EFF’s Game Plan for Ending Global Mass Surveillance

Print Friendly, PDF & Email

 EFF.orgWe have a prob­lem when it comes to stop­ping mass surveillance.

The enti­ty that’s con­duct­ing the most extreme and far-reach­ing sur­veil­lance against most of the world’s communications—the Nation­al Secu­ri­ty Agency—is bound by Unit­ed States law.

That’s good news for Amer­i­cans. U.S. law and the Con­sti­tu­tion pro­tect Amer­i­can cit­i­zens and legal res­i­dents from war­rant­less sur­veil­lance. That means we have a very strong legal case to chal­lenge mass sur­veil­lance con­duct­ed domes­ti­cal­ly or that sweeps in Amer­i­cans’ communications.

Sim­i­lar­ly, the Unit­ed States Con­gress is elect­ed by Amer­i­can vot­ers. That means Con­gres­sion­al rep­re­sen­ta­tives are behold­en to the Amer­i­can peo­ple for their jobs, so pub­lic pres­sure from con­stituents can help influ­ence future laws that might check some of the NSA’s most egre­gious practices.

But what about every­one else? What about the 96% of the world’s pop­u­la­tion who are cit­i­zens of oth­er coun­tries, liv­ing out­side U.S. bor­ders. They don’t get a vote in Con­gress. And cur­rent Amer­i­can legal pro­tec­tions gen­er­al­ly only pro­tect cit­i­zens, legal res­i­dents, or those phys­i­cal­ly locat­ed with­in the Unit­ed States. So what can EFF do to pro­tect the bil­lions of peo­ple out­side the Unit­ed States who are vic­tims of the NSA’s spying?

For years, we’ve been work­ing on a strat­e­gy to end mass sur­veil­lance of dig­i­tal com­mu­ni­ca­tions of inno­cent peo­ple world­wide. Today we’re lay­ing out the plan, so you can under­stand how all the pieces fit together—that is, how U.S. advo­ca­cy and pol­i­cy efforts con­nect to the inter­na­tion­al fight and vice ver­sa. Decide for your­self where you can get involved to make the biggest difference.

This plan isn’t for the next two weeks or three months. It’s a mul­ti-year bat­tle that may need to be revised many times as we bet­ter under­stand the tools and author­i­ties of enti­ties engaged in mass sur­veil­lance and as more dis­clo­sures by whistle­blow­ers help shine light on sur­veil­lance abuses.

If you’d like an overview of how U.S. sur­veil­lance law works, check out our adden­dum.

Intro: Mass Surveillance by NSA, GCHQ and Others

The Nation­al Secu­ri­ty Agency is work­ing to col­lect as much as pos­si­ble about the dig­i­tal lives of peo­ple world­wide. As the Wash­ing­ton Post report­ed, a for­mer senior U.S. intel­li­gence offi­cial char­ac­ter­ized for­mer NSA Direc­tor Gen. Kei­th Alexander’s approach to sur­veil­lance as “Col­lect it all, tag it, store it… And what­ev­er it is you want, you go search­ing for it.”

The NSA can’t do this alone. It relies on a net­work of inter­na­tion­al part­ners who help col­lect infor­ma­tion world­wide, espe­cial­ly the intel­li­gence agen­cies of Aus­tralia, Cana­da, New Zealand, and the Unit­ed King­dom (col­lec­tive­ly known, along with the Unit­ed States, as the “Five Eyes.”) In addi­tion, the Unit­ed States has rela­tion­ships (includ­ing var­i­ous lev­els of intel­li­gence data shar­ing and assis­tance) with Bel­gium, Den­mark, France, Ger­many, Israel, Italy, Japan, the Nether­lands, Nor­way, Sin­ga­pore, Spain, South Korea, Swe­den, and poten­tial­ly a num­ber of oth­er coun­tries world­wide. There are also oth­er countries—like Rus­sia, Chi­na, and others—engaging in sur­veil­lance of dig­i­tal com­mu­ni­ca­tions with­out shar­ing that data with the NSA. Some of those gov­ern­ments, includ­ing the U.S. gov­ern­ment, are spend­ing bil­lions of dol­lars to devel­op spy­ing capa­bil­i­ties that they use aggres­sive­ly against inno­cent peo­ple around the world. Some of them may do so with even less over­sight and even few­er legal restrictions.

