Princes, Privacy and Power…

Prince CharlesLast week was a momentous one for information law. Two dramatic and potentially very significant rulings. The first was the Black Spider memos Freedom of Information  case through which it now appears certain that 27 ‘private’ letters from Prince Charles to government ministers will be published. The second was the decision in the Vidal-Hall vs Google case, which may have opened the doors for people whose privacy was effectively being invaded by Google to take action through the UK courts, despite their being unable to demonstrate economic damage from that privacy invasion. I won’t go into the legal details of either: far better legal minds than mine have already done so, the two pieces on the 11KBW blog about the Black Spider letters and Vidal-Hall vs Google respectively explain them really well. Instead, I want to look at one particular issue – the relationship between privacy and power, which is played out in different but related ways in both cases.

Princes, information and power

It is often said that ‘information is power’ – and in the case of Prince Charles’ Black Spider letters that does seem to be the case. Without knowing the contents of the letters – something that may shortly change – it can be assumed that power and information are central to them. The letters concerned – 27 of them – are letters written by Prince Charles to government ministers. The very fact that he wrote them, and could expect to have answers to them, shows that he had power and was using it (at the very least) to get information. He might have been using it to attempt to use that information to influence policy – we may be able to determine that as and when we see the content – but information is central to it. What is more, he knows that if we get hold of the information, he may lose some of his power, and we may gain some power over him – which is, presumably, why he is so keen for them to remain out of the public eye. Information really is power here.

Privacy, in this context, can be seen as control over information – and it is hardly surprising that Prince Charles invoked privacy in his response:

“Clarence House is disappointed the principle of privacy has not been upheld”

Privacy has value – it is a human right – and as an argument against disclosure, it feels better than saying (for example) that Clarence House is disappointed that it wasn’t able to exert its power as effectively as it wished, or that it is disappointed to be about to be losing some of its power. And yet that’s what’s really happening here. People with power have often used privacy as a way to maintain that power, to maintain their control over the situation. Indeed, in the courts, privacy has often been invoked by powerful people – from philandering footballers to secretive celebrities – to keep their lives and loves under wraps. Sometimes that’s entirely right – privacy really is a human right, and we all have that right. It is, however, a right that is held in balance, not an absolute right. It’s held in balance with freedom of expression, with freedom of information – and when looking at surveillance and so forth in balance with interests and needs like security. It is also a right that relates primarily to our private lives – not our public lives, or our professional lives. If we’re talking about professional lives, ideas such as confidentiality are more relevant – not quite the same as privacy, and subject to different checks and balances. Here, this really wasn’t about Prince Charles’ private life: writing to government ministers when you’re the heir to the throne is not a private life issues. I would defend Prince Charles’ right to privacy over letters to his children, his wife, his mother, his friends and so on just as much as I would defend anyone’s right to privacy over their correspondence – but that’s not what this is about.

Ultimately, that’s why the Black Spider Letters are becoming public – because there’s a public interest in our knowing the contents, which is what Freedom of Information is supposed to be about. It’s a redressing of a power imbalance.

The New Princes of the Internet

…which brings us on to Google, one of the new Princes of the Internet, in the Machiavellian sense, and the Vidal-Hall case. Ultimately, this is also about power. The essence of the story is about Google tracking people’s activities on the internet, without their consent – indeed, when they had directly said that they didn’t want Google to track them. Why does Google do this? To get information, and ultimately to get power. They use this information to get power over people – not just over the people they’re tracking, but people generally, as they gather more and more data about people’s behaviour and learn about how people use the internet, what they’re interested in and so forth. That information, those invasions of privacy (for that is what they are) is used for Google’s own purposes – and despite how they often like to appear, Google are not neutral indexers of the net, helping develop systems and services for the betterment of humankind, champions of freedom of speech and so forth. They do do a lot of that – but because by doing so they can make money.

Google are a business, and what they do they do for business reasons – and there’s nothing wrong with that at all. We do, however, need to be a bit more aware of how that works and what the implications of that are. Amongst other things, it means that they will use the information they gather to get power over us – ultimately power to make more money from us, or by using us as tools to make money from others and so on. Again, power is the key, and again, that’s where privacy is involved. They invade our privacy in order to gain power over us, and if we’re able to assert our privacy, to protect our privacy, they lose power.

Privacy for ordinary people

It’s a subtle thing – none of the individual invasions of privacy is particularly significant – but that’s one of the reasons this ruling really is significant. By allowing people to take action even without proving economic loss, it could provide people who usually don’t have power the chance to protect their privacy. As noted above, privacy actions in the past have generally only been a tool for the powerful, not something for the rest of us – this might change that, and that is something that really matters.

