actually very fortunate here in terms of the rule of law and freedom from the threat of repression. Of course there are historical reasons for this, but in any case Guantanamo or drone targeted killings – which have been a reality for a decade now – would be inconceivable in Germany.
JH The NSA’s activities are overseen by secret courts, which are apparently doing an inadequate job. Is there anything comparable in Germany?
CK There are no secret courts in Germany. But if you take a look at the Bundestag’s G10 Commission or the Parliamentary Control Panel, you can see some areas that are totally unchecked. In the past I really don’t think that would have been tolerated.
JH You’ve been an expert witness for various bodies, from parliamentary committees to Germany’s Federal Constitutional Court …
CK Yes, and now I’m heading to Strasbourg as a complainant to the European Court of Human Rights. We need to test whether the rule of law will stand in Europe. We can’t file against the NSA in a European court, but we do have the Brits, who are signatories to the European Convention on Human Rights. I want to find out whether that signature has any value. English PEN, Big Brother Watch and the Open Rights Group are filing jointly with me.
JH So do you see any hope for legal initiatives to support data protection?
CK Actually there are loads of possibilities, both at the national and at the European level. In Germany, so far Die Linke (the Left Party) has been the only one to clearly and consistently call for more stringent oversight of spy agencies’ activities. If another party were to take up the cause, they’d really stand to gain a lot politically.
JH Do you see any in-fighting emerging between a faction that issues a call to digital arms and acts like they’re in a data war – like Julian Assange in his foreword to the 2012 book Cypherpunk – and a faction that does less glamorous things like, say, going to Strasbourg to file legal complaints?
CK I don’t see just two sides here, there’s also a third group: the subversive hedonists. What they’re doing is taking advantage of the privileges we have here in Germany to speak out – for example, mocking the ludicrous emptiness of the officialese that’s spouted on this topic. One example that comes to mind is the organized walking tours to the Dagger Complex, the US military intelligence base outside Darmstadt. Or similar walking tours to the new BND (German Intelligence Service) complex in Berlin’s Mitte district. Christoph Faulhaber, for example, has done some really interesting performances: in 2009 he put a ladder in front of the wall around the BND construction site to peer over the wall. It turned out that legally nobody could stop him. He also had some earlier performances in front of the US Embassy in Berlin, where he turned up as a fake security guard called Mr Security. In 2008 he actually had to cancel a residency he was on in New York because he was visited by the FBI.
JH At least in comparison, the German authorities still seem rather restrained.
CK Whether on a parliamentary, judiciary or activist level, basic rights and data protection still mean something in Germany. From the outside, this is regarded as being typically German somehow, as showing some sort of hostility to innovation and stubborn rigidity about principles. Articles in newspapers outside Germany are always saying ‘oh, of course the Germans would act that way, with their history with the Gestapo and then the Stasi.’ It’s a combination of accusation and sympathy: these Germans, they’re a bit behind the times, but they’re conscious of their history. And meanwhile the intelligence services of the Five Eyes – the Americans, British, Canadians, Australians and New Zealanders – are operating totally differently. They have a de facto map of all digital social contact in the Western world. They’re assembling profiles of anyone important, and I’m not talking about some snapshot, I mean a profile with a full history of this person’s communication. These people don’t throw anything away.
JH How can we protect ourselves against this? Is the answer a sort of stringent data asceticism? Should we be painstakingly encrypting all our communications?
CK For me, encrypting my communication isn’t painful or laborious. On the contrary, it gives me a sense of wellbeing. I got used to it years ago. But I know it’s difficult for a lot of people. It takes them a long time to discover the sexiness in it. It’s hard to explain the feeling of wellbeing that comes with knowing that nobody’s poking around in my online communications. And an ascetic approach to data would be incredibly difficult. We live in a society based on being informed. The well-informed citizen has always been the better citizen. In contrast to asceticism, starting to encrypt things or to avoid using particular services because you don’t trust their providers isn’t something that turns your life upside down. It just means taking incremental steps, much like how you might gradually change your eating habits to eat less meat.
JH Back during the Cold War you could sometimes tell that a letter had already been opened or that someone was listening in on a phone call. Is there any comparable way of detecting digital surveillance?
CK Unfortunately there isn’t. I remember that from my own life as a kid in the GDR: we had a telephone that we shared with our neighbours, and you could hear the clicking sound on the line. But now technological surveillance is mostly undetectable – unless, that is, the surveillor wants the surveilled to know they’re being watched. Or if something goes wrong, you might notice, for example, that something’s suddenly off about your phone bill. But when everything runs smoothly there are no traces. Surveillance doesn’t alter communication in any way; it just makes a copy of it.
Translated by Jane Yager
First published in Issue 12