Although whistle­blow­ers and jour­nal­ists have focused atten­tion on the stag­ger­ing pow­ers and ambi­tions of the likes of the NSA and GCHQ, we should nev­er assume that oth­er gov­ern­ments lack the desire to join them. Agen­cies every­where are hun­gry for our data and work­ing to expand their reach. Read about inter­na­tion­al sur­veil­lance law reform and fight­ing back through user-side encryp­tion.

We focus here on the NSA because we know the most about its activ­i­ties and we have the most legal and polit­i­cal tools for hold­ing it to account. Of course, we need to know much more about sur­veil­lance prac­tices of oth­er agen­cies in the U.S. and abroad and expand our work togeth­er with our part­ners around the world to con­front sur­veil­lance as a world­wide epidemic.

Mass sur­veil­lance is facil­i­tat­ed by tech­nol­o­gy com­pa­nies, espe­cial­ly large ones. These com­pa­nies often have insuf­fi­cient or even slop­py secu­ri­ty prac­tices that make mass sur­veil­lance eas­i­er, and in some cas­es may be active­ly assist­ing the NSA in sweep­ing up data on hun­dreds of mil­lions of peo­ple (for exam­ple, AT&T). In oth­er cas­es, tech com­pa­nies may be legal­ly com­pelled to pro­vide access to their servers to the NSA (or they may choose to fight that access). Read more about how tech com­pa­nies can hard­en their sys­tems against sur­veil­lance.

The NSA relies on sev­er­al laws as well as a pres­i­den­tial order to jus­ti­fy its con­tin­ued mass sur­veil­lance. Laws passed by Con­gress as well as orders from the U.S. Pres­i­dent can cur­tail sur­veil­lance by the NSA, and the Supreme Court of the Unit­ed States also has author­i­ty to put the brakes on surveillance.

The Game Plan

Giv­en that the Amer­i­can legal sys­tem doesn’t ade­quate­ly pro­tect the rights of peo­ple over­seas, what can we do in the imme­di­ate future to pro­tect Inter­net users who may not be Americans?

Here’s the game plan for right now. Note that these are not con­sec­u­tive steps; we’re work­ing on them concurrently.

1.  Pres­sure tech­nol­o­gy com­pa­nies to hard­en their sys­tems against NSA surveillance

To date, there are unan­swered ques­tions about the degree to which U.S. tech­nol­o­gy com­pa­nies are active­ly assist­ing the NSA.

In some cas­es, we know that tech com­pa­nies are doing a lot to help the NSA get access to data. AT&T is a clear exam­ple of this. Thanks to whistle­blow­er evi­dence, we know AT&T has a secret room at its Fol­som Street facil­i­ty in San Fran­cis­co where a fiber optic split­ter cre­ates a copy of the Inter­net traf­fic that pass­es through AT&T’s net­works. That split­ter routes data direct­ly to the NSA.

Some com­pa­nies have tak­en things a step fur­ther and delib­er­ate­ly weak­ened or sab­o­taged their own prod­ucts to “enable” NSA spy­ing. We don’t know who’s done this or what they’ve done, but the NSA doc­u­ments make clear that it’s hap­pen­ing. It’s the height of betray­al of the pub­lic, and it could con­ceiv­ably be tak­ing place with the help even of some com­pa­nies that are loud­ly com­plain­ing about gov­ern­ment spying.

So what do we know about major tech com­pa­nies, like Google, Face­book, Yahoo, and Microsoft? Here we have mixed reports. Doc­u­ments pro­vid­ed by Edward Snow­den and pub­lished in the Guardian and the Wash­ing­ton Post name nine U.S. companies—Microsoft, Yahoo, Google, Face­book, PalTalk, AOL, Skype, YouTube, and Apple—as par­tic­i­pants in the NSA’s PRISM pro­gram. The doc­u­ments indi­cate that the NSA has access to servers at each of these com­pa­nies, and implies that these com­pa­nies are com­plic­it in the sur­veil­lance of their users.