Indeed, it could be the most important thing of all. Privacy, like all human rights, is most important as a way to protect those who don’t have power from those who do have power. It shouldn’t be a tool just for the rich and powerful – they already have a vast arsenal of tools at their disposal – it should be something that we can all use. We need privacy from all kinds of powerful entities, from businesses like Google and Facebook to a wide variety of governmental agencies and others.

What’s more, all those powerful entities invoke privacy for themselves to protect their own power. The Snowden revelations have showed how carefully governments have hidden their own actions from our scrutiny – indeed, how they continue to disclose as little of what they do as possible, and continue to ‘neither confirm nor deny’ the existence of many of their actions. Google, Facebook and others expect others to abandon their own privacy – indeed as shown in the Vidal-Hall case, sometimes they just ride roughshod over people’s privacy – whilst keeping their own actions as well hidden as possible. Google’s algorithms remain almost entirely opaque – trade secrets – no matter how often they talk about transparency. At a conference on Friday discussing the ‘Right to be Forgotten’, I asked the Google representative why they hadn’t updated their examples of right to be forgotten cases for almost a year, and the response I got was terse to say the least. They don’t want us to know what they do – while they want to know everything about what we do.

Redressing the privacy imbalance

For me, one of the key roles of the law is to redress this imbalance – to find ways to protect the privacy of ordinary people, and prevent princes – old princes like Charles and new princes like Google – both from invading our privacy and from invoking their own privacy to hold onto their power. In both the Black Spider Letters case and Vidal-Hall vs Google the law seems to have done exactly that, and the courts in both cases should be applauded. Of course there’s a long way to go, and those with power can and do use every means they can to hold onto that power. I fully expect the Black Spider letters to be heavily redacted as and when we finally see them, and Google is apparently seeking permission to appeal the Vidal-Hall case to the Supreme Court.

They may well succeed. Even if they do, the two cases this last week should be seen as victories, and both Prince Charles and Google should be more than a little afraid. Holding onto their power may be a little harder than they thought. I hope so.

 

 

 

A shout out for the Open Rights Group!

Screen Shot 2015-03-17 at 10.04.26Today is #DigitalRightsMatter day – and yes, I know there are days for many things (including, despite the complaints from some, an International Men’s Day (November 19th)). I’m usually fairly cynical about these days – but they do serve a purpose – to focus minds on significant issues, and hopefully to find ways to actually do something about them. In this case, the issue is digital rights – one close to my heart – and the thing to do is to support the Open Rights Group (ORG).

I should say, right from the start, that I’m on the Advisory Council of ORG so I have something of a vested interest – but I’m only on the Advisory Council because I think what ORG does is of critical importance, particularly right now. Never has there been a time when digital rights have been more important, and never has there been a time when they are more under threat. We use the internet for more and more things – from our work to our personal life, from our political activism to our entertainment, from finding jobs to finding romance. Indeed, there are pretty much no parts of our lives that are untouched by the internet – so what happens online, what happens to our digital freedoms and rights, is of ever increasing importance.

Now is when we need them

The threats that we face to our freedoms are growing at a seemingly exponential rate. Surveillance is almost everywhere, and the political pressure to increase it is frightening. Censorship, the other side of that authoritarian coin, is growing almost as fast – from more and more uses for ‘web-blocking’ to ‘porn’ filters that hide vastly more than porn, from critically important sex education websites to sites that discuss alcohol, anorexia and hate speech. David Cameron talks about banning encryption without seemingly having any idea of what he’s talking about – or the implications of his suggestions.

This last point highlights one of the reasons ORG is critically important right now. Politicians from all the mainstream parties seem to have very little grasp of how the internet works – and they reach for ‘easy’ solutions which get the right headlines in the Tabloid press but are not only almost always counterproductive and authoritarian but actually encourage the perpetuation of damaging myths that will make things continue to get worse. The media, left to their own devices, also have a tendency to look for easy headlines and worse.

That’s one of the places that ORG comes in. It campaigns on these issues – current campaigns include ‘Don’t Spy On Us’ dealing with surveillance, Blocked! which looks at filtering, and 451 Unavailable which tries to bring transparency to the blocking of websites by court orders. It produces information that cuts through the confusion and makes sense of these issues – and tries to help politicians and the media to understand them more. And it works – ORG representatives are now quoted regularly in the media and when they make submissions to government inquiries they’re the ones who are given hearings and referred to in reports.

