The following was written by Frederick Antonio Gallucci | @gibblegbble
The “Snooper’s Charter” Strikes Back? Illegitimacy of Mass Retention of Communications Data
The “Draft Communications Data Bill” was initially proposed by Home Secretary Theresa May in the 2012–13 legislative session. The former Deputy Prime Minister Nick Clegg withdrew his support for this bill in April 2013 and the Liberal Democrat party blocked it from being reintroduced. With a Conservative majority victory in the 2015 General election, it was revealed very swiftly by Theresa May that something resembling the “Snooper’s Charter” would be back on the parliamentary menu. Unfortunately the Liberal-Democrats were no longer around to counter the more authoritarian elements of the Conservative party. The provisions of the “Snooper’s Charter” are troublingly and present further attempts to curtail privacy in the United Kingdom.
The rhetoric in regards to the necessity for the mass retention of communications data continues to ramp up. In November 2014 the director of Government Communications Headquarters (GCHQ) stated in an article for the Financial Times that:
‘…privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions’.
Since terrorist attacks in New York (2001), Madrid (2004), London (2005) and increasing activity of “lone wolf” or individual terrorist cells (domestically & abroad), governments have become determined to exercise a form of “sovereignty” on the internet. Alongside legitimate activity, crime and prohibited conduct is equally facilitated by the sharing of information enabled by the internet. The internet itself is not intrinsically dangerous, however as with any technology there always exists the possibility of abuse, making it a ‘contingently dangerous’. Governments are anxious to exert control as they perceive the need to manage the risks of information technology and real threats. The British government (under Blair, Brown & Cameron) has stressed the necessity for legislative & regulatory tools to deal with those who are seen to pose a danger to society. Such concerns stem from the growing risk that ‘crimes enabled by email and the internet will go undetected and unpunished…’ Governments want to be able to monitor the activity of those who pose a threat to society & ensure a form of regulatory control & jurisdiction.
The “online’’ world is now inextricably linked with the “offline” world.
Communication via the internet is central to the day to day lives of UK citizens. The internet enables the rapid transfer of information. Search engine & service providers like Google dedicate immense resources to customer profiling and advertising, acquiring mass amounts of user data. Private information now flows across multiple transnational boundaries in seconds.
The implementation of legislative measures obligating internet service providers (ISPs) to retain en-masse information about customers’ online activity to aid law enforcement disproportionately affects human rights & privacy.
The internet is a durable system and a distributed network (initially developed for military communication & built to survive a nuclear attack – Paul Baran ‘On Distributed Communications: 1. Introduction to Distributed Communications Network’ Memorandum RM-3420-PR, August 1964, The Rand Corporation). It is vast and complex existing through the interconnection between millions of computers located around the world. When individuals interact or conduct transactions in cyberspace, they leave behind records of their movements in the online world known as metadata.
Shayana D. Kadidal observes that one single stream of metadata by itself ‘can reveal a lot about you’ and providing identifying elements from an individual’s location, revealing personal preferences, interests & associations. It is essentially the ‘who, what, where and when of everyone’s use of the web’.
Graham William Greanleaf (Professor of Law & Information Systems, University of New South Wales, Australia) details that:
‘…we disclose potentially identifying (or interaction-enabling) information such as name, email address or machine address in the act of communicating…’
Due to the sheer amount of data generated via “online” communication, there are inherent risks, especially where mass data retention is mandated by the state, the more that is collected and stored increases possibility of breaches, misapplication and misuse. Under the “Snooper’s Charter” Communications companies will be required to store records of customers’ phone and internet use for 12 months.
‘LIBERTY’ notes that such activity would be in ‘direct contradiction of the Court of Justice of the EU’s judgment, delivered in April 2014, which held that blanket indiscriminate retention of such private data breached human rights.’ The judgement of the joined cases of Digital Rights Ireland (C-293/12) and Seitlinger and Others (C-594/12) by Grand Chamber of the ECtHR laid out criteria for proportionate retention and access to communications data. The Court noted that EU legislation ‘must lay down clear and precise rules governing the scope and application’. Enabling surveillance and monitoring of telecommunications activity even where there existed no link to criminal activity or a situation ‘liable to give rise to criminal prosecutions’ was fundamentally not proportionate.