The com­pa­nies, in turn, have strong­ly denied these alle­ga­tions, and have even formed alob­by group call­ing on gov­ern­ments to “lim­it sur­veil­lance to spe­cif­ic, known users for law­ful pur­pos­es, and should not under­take bulk data col­lec­tion of Inter­net communications.”

While a start, that’s a far cry from the role com­pa­nies could be play­ing. Tech com­pa­nies also have the abil­i­ty to hard­en their sys­tems to make mass sur­veil­lance more dif­fi­cult, and to roll out fea­tures that allow users to eas­i­ly encrypt their com­mu­ni­ca­tions so that they are so com­plete­ly secure that even their ser­vice providers can’t read them. Per­haps most impor­tant­ly, tech­nol­o­gy com­pa­nies must cat­e­gor­i­cal­ly resist attempts to insert back­doors into their hard­ware or software.

There’s also an impor­tant legal issue that can’t be ignored. Tech com­pa­nies are in a unique posi­tion to know about sur­veil­lance requests that are kept secret from the press and the pub­lic. These com­pa­nies may have the best chance to fight back on behalf of their users in court (as Yahoo has done).

What’s more, tech com­pa­nies lit­er­al­ly spend mil­lions of dol­lars to lob­by for laws in Wash­ing­ton and enjoy incred­i­ble access to and influ­ence over U.S. law­mak­ers. Often, com­pa­nies spend that mon­ey try­ing to derail poten­tial reg­u­la­tion. Instead, these com­pa­nies could be heav­i­ly pri­or­i­tiz­ing pos­i­tive sur­veil­lance reform bills.

So how do we get tech com­pa­nies to start fight­ing sur­veil­lance in court, hard­en­ing their sys­tems against sur­veil­lance, push­ing back against the admin­is­tra­tion, and lob­by­ing for real reform? We’re focused on transparency—uncovering every­thing we can about the degree to which big tech com­pa­nies are active­ly help­ing the government—and pub­lic pres­sure. That means high­light­ing ways that com­pa­nies are fight­ing sur­veil­lance and call­ing out com­pa­nies that fail to stand up for user privacy.

It’s why we’re proud to sup­port the Reset the Net cam­paign, designed to get com­pa­nies big and small to take steps to pro­tect user data. It’s also why we’re work­ing to make what com­pa­nies do and don’t do in this area more vis­i­ble. Cam­paigns like HTTPS Every­where and our work on email trans­port encryp­tion, as well as score­cards like Who Has Your Back are designed to poke and prod these com­pa­nies to do more to pro­tect all their users, and get them to pub­licly com­mit to steps that the pub­lic can objec­tive­ly check.

We also need to cul­ti­vate a sense of respon­si­bil­i­ty on the part of all those who are build­ing prod­ucts to which the pub­lic entrusts its most sen­si­tive and pri­vate data. The peo­ple who cre­ate our com­put­ing devices, net­work equip­ment, soft­ware envi­ron­ments, and so on, need to be very clear about their respon­si­bil­i­ty to the users who have cho­sen to trust them. They need to refuse to cre­ate back­doors and they need to fix any exist­ing back­doors they become aware of. And they need to under­stand that they them­selves, unfor­tu­nate­ly, are going to be tar­gets for gov­ern­ments that will try to pen­e­trate, sub­vert, and coerce the tech­nol­o­gy world in order to expand their spy­ing capa­bil­i­ties. They have a grave respon­si­bil­i­ty to users world­wide and we must use pub­lic pres­sure to ensure they live up to that responsibility.

2. Cre­ate a glob­al move­ment that encour­ages user-side encryption

Get­ting tech giants to safe­guard our dig­i­tal lives and chang­ing laws and poli­cies might be slow going, but any­body could start using encryp­tion in a mat­ter of min­utes. From encrypt­ed chat to encrypt­ed email, from secure web brows­ing to secure doc­u­ment trans­fers, encryp­tion is a pow­er­ful way to make mass sur­veil­lance sig­nif­i­cant­ly more difficult.

