Imagine you’ve just been appointed the head of the online secret police for an oppressive dictatorship. Your leader comes to you with a worried expression. The internet bothers him, he tells you. People get to say whatever they want, to talk to whoever they want, and it’s spreading dissent and destabilising the government. ‘It’s a disaster,’ he says. ‘What are you going to do about it? We need to keep this under control.’
You think about it a bit and then come up with a plan. Our main problem, you tell him, is that we don’t know enough about what is going on. We need to monitor everything. ‘If we know who is talking to who, what sites they’re visiting on the internet, which social networking systems they’re using, and for what, then we can start to take back control.’
A smile starts to appear on the leader’s face. ‘What next?’ he asks.
‘Next we need to set up a system to be able to search through all that information – some kind of filtering system to find what we want to find.’
‘You mean like a kind of Google for private communications and internet activities?’
‘Exactly. We can search for whatever we want – and whoever we want. But there’s more: we can use that information to do much more. They think the internet’s a tool for their free speech – we can turn it into a way to find them, to arrest them, to block them, to find out who likes what they say. We can access their activities in real time and respond to them before they know what’s happening. We can turn the tables on them.’
Your leader smiles and rubs his hands together. ‘Go for it,’ he says.
A dystopian vision?
This may seem like a dystopian vision – but it is, in essence, exactly what the Communications Data Bill is designed to do. It is set up to allow full access to all internet activities, both in a stored form for later access and analysis and a ‘real-time’ feed, allowing monitoring of what people are doing while they’re doing it. It then legislates for a filtering system to be created, a system by which those in authority can search through all the data gathered to find what they want, using whatever terms they want. No warrants are required so long as the person mandating the search is sufficiently senior – and currently, precisely what level of seniority is required in each relevant authority is not specified in the bill, leaving it to the discretion of the authorities concerned.
There are similar initiatives around the world: two prime examples are those proposed in the current review of Australia’s National Security laws and, to a certain extent, the existing Swedish FRA-Law. The United States does it a bit differently: it seems that the National Security Agency (NSA) is just doing all the surveillance, if a key whistleblower is to be believed, without an official legal basis. It’s something that ‘authorities’ seem to have decided is well worthwhile – primarily, it seems, for reasons described above.
One of the characteristics of these laws and systems is that the politicians who put them forward and vote for them appear to be ignorant of both what they do and what they imply. Indeed, politicians often appear not to understand the digital world much, which is one of the reasons we end up with messes such as the Digital Economy Act – but their secret policemen are not in the dark. That’s why it is the ‘intelligence services’ that seem to be the driving force behind the Communications Data Bill, more so even than the police, and why the NSA in the US, as noted above, appears to do pretty much exactly the same, without even a pretence of a legal basis.
Panicking about the Internet
In many ways, the authorities are panicked about the internet. It seems to be too much out of control – and too much beyond their understanding. They used to be able to tap phones and intercept mail, to watch people on the street and to interrogate their friends and connections – now that seems to be much harder. When they sort out systems to tap into one form of communication, the internet develops another – so laws like the Data Retention laws cover email and phones, but they don’t cover social networking sites or instant messaging, because those weren’t sufficiently understood or developed when the laws were drafted. They’ve learned a lesson from that: don’t try to specify too carefully. Instead, gather everything.
There is a logic to it – new forms of communication are being developed all the time and people will find new ways to use existing forms. Conversations can develop in the comments on a blog or even a newspaper article – so all that would need to be monitored. Even reviews of products on Amazon are being used for creative conversations – so that needs to be monitored too. In the end, if you follow this path, the only conclusion is to monitor everything.
One particular red herring in the bill is that it won’t monitor the ‘content’ of communications. That’s fine if you’re looking at conventional forms of communication – emails and phone calls etc – but when you start looking at websites, even a site’s URL can indicate its contents. More to the point, by monitoring people’s behaviour you can profile them – and tap into already highly-developed behavioural-targeting systems. These have been created for advertising, but can be used just as effectively for political, racial and religious profiling.
This kind of universal data gathering, from the perspective of the secret policeman, is both logical and necessary – but it has huge implications, and not just for the obvious issue of privacy. The first and most important effect is a real and direct one: people can be located and prevented from exercising their freedom of expression. Two immediate examples spring to mind. The first is the Nightjack blogger, whose blog provided rare insight into the real life of the police, as well as being fascinating and well enough written to win the Orwell Prize for blogging. His blog was shut down because he was ‘outed’ by The Times – nefariously – and he was unable to operate without the anonymity that his blog provided. If there is universal surveillance, and if we know there is universal surveillance, it will be much easier to break people’s anonymity and pseudonymity. That alone will have a chilling effect, deterring people from blogging if they feel they’re likely to be easy to locate. For some, of course, it’s more than a chilling of speech – it can be deadly. Bloggers in Mexico regularly face very real danger and anonymity is crucial to their safety. Many have been hunted down and executed by drugs cartels. Systems like the one being proposed would make it far easier for them to be found, and given the likelihood of collusion between the cartels and certain elements of the police, the consequences could be hideous.
Function creep – and other risks…
The legal implications may just be the tip of the iceberg. The idea that the police and others authorised to take action under this kind of legislation will only use it for the purpose originally specified is naïve to say the least. Have we learned nothing from the phone-hacking saga, particularly about the way the police can potentially be subverted by other ‘interests’? Function creep is real, both in terms of legislation and in the use of the technology itself.
It is also important to understand that this kind of profiling could be extended to other areas of the internet. People could be ‘steered away’ from particular sites without knowing it. If a large number of ‘suspicious’ people visit a particular website, the site could end up being blocked – or worse, those who create and support that site could be located and arrested. Other forms of data can make the whole thing even worse – from facial profiling of photos on the net to geo-location data that can be used not just to locate people in real time but to analyse their movements over a period in order to predict where they might be. When you combine that with the kind of social networking and related data that might also be gathered, the opportunity to control and even shut down protests or other gatherings becomes more extreme – again, the effect on free expression, on political discourse both offline and online, could be significant.
Experts doubt whether systems like this will even work. The real ‘villains’ – the terrorists and paedophiles that are generally used to justify such proposals – are likely to know how to evade the surveillance. They often have a great deal of practice in covering their tracks and generally take more precautions to avoid being caught.
Stimulating a trade in surveillance technology?
There is another key potential impact of the Communications Data Bill: the law supports the development of technology for surveillance and control. The bill currently estimates that it will cost £1.8bn (US$2.9bn) to implement: that’s £1.8bn on research, development and production of surveillance technologies. Companies will be queuing up for a share of that money – and when they use it, what will they do with it? The products developed – both hardware and software – won’t only be used by our ‘good’ government. Companies will want to sell them elsewhere – or at the very least use the expertise that they’ve developed while building them in further contracts. Who will those contracts be with? There will be a ready market for this kind of surveillance system in any regime with even the smallest degree of an authoritarian streak. Not only will free speech be chilled in our own country, but elsewhere around the world. The concept of universal surveillance will be given the green light.
Universal internet surveillance not only impacts upon privacy, it impacts upon our whole lives – particularly as more aspects of our lives either take place online or have an online element. It chills speech. It can block free association and free assembly. It allows each and every one of us to be pro- filed in great detail. It puts tools of immense power into the hands of exactly those people who can be least trusted to use it – and it should be stopped. The question we must ask is what kind of a society do we want – one with freedom, or one where all the power is in the hands of the authorities?
(This story first appeared in Index on Censorship – Digital Frontiers – which you can buy here)