Internet Surveillance: What Is Proportionate?

How harmful is it if the government accesses your communications data? Communications data used to just mean telephone calls: who you called and when. Now it could include what websites you visit, your geo-location, which social network you're part of and who you've contacted.
|

There are two major events on the draft Communications Data Bill this week. You might know this bill better as 'the snoopers charter', which its opponents argue it is an enormous encroachment of state spying into the way we use the internet: a big step toward a surveillance state.

Journalists have been competing for who can write the most vitriolic diatribe about it: John Kampfner, Mike Harris, and Nick Cohen are noteworthy. There are problems with this bill, but it is does not herald mass internet surveillance. The bill is about improving government access to 'communications data' - who you communicate with, when, where, what websites you might have visited: information vital to many criminal investigations. Communications data is distinct from 'content data', such as what you write in an email, which is considered as separate, more serious type of intrusion, and is not changed by this bill. As it stands police and intelligence agencies can't get all the communications data they would like, and this bill is asking/demanding/paying communications companies to collect and retain it, so that in the event that a request is made for that information, it is available. Yes, it is a breach of our right to privacy, but we allow - and human rights legislation allows - the state to bug our homes, as long as it is proportionate, necessary, and properly regulated.

Of course, whether this draft bill is proportionate, necessary and properly regulated is the problem. The security people say it is (they would, wouldn't they) and the privacy and civil liberties groups say it is not (they would, wouldn't they). Such was the conflagration when the bill was first put out that a joint committee was scrambled, chaired by Lord Blencathra and including the excellent Julian Huppert MP, to scrutinize the draft (I was a witness to the committee, and they are certainly doing that). The committee has finished its job, and we await its report. Expect quite a lot of re-drafting.

I would like to make one simple point: it is very difficult to determine if something is proportionate. It's a slippery term, routinely pressed into service for one's own purpose. In this type of security work it means: the more potentially harmful the collection of information, the fewer the competent bodies, the narrower the legitimate aims, and the tougher the oversight needs to be.

So how harmful is it if the government accesses your communications data? Communications data used to just mean telephone calls: who you called and when. Now it could include what websites you visit, your geo-location, which social network you're part of and who you've contacted. This is clearly more intrusive, but how much so? No-one really knows. So the first step is to see what the public actually thinks. In a submission to the committee, I reviewed a number of national surveys about public attitudes to privacy and data use. Taken together, there is no clear public view on how private different types of communication data are, and certain type of communications data, such as your geo-location or what websites you visit, probably poses a greater harm to privacy than who you telephoned and when.

Given the value of the internet to the economy and society and the potential misuse of modern technology, it is important any measures to keep us safe are generally accepted by the public. When the committee reports back, the first thing it should do is ignore the scaremongering for a moment, and to advise the government to pause and properly assess public attitudes before legislating,