How­ev­er, encryp­tion can be tricky, espe­cial­ly if you don’t have a team of engi­neers to walk you through it the way we do at EFF. With that in mind, we’ve cre­at­ed Sur­veil­lance Self Defense, an in-depth resource that explains encryp­tion to folks who may want to safe­guard their data but have lit­tle or no idea how to do it.

We’ve already trans­lat­ed the mate­ri­als into Span­ish and Ara­bic, and we’re work­ing on even more translations.

             

We’ll con­tin­ue to expand these mate­ri­als and trans­late them into as many lan­guages as pos­si­ble, while also doing a pub­lic cam­paign to make sure as many peo­ple as pos­si­ble read them.

Again, the more peo­ple world­wide under­stand the threat and the more they under­stand how to pro­tect themselves—and just as impor­tant­ly, what they should expect in the way of sup­port from com­pa­nies and governments—the more we can agi­tate for the changes we need online to fend off the drag­net col­lec­tion of data.

3. Encour­age the cre­ation of secure com­mu­ni­ca­tion tools that are eas­i­er to use

Many of the tools that are using secu­ri­ty best prac­tices are, frankly, hard to use for every­day peo­ple. The ones that are eas­i­est to use often don’t adopt the secu­ri­ty prac­tices that make them resilient to surveillance.

We want to see this prob­lem fixed so that peo­ple don’t have to trade usabil­i­ty for secu­ri­ty. We’re rolling out a mul­ti-stage Cam­paign for Secure and Usable Cryp­to, and we kicked it off with a Secure Mes­sag­ing Score­card. The Secure Mes­sag­ing Score­card is only look­ing at a few cri­te­ria for secu­ri­ty, and the next phas­es of the project will home in on more chal­leng­ing secu­ri­ty and usabil­i­ty objectives.

The goal? Encour­ag­ing the devel­op­ment of new tech­nolo­gies that will be secure and easy for every­day peo­ple to use, while also push­ing big­ger com­pa­nies to adopt secu­ri­ty best practices.

4. Reform Exec­u­tive Order 12333

Most peo­ple haven’t even heard of it, but Exec­u­tive Order 12333 is the pri­ma­ry author­i­ty the NSA uses to engage in the sur­veil­lance of peo­ple out­side the U.S. While Con­gress is con­sid­er­ing much-need­ed reforms to the Patri­ot Act, there’s been almost no debate about Exec­u­tive Order 12333.

This exec­u­tive order was cre­at­ed by a stroke of the pen from Pres­i­dent Ronald Rea­gan in 1981. Pres­i­dent Oba­ma could undo the worst parts of this exec­u­tive order just as eas­i­ly, by issu­ing a pres­i­den­tial order ban­ning mass sur­veil­lance of peo­ple regard­less of their nationality.

We’ve already launched the first phase of our cam­paign to reform Exec­u­tive Order 12333.

5. Devel­op guid­ing legal prin­ci­ples around sur­veil­lance and pri­va­cy with the help of schol­ars and legal experts worldwide

The cam­paign got start­ed well before the Snow­den leaks began. It began with a rig­or­ous pol­i­cy doc­u­ment called the Inter­na­tion­al Prin­ci­ples on the Appli­ca­tion of Human Rights to Com­mu­ni­ca­tions Sur­veil­lance, which fea­tures 13 guid­ing prin­ci­ples about lim­it­ing sur­veil­lance. Writ­ten by aca­d­e­mics and legal experts from across the globe, the prin­ci­ples have now been endorsed by over 417 NGOs and 350,000 indi­vid­u­als world­wide, and have been the basis for a pro-pri­va­cy res­o­lu­tion suc­cess­ful­ly passed by the Unit­ed Nations.

The 13 Prin­ci­ples, as they’re also known, are also meant to work both local­ly and glob­al­ly. By giv­ing politi­cians and activists the con­text for why mass sur­veil­lance is a vio­la­tion of estab­lished inter­na­tion­al human rights law, they make it clear that legal­iz­ing mass surveillance—a path pro­mot­ed by the Five Eyes countries—is the wrong way for­ward. The 13 Prin­ci­ples are our way of mak­ing sure that the glob­al norm for human rights in the con­text of com­mu­ni­ca­tion sur­veil­lance isn’t the warped view­point of NSA and its four clos­est allies, but that of 50 years of human rights stan­dards show­ing mass sur­veil­lance to be unnec­es­sary and disproportionate.

