PRISM, government surveillance, and Wikimedia: Request for community feedback

This post is available in 2 languages: English Español

This post is available in 2 languages

Last week, news outlets published information about a U.S. government internet surveillance program called PRISM[1] that reportedly enables the U.S. government to directly collect personal information from the servers of certain U.S.-based service providers.[2] Most of the service providers that were allegedly involved have denied participating in PRISM,[3] but President Obama appears to have acknowledged and defended the existence of the program.

Uncertainty and open questions persist about the nature and scope of PRISM. These public reports, and the conflicts among them, have raised concerns in the Wikimedia community, including at the Wikimedia Foundation.

Where we stand

The Wikimedia Foundation has not received requests or legal orders to participate in PRISM, to comply with the Foreign Intelligence Surveillance Act (FISA), or to participate in or facilitate any secret intelligence surveillance program. We also have not “changed” our systems to make government surveillance easier, as the New York Times has claimed is the case for some service providers.[4]

Why we care

Freedom of speech and access to information are core Wikimedia values. These values can be compromised by surveillance: editors and readers understandably are less willing to write and inform themselves as honestly and freely. Put simply, “rights of privacy are necessary for intellectual freedom.”

In addition, while PRISM is a United States government program, the global nature of internet traffic, and the alleged sharing of surveillance information between governments, means that Internet users around the world are potentially affected. Because of this, we feel an obligation to our entire global community of contributors and readers to further understand (and possibly respond to) this issue.

Consultation and action

Because of the many open questions about PRISM, and the potential importance of this issue to our core values, we feel it is appropriate to consult with the Wikimedia community about what next steps we might take.[5] In our opinion, governments must be transparent to their publics. This transparency is essential to our ability (and that of other like-minded organizations) to determine whether a legal or constitutional challenge is appropriate in a case like this.

Mozilla, the Electronic Frontier Foundation, the Free Software Foundation, and the Center for Democracy and Technology, among many others, have begun to work together on this issue. They have started by preparing an open letter to the U.S. Congress, calling for transparency, investigation, reform, and accountability, and have asked individuals and other interested organizations—like the Wikimedia Foundation—to join them.

As we see it, we have an important role to play in helping ensure protections for free expression and access to information as it relates to our mission.  We accordingly feel that the Wikimedia Foundation should collaborate with these organizations, and possibly others, and join in their effort to demand that the government account for and explain its internet surveillance programs.

That said, we want to hear from you on these topics before we take any action. Should we join with these organizations in their public statements and efforts as they relate to the Wikimedia community’s values and mission? Please leave your thoughts at https://meta.wikimedia.org/wiki/PRISM. We will consider all feedback, but, because events are moving quickly, we feel we need to make a decision on this by June 21, 2013.[6]

With our thanks,
Geoff Brigham
General Counsel, Wikimedia Foundation
[7]

[We are professionally translating this blog post and feedback page into German, French, Spanish and Japanese and hope to post by Tuesday.  With our appreciation, we ask the international Wikimedia community to help in translating this blog post and the feedback page (which are almost the same) into other languages, as well as people’s feedback given throughout the course of this consultation period.]

Notes

  1. The Washington Post and The Guardian broke the story on June 6.
  2. An early report alleged remarkable breadth of data accessible under the program. CNET has since reported, however, that the program at least involves some formalized and particularized process.
  3. TechCrunch has published denials from eight allegedly-involved organizations.
  4.  Surveillance is possible without our cooperation. As a result, snooping on general internet traffic by governments or others may affect our contributors and readers. To help block this, Wikimedia sites are already reachable under HTTPS, and installing HTTPS Everywhere makes this the default. We are working toward increasingly making HTTPS the default both for readers and logged-in users without the need to install an extension. Updates will be posted to our engineering blog.
  5. As you may know, the Wikimedia community worked with the Wikimedia Foundation to put together a policy on the Foundation’s association with certain political or policy issues. It applies when, among other things, the Wikimedia Foundation seeks to collaborate with other organizations to take action on a particular policy or political question.  Under this policy, community consultation is highly valued.
  6. This proposal is intended only to address the participation of the Wikimedia Foundation and is not intended to restrict other Wikimedians from acting in their personal capacity.
  7. Special thanks to the entire LCA team for their hard work in helping research and draft this blog post, with my special appreciation to Luis Villa, Deputy General Counsel; Matthew Collins, Legal Intern; and Stephen LaPorte, Legal Counsel.

Categories: Legal
Tags: ,
Categories:

Tags:
15 Show

15 Comments on PRISM, government surveillance, and Wikimedia: Request for community feedback

KREMER,LILIANE 3 months

J’ai déjà fait pleins de démarches pour qu’on m’enlève la CROIX GAMMEE qui se trouve sur ma page ‘images’. On vient de la déplacer mais se trouve dans la 22ème rangée. J’ai perdu tant de membres de ma famille durant cette guerre que j’ai vécu vu mon âge avancé que je vous supplie de me l’enlever. Cela ne se trouve chez personne d’autre. La lutte contre le nazisme, on l’a connu. Pourquoi suis-je, moi, pénalisée de voir encore cette horreur après tant d’années de souffrances? Je ne sais pas comment me défaire de cette CROIX à MASQUE GAMMEE? Pour vous, ce n’est rien d’enlever cela !!!MERCI
Liliane Kremer Bruxelles

Ed Spencer 4 months

What was fiction is becoming or has become reality. I recall George Orwell’s 1984 and “Big Brother”. This recollection is more poignant now.

Elena M. 4 months

No es favorable expandir una idea cuando una política de revisión que el gobierno quiere implementar asegurará que podrías ser juzgado sobre tus ideas y a la vez tratarán de influir en ellas de manera que puedan mover a una gran mas de personas con el simple hecho de saber que piensan, sin embargo de manera casi segura con respecto a la libre edición de datos en la red, estoy completamente a favor de lo que la fundación wikipedia hace, puesto que su gran influencia podría hacer a una gran parte de la población despertar y darse cuenta de que los “pequeños problemas a la larga podrían acabar con la libre expresión de la que todos deberíamos gozar.

jduranboger 1 year

Respaldo el que la Fundación tome acciones respecto a este asunto. Creo que es una cuestion de principios y consecuencia con los valores que promueve y practica.

La libertad de expresión, el derecho de acceso a la información, el derecho a la privacidad son esenciales para cualquier individuo y para toda la sociedad -léase humanidad- en su conjunto.

El proyecto Gutemberg, FSF, Mozilla, Wikipedia, Internet Archive y muchos otros proyectos y organizaciones nos dan la posibilidad hoy en día de elegir ejercer nuestros derechos y ser libres, o cambiar nuestra libertad por nuestra comodidad.

El rápido desarrollo de la tecnología fácilmente rebasa las previsiones de los legisladores, existen muchos vacios legales por los cuales es fácil que individuos, compañias y gobiernos saquen provecho.

A la vez, es fácil que los individuos se confundan y utilicen servicios, aplicaciones o dispositivos sin entenderlos.

Sean los que fueren los alcances y propósitos de PRISM, creo que la tarea más importante es concientizar a las personas respecto a la forman como usan internet y las consecuencias que conlleva. En el momento en que uno decide utilizar cualquier servicio y hace click aceptando términos de uso que no ha leido o que no comprende renuncia a sus derechos y menoscaba su libertad.

Geoff Brigham 1 year

We have not received any National Security Letters.

NS 1 year

The fact that Mr. Brigham doesn’t say anything about National Security Letters (NSLs) implies that the Wikimedia Foundation has in fact received and complied with NSLs. Who knows how many…

Mark B. 1 year

I applaud the Wikimedia foundation for taking action.

It is to my knowledge that the “collection” of data from those internet companies mentioned in the leaks are not done willingly, but unknowingly through a massive collection of packets that travel to and from their data centers (very similar to the upstream method found here http://en.wikipedia.org/wiki/Room_641A).

If this is true, the only preventative way of circumventing such “prism” taps would entail allocating your data centers, specifically for North America, outside of United States jurisdiction — to Canada and Mexico, for example. However, user packets that are sent to and from Wikipedia are still very vulnerable as they will traverse private ISPs in the U.S., those of which are supposedly already under surveillance.

An immediate response would be implementing a secure SSL connection for users inside the United States.

I hope the Wikimedia foundation, along with other key organizations, continue to fight for a free, open and secure internet.

I thank you all for your efforts.

Verdy_p 1 year

About note 2: it has been revealed that the alleged minor limits on the scope of surveillance only applies to US nationals living in US, but in fact this is only determined by a fuzzy reasonnable conviction that the location and nationality Internet user is not really very well determined. These fuzzy limits imply that more than half of US citizens will be spiable independantly of these limits.

The limitations of budgets for the US agency means that they will in fact just scope some keywords to determine this.

In addition this minor limitation of sope also means that US citizens located abroad, or accessing the Internet via foreign networks will be spied without knowing it. As well, the world trafic from abroad that can reach a US network is tremendous, due to the many third-parties involved in delivering Internet services in the world. So anyone in the world will not be subject to these limitation of scope, and can have their personal data or opinion gathered, stored, and searched in the US agency “Big Data” systems, and kept for unlimited time.

There’s absoutely no limits on the usage that will be done about these data, and it may be used to exercise pressures against people around the world, only for their political, social or economical views or actions, even if these actions are perfectly legal in these countries (and rules there by laws protecting their privacy). This could then be used not just for fighting against terrorism or international criminality (this is already allowed within international cooperations of law enforcement polices, under the scrutiny of national justice systems), but for any concern that the US government judges will be useful to protect its own economical interests, such as limiting the capability of saling things to US, or threatening them of nex taxes, or harassing their contacts in US that still work there in full compliance with US laws (for example refusing to contract with them, without having to justify why).

