Sunday, 19 October 2014

Theresa May defends mass data collection of citizens, says it’s not surveillance

The UK Home Secretary Theresa May has defended the government’s mass collection of its citizen’s phone and internet traffic, according to the BBC.

"If you are searching for the needle in the haystack, you have to have a haystack in the first place," she said.

This is a disingenuous statement at best and at odds with what she said next:

Mrs May argued that collecting and storing phone and internet records was not the same as "mass surveillance" because "most of the data will not be looked at at all, will not be touched".

The government is either mining this data (to find the needles, they need to examine every bit of hay) or they’re specifically targeting people they have legitimate reason to suspect.  Which is it?  If it’s the latter, they don’t need to collect everyone else’s data along with that of the people they suspect.  The best they can say is that if they collect everyone’s data, they’ll have historic data of terrorists, which might conceivably help the investigation. Except that they probably won’t. I think terrorists are going to be pretty careful about their communications.

May’s statements ignore some pretty big considerations:

  • How is the data going to be used?  Will the government only look at the data where there is an existing suspicion of wrongdoing or will they use the data to generate suspicion?  Am I automatically a suspect if someone calls me from a suspect’s phone?  Does that mean they get to examine all my traffic metadata? Does it mean that they have a legitimate reason to tap the contents of my communications?
  • How effective is the mass collection of data in foiling terrorist plots?  In fact, May doesn’t just leave this unanswered, she explicitly refuses to answer and rules out ever answering in the future.
  • What guarantee do we have that mission creep will not occur?  It’s surely inevitable even if such guarantees were in place.  The government had no qualms about secretly (and illegally) collecting this data in the first place.  Why should it be any more honest about how that data is being used and will be used in the future?

She said:

"I think there is - not a contract entered into - but an unwritten agreement between the individual and the state that the state is going to do everything they can to keep them safe and secure."

Well that just makes me feel less safe. The only reasons for such an agreement to remain unwritten is so that we, the citizens, don’t get to decide what’s too big a price to pay for ‘safety’; don’t get to know what that ‘safety’ actually entails or how effective the measures have been; and that the government can change the meaning of can in “everything they can” whenever they feel like it.

She said commercial companies also collected large quantities of data to target advertising at consumers.

Yes they do and many have abominable practices. But this – as May surely understands – is completely different. First, we get to choose whether we use those companies or not (at least in principle) and second, the agreement with those companies is not “unwritten”.  Sure, companies can and do change their T&Cs all the time and without warning. Sure, this can and does lead to infringements of privacy and our freedom to use the things we’ve bought as we wish, but we do have a choice and a legal system within which we can pursue complaints.  We can also limit the amount of information some companies collect about us.  We might use Google for email and Microsoft for instant messaging, O2 for work calls and EE for personal calls.

This is not the same as non-consensual and until recently covert mass collection of all our data, to be used for reasons we’re not told about, apparently without judicial oversight.

She said there was a clear difference between examining data - the time and location of phone calls, for example - and snooping on the contents of calls and emails.

There is a difference, yes. But that’s a false distinction.  It doesn’t make one benign and the other dangerous.  Besides, if they use metadata to generate targets of suspicion, they can just go and get permission to tap those people’s comms.  May says she agrees to almost all requests so there is no practical difference.

She said there was a need to educate the public about why bulk data collection was needed

and then refused to say why it was and ruling out doing so in the future.

But back to this point, in closing:

Mrs May argued that collecting and storing phone and internet records was not the same as "mass surveillance" because "most of the data will not be looked at at all, will not be touched".

Studies have shown (unsurprisingly) that people behave differently when they think they are being watched or – crucially – when they think they might be watched at any time.  When we change our behaviour because we think someone might be watching, we are accepting surveillance in dribs and drabs. 

And we can’t back out. 

No comments:

Post a Comment