A demonstration against Prism in Berlin during US president Barack Obama’s visit, organised by the Pirate Party. Photo: Mike Herbst
What was your gut reaction to the Snowden revelations? As the story broke, most of the media served up a diet of uncritical ‘explainers’ (on GCHQ, traffic data and a host of other topics) amid the story of Snowden ‘the person’, which ignored the magnitude of the truths he exposed. The potential for collective shock or anger was managed and mitigated.
Forty-two per cent of Britons reportedly support government agencies ‘going beyond the law in order to obtain information that helps them fight serious crime and terrorism’. There are pockets of organised resistance, but thus far the demands to ‘stop mass surveillance’ in many Snowden-inspired petitions have acquired all the defiant hopelessness of the ‘smash capitalism’ banner.
To resist more effectively we must reject the framework of a trade-off between privacy and ‘security’, one that pretends mass surveillance, population databases and drones can coexist with freedom and democracy. We must rein in the organisations doing the surveillance.
Caught with its hands in the till, GCHQ should be having its ‘expenses scandal’ moment. In addition to accessing telephone and phone records from service providers, we now know it constantly taps data from the fibre-optic cables through which so much of our communication is routed. With no meaningful oversight, it has used its powers for such activities as spying on G8 protesters. The latest indiscretions come atop damning evidence of its complicity in US torture and indefinite detention, and its cooperation with the loyalist paramilitaries that murdered civil rights lawyer Pat Finucane.
All this is airbrushed from the British psyche. Despite widespread debate about the US’s use of torture, when it comes to the UK’s own unaccountable agencies, too many are content not to know. It’s as if the nation really does buy into the notion that intelligence services are merely a foil for the really bad guys, and for expediency’s sake, it must be necessary to bend a few laws and dispense with the niceties of due process and human rights.
When it comes to counter-terrorism, or countering dissent, politicians appear entirely subservient, with spies and securocrats running the show. We should be drawing big red lines around the activities of the intelligence agencies; instead we’ve expanded their mandate to ‘cybercrime’ and ‘cyber-defence’.
There have been calls, post-Snowden, for stronger data protection laws. These reforms are essential – particularly in regulating corporate plunder of our data – but for governments, the whole point of having secret intelligence agencies is that they can act outside the law. UK law explicitly says ‘No entry on or interference with property or with wireless telegraphy [by these agencies] shall be unlawful if authorised by the home secretary’. Privacy International is suing GCHQ at the Investigatory Powers Tribunal over its involvement in Prism and Tempora on human rights grounds, but it has a legal mountain to climb.
The case is an important challenge to the limitless discretion at the heart of the British secret state. But to bring the agencies under any meaningful control, we desperately need a public inquiry into Snowden’s revelations as well – one that fosters serious conversation about what ‘national security’ does and does not entail. What are the ‘threats’ to the state, or to ‘our way of life?’ Al Qaida? Iran? Stop G8? No Dash for Gas? Really?
When police spies aren’t infiltrating movements, they could be accessing your ‘traffic data’, which includes who you’ve called or emailed and when, as well as what websites you’ve visited. An officer can go through your mobile phone records simply by obtaining the consent of a senior officer.
In 2006, largely at the UK’s behest, the EU passed a directive requiring telephone and internet service providers to retain traffic and subscriber data in case law enforcement or intelligence officers need it later. Under the UK’s ‘data retention’ regulations, it’s then kept for a year and made available to law enforcement and security agencies upon request.
According the UK surveillance commissioner, UK police and law enforcement agencies have accessed personal information from this data retention regime over 500,000 times per year since the regulations came into force. This is a lot of surveillance, especially when compared with the much lower, even fractional usage in many other EU member states. In November the European Court of Justice will rule on the legality of the EU directive following a clutch of national challenges in a case that has taken on much more significance since Snowden.
Regardless of the outcome, it is hardly a radical voice that now calls for reform or repeal of the UK’s and EU’s data retention laws, devised to allow data access to police without judicial control. Retention periods should be slashed in favour of provisions for ‘freezing’ or ‘preserving’ data in serious crime cases, with requests authorised by judges instead of ministers and senior police.
The timing of Snowden’s revelations has been helpful to supporters of the draft EU data protection regulation, currently under negotiation in Brussels. Though an army of corporate lobbyists had previously gained the upper hand, it now looks as if corporations will have to carry the can for the NSA and GCHQ’s indiscretions, in which they played a supporting role.
This is good news, for a brave new world of ‘big data’ is upon us: storage of massive amounts of social network information; public and private databases; the internet in general; and the increasing number of things connected to it. Using complex algorithms, the information can be mined, cross-referenced and profiled to discover correlations and patterns. This already happens at scales that most of us cannot begin to comprehend.
It’s not all bad. ‘Big data’ promises understanding and advances in some sciences and in public serve provision. But Snowden has revealed a darker side. Presented with billions of dollars, unfettered access, and a mandate to mitigate all security risks, the NSA has established programmes allowing analysts to query ‘nearly everything a typical user does on the internet’, according to one of the NSA presentations leaked by Snowden. We can’t stop big data, but we have to stop its use for nefarious purposes.
According to researcher Torin Monahan, what intelligence agencies really want is a kind of ‘Google for the police, something that lets us look people up really quickly without having to open an investigation’. Snowden has revealed how quickly such a system has been created.
Now consider who else might wish to ‘Google’ your data: insurers, marketers, banks, employers, governments and the many ‘data aggregators’ who already collect all this and sell it back to everyone else. The only thing even notionally preventing a ‘big data’ open season are data protection rules, based on principles such as informed consent, minimal processing, purpose limitation, firewalls, proper handling, redress and so on. It’s boring, technical stuff and it requires people to actively engage in the protection of their own data. It’s far from perfect, but it’s all we have.
We’ll need a herculean effort to tame the surveillance society, but thanks to Snowden some of the dangers are more apparent. What is needed now is a broad-based campaign, taking these issues out of their expert silo and into tangible public demands for reform of the surveillance state and proper controls on big data.
Ben Hayes works with Statewatch and the Transnational Institute @drbenhayes