6. Cul­ti­vate part­ners world­wide who can cham­pi­on sur­veil­lance reform on the local lev­el, and offer them sup­port and promotion

Katitza Rodriguez, EFF’s Inter­na­tion­al Rights Direc­tor, is rarely in our San Fran­cis­co office. That’s because the major­i­ty of her time is spent trav­el­ing from coun­try to coun­try, meet­ing with advo­ca­cy groups on the ground through­out Latin Amer­i­ca and parts of Europe to fight for sur­veil­lance law reform. Katitza and the rest of EFF’s inter­na­tion­al team assist these groups in work­ing to build coun­try-spe­cif­ic plans to end mass sur­veil­lance at home and abroad.

The goal is to engage activists and lawyers world­wide who can use the 13 Prin­ci­ples and the legal analy­ses we’ve pre­pared to sup­port them at the nation­al lev­el to fight against the on-going trend of increased sur­veil­lance pow­ers. For exam­ple, we teamed up with activists in Aus­tralia, Mex­i­co, and Paraguay to help fight data reten­tion man­dates in those coun­tries, includ­ing speak­ing in the Paraguayan Nation­al Congress.

EFF is espe­cial­ly focused on coun­tries that are known to share intel­li­gence data with the Unit­ed States and on try­ing to under­stand the pol­i­tics of sur­veil­lance behind those data shar­ing agree­ments and sur­veil­lance law proposals.

We’ve been shar­ing with and learn­ing from groups across the world a range of dif­fer­ent tac­tics, strate­gies, and legal meth­ods that can be help­ful in uncov­er­ing and com­bat­ing unchecked sur­veil­lance. Our part­ners are start­ing to devel­op their own nation­al sur­veil­lance law strate­gies, work­ing out a local­ized ver­sion of the Who Has Your Back cam­paign, eval­u­at­ing strate­gic lit­i­ga­tion, and edu­cat­ing the gen­er­al pub­lic of the dan­ger of mass surveillance.

In cer­tain locales, these bat­tles are polit­i­cal­ly and social­ly dif­fi­cult, in par­tic­u­lar in places where a cul­ture of fear has per­me­at­ed the soci­ety. We’ve seen anti-sur­veil­lance advo­cates wrong­ly paint­ed as allies of pedophiles or ter­ror­ists. In at least one of the coun­tries we’re work­ing in, anonymi­ty is for­bid­den in its con­sti­tu­tion. For some of our part­ners, pro­mot­ing a ratio­nal debate about check­ing gov­ern­ment pow­er abus­es can risk their very free­dom, with activists fac­ing jail time or even more seri­ous con­se­quences for speak­ing out.

Estab­lish­ing a bot­tom-up counter-sur­veil­lance law movement—even if it’s one based on com­mon sense and the entire his­to­ry of mod­ern democracies—isn’t easy. It’s a titan­ic task that needs the involve­ment of advo­cates around the world with dif­fer­ent tac­tics and strate­gies that are com­ple­men­tary. This is why we’ve also been work­ing to make con­nec­tions between activists in dif­fer­ent coun­tries, with case stud­ies like the Counter-Sur­veil­lance Suc­cess Sto­ries, and high­light­ing indi­vid­u­als who are proud to stand up and say “I Fight Sur­veil­lance.” We’re also team­ing up with part­ners, such as Panop­tykon Foun­da­tion, to share the strate­gies and tac­tics they used in Europe with local groups in Latin Amer­i­ca and vice-ver­sa. We’re work­ing close­ly with groups in the Mid­dle East and North Africa, such as 7iber and SMEX, to track, report on, and coor­di­nate respons­es to state sur­veil­lance in these regions.