They do much more than this. They help with court cases working with other excellent advocacy groups like Privacy International – the current challenge to the Data Retention and Investigatory Powers Act (DRIPA) is just one of many they’ve been involved in, and these cases really matter. They don’t always win – indeed, sadly they don’t win often – but they often force the disclosure of critical information, they sometimes bring about changes in the law, and they raise the profile of critical issues. ORG are also part of the critical European organisation EDRi who bring together digital rights groups from all over Europe to even more effect.

Now is when they need us

ORG, like other advocacy groups, regularly punches above its weight. It doesn’t have the massive resources of the government agencies and international corporations whose activities they often have to campaign against. There are no deep pockets in ORG, and no massive numbers of staff – they rely on donations, and on volunteers. That’s where #DigitalRightsMatter day comes in – ORG is trying to find new members, get more donations and find access to more expertise. Can you help?

ORG’s joining page is here

Their blog about #DigitalRightsMatter day is here

I would encourage anyone to consider joining – because Digital Rights really do matter, and not just on #DigitalRightsMatter day.

Now it’s time for a review OF the ISC

Screen Shot 2015-03-13 at 06.45.25Like many others in the privacy field, I had waited for the Intelligence and Security Committee report ‘Privacy and Security: A modern and transparent legal framework’ with some trepidation – though after having made a submission myself, and participated in the ISC’s ’round table’ events that formed part of the consultation I had felt a little less overwhelming pessimism than I had previously. Having read it through after its release yesterday I feel a little underwhelmed. It isn’t quite as bad as I had feared – but it does come close. The general feeling I had, though, was that the ISC is still essentially out of touch, out of date, and unable to fulfil the critical role of scrutiny that it is tasked with.

One particular paragraph made the point most directly – and it concerned one of the most important areas of the review insofar as it relates to the areas that I work in. Paragraph 80 began with this startling sentence:

“We were surprised to discover that the primary value to GCHQ of bulk interception was not in reading the actual content of communications, but in the information associated with those communications.”

Surprised? Really? No-one who has paid any attention to the field over the last decade at least should have been surprised that the ‘information associated with those communications’ – essentially what is generally referred to as ‘metadata’ these days – is what GCHQ would be interested in. Academics and privacy advocates have been going on about it for years and years – and if the ISC were ‘surprised’ that this is what GCHQ are most directly interested in then it means one of three things: either they’ve not been paying attention (which is their main role), they don’t understand the technology at all (which is critically important to their role), or they’re deliberately dissembling about it (which means they can’t be trusted in their role).

That they even make the admission that they were ‘surprised’ in the official report suggests that they don’t understand the gravity of that admission, and how much it shows that they don’t understand what is happening. They compound that admission later on in the report, in paragraphs 136 and following, when they ask the question of whether Communications Data is ‘as intrusive’ as content, and essentially dismiss the possibility, hence giving the authorities much more freedom. They seem to have forgotten at this point what they had learned in paragraph 80, that the primary value is in the ‘information associated with’ the communications – their surprise didn’t illicit the kind of questions that it should have.

To be clear, the argument made by people like me is not that this information is more intrusive than content – but that it is more useful, for a number of reasons, from the fact that it can be analysed algorithmically (rather than by rooms full of old-fashioned spies pouring over reams of print-outs, which seems to the the ISC’s idea of surveillance), and that qualitative information can be gleaned from it. Profiling information – the kind of information that the massive internet advertising industry uses – that can be automatically processed and used. That, however, was something else that indicated how much the ISC was out of touch – they didn’t seem to acknowledge or understand the nature of the current, commercial, surveilled nature of the internet, and the critical role played by the corporations. Bruce Schneier put it most eloquently when talking about the NSA:

“The NSA didn’t wake up and say, ‘Let’s just spy on everybody.’ They looked up and said, ‘Wow, corporations are spying on everybody. Let’s get ourselves a copy.”

The corporates are much more interested in metadata because they understand its value – and so do GCHQ. The profiling techniques used by advertisers to find customers are the same sort of thing that GCHQ might use to find terrorists – just using different parameters. That the ISC doesn’t understand this – or didn’t understand this – is deeply revealing. One of the brighter spots of the report, however, is that they do at least make a tentative step towards recognising it through their new category of ‘Communications Data Plus’ in their recommendations. As they put it:

  • It is essential to be clear what constitutes CD. In particular, there is a ‘grey’ area of material which is not content, but neither does it appear to fit within the narrow ‘who, when and where’ of a communication, for example information such as web domains visited or the locational tracking information in a smartphone. This information, while not content, nevertheless has the potential to reveal a great deal about a person’s private life – his or her habits, tastes and preferences – and there are therefore legitimate concerns as to how that material is protected.
  • We have therefore recommended that this latter type of information should be treated as a separate category which we call ‘Communications Data Plus’. This should attract greater safeguards than the narrowly drawn category of Communications Data.

