SHOULD officials dealing with mundane matters of health and social welfare be allowed to rummage through your email and Internet records? On 10 June, the British government seemed to think so. It gave advance warning of a move to expand the list of authorities empowered to demand detailed personal communications data from service providers and telecoms companies. A week later, a shaken Home Secretary withdrew the order, admitting his initiative had been a 鈥渂lunder鈥.
Privacy and civil liberties advocates were delighted. Yet set in a global context, David Blunkett鈥檚 retraction looks like a mere pause. Across the world, governments are engaged in an unprecedented build-up of state surveillance powers that could fundamentally shift the balance between the individual鈥檚 right to privacy and the state鈥檚 obligation to fight crime and terrorism. In May, the European Parliament voted to require telecoms and Internet service providers to retain personal communications data that might be needed by law enforcement agencies. And in preparation for this month鈥檚 G8 summit, ministers endorsed a list of 鈥減rinciples on the availability of data essential to protecting public safety鈥.
Among privacy advocates, there is alarm that crucial decisions are being made behind at least partially closed doors. But one question is not often asked: just how useful is it to tap into vast amounts of personal data? The question might seem heretical, given the contemporary assumption that knowledge is simply a matter of accumulating information and that quantity eventually will translate into quality. But this conventional wisdom is dubious, on several counts.
Advertisement
Intelligence gathering has become ever more automated, as spy satellites, listening posts and other forms of technical collection have become more efficient and data-processing has become faster. But raw data is meaningless unless analysed and interpreted, and the super-efficient eyes and ears in the sky cannot do that. Software designed to recognise key words and phrases is only as good as the human analytical intelligence that has gone into choosing which words and phrases it should flag.
And judging from ongoing revelations about security blunders in the run-up to 11 September, this human aspect of intelligence work is woefully underdeveloped and under-resourced. Last week, unnamed American intelligence sources disclosed that the US National Security Agency picked up two messages from Afghanistan on 10 September that referred to a major event planned for the next day, but failed to translate them from Arabic until 12 September. Information overload may not have caused this particular blunder, but it鈥檚 unlikely to have helped. The allure of high-tech data collection obscures the problems it can create.
So you鈥檇 think governments would be focusing on increasing their capacity to process the raw data and target what to flag in the first instance. Instead, they are simply creating laws that expand the range and amount of data collected, with Britain taking the lead. Even the USA PATRIOT Act, passed in the wake of 11 September, does not give the American government the power to compel individuals to surrender the keys to encrypted communications about which the government is suspicious. But Britain鈥檚 Regulation of Investigatory Powers Act gives the police that power. Even without its projected extension, it gives law enforcers access to information gathered by email, Web and Usenet servers and chat lines. For now, it鈥檚 true, the British police still need a warrant to open emails or documents. But they can look whenever they like at records detailing who you communicated with, and when, and which websites you visited.
In the past, telecoms companies and ISPs could generally insist upon warrants before handing over any personal data. Now there is a push to gain blanket access as opposed to case-by-case authorisation. Law enforcement agencies argue that their effectiveness is imperilled by authorisation requirements, while their opponents suffer no impediments in their use of technology.
Following the twin-towers attack, neither public nor expert opinion is likely to be swayed by traditional appeals to put individual rights before public safety. But 11 September is more pretext than context for the attempts to expand the state鈥檚 powers to retain data. The RIP Act was conceived and passed well before the Al-Qaida attacks. The FBI had already been deploying software for scanning email traffic and the US Treasury was following money-laundering trails by trawling through electronic records of financial transactions. What was required was wide international cooperation in reporting, investigation and prosecution. The attacks galvanised such cooperation, at least to counter Al-Qaida financing, while the subsequent investigation of the terrorists revealed how useful private-sector data, such as information on credit cards and air miles, can be in tracking the movements of suspects.
But these intelligence 鈥渟uccesses鈥 have all come after the event: it is only thanks to a Congressional investigation that we are getting a picture of what went wrong before the attack. The weak link in intelligence, experts agree, is informed analysis that can put together the overflow of information into a compelling picture. Knowledgeable analysis, steeped in the history, culture and politics of the countries producing terrorism, will be more useful than collecting ever more raw data. If widening the data net also involves further invasions of privacy and limitations on the rights of individuals, it seems a poor bargain indeed.