All of this has helped inform the work we’ve done in venues like the Unit­ed Nations, theOffice of the High Com­mis­sion­er on Human Rights, and the Inter-Amer­i­can Com­mis­sion on Human Rights, where EFF and our allies are helping—with great success—the legal minds there wrap their heads around this new age of state vio­la­tions of the right to pri­va­cy and free expression.

Mean­while, back in Washington…

7. Stop NSA over­reach through impact lit­i­ga­tion and new U.S. laws

Exec­u­tive Order 12333 may be the pres­i­den­tial com­mand that sets the agen­da for mass sur­veil­lance, but U.S. law also plays a huge role. The NSA claims (often wrong­ly) that cer­tain U.S. laws allow sur­veil­lance of all Inter­net users, with almost zero over­sight of its spy­ing on non‑U.S. per­sons. There’s the FISA Amend­ments Act, which the NSA believes allows it to spy on groups of peo­ple instead of with direct­ed war­rants and scoop up all of the Inter­net traf­fic it can, and grants it carte blanche to tar­get any­one over­seas on the grounds that they are poten­tial­ly rel­e­vant to Amer­i­ca’s “for­eign inter­ests.” And then there’s the Patri­ot Act, which has been loose­ly inter­pret­ed by the NSA to per­mit the drag­net sur­veil­lance of phone records.

EFF Legal Team

Fight­ing these laws is the bread and but­ter of our domes­tic legal team. Our law­suits, likeJew­el v. NSA, aim to demon­strate that war­rant­less sur­veil­lance is ille­gal and uncon­sti­tu­tion­al. Our grass­roots advo­ca­cy is ded­i­cat­ed to show­ing Amer­i­can law­mak­ers exact­ly how U.S. law is bro­ken, what must be done to fix it, and the pow­er­ful move­ment of peo­ple work­ing for change.

You can read more details about Amer­i­can law in our adden­dum below, but here’s the upshot: we have to fix the law if we’re to stop these secret agen­cies spy­ing on the world. And we have to make sure that no new tricks are being planned.

That means chip­ping away at the cul­ture of secre­cy that lies at the heart of this mess.

8. Bring trans­paren­cy to sur­veil­lance laws and practices

One of the great­est chal­lenges we face in attempt­ing to end mass sur­veil­lance is that we don’t know what we don’t know. Thanks to whistle­blow­er evi­dence, state­ments by cer­tain pub­lic offi­cials, and years of aggres­sive lit­i­ga­tion under the Free­dom of Infor­ma­tion Act, we’ve con­firmed that the NSA is engaged in mass sur­veil­lance of our com­mu­ni­ca­tions and that it is pri­mar­i­ly rely­ing on three legal author­i­ties to jus­ti­fy this surveillance.

But what if the NSA is rely­ing on sev­en oth­er legal author­i­ties? What if there are oth­er forms of sur­veil­lance we have not yet heard about? What if the NSA is part­ner­ing with oth­er enti­ties (dif­fer­ent coun­tries or dif­fer­ent branch­es of the U.S. gov­ern­ment) to col­lect data in ways we can’t imagine?

It’s extreme­ly dif­fi­cult to reform the world of sur­veil­lance when we don’t have a full pic­ture of what the gov­ern­ment is doing and how it’s legal­ly jus­ti­fy­ing those actions.

With that in mind, we are work­ing to fight for more trans­paren­cy by:

  • Work­ing to reform the bro­ken clas­si­fi­ca­tion sys­tem, which keeps the government’s actions hid­den from pub­lic oversight.
  • Using Free­dom of Infor­ma­tion Act requests and law­suits to gain access to gov­ern­ment doc­u­ments that detail sur­veil­lance prac­tices (and their legal justifications).
  • Help­ing allies, like Ger­many and Brazil, to put pres­sure on the Unit­ed States to jus­ti­fy its sur­veil­lance practices.
  • Edu­cat­ing peo­ple about the val­ue of whistle­blow­ers and the impor­tant role they play in com­bat­ing secre­cy. This includes advo­ca­cy for orga­ni­za­tions and plat­forms like Wik­ileaks that defend and pro­mote the work of whistle­blow­ers. It also includes high­light­ing the impor­tant con­tri­bu­tions pro­vid­ed by whistle­blow­ers like Mark Klein, Bill Bin­ney, Thomas Drake, Edward Snow­den, and others.

