The Innocent Have Nothing to Fear – Really?
Even before the recent PRISM (details) disclosures many were concerned with the degree of state surveillance in modern society. The dangers of American e-surveillance were, for example, highlighted in January 2013 by a report to the European Parliament. Thus in a sense PRISM should not be a surprise even if its scope is unprecedented.
Since the story broke the Foreign Secretary has sought to allay the fears that the reports have generated. Mr Hague’s use of that hackneyed false dichotomy that ‘only the guilty having anything to fear’ was less than reassuring. The concerns of many have nothing to do with our guilt or innocence, rather they centre on our ever shrinking right to privacy. What people rightly fear is the trawling of their private communications, perhaps because they innocently use a keyword or phrase, without proper authority or oversight by an allegedly friendly foreign power. Some even suspect that their own government has been a beneficiary in this offshore surveillance. Mr Hague refused to comment on PRISM or any British involvement. We must await the deliberations of the Intelligence and Security Committee to discover if the UK has been involved with PRISM.
Claiming that the innocent are exempt from surveillance was, of course, little more than a smokescreen. GCHQ might not be examining British citizens save under the strict circumstances Mr Hague detailed, but we are not concerned with GCHQ. Instead what is of immediate concern is the allegation that the US National Security Agency (NSA) has captured the data of international internet users for analysis without the bother of due process. Is this really what the special relationship means?
The episode raises a number of very important issues; two warrant some initial comment. First, to what extent are the ‘safe harbour’ principles regulating data transfers between the US and EU now compliant with Chapter IV of Directive 95/46/EC? In light of the PRISM allegations can any US company be adjudged to offer an adequate level of data protection for the purposes of the Directive? Under the Directive and the UK Data Protection Act 1998 the export of data to third countries (e.g. the USA) is unlawful unless there is an adequate level of protection for privacy. Are there really adequate protections in American law for personal privacy when the data of non-US citizens can be mined at the ipse dixit of the Executive under a law (Foreign Intelligence Surveillance Act) that might not be constitutional? Needless to say, the opinion of the secret Foreign Intelligence Surveillance Court on the constitutionality of the FISA has been withheld on security grounds.
Second, is our conception of privacy, and the laws we have to protect it, adequate in light of such rapid technical change? Surveillance laws that were originally developed in the age of the rotary dial telephone are being outpaced by technology; a technology that does not respect borders. Telephones are becoming redundant as people communicate in new electronic ways. Consequently, as talk becomes not cheap but worthless metadata increases in value. Hence the enormous server farm being built by the NSA. Indeed, in the context of surveillance talk of interception ought to be replaced with harvesting. Metadata can be as, if not more, revealing than the telephone calls themselves, and is far easier to harvest: it can be vacuumed up and crunched by cypher-busting supercomputers in next to no time. Moreover, if it is as easy as simply installing a fibre-optic splitter in somewhere like Room 614A to silently siphon off vast data streams from the Tier 1 internet backbone for crunching by super-computers, then what does that mean for targeted surveillance and the privacy of the individual? Do any of us have a reasonable expectation to privacy online when the dragnet is so wide and implemented without the knowledge of the companies holding the data? It seems not. Of course, a further very real concern here must be that if it was so simple for a friendly security agency to harvest data with such ease, then what about our enemies?
Perhaps the supreme irony here is that the American Revolution was sparked, in part, by the Crown’s over-use of the writs of assistance. The writs, loathed by the Colonists, were a blanket search power that enabled Crown agents to search where and when they liked. The writs became a by-word for indiscriminate and arbitrary searches, and led ultimately to the Fourth Amendment. One wonders what James Otis Jr would have made of it all.