The Guardian, Tuesday 14 July 2015
When I sat down with an ex-minister, former security chiefs, internet execs and others, today’s report on oversight of bulk data collection seemed a long way off
It was an unusual group. An investigative journalist, a moral philosopher, an internet entrepreneur, a cyber-law academic, a government historian, a computer scientist, a technology exec, a long-time cop, an ex-minister and three former heads of intelligence agencies. I wondered not just how but if we could agree on anything, let alone an entire set of recommendations to reform UK communications surveillance.
Yet we did. The Royal United Services Institute panel was set up by Nick Clegg, the then deputy prime minister, in response to revelations from the US whistleblower Edward Snowden about the scale of intrusion by US and British intelligence agencies into private lives. Our remit: to look at the legality, effectiveness and privacy implications of government surveillance; how it might be reformed; and how intelligence gathering could maintain its capabilities in the digital age.
It wasn’t easy and there were several times when I thought I would be writing a minority report with one or two of the panel members. But in the end we reached consensus: the report – published today – proposes that the security services continue with bulk collection of communications data, but with improved oversight and safeguards.
It wasn’t the ideal any of us individually might have chosen, but neither does it contain items any of us heartily oppose. For me there were four main victories and one loss. At what point is privacy engaged? For the security services and government it only becomes an issue at the point when a human looks at material. This is how vast quantities of data could be intercepted, stored and analysed by computer without much considering of privacy implications. For me privacy is engaged from the moment information is accessed and stored. Take the recent case of Amnesty International’s emails being found on GCHQ computers. Does it matter whether or not they were actually read by a person? The mere fact they were intercepted and stored by an intelligence agency is worrying enough.
In bulk collection the potential exists for anyone to be watched at any time. One of the red herrings put our way was that GCHQ does not conduct mass surveillance because it does not read everyone’s email. What was not mentioned is that GCHQ might intercept and store large quantities of it, as the Amnesty case demonstrates.
The point of Jeremy Bentham’s Panopticon wasn’t that everyone was actually watched at all times, it was that they could all potentially be watched. It is the possibility of omnipotent surveillance that acts as a chilling effect on any behaviour that potentially offends the state or the powers that be. For those who commit acts of journalism or legal advocacy that directly challenge state power, the risks in such a society are great.
This is why the report states that privacy is engaged at point of collection and recommends regular review of data retention policies by oversight bodies to ensure they remain proportionate.