Personally, I suspect that the ‘grey area’ defined in this way will turn out to be the vast majority of what was previously considered ‘communications data’ – when data aggregation is considered, in particular, most data can be highly revealing. If the ISC had paid more attention to the advertising industry – effectively, if it had understood the context in which surveillance happens these days – it would not have had such a surprise. I look forward to hearing what these ‘greater safeguards’ it will attract will be.

There is much more in the report that should ring alarm bells – the discussion of encryption, the seemingly new idea of ‘bulk personal datasets, the casual dismissal of arguments against the fundamentally intrusive nature of ‘bulk collection’, and the attempt to characterise those who seek privacy as being happy to accept a few terrorist atrocities as a fair price to pay for a little personal privacy – and I am sure they will be written about extensively elsewhere. There was one other thing that struck me, though. At no point in the report, as far as I can see, did they mention the fact that the Data Retention Directive was  declared invalid in April 2014, and that the reason for its invalidity was that:

“It entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary.”

Did the ISC not know about this, or not think it was relevant? If the former, they’re incompetent, if the latter, they’re dismissive of what are considered to be fundamental rights. Mostly, though, my suspicion is that they thought it was not within the terms of their review – and that, itself is revealing. Again, the words that spring to mind are ‘out of touch’. In a body charged with oversight of the intelligence services, being out of touch is a fundamental flaw.

The fall of the Chair of the ISC, Sir Malcolm Rifkind, through his being duped into selling his services to a fake Chinese company set up by journalists, highlights the point even more. Time for a change – and a root and branch change. The ISC is right to call for better transparency – but we need better oversight too, and the starting point of that better oversight should be a replacement of the ISC. More technical competence, more people ‘in touch’ with the real world, less subservience to those in authority who are supposed to be subject to their oversight, more openness to new ideas, more willingness to listen to people who don’t immediately fit into their world view.

We’ve had the review by the ISC. Now it’s time for a review of the ISC.

Guest post: Deeper than Privacy Failure

Shatter the silence

Guest post by @Super__Cyan

Publishing names of individuals has implications that can go beyond privacy

As stated by the Guardian, Politics Home and various other media outlets (see the Internet for rest), survivors of child sexual have received death threats after their identities and personal details were published by the Home Affairs Select Committee. After complaints from the victims, the committee began to redact he names of individual survivors from the correspondence on its website. The Committee said in a statement:

‘Last week, some material from the Independent Panel Inquiry into Child Sexual Abuse came into the committee’s possession in the course of our inquiry. The material included directions to panel members about how they should answer questions from the committee, as well as email exchanges between panel members about the panel’s external communications strategy. These emails included the names of third parties. At the request of the individuals concerned, the material has been redacted to remove references to these individuals. The names of all these individuals were already in the public domain. (bolding this will be explained later).

In their letter to May the survivors said: “The release of emails and correspondence constitute a breach of data protection and also a breach of trust….”

Now here is where human rights may strike again. The survivors acknowledge that the names being leaked constitute a breach of data protection and trust, but it also involves a possible breach of Article 8 of the European Convention of Human Rights (ECHR) which states that:

  1. Everyone has the right to respect for his private and family life, his home and his correspondence.
  1. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

So essentially this means everyone has a right to privacy, subject to qualifications set out in subsection two. Public authorities, like local councils and the police aren’t allowed to arbitrarily mess with these rights. And the Human Rights Act 1998 (HRA) which brings the ECHR from across the pond to allow UK courts to enforce it. So not only does the European Court of Human Rights have the ability to tell the UK (as it would be the state, not the public authority in this instance) off for violating the rights of those under its jurisdiction, but UK courts have a similar ability to tell public authorities off. I feel like I mentioned this before somewhere….But for Article 8 to even be used as a sword, it has to be engaged.  Private life which is not susceptible to exhaustive definition which includes an individual’s name and other means of personal identification (the claimant’s address and date of birth) therefore falling within the ambit of private and family life for the purposes of Article 8 (see S and Marper v United Kingdom 30562/04 [2008] ECHR 1581)

So unless you are Sauron…

Faceless

…you should be fine.

