I have always assumed that government security agencies – GCHQ, NSA, etc – can snoop on what they like, when they like, and that this is in the interests of all law-abiding citizens. So long as they use what they find for legitimate purposes – i.e. to identify and catch the bad guys (and gals) – why should we care that they know what we buy from the supermarket?
The Snowden affair has thrown this shadowy activity into the limelight, where it appears to be extremely uncomfortable. Public opinion is divided about whether Snowden is a traitor or a hero, but, whichever label is more apt, he has exposed the scale of covert snooping. Many people are unhappy as a result, either with the exposure, or with the scale of the snooping.
In April last year, the European Court of Justice determined that an EU directive requiring communications companies to keep data infringed human rights. This has caused the UK Government to introduce emergency legislation – the Data Retention and Investigation Powers Bill – to ensure that the security services can continue to have access to the information they say they need to stand a reasonable chance of preventing terrorist attacks, break-up paedophile rings and such like. The Bill has the support of all of the major UK political parties, but is opposed by civil liberties groups. It was given royal assent last year but is now under legal challenge from Labour’s Tom Watson and the Conservative David Davis.
Technology has made mass interception of communications traffic possible. Despite the formidable volumes of information flowing around the world’s networks every second, it is possible to monitor the flow without disrupting it and, perhaps more importantly, to assemble the ‘metadata’ – who is talking to whom, how much information flows and how often. Data mining techniques then allow a lot to be gleaned about the activities of ‘persons of interest’.
While encryption can protect the data to some degree, it may not affect the metadata and the mere fact that a communication is encrypted is a sign that it may have some sort of value. The value will often be purely commercial and of no security consequence, but if it is from a source already under suspicion that of itself is already a form of information with value to the security services.
In the commercial domain, I will always remember the first time my wife decided to try internet grocery shopping on tesco.com. She went to the Tesco website, created an account and before she had done anything more the message came up, “Hello Mrs Furber, welcome to tesco.com. These are the things that you like to buy”, followed by a list that did, indeed, look like our regular groceries. How, before we had even started shopping on the site, did they already know what we bought? It was very spooky.
The answer was quite simple, of course: we had a Tesco Clubcard and whenever that was used at the checkout to get ‘points’, the Tesco system recorded the itemised shopping list. When we went on to tesco.com, it simply spotted the connection with its Clubcard records and the rest was easy. But it still gave a very strange sensation of being monitored.
The information sources available to the security services are so much greater than those available to Tesco. How do we feel about every communication we make being observed and analysed for any expression of sympathy or relationship within any group that ‘they’ deem undesirable?
Combine this with every car being tracked by automatic number plate readers up and down the country, CCTV cameras on every street corner watching us and soon, if not already, automatically recognising any face within view, every mobile phone position being tracked by the logging of base station connections and triangulating between them, every credit card transaction recording a time and location… it all builds up to a degree of state monitoring that even Orwell’s Big Brother could not have foreseen as possible back in 1984.
In the end it comes down to a balance of privacy against security. How much do you care that the intelligence services can track your mobile phone, listen in to your conversations, texts and social media postings, file away every email you ever send? How much do you trust your government with all that personal information, that they will use it only for purposes of which you would approve, were you to know about them?
Against that, how much do you want to give the security services the best possible chance of intercepting information that will help prevent the next terrorist attack that might hurt, or even kill, you or yours?
Right here and now, in this country with this government, in this atmosphere of risk of random terrorist attack at any time, the security services are welcome to intercept, store and analyse all of my communications if that makes my world a bit safer.
At a different time, in a different country with a different government, I might feel differently. But then will it be too late to do anything about it?
It is probably already too late.