Advocate General Villalon further stated that “outsourcing” of data retention:
‘…admittedly allows the retained data to be distanced from the public authorities of the Member States and thus to be placed beyond their direct grip and any control, but by that very fact it simultaneously increases the risk of use which is incompatible with the requirements resulting from the right to privacy’.
This typifies worrying potential scenarios where security policy usurps data protection. Not only could data of innocent citizens be retained but once retained stored in jurisdictions outside the EU where data protection for private entities mandated to retain the data may differ entirely. The Grand Chambers judgement can be seen as ‘…..damning in its rejection of mass surveillance based on the retention of data on every communication by everyone resident in the whole EU’.
Isiah Berlin – ‘Positive & Negative Liberty’ in the Context of Mass Surveillance
Information is a powerful tool of control and mass collection has often been a characteristic of totalitarian societies. The ‘Snowden revelations’ shocked the world uncovering the extent mass of data collected via global surveillance programs of both the United States & the UK. What was thought to be focused and specific was revealed as not so. The secretive nature of such systems monitoring communications with ‘means and measures for interference with personal data are unprecedented’ represents an affront to fundamental human rights. Where intelligence and data gathering is conducted in the shadows it lacks clarity and precision. Individual citizens cannot hold those in power to account and prevent abuse. The work of Isaiah Berlin, via his analogy of ‘negative’ and ‘positive’ liberty, presents an avenue to critique the action of national governments in such instances. Berlin holds that:
‘The defence of liberty consists in the ‘negative’ goal of warding off interference’, for individuals to self-actualise in society they must be free of interference of the State and further it must allow ‘freedom as self-mastery’ or non-domination.’
Citizens must have access to information to adequately balance the scales and prevent domination. Governments must allow access to information and ‘provide effective institutional and legal mechanisms for their citizenry to effectuate self-government and command non-interference’.
Malone v United Kingdom (A/82) (1985) 7 E.H.R.R. 14 (ECHR) holds that:
‘the law must be sufficiently clear in its terms to give citizens an adequate indication as to the circumstances in which and the conditions on which public authorities are empowered to resort to this secret and potentially dangerous interference with the right to respect for private life and correspondence’.
Individuals should have access to information and be able to hold the government to account, as per the argument of Berlin, in order to prevent the potential abuse of surveillance and data retention powers.
Valid Limitations on ‘Privacy’?
Surveillance has always been necessary; from of trench coat wearing ‘G-Men’ trailing suspects in the 1950s to keeping close watch on bulk Amazon purchases of products containing hydrogen-peroxide. This in itself is not problematic; where surveillance and data retention is focused, based on necessity and exigencies of national security, governments should have the tools they need. The European Convention on Human Rights (ECHR) provides exceptions for privacy in this respect (Articles 8-11 lay down conditions where the state might ‘legitimately interfere’ with the provisions of the ECHR). It is essential that there is balance between ‘the interests pursued by any such measures ‘against its detrimental effects on individuals’.
Any interference from surveillance must be measured, proportionate and be ‘necessary in a democratic society’. This caveat is essential to prevent democratic states falling into a common ‘trap’ where security measures usurp the very values they were enacted to defend.
The provisions of the “Snooper’s Charter” proposed by Theresa May will likely facilitate further mass retention and blanket surveillance. Undoubtedly information gathered by surveillance and that retained by private companies plays a vital role in national security concerns. However, measures ensuring blanket data retention create a situation where citizens are essentially ‘monitored purely for unsubstantiated reasons of precaution’. Such a system of mass retention presents a disparate approach to the right to privacy. It is imperative that the powers of the state, and the private entities it delegates to, are set out clearly in law and all measures are proportionate as per the ECHR.
This author considers it paramount that:
‘…the same rights that people have offline must also be protected online’.
– (Human Rights Council, Twentieth session, Agenda Item 3, Promotion and Protection of all Human Rights, Civil, Political, Economic, Social and Cultural Rights, including the Right to Development, UNGA Doc A/HRC/20/L.13)
By Frederick Antonio Gallucci | International Law LLM | @gibblegbble
@PoliticalSift | Collective Voice of Society