I bolded the quote regarding the names already being in the public domain, Eady J in McKennitt v Ash [2005] EWHC 3003 (QB), para 81, noted that:

‘[I]t does not necessarily follow that because personal information has been revealed impermissibly to one set of newspapers, or to readers within one jurisdiction, that there can be no further intrusion upon a claimant’s privacy by further revelations.’

The point here is that even if what the Home Affairs Select Committee says is correct, this may not preclude a breach of Article 8.

However, all this talk about human rights means squat when it comes to the Home Affairs Select Committee, because of the definition of a public authority in the HRA. This is because of the cleverly crafted s.6(3) of the HRA. This section does not include either House of Parliament or a person exercising functions in connection with proceedings in Parliament within the definition of a public authority (the italics are what are applicable to the Home Affairs Select Committee.) Therefore despite Article 8 being engaged, it has no application because the right cannot be enforced against the Home Affairs Select Committee. This would explain why in the letter to the Home Secretary, T. May only data protection and breach of trust were mentioned. I could get all political with this but I don’t like politics.

But does the human rights protection end there? Not necessarily. We’ve established that Article 8 has no application in this particular circumstance but it might in another and this is because of the death threats made to survivors. There is not much that has been revealed about the nature of the threats as this can be crucial, but it is important to look at the relevant case law. The European Court of Human Rights (ECtHR) found itself presiding over the case of Hajduová v. Slovakia (Application no. 2660/03) which involved a mother who had been verbally and physically attacked by her husband which also included death threats. At para 49 the ECtHR noted that:

The Court observes that the instant application is distinguishable from the cases to which it has referred concerning domestic violence resulting in death (see, in particular, the Court’s judgments in the cases of Kontrová v. Slovakia, no. 7510/04, ECHR 2007-VI (extracts) and Opuz cited above, in which it found violations of Articles 2 and 13 and Articles 2, 3 and 14 of the Convention respectively). It is clear that A.’s repeated threats following his release from hospital, which constitute the basis of the applicant’s complaint under Article 8 of the Convention, did not actually materialise into concrete acts of physical violence (compare and contrast the case of Bevacqua, cited above, in which the Court found that the State had breached its positive obligations under Article 8). Notwithstanding, the Court considers that given A.’s history of physical abuse and menacing behaviour towards the applicant, any threats made by him would arouse in the applicant a well-founded fear that they might be carried out. This, in the Court’s estimation, would be enough to affect her psychological integrity and well-being so as to give rise to an assessment as to compliance by the State with its positive obligations under Article 8 of the Convention.

This means that Article 8 could be engaged and violated even if threats do not materialise.

Moreover, this issue runs deeper than a failure to protect privacy, again because of the death threats that were made to survivors. This therefore brings the issue within the ambit of Article 2 which states that:

  1. Everyone’s right to life shall be protected by law. No one shall be deprived of his life intentionally save in the execution of a sentence of a court following his conviction of a crime for which this penalty is provided by law.
  1. Deprivation of life shall not be regarded as inflicted in contravention of this article when it results from the use of force which is no more than absolutely necessary:

(a) in defence of any person from unlawful violence;

(b) in order to effect a lawful arrest or to prevent the escape of a person lawfully detained;

(c) in action lawfully taken for the purpose of quelling a riot or insurrection.

Article 2 consists are two aspects, positive and negative obligations, a positive obligation to protect life, and a negative obligation to refrain from the unlawful taking of life. Under these circumstances, only the positive obligations are relevant here which can be further subdivided into two categories, prevention and investigation. In Osman v UK 23452/94 [1998] ECHR 101 it was established that authorities have a duty to prevent and suppress criminal offences if it is established that:-

(a) the authorities knew or ought to have known at the time of the existence of a real and immediate risk to the life of an identified individual from the criminal acts of a third party, and

(b) that they failed to take measures within the scope of their powers which, judged reasonably, might have been expected to avoid that risk.

Now clearly this would be trickier if the threats were made anonymously, but that doesn’t mean that a state has no options to try and find the identity of the issuer of death threats. For example, if the threats were sent electronically, powers in the Regulation of Investigatory Powers Act 2000 could be used in the hopes of identifying the issuer of such threats or caught under s.127 of the Communications Act 2003. In Branko Tomašic and others v Croatia (Application no. 46598/06) although a case concerning domestic violence (therefore a history of abuse) and eventual murder, the ECtHR acknowledged that:

The above findings of the domestic courts and the conclusions of the psychiatric examination undoubtedly show that the domestic authorities were aware that the threats made against the lives of M.T. and V.T. were serious and that all reasonable steps should have been taken in order to protect them from those threats. The Court will now examine whether the relevant authorities took all steps reasonable in the circumstances of the present case to protect the lives of M.T. and V.T.(para 53).