Glob­al Solu­tions for a Glob­al Problem

Mass sur­veil­lance affects peo­ple world­wide, reach­ing every­where that the Inter­net reach­es (and many places that it doesn’t!). But laws and court sys­tems are divvied up by juris­dic­tion­al lines that don’t make sense for the Inter­net today. This means we need a range of tac­tics that include impact lit­i­ga­tion, tech­no­log­i­cal solu­tions, and pol­i­cy changes both in the Unit­ed States and across the globe.

This game plan is designed to give you insight into how U.S. laws and poli­cies affect peo­ple world­wide, and how we can work to pro­tect peo­ple out­side of America’s borders.

We’re up against more than just a few ele­ments in the Amer­i­can admin­is­tra­tion here. We’re up against a grow­ing despon­den­cy about dig­i­tal pri­va­cy, and we’re up against the desire of spooks, auto­crats, and cor­po­ra­tions jock­ey­ing for intel­li­gence con­tracts in every nation, all of whom want to shore up these sur­veil­lance pow­ers for them­selves. But we work side-by-side with hun­dreds of oth­er orga­ni­za­tions around the world and thou­sands of sup­port­ers in near­ly every coun­try. We have the amaz­ing pow­er of tech­nol­o­gy to pro­tect pri­va­cy, orga­nize oppo­si­tion, and speak up against such damn­ing vio­la­tions of human rights.

We’re con­tin­u­ing to refine our plan, but we want­ed to help our friends under­stand our think­ing so you can under­stand how each of our small­er cam­paigns fit into the ulti­mate objec­tive: secure, pri­vate com­mu­ni­ca­tions for peo­ple worldwide.

It’s what we’re doing to fight sur­veil­lance. But what can you do?

You can join your local dig­i­tal rights orga­ni­za­tion, of which there are now hun­dreds, in almost every nation (and if there isn’t one in yours, ask us for advice on start­ing one). You can pres­sure com­pa­nies to increase your pro­tec­tion against gov­ern­ment espi­onage and sup­port com­pa­nies that make a stand. You can sign our peti­tion about Exec­u­tive Order 12333 and help spread the word to oth­ers. You can use encryp­tion to pro­tect your­self and raise the cost of mass sur­veil­lance, and you can teach your friends and col­leagues to use it too. You can per­son­al­ly refuse to coop­er­ate with sur­veil­lance and pro­mote pri­va­cy pro­tec­tions inside insti­tu­tions you’re a part of. You can tell your friends and col­leagues the real risks we are run­ning and how we can turn this mess around.

And whether you’re in the Unit­ed States or not, you can sup­port our plan by becom­ing a mem­ber of EFF.

Addendum: Laws & Presidential Orders We Need to Change

One of the best ways to end mass sur­veil­lance by the NSA is to change the Unit­ed States law to make clear that war­rant­less sur­veil­lance is ille­gal. How­ev­er, that’s a lit­tle chal­leng­ing. The NSA is rely­ing on a patch­work of dif­fer­ent laws and exec­u­tive orders to jus­ti­fy its sur­veil­lance powers.

Here are a few we know we need to change. Note that there are oth­er parts of U.S. law that may need revi­sion (includ­ing pro­vi­sions such as the Pen Reg­is­ter Trap and Trace andNation­al Secu­ri­ty Let­ters), but this is where we’re focus­ing our ener­gies cur­rent­ly as the pri­ma­ry known author­i­ties used to jus­ti­fy mass surveillance:

Sec­tion 215 of the Patri­ot Act, Known as the “Busi­ness Records” Section

Read the law

What it does: The sec­tion of the law basi­cal­ly says that the gov­ern­ment can com­pel the pro­duc­tion of any “tan­gi­ble things” that are “rel­e­vant” to an investigation.

Why you should care: The NSA relies on this author­i­ty to col­lect, in bulk, the phone records of mil­lions of Amer­i­cans. There are sug­ges­tions it’s also being used to col­lect oth­er types of records, like finan­cial records or cred­it card records, in bulk as well.

