Edward Snowden’s revelations over the summer exposed the online surveillance methods used by the US and the UK. In an interview with LSE’s Alison Powell, cyber-security expert Ian Brown of the Oxford Internet Institute talks about the implications for privacy, human rights and the future of the internet. Below is an excerpt from the complete interview.
Alison Powell: What did we actually learn about communications surveillance that we didn’t know?
Ian Brown: One of the most surprising things that Edward Snowden has revealed is that GCHQ, in the last few years, has managed to gain access to much more of the international internet traffic flowing through the UK. And not just to get access to it by tapping the fibre optic cables that are landing in the UK and heading off from the UK to particularly the US, but to do something useful with that data. So the idea is, there is a team of analysts – Snowden’s documents suggest there are 500 of them, between GCHQ and the US analysts – who are working all the time looking for interesting stuff in this data, and if they spot something interesting today they can go back three days in the volume of the traffic, and they can go back 30 days in this metadata.
So is there any indication in the leaks from Snowden of what is happening with this data?
We know that it is going into big databases run by GCHQ and the NSA and their allies in Canada Australia and New Zealand. We know that the NSA has tools like XKeyScore that lets them search right through that data – it’s a globally distributed database. They have connected up lots of different data stores right across the world and they can search them through an index search so taking in not just the fibre optic cables but also the satellites that used to be the way that international communications happened
But surely this is what security agencies should be doing? Surely they should be protecting the public interest by collecting information about things that could be threatening to the public?
I think almost everyone would agree that we need law enforcement agencies and intelligence agencies to be doing targeted investigations when they have a reasonable suspicion that someone is plotting a terrorist attack or a range of other things that the intelligence agencies might be working on, and we shouldn’t get caught up in the notion that this is about terrorism. The main thing that the intelligence agencies work on is spying on foreign governments to help the domestic government in things like trade negotiations.
But is this level of data collection unprecedented?
Yes, and this is not because the intelligence agencies have been given vast new powers that they had never had before. It is because of technological change. In the past it just wasn’t feasible for post offices to record every detail of every letter that flowed by. That to me is a strong argument to pause, reflect and think: does the fact that the technology has changed and made surveillance much easier change the ethical situation of doing very large scale surveillance? No, of course not, and that is why the societies affected (not just the countries doing the spying but those countries being spied on) have to think carefully about how we want the internet, in this way, to go on affecting people’s lives. Are we going to say, these are very serious threats: do we just have to take the intelligence services at their word and trust that they will put oversight procedures in place to make sure it isn’t abused?
We hear the claim that since technology has changed we should just have our society catch up, and this discussion of privacy is outdated because “if you’ve got nothing to hide you’ve got nothing to fear”. How do you respond to that?
I think you could respond to that in a number of ways but the most fundamental of them is that clearly the nature of technology and technological change does change society BUT it is offensive to notions of human autonomy and dignity that we should just sit back and say ‘ok, technology sails on and we may have spent the last several hundred years in the west working on these human rights protections but technology changes and we should just give up’. Of course we don’t. And of course technology is human-made. We design the technology, we shape the technology and there are ways that we can make choices. It would perhaps be over the top for governments to meddle in the design of specific applications but to set broad principles for the directions we would like these technologies to go is a key part of what democratic self-government means.
So we have this astonishing amount of information being pulled off internet cables, this is getting processed at a high scale – what do we do now?
There are perhaps three likely ways forward. One is that nothing changes, and we should never underestimate the forces of conservatism. There are lots of interests that like the situation as it is and don’t want things to change. I can’t see any likelihood that by itself the UK government will change what it is doing. The second option is perhaps the most likely, that we will see limited changes. In the US Obama has set up a review panel and suggested that some changes are required, mostly in the area of stronger oversight and transparency – telling people more about the surveillance programs in operation, telling people about what the reach is, having a privacy advocate in the Foreign Service Intelligence court in the US to make the case against the NSA getting more data access, having stronger powers for Congress and the UK parliament’s committees to see what is going on. That is the legalistic path and I wouldn’t be surprised if that is what ends up happening.
For me, though, that doesn’t go far enough. What has been revealed over the summer is at such a greater scale than imagined, and so impacts everybody’s day to day activities and privacy and autonomy and freedom of expression and freedom of assembly that to me, we need a fundamental scaling back of the system. I don’t think that the NSA and GCHQ should be plugged into those fibre-optic cables. There are all sorts of other ways that they could do targeted interception.
So is the internet broken forever, as a potentially anonymous communication tool?
I hope not. I hope my third option, my radical option is the way forward and will protect the potential for anonymity. But still, even before all of this, it is not trivial to use the internet anonymously, especially over time. It is very hard not to leave all sorts of digital traces. But this is of value to individuals and to the media and those doing investigative journalism. We see responses from newspapers saying that this level of surveillance makes it very difficult for journalists to talk to sources, especially whistleblowers, especially in areas that are national security-related, which is important because these are the areas in which society most needs to know if abuses are happening. So that to me is why it’s important that we have a significant change of path, but bringing that about will not be easy.
This article gives the views of the interviewer and interviewee, and does not represent the position of the LSE Media Policy Project blog, nor of the London School of Economics. Photo courtesy of Oxford Internet Institute.