“My government intends to bring forward measures to maintain the ability of the law enforcement and intelligence agencies to access vital communications data under strict safeguards to protect the public, subject to scrutiny of draft clauses.” —The Queen’s Speech, 2012
There, peeking out amongst the 19 bills announced during the Queen’s Speech a few days ago, was the worst kept secret in current discussions of legislative reform on the issue of intrusive surveillance: also called the Draft Communications Data Bill.
Whilst the details of the bill are not yet complete, the idea is to allow competent institutions—the police and intelligence agencies, but also possibly other Whitehall departments and local Government, to have real-time access to internet communications meta-data. That is, knowledge of the existence rather than the content of our emails, Facebook messages, tweets, etc. This is presumably based on the proposition that knowing how pieces of communication collectively form networks can pay dividends for security, whilst also being less intrusive than prying into their contents.
It is also called, by anyone who doesn’t like it, the “Snooper’s Charter.” Privacy and civil liberty groups like Big Brother Watch and Liberty, and politicians like David Davis, have condemned the bill as illiberal, intrusive and indiscriminate. The largest upswell of opposition has so far focussed on the fact that, if such surveillance is to be real-time, it cannot be subject to a prior warrant by either magistrate or minister. However, under the current law that governs this kind of intercept, the Regulation of Investigatory Powers Act 2000 (or RIPA), this kind of communications meta-data can already be collected for a wide number of reasons (say, the collection of tax), by a wide number of bodies (say, the Environment Agency) on the internal authorisation of a senior member of that agency. How this will change under the new bill is not clear, but it seems unlikely that the bill steps over a dark Orwellian threshold, as suggested by its critics.
Getting bogged down in a debate about the difference between the existence and content of a message misses the point somewhat. Nearly everyone accepts that the government will sometimes need to access information intrusively. What they expect is that this is done in an accountable, proportionate and necessary way. And this is the clincher: RIPA, the body of law that is supposed to guarantee this, is 12 years old, and was drafted well before social media began to fundamentally change how we communicate with each other. From private Facebook messages to semi-public wall posts to public tweets, many different forms of social media interaction simply don’t “fit” into the structure of current law.
At its heart, RIPA has a spatial conception about what is public and private, and therefore what is intrusive or not. It is legally more intrusive to record a conversation in someone’s home than the same conversation in a public space. These ways of thinking about privacy cannot be readily applied to social media, and confusion often results. In 2010 a court in California exempted a defendant from turning over his “private” Facebook and Myspace messages whilst in the same year a court in New York delivered the opposite verdict. As social media becomes an increasingly important way that we communicate with each other (and also a significant subject of intelligence collection), it clearly makes sense for the government to adapt its capabilities to this new frontier lest it abdicate its most fundamental duty: to protect its citizens.
Earlier this month Demos published #Intelligence. Written by myself, Demos’ Jamie Bartlett and the former Director of Government Communications Headquarters (GCHQ) Sir David Omand, it is a blueprint for the ethical and effective collection of social media intelligence (shorthand: SOCMINT) by the state, in the interest of public security and safety. It is possible, we argue, for social media intelligence to both make a decisive contribution to public safety and security, and to do so in a way that is based on human rights and the associated principles of accountability, proportionality and necessity.
There are, broadly speaking, two types of social media intelligence. The first we call “non-intrusive open source.” A lot of information is freely available, in the public domain, and willingly put there by people. It is right that governments should be able to access this—in the same way companies or universities can.
But there is another type too. When the government begins to exercise the state-specific powers of breaking through people’s privacy settings to collect social media information to fulfil the state-specific responsibilities of security and safety, this is intrusive SOCMINT. It is this kind of collection which worries people, and needs to be based on clear rules. A framework that guarantees that the public is protected from the possible misuse or abuse of these powers must be animated by six principles:
1) There must be sufficient, sustainable cause;
2) There must be integrity of motive;
3) The methods used must be proportionate and necessary;
4) There must be right authority, validated by external oversight;
5) Recourse to secret intelligence must be a last resort if more open sources can be used; and
6) There must be a reasonable prospect of success.
The furore over the current draft bill has shown no signs of dying down. Indeed, as further details flesh out the bones of this draft bill in the following weeks— especially cost, access, retention and use—my bet is the debate will become more polarised and intense. Now, more than ever, the government needs to lay out a clearly articulated strategy for how the harm of intrusive surveillance of social media (and the internet more broadly) can be recognised, balanced and managed. I hope the draft bill does just this.