How we can stop it: There are a few ways to fix Sec­tion 215. One way is to pass a reform bill, such as the USA FREEDOM Act, which would make clear that using Sec­tion 215 to con­duct bulk col­lec­tion is ille­gal. The USA FREEDOM Act failed to pass in the Sen­ate in 2014, which means it would need to be rein­tro­duced in 2015.

How­ev­er, there’s an even eas­i­er way to defeat this pro­vi­sion of the law. This con­tro­ver­sial sec­tion of the Patri­ot Act expires every few years and must be reau­tho­rized by Con­gress. It’s up for renew­al in June 2015, which means Con­gress must suc­cess­ful­ly reau­tho­rize the sec­tion or it will cease to be a law. We’re going to be mount­ing a huge cam­paign to call on Con­gress not to reau­tho­rize the bill.

We also have three legal cas­es chal­leng­ing sur­veil­lance con­duct­ed under Sec­tion 215: Jew­el v NSA, Smith v Oba­ma, and First Uni­tar­i­an Church of Los Ange­les v. NSA.

Sec­tion 702 of the FISA Amend­ments Act

Read the law

What it does: This sec­tion of law is designed to allow the NSA to con­duct war­rant­less sur­veil­lance with­in the U.S. when the intend­ed tar­get is overseas.

Why you should care: The NSA relies on this law to sup­port PRISM, which com­pels Inter­net ser­vice providers like Google, Apple, and Face­book to pro­duce its users com­mu­ni­ca­tions. The NSA’s upstream surveillance—which includes tap­ping into fiber optic cables of AT&T and oth­er telecom­mu­ni­ca­tions providers—also relies on this pro­vi­sion. Through these two sur­veil­lance options, the NSA “tar­gets” sub­jects for sur­veil­lance. But even when the NSA is “tar­get­ing” spe­cif­ic for­eign intel­li­gence sub­jects over­seas, they’re “inci­den­tal­ly” col­lect­ing com­mu­ni­ca­tions on mil­lions of peo­ple, includ­ing both Amer­i­cans and inno­cent peo­ple abroad.

How we can stop it: Cur­rent­ly, there aren’t any reform bills that show promise. We’re work­ing on edu­cat­ing the pub­lic and Con­gress about the Sec­tion 702 and the FISA Amend­ments Act. In 2017, this author­i­ty will be up for reau­tho­riza­tion. We’ll be plan­ning a big cam­paign to demol­ish this inva­sive and oft-abused sur­veil­lance authority.

Exec­u­tive Order 12333

Read the exec­u­tive order

What it does: Exec­u­tive orders are legal­ly bind­ing orders giv­en by the Pres­i­dent of the Unit­ed States which direct how gov­ern­ment agen­cies should oper­ate. Exec­u­tive Order 12333 cov­ers“most of what the NSA does” and is “the pri­ma­ry author­i­ty under which the country’s intel­li­gence agen­cies con­duct the major­i­ty of their operations.”

Why you should care: Exec­u­tive Order 12333 is the pri­ma­ry author­i­ty the NSA uses to con­duct its sur­veil­lance operations—including mass sur­veil­lance programs—overseas. Reform­ing mass sur­veil­lance requires reform­ing the NSA’s author­i­ty under EO 12333.

How we can stop it: Exec­u­tive Order 12333 was cre­at­ed by a pres­i­den­tial order, and so a pres­i­den­tial order could undo all of this dam­age. That’s why we’re pres­sur­ing Pres­i­dent Oba­ma to issue a new exec­u­tive order affirm­ing the pri­va­cy rights of peo­ple world­wide and end­ing mass surveillance.

The Fund­ing Hack

While pass­ing a bill through Con­gress is extreme­ly chal­leng­ing, anoth­er (some­what more con­tro­ver­sial) method of end­ing this sur­veil­lance is through the bud­get sys­tem. Every year, Con­gress must approve the defense bud­get. This fre­quent­ly becomes a con­tentious bat­tle with numer­ous amend­ments intro­duced and debat­ed. We may see an amend­ment that tack­les some form of surveillance.