The ECtHR concluded that there were no adequate measures were taken to diminish the likelihood of M.M. to carry out his threats upon his release from prison and this was sufficient to enable the Court to find a violation of the substantive aspect of Article 2 of the Convention on account of failure of the relevant domestic authorities to take all necessary and reasonable steps in the circumstances of the present case to afford protection for the lives of M.T. and V.T. (para 60-61).

Though it is not clear whether these threats were made anonymously or by individuals known or by what means, this post is aimed at highlighting the possible application of human rights laws that public authorities should be aware of when it concerns a situation like this. The Home Affairs Select Committee very fortunately would not be under any obligation despite their disclosure but other public authorities are. It is true that ‘not every claimed risk to life can entail for the authorities a Convention requirement to take operational measures to prevent that risk from materialising’ (Branko Tomašic and others v Croatia (Application no. 46598/06) para 50) but at the same time they should still be taken seriously.

No, Mr Hammond, the debate has barely begun…

In a speech to the Royal United Services Institute yesterday (the text of which can be found here) Foreign Secretary Phillip Hammond suggested that the debate over privacy and security, over mass surveillance and the role, tactics and practices of the intelligence and security services, was nearly over. In his words, after the current reviews by the Intelligence and Security Committee (the ISC) and the Independent Reviewer of Terrorism Legislation, both of which are due to report shortly, “we should draw a line under the debate”.  I have one simple and direct response to that. No, Mr Hammond, it isn’t time to ‘draw a line’. The debate isn’t over: it has barely begun.

In his speech, Hammond highlights and praises the role played by the ISC. As he puts it:

“I regard the independent scrutiny and oversight that the ISC provides as a particular and significant strength of the British system.”

Is he talking about the same ISC that put on a public show in November 2013, a public hearing that was little more than theatre, carefully scripted, where the anodyne questions were given in advance to the heads of MI5, MI6 and GCHQ so that they could prepare the answers? The same ISC which failed to notice that, as ruled by the Investigatory Powers Tribunal last month, GCHQ had been acting unlawfully in its surveillance activities for seven years? The same ISC whose chair, Sir Malcolm Rifkind, cheerfully admitted to me at a round table event that formed part of the aforementioned review that he did not understand the most important piece of legislation governing interception and surveillance, the Regulation of Investigatory Powers Act. That same Sir Malcolm Rifkind who had to resign from his position as Chair of the ISC for being duped into offering his services to a fake Chinese company – and even now does not seem to acknowledge that in his position taking a role for a Chinese company might provide some sort of conflict of interest?

No, Mr Hammond, the ISC does not provide the kind of ‘independent scrutiny and oversight’ that is needed – indeed, we don’t just need a review by the ISC, we need a full review of the ISC, so that it has some degree of real independence, so that it has the ability and knowledge, the understanding of the technology and the law that is needed in order to provide real ‘scrutiny and oversight’. Right now, it isn’t a ‘particular strength of the British system’ but very much the opposite. Its existence might suggest we have oversight: in practice, we really don’t.

And how can we draw a line under the debate when even the terms of that debate are still confused? As I’ve written before, the characterisation of the debate is – either deliberately or ignorantly – miscast. Rifkind characterised it as ‘individual privacy vs collective security’ – failing to grasp either that privacy is far from an individual right (indeed, its main function is one about relationships between people, and it underpins collective rights like freedom of assembly and association, and indeed freedom of expression) or that it isn’t really a ‘balance’, or that people want one or the other. People don’t want privacy or security – they want both, and they should be able to have both.

Phillip Hammond continues this mischaracterisation in his speech, referring to the “balancing act between the privacy we desire and the security we need”. No, Mr Hammond, privacy isn’t something we ‘desire’ – it’s something we need. It is a right, a right reflected in all the significant Human Rights documents, and in the Universal Declaration of Human Right and the European Convention on Human Rights in particular, both of which the UK is a party to. A qualified right, of course, but a right nonetheless, and to portray it as something we ‘desire’ is to downplay its significance, something that advocates of authoritarianism appear very keen to do. Privacy isn’t a selfish whim, it’s a fundamental right – and privacy on the internet is becoming more, not less, important these days as we spend more time and put more of our lives online. It is not something to be downplayed, but something to be taken more and more seriously.

