Thursday, 17 October 2013

Making Sense of Snowden

Michael Jacobs

Perhaps the most shocking revelation to emerge from the publication of the US National Security Agency (NSA) and GCHQ documents disclosed by the American whistleblower Edward Snowden is that Britain appears not to be shocked at all. While the US Congress is already debating an Intelligence and Oversight Surveillance Reform Act to limit the powers of its security agencies, the German media are outraged by the infringement of German citizens’ privacy by a foreign power, and Brazil cancels a state visit to the USA in protest against American spying on its government and companies, in the UK the Snowden disclosures have raised barely a whimper of public debate or political scrutiny.

It’s worth recalling just what Snowden’s leaked documents reveal. Between them (and in close collaboration) the NSA and GCHQ now have access not just to the ‘metadata’ (who and when) but to the content of a huge proportion of the phone calls, internet searches and online transactions made by ordinary citizens, in their own and other countries. This ‘suspicionless surveillance’ occurs without specific authorisation by any judicial or political authority, using technologies which break encryption codes, subvert security systems and tap fibre optic cables, and laws which force telephone and internet companies to hand over their customers’ apparently private data.

This is by any account an extraordinary incursion into privacy, on a scale hitherto unavailable. And it has evidently occurred without the knowledge of lawmakers or senior members of the government in either country, as many of them are now making clear. Yet the British public and its political representatives appear to be undisturbed.

Why is this? One view being interestingly advanced is that it is because the UK’s political traditions are not based on citizens’ rights. Whereas such rights are among the founding principles of the US constitution and of European political thought, the British have claimed rights only in self-defence when the state has committed wrongs. In the UK it is the sovereignty of the state, not the citizen, which has primacy. So although the British may value privacy culturally, they do not do so constitutionally.

This has already been evidenced in relation to CCTV cameras. The UK has far more cameras per head of population (an estimated 1.85 million in total) than any other country, so much so that in urban areas we are under almost constant surveillance. Yet no one cares. CCTV cameras are patently useful in catching criminals and wrongdoers; and most people presume that the recordings are not actually watched unless there’s an incident of some kind, when they are glad it is. So why worry about the theoretical invasion of privacy? What is actually being lost or damaged, other than abstract ‘civil liberties’?

At the same time most of us now understand that every time we buy something online or perform a web search using Google our actions are recorded, and the data logged and analysed for commercial purposes. If we think about it at all, we may even acknowledge that this is the price we pay for the huge convenience of an internet accessible for free. So is it so different if the state now has this information about us too?

Defenders of the security agencies’ surveillance activities have made this argument; but it is of course a non sequitur. We may provide personal information voluntarily to a company as part of a transaction with it, but that does not mean that we have also happily given it to the state.

The fact that most of the major internet companies have given governments access to such data anyway raises a major issue about the honesty of their relationships with their customers. Download any programme or app or make any online transaction and one is required to click ‘I agree’ to a long list of legal terms and conditions. We are all guilty of not bothering to read these; but we can also be reasonably confident that they do not say that the customer hereby consents to the security agencies having access to their phone and online activities, and to the company breaking and bypassing the encryption codes and security measures which it simultaneously claims protect its customers’ privacy and safety. Yet this is what between them most of the major companies appear to have been doing.

Defenders of the state’s new surveillance capabilities argue that in the modern world these techniques are necessary if terrorists and criminals are to be caught, and their use has already led to terrorist plots being foiled and many lives consequently saved. Few people would doubt that this is true of targeted surveillance of known suspects, and few would object to it. And this is of course mostly what the NSA and GCHQ do. But what the Snowden files show is that they have also been hoovering up electronic data about vast numbers of ordinary citizens without any suspicion or cause at all. It is much harder for the public to know how important this kind of activity is to anti-terrorist work, or how many lives it may have contributed to saving. Given their vested interest in the outcome, we should not be surprised that the security services insist that it is critical.

But even if it is true that some lives may be saved, does this justify the mass invasion of privacy which it entails? What is the trade-off of values and principles here? After all, public policy does not go to any length to save a life in other spheres. Far more people die on the roads than from terrorism, yet we do not ban cars or insist on a general 10 mph speed limit to reduce their number. This is precisely the same territory as that of CCTV cameras, but writ much larger. When lives are at stake, how much do we value the largely abstract right to privacy?

The time-honoured reassurance issued by politicians and security chiefs is that ‘if you’ve nothing to hide you’ve nothing to fear’. But this misses the point. Of course most of the data now being collected is never actually inspected. But the civil liberties objection is not that government operatives are poring over our web browsing history looking for suspicious or embarrassing activity. It is that they could be, and have no right to. And the risk is not small. We are told that there are around 480,000 US government staff and contractors with the same level of security clearance as Edward Snowden; some have claimed the number is nearer 850,000. That is a lot of people with potential access to our private data. (It would also appear to be a huge security risk in itself. If Snowden could leak these documents to the press, could others not already have leaked them to terrorists and foreign states?)

More importantly, there really are slippery slopes here. We know that security services are never interested just in terrorists and criminals. As the quite separate revelation that British police officers did not just infiltrate peaceful environmental protest groups but that some of them formed relationships with, and even fathered children with, female members tells us that the state is always tempted to extend its security anxieties to political campaigners and those they see as subversives. Law abiding citizens may not have anything to fear now, but under other circumstances these surveillance capabilities could well be used against entirely legitimate political and cultural activities.

At the same time, it is openly admitted by NSA and GCHQ staff in the Snowden files that the security services do not intend to stop at their current capabilities. In principle, they want to be able to access all communications data, everywhere. The novelist John Lanchester has posed the issue well. What if it were possible (as it almost certainly could be) for household electrical sockets to be used as eavesdropping devices? Would the NSA and GCHQ seek to ensure (by applying legal pressure on socket manufacturers) that every room in the country could potentially be monitored? And would we regard that as acceptable? If not, why is their ability to monitor our phone calls and online activity?

The question is not, it should be noted, whether suspicionless surveillance on a mass scale is legal or not. In both the US (where much of the NSA’s activity in this area is authorised by the 2001 Patriot Act) and in the UK (where its equivalent is the Regulation of Investigatory Powers Act 2000), it is now evident that the law is at best not clear on what kind of activities are permitted and what are not. Devised before the new surveillance capabilities were available, and certainly (as US Congressmen and women are now lining up to admit) before they were understood by lawmakers, legislation in this areas lags significantly behind technology. But even if it is legal, the question in a democracy is whether it should be.

And in this respect it really is not appropriate for the head of MI5, Sir Andrew Parker, to argue that the very revelation of these activities aids the terrorists’ cause and should not have happened. The very least citizens have rights to in this field is the general knowledge of what is being done in their name and with their privacy. When both the former head of the NSA General Michael Hayden and former head of MI5 Stella Rimington (in separate interventions but with telling linguistic coordination) argue that the security services should ‘show more leg’ in public, it is clearly time for a proper public examination of what they should be allowed to do and where the lines of privacy and surveillance should be drawn.

In today’s complex society there is an inevitable balance to be struck between our security and our civil liberties. We have an interest in both. But there is no balance to be struck between public debate and the absence of it.

No comments: