The perceived trade-off between freedom and security has been a defining feature of the early 21st century. With “terrorists” allegedly lurking around every corner, a number of governments, including successive UK ones, seem to have taken a “legislate first and ask questions later” approach. Add to this the revolutionary effect of digital technology and the Internet in particular on the relationship between the state and the individual, and worrying trends begin to emerge.
In the US, the Patriot Act gives authorities the power to, for instance, demand that individuals and organisations hand over vast amounts of communications and transactional data, while at the same time prohibiting anyone receiving such a demand from speaking about it. Statistically, between 2003 and 2006 one in every 1500 Americans received such a demand. In the UK, the Terrorism Act of 2006 prohibits something it vaguely calls “glorifying terrorism”, while the Regulation of Investigatory Powers Act (RIPA) – also originally intended for use against serious crime and terrorism – allows councils to spy on people suspected of breaking the smoking ban.
The Draft Communications Data Bill, which was last year shredded by a Joint Select Committee and yet is about to make it back onto the government’s legislative agenda, proposes to significantly extend existing police powers to monitor our digital lives. If passed into law, the proposals would allow the government to compel telecommunications operators – anyone from Royal Mail, Internet Service Providers and mobile operators to Google and Facebook – to retain and collect transactional data on their users: who they spoke to or emailed and when, where they were based on their mobile phone location, even which websites they visited. While some data is already being retained for a limited time period with the intention of being able to reconstruct a suspect’s activity for criminal investigation purposes, the new proposals go several steps further. They include the creation of entirely new data sets and the powers to “data mine” – investigate the data for conspicuous patterns even if no crime has been committed.
Given well-documented abuses of existing powers and legislation, civil liberties and digital rights campaigners like the Open Rights Group are raising a number of concerns about the Draft Communications Data Bill. The potential for abuse of such powers – both by those authorised to access the data but also by malicious individuals for whom the simple existence of such a data set is a target – is staggering. Even without knowledge of which websites someone has visited – which automatically gives you access to the content they have accessed – it is remarkably simple to make conclusions about the content of a conversation by cross-referencing different pieces of information such as where an event took place, who was there, or the time of day when it occurred.
In some ways, however, the problem with the Draft Communications Data Bill is not so much the potential for extreme abuses of these powers – though that too is a concern. Rather, this is another step in a gradual but fundamental shift in the relationship between the state and the individual. Digital communication has given individuals unprecedented freedom to associate, exchange ideas and power to hold governments to account. At the same time, digital data processing creates the potential for government to spy on our every move. Never before – not even in totalitarian states like the Soviet Union and East Germany – has the state had the power to map and examine individuals’ lives with such a level of detail.
The challenge here is the insidious nature of mass surveillance – the danger that with every new set of powers the state grabs for itself, every restriction on our freedom and civil liberties in the name of some abstract concept of security we just begin to feel that this acceptable, normal, expected. Just as we hardly notice CCTV cameras anymore – we just assume they are there – will we in future assume that a database is storing our every move, a computer analysing all the data and flagging up when we walk out of line?
We need to start asking the questions and having the conversations before legislating. We need to ask ourselves if we want a state where the police and security services have the power to spy on all of us. Who benefits from such powers and who loses? If we do want to give the state such powers, what safeguards should we put in place and what governance structures? These are debates that we as a society are currently largely failing to have. The Open Rights Group’s campaign against the Communications Data Bill is a good starting point. Write to your MP. Join the debate.