So, Mr Hammond, no. No line can be drawn under the debate. As well as the two reviews mentioned in the speech, there are a whole series of legal challenges to the various activities of the intelligence services and others, not just in the UK but all over the world. The debate is only just starting – and if you expect privacy advocates, civil liberties advocates and others to stop campaigning, I’m afraid you’re very much mistaken. Others have recognised this – last Friday I was part of a seminar organised by the Association of Chief Police Officers into the ethics of policing the internet, the debate about which the police believe is only just starting.

Indeed, no line should be drawn under the debate: these debates need to continue forever. The watchmen need to be watched.  The price of liberty is eternal vigilance – and that includes vigilance over the authorities, not just by the authorities.

Debates, impartiality, Cameron and Chickens…

[AMENDED TO REFLECT THAT THE BBC TRUST RATHER THAN OFCOM ADMINISTER THE RULES]

The saga of the TV debates for the General Election has rumbled on over the weekend. The accusations that David Cameron is ‘chickening out’ of the debates have been gaining in volume, and the broadcasters let it be known that they might ‘empty chair’ Cameron if he continues to refuse to participate. Then, on Sunday, a story appeared in the Independent that suggested that the real chickens won’t be Cameron but the BBC. According to the Independent, the BBC are trying to avoid confronting Cameron, and are even considering giving him a separate programme if he ducks out of the planned debate.

‘Sources at the BBC’ have told the Independent that:

“…to comply with election and Ofcom rules about impartiality, if it hosts a debate without Mr Cameron, it would feel compelled to let him have his own programme, an in-depth interview or allow an extended party political broadcast. It is believed that the other broadcasters would follow a similar approach as the BBC.”

But can this actually be true? On the face of it, this appears to be the opposite of impartiality – indeed, it appears to be rewarding Cameron for his avoiding the debates. The BBC’s rules on impartiality are derived from the Communications Act 2003 (as amended) and the Broadcasting Act 1996 (as amended) – that is, they are backed up by legislation. They are effectively similar to those rules set out in the Ofcom Broadcasting Code (which can be found online here), though it is the BBC Trust rather than Ofcom who administer the rules. There are two things immediately worthy of note:

  1. That the words in the act – including the word impartiality – are generally to be interpreted literally; and
  2. That there is no specific guidance about debates – mainly because debates are not a traditional part of the electoral process in the UK.

Still, it should be possible to work out what the rules mean in this context. The relevant parts of the code are as follows:

5.5 Due impartiality on matters of political or industrial controversy and matters relating to current public policy must be preserved on the part of any person providing a service (listed above). This may be achieved within a programme or over a series of programmes taken as a whole.
Meaning of “series of programmes taken as a whole”:
This means more than one programme in the same service, editorially linked, dealing with the same or related issues within an appropriate period and aimed at a like audience. A series can include, for example, a strand, or two programmes (such as a drama and a debate about the drama) or a ‘cluster’ or ‘season’ of programmes on the same subject.

No precise guidance is given about how to apply this to debates – because, as noted above, there is no guidance specifically about debates. You could, and perhaps the BBC is, interpret the piece about ‘series of programmes taken as a whole’ to mean that another programme would fit the bill, but helpfully there is an extra bit of guidance in the section on elections that seems to establish the principle. This is in Section 6, which applies to elections, though about ‘[c]onstituency coverage and electoral area coverage in election':

6.9 If a candidate takes part in an item about his/her particular constituency, or electoral area, then candidates of each of the major parties must be offered the opportunity to take part. (However, if they refuse or are unable to participate, the item may nevertheless go ahead.)

So what does this all mean? Well, first of all, it seem entirely clear that the Ofcom Broadcasting Code does not ‘require’ the BBC or other broadcasters to offer Cameron his own programme. As I’ve mentioned twice before, there are no specific rules about debates that would bind them in this way. Indeed, as also shown, the general approach should be the opposite: the rules about specific constituency events should set the principle: if someone refuses or is unable to participate, as long as they have been offered the opportunity (and Cameron has) the debates should nevertheless still go ahead.

Indeed, impartiality should mean that if the BBC does offer Cameron a separate programme, Ed Miliband, Nick Clegg (and potentially others) should be able to demand one for themselves. I suspect each of these leaders’ advisers has already worked this out – if they haven’t, they should have!

Personally, I rather dislike the debates – they make our electoral system seem too ‘presidential’, they increase the focus on personality rather than policy, and they end up giving ‘telegenic’ politicians an advantage that may bear little relation to their intelligence, morality etc etc – but if we are to have them, we should be fair about it. If Cameron thinks they’re a bad idea, he should have been honest about that from the start – but he wasn’t.