We’ve already seen people denied access to US when boarding a plane or only when they put their first foot on a US airport, for many false (unverified) allegations of links with terrorists, or international criminals, or their providers, only because they had a name similar to a growing list of people created in a multi-level web where those people have never had any contact or nay reason to believe that they were in contact with these seeked people. Every month now, this costs a lot of money to travel agencies around the world (or in US), and people are held in custody temporarily and ejected back to their country, based on false allegations or suspiscions. And legal contracts are broken unilaterally by the US governement? All these actions are made without any compensation (people may only defend their case in a US court, but they cannot go there and the only mean for them would be to pay a very costly US attorney, acting alone with very limited informations collected : only rich people can pay these services, without any warranty that false allegations or suspiscions will be removed from the databases, and new difficulties will reappear later, even if the initial allegations were proven completely wrong).

On the opposite, the US in fact does not collaborate with the same scale to fight against some US criminals, and offers a passive protection in many cases, not really limiting their actions (notably in cases of financial abuses and Internet abuses).

It is wellknown that US even pays them to act abroad, and will protect them by offering them immediate asylum in US in case of problems, and that legal threats against them abroad will be alerted to them, to limit the legal actions or embarass the investigators (using private information collected illegally from them, without them having any action in US, or against US, or being aware that this may impact some US politics or interests, other than fair and legal competition protected by international treaties and conventions).

This system of Internet surveillance is very unbalanced when we measure how the Internet is controlled from US, or its services are hosted in US for most critical operations, as well as a broad cloud of third-part providers of services (and of proprietary softwares, hardwares and very important technologies such as encryption, DRM systems, the PKI… and even HTTPS itself). The US detains the power-off button to cut any one at any moment from most parts of the Internet (even on services made abroad and not intended really to be used in US). The core infrastructure of the Internet cannot work without US control (or it can only work in a very limited subnetwork, but not on the “open” Internet we use everyday via our foreign ISPs, that are often liable themselves in US where they have some subsidiaries, and via international stock markets controling their corporate governance).

For these reasons, your note #2 tends to reduce the severity of the effective impact of this surveillance. Probably only about 100 millions of US citizens will be protected, within a world of 7 billions people (this is about 98.5% of the world population that will be under possible US scrutiny of their legal private life, at any time and for no reason at all at the time of this surveillance, but who will become some years laters to difficulties or personnal harassment…)

Nicholas Sammons 1 year

Should Wikimedia join in decrying PRISM? No.

It was OK when Wikimedia decided to make a stand on SOPA, b/c SOPA legislation had clear and obvious detrimental consequences on the functioning of Wikimedia.

It is not clear or obvious how PRISM or FISA has negative consequences on Wikimedia. In my view, the Foundation seems to have adopted the role of an internet freedom fighter, wanting to take a stand against anything perceived to threaten web users’ privacy and freedoms. Now, that might be an admirable position, but it’s also to some extent a political position and one that clashes with the foundation’s longstanding principle of remaining neutral on such issues.

arun 1 year

The US government doesn’t believe in humans, their values. So the PRISM happened.

Greg Maxwell 1 year

What people want to know is this:

“When I read Wikipedia is the government reading over my shoulder, logging my activity, and potentially inferring my politics and values?”

But they cannot find the answer to this simple question in your post. Allow me to help you with a frank answer:

For some users the answer is unequivocally yes: Wikimedia has _specific_ knowledge of authorities in some countries intercepting and monitoring traffic to Wikipedia.

For users who are concerned about observation by the US government the frank answer is “We probably couldn’t tell you if it were so, so asking us is pointless.”— if Wikimedia was ordered to lie by the United States government it would lie. It might fight such an order but it would lie until it won. Furthermore, individual members Wikimedia staff may also be acting under the influence of the US or other government without Wikimedia’s knowledge. It is difficult to be sure of the absence of surveillance.

Wikimedia also currently keeps detailed access logs which may be subpoenad (or stolen) at some time in the future and used to look for people (by IP address) were reading particular articles or which articles a particular IP address has read. Similar data— in the form of search engine logs— has been used in US courts in the past to prosecute people.

Fortunately the readers of Wikipedia aren’t helpless and don’t have to trade privacy for knowledge:

* If you use the https-everywhere browser add-on (https://www.eff.org/https-everywhere) the identify of the specific articles you read are hidden from any party who does not have Wikimedia’s cooperation.

* If you browse using Tor (https://www.torproject.org/) then your Wikipedia reading habits will be kept more private even if Wikimedia is cooperating with parties conducting surveillance, and the fact that you are using Wikipedia at all will be hidden.

* For smaller Wikipedia languages it is feasible to download the entire Wikipedia and read it offline at your leisure (http://en.wikipedia.org/wiki/Wikipedia:Database_download)

You can also limit your Wikipedia browsing to public wifi networks, although many keep logs, and libraries systems where no identification is required.

These actions can keep your reading private regardless of the specific surveillance program of concern or Wikimedia’s level of (non)-participation.

Anonymous 1 year

The united states government is only trolling the very low hanging fruit. Any serious netherios group knows the ways to circumvent detection. Its reminiscent of “weapons of mass destruction” and will be lapped up by the chattering classes on the net. Anonymous.

Leave a Reply

Your email address will not be published. Required fields are marked *