The Politics of Surveillance


There seems to be a political consensus on the need for surveillance of digital data that is proportionate to the danger faced by UK citizens. However, to counter threats, agencies face the challenge of sifting through huge volumes of data while maintaining the trust of the public.

In her speech last Monday on security and liberty in a digital world, the Shadow Home Secretary Yvette Cooper accused the coalition government of burying its head in the sand on the reforms needed to keep up with technology. Twenty-four hours later, Deputy Prime Minister Nick Clegg gave a speech on security and privacy in an internet age. The two speeches were alike in many respects and shared similar themes with the Foreign Secretary’s remarks in Budapest on October 2012. Have we reached the point of political consensus?

Yvette Cooper and Nick Clegg both suggested the police, security and intelligence agencies need to be able to operate more effectively against online crime, and Nick Clegg went further arguing that in the future we will have to rely more and more on intelligence-led security interventions to protect British citizens from harm. This is likely to be proven true if only because of the scale of the challenge confronting the police, security and intelligence agencies with respect to the evolution of information and communication technology.

What is produced in an ‘internet minute’ today is largely unimaginable to most people. Today, the number of networked devices is equal to the global population (7.15 billion). By 2015 it will be twice that. Everyone is struggling to keep pace with the ‘data tsunami’. To criminals, terrorists and paedophiles it presents a massive opportunity.

In both speeches were a series of questions to guide the future debate – many of which will be discussed by RUSI’s panel on surveillance. Reviewing both speeches, three issues stood out (which will be the subject of further analysis by RUSI).

Proportionality in an Age of Big Data

Yvette Cooper’s speech made the point that where interventions requiring an infringement on individual liberty or privacy are needed, in the interests of all our security, – – then the intrusion must always be only those necessary and proportionate to the problem. The core guidance for public authorities states that proportionality is a crucial concept and that any interference with a European Convention right (in this case Article 8, ECHR) must be proportionate to the intended objective.

This means that even if a particular policy or action which interferes with a Convention right is intended for a legitimate aim (e.g., the prevention of crime) this will not justify the interference if the means used to achieve the aim are excessive. In other words, don’t use a sledgehammer to crack a nut. But what does proportionality mean in an era of big data? If it is an exercise in balancing interests and objectives then it follows that a decision must be proved to have been necessary to meet the aim, and by the most reasonable way of doing so.

In the case of GCHQ, the speed of internet based communication and the sheer volume of what is produced every ‘internet minute’ creates a major challenge for the agency – how are they meant to find what they are looking for? And what is a reasonable way of going about such a process in an era of big data?

In the past the ability to intercept communications overseas was similar to identifying a group of people in a car travelling along a single lane highway between two known points, A and B.  Today the situation is profoundly different. That same group of people are now scattered across a large number of different cars travelling across a densely packed road network, by any and all possible routes between their origin and their destination.

Taking the analogy further – the response by GCHQ has been to erect bridges (each requiring a separate warrant) over a relatively small fraction of roads they can reach and attach cameras to a small percentage of those roads they think mostly likely to be used by the target(s). The cameras copy the model of car but not the details of who is inside.

Should the model of the car match the details on GCHQ’s target list (e.g., phone numbers or email addresses of interest) – further details can be obtained, and examined to determine their intelligence value all of which is achieved under warrants signed by a Minister. And yet, given the nature of communications, some measure of collateral intrusion is inevitable, so GCHQ’s approach must be lawful, necessary and proportionate to the intended objective. An issue the panel will want to review.  

Data, Data, Data

The second issue the recent speeches referenced briefly was ‘Communications Data’ (CD) and ‘Related Communication Data’. The two are easily conflated even though they are managed under different frameworks. Following the Snowden revelations there is some confusion about whether the data requested by law enforcement is the same that GCHQ obtains via intercept.

Communications Data has been the subject of a Home Office Bill and widespread debate. CD is regularly requested by UK law enforcement during their investigations from Communications Service Providers (CSPs) and falls into three categories: subscriber data (which likely makes up most of the half a million requests to CSPs a year), service user data, and traffic data.

A Home Office bill sought to require CSPs to store, make available and filter their customers' private communications data in a particular manner for law enforcement activity. While there is a clear need for retaining CD, Nick Clegg argued in his speech to RUSI that the government had not found a proportionate response to this capability challenge and therefore could not proceed. Yvette Cooper meanwhile suggested that the government should look again at how the distinction between content and communications data applies when it comes to new emerging methods of communication.  

Related Communications Data (RCD) is directly obtained as a consequence of interception and is subject to warrants signed by a Minister. GCHQ uses unselected metadata (remember the analogy of the camera on the bridge) when conducting operations on a large scale as a means of identifying wanted communications. By examining the RCD alone, GCHQ can select communications that are the most likely to be of intelligence value for further analysis, and quickly discard the rest (reducing the volume by about 30%), without reading the content of many unwanted messages. That is not to say that the examination of this RCD is not itself an intrusion into privacy - it is, and for that reason the law requires any such examination to be lawful, necessary and proportionate to the intended objective.  The table below demonstrates the key differences between CD and RCD.

Communications Data

Related Communications Data

Primarily used in a domestic setting by law enforcement

External Communications via interception by GCHQ and others

Obtained through requests authorised by police inspector or equivalent

Obtained through Ministerial Warrant

Potentially 100% coverage of the subject of interest

Fragmentary coverage of subject of interest with variable probability of collection

Traffic data, service use data and subscriber data

Traffic data only

Available for evidential use

Prohibition on use as evidence

Don’t Trust Us, Go by Our Experience

The final issue is about trust. The Shadow Home Secretary and Deputy Prime Minister raised the alarm that the Snowden revelations could weaken trust in the security and intelligence agencies. Nick Clegg argued that British society had been deeply weakened by the failings of Parliamentarians following the expenses scandal, the Press through phone hacking, the Banks, the BBC, and the police.

For the security and intelligence agencies, the failure to act quickly to strengthen public support could become corrosive in the long term. High levels of trust in the agencies needed to be sustained not taken for granted.

The weakness of the current oversight arrangements has been widely discussed in light of the Snowden revelations. In his speech Nick Clegg suggested that the current oversight mechanisms were complicated, inaccessible and unconvincing while Yvette Cooper argued that substantial reforms were needed and the government should look at alternatives models. Both speeches in essence suggested a future body will need authority, ability and attitude – something RUSI’s independent panel will take onboard as the review begins in earnest.



Footnotes


Explore our related content