I’m not sure Cameron is a ‘chicken’ about this – I suspect he’s making precise calculations about risks and benefits – but if the BBC is really trying to suggest that they are bound to give him his own programme, I think they really are being chickens, and that there is certainly not the obligation on them that has been suggested. They should be simple and straightforward: if Cameron wants to be included, include him. if he doesn’t, then go ahead anyway. That’s what the law, and the Ofcom Broadcasting Code, as I see it, requires. The BBC Trust, who follow the same legislation that backs up the Ofcom rules, should follow the same rules.

Ethical policing of the internet?

acpoheaderThe question of how to police the internet – and how the police can or should use the internet, which is a different but overlapping issue – is one that is often discussed on the internet. Yesterday afternoon, ACPO, the Association of Chief Police Officers, took what might (just might, at this stage) be a step in a positive direction towards finding a better way to do this. They asked for help – and it felt, for the most part at least, that they were asking with a genuine intent. I was one of those that they asked.

It was a very interesting gathering – a lot of academics, from many fields and most far more senior and distinguished than me – some representatives of journalism and civil society (though not enough of the latter), people from the police itself, from oversight bodies, from the internet industry and others. The official invitation had called the event a ‘Seminar to discuss possible Board of Ethics for the police use of communications data’ but in practice it covered far more than that, including the policing of social media, politics, the intelligence services, data retention and much more.

That in itself felt like a good thing – the breadth of discussion, and the openness of the people around the table really helped. Chatham House rules applied (so I won’t mention any names) but the discussion was robust from the start – very robust at one moment, when a couple of us caused a bit of a ruction and one even almost got ejected. That particular ruction came from a stated assumption that one of the weaknesses of ‘pressure groups’ was a lack of technical and legal knowledge – when those of us with experience of these ‘pressure groups’ (such as Privacy International, the Open Rights Group and Big Brother Watch) know that in many ways their technical knowledge is close to as good as it can be. Indeed, some of the best brains in the field on the planet work closely with those pressure groups.

That, however, was also indicative of one of the best things about the event: the people from ACPO were willing to tell us what they thought and believed, and let us challenge them on their assumptions, and tell them what we thought. And, to a great extent, we did. The idea behind all of this was to explore the possibility of establishing a kind of ‘Board of Ethics’ drawing upon academia, civil society, industry and others – and if so, what could such a board look like, what could and should it be able to do, and whether it would be a good idea to start with. This was very much early days – and personally I felt more positive after the event than I did before, mainly because I think many of the big problems with such an idea were raised, and the ACPO people did seem to understand them.

The first, and to me the most important. of those objections is to be quite clear that a board of this kind must not be just a matter of presentation. Alarm bells rang in the minds of a number of us when one of the points made by the ACPO presentation was that the police had ‘lost the narrative’ of the debate – there were slides of the media coverage, reference to the use of the term ‘snoopers’ charter’ and so forth. If the idea behind such a board is just to ‘regain the narrative’, or to provide better presentation of the existing actions of the police so as to reassure the public that everything is for the best in the best of all possible worlds, then it is not something that many of the people around the table would have wanted to be involved in.  Whilst a board like this could not (and probably should not) be involved in day-to-day operational matters, it must have the ability to criticise the actions, tactics and strategies of the police, and preferably in a way that could actually change those actions, tactics and strategies. One example given was the Met Police’s now notorious gathering of communications data from journalists – if such actions had been suggested to a ‘board of ethics’ that board, if the voices around the table yesterday were anything to go by, would have said ‘don’t do it’.  Saying that would have to have an effect – or if it had no effect, would have had to be made public – if the board is to be anything other than a fig leaf.

I got the impression that this was taken on board – and though there were other things that also rang alarm bells in quite a big way, including the reference on one of the slides to ‘technology driven deviance’ and the need to address it (Orwell might have rather liked that particular expression) it felt, after three hours of discussion, as though there were more possibilities to this idea than I had expected at the outset. For me, that’s a very good thing. The net must be policed – at least that’s how I feel – but getting that policing right, ensuring that it isn’t ‘over-policed’, and ensuring that the policing is by consent (which was something that all the police representatives around the table were very clear about) is vitally important. I’m currently far from sure that’s where we are – but it was good to feel that at least some really senior police officers want it to be that way.

I’m not quite clear what the next steps along this path will be – but I hope we find out soon. It is a big project, and at the very least ACPO should be applauded for taking it on.