Anthony Lester and Zoe McCallum discuss the need to balance national security and privacy in the age of internet surveillance.
We have become used to surveillance technology. Most of us are not troubled by the use of CCTV to deter crimes and detect criminals, though their overuse makes us uneasy. Of course, the difference between CCTV and internet surveillance is that CCTV cameras are installed only in public places. We use the internet at home or in private and so monitoring our usage is more intrusive. The US National Academy of Sciences captured the essence of the digital age in their Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment, as one in which everyone leaves
“personal digital tracks…whenever he or she makes a purchase, takes a trip, uses a bank account, makes a phone call, walks past a security camera, obtains a prescription, sends or receives a package, files income tax forms, applies for a loan, e-mails a friend, sends a fax, rents a video, or engages in just about any other activity”.
We are all internet addicts now. Digital is part of the fabric of our lives, though some of us are still too shy to twitter or tweet. We cherish the web for the ways in which it has enriched our lives, expanded free expression, and given us easy access to goods and services. So most of us put up with the fact that Apple, Microsoft, Amazon, Google, Yahoo, Facebook and other web companies store our data and target us for marketing purposes.
We also value national security. We expect our governments to protect us against censorship, cyber wars and terrorism. We want our spies to beat our enemies’ spies and to catch suspected terrorists and other serious criminals by spying on them. But we are unhappy if gaining that protection involves sacrificing too much of our personal privacy.
Thanks to Edward Snowden’s revelations, we now know that the British government, in partnership with the United States, has monitored, stored and used citizens’ data on a scale impossible before the age of the internet. The NSA has stored the telephone records of millions of Americans under a programme authorised by the US Foreign Intelligence Surveillance Court. GCHQ has developed a huge server for monitoring Internet communications. The intelligence agencies have been able to siphon data from commercial companies, including Microsoft, Google, Facebook and Apple. Both governments have cleverly circumvented the technology that is meant to make Internet communication secure.
Debate about the legitimacy of mass surveillance has become polarised. On one side, those who stand with the security services emphasise the unprecedented nature of the terrorist threat. They view Snowden and his journalistic colleagues as irresponsible information thieves at best – and at worse, as treasonable agents of dark terrorist causes. The opposite view emphasises the threat to privacy, rather than to national security, highlights the public interest in responsible reporting of the revelations, and questions the intelligence value and proportionality of the programmes.
Developments in surveillance technology have always provoked debate about the ethics. As early as 1928, in the case Olmstead v United States, a majority of the United States Supreme Court decided that wiretapping did not violate the Fourth Amendment. Justice Brandeis disagreed and cautioned that “the progress of science in furnishing the government with means of espionage is not likely to stop with wiretapping”.
It is an area involving a long and counter-productive tradition of official secrecy. After the advent of personal computers, the British government formed the Lindop Committee to examine how to protect personal data in light of technological progress. Its members were refused access to information about the intelligence agencies’ computer systems. Their report in 1978 stated that secrecy left the security services “in a hermetic compartment” where “they can never discuss their problems with anyone outside their own tight community; thus they are not open to healthy – and often constructive – criticism and debate which assures….that they will not stray beyond their allotted functions”.
A year after the Lindop report was published, an English Court decided the police were allowed tap telephones without legislative authority. The Court, in the case Malone v Metropolitan Police Commissioner, reasoned there was no need for a law to grant them this power because the police were in the same position as everyone else: free to anything that law did not prohibit. The European Court of Human Rights decided otherwisein the 1984 case Malone v United Kingdom.
Despite rulings in Strasbourg, Cabinet Office officials later suggested using the so-called “Ram doctrine” to justify the transfer of personal data across departments without the consent of people affected. The Ram doctrine is not about sheep or goats but originates from advice that Parliamentary Counsel to the Treasury set out in a memorandum in 1945. It said that Ministers could exercise the same powers as the Crown, as long as there was no law to prohibit them from doing do. The fallacy is that public bodies are not in the same position as private individuals. A public body may take action only if justified by law. That is what is required these days under the Human Rights Act and by the constitutional principle of legality essential to the rule of law.
The drafters of the European Convention on Human Rights believed that the interests of national security, public safety, the prevention of crime, and the protection of the rights and freedoms of others are legitimate grounds for interfering with the right to privacy, as specified in the exceptions in Article 8 (2) of the Convention. But the Convention rightly requires that any interference with personal privacy is proportionate to those legitimate aims. To justify the mass collection, storage and use of private digitalised information, the public need to satisfied that no lesser degree of intrusion would be sufficient in meeting real threats.
In the USA, expert scrutiny has been searching and revealing. The Privacy and Civil Liberties Oversight Board, an independent bipartisan agency within the US government, carried out an investigation into two NSA surveillance programmes. Board members were granted access to classified opinions by the US Foreign Intelligence Surveillance Court and to classified documents. Their report, released in January 2014, concluded tellingly as follows:
“We have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. Even in that case, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program”
It is also clear that official oversight has been insufficient. Were it not the case, politicians on both sides of the Atlantic would not have been emphasising in the media that they had been kept in the dark, and calling for reform. Expert reviews were ordered immediately in the aftermath of the leaks and President Obama announced plans to end the bulk collection of metadata. Congress is considering more than 30 bills to protect citizens’ privacy.
In Britain, the leaders of two of the three main political parties have publicly committed themselves to legislation. A report by the all-party Commons Home Affairs Committee in April 2014 concluded that the regulation of Britain’s intelligence agencies is so weak and ineffective that it undermines their credibility and that of Parliament. We should not have wait for the outcome of the General Election to set up a stronger and better resourced Parliamentary Intelligence and Security Committee. Better oversight is vital if we are to maintain public confidence in the intelligence agencies and their work.
It is also imperative that the law governing the security services contains adequate safeguards against abuse. This is necessary if we are to maintain vital public confidence in the work done by the intelligence agencies on our behalf. The breadth of the legislative framework that authorised GCHQ’s activities is a serious concern. As Liberal Democrat MP Dr Julian Huppert stated in his evidence to the Intelligence and Security Committee in February 2014, much of the law governing surveillance was drafted before the internet existed. Generally worded provisions written for the wiretap age may since have enabled the use of more intrusive technology in ways that Parliament would not have contemplated at the time.
The Strasbourg Court now has an opportunity to examine these outdated laws. In a joint application, a coalition of free speech organisations, including Big Brother Watch, Open Rights Group and English PEN, argue that the broad legal framework underpinning the surveillance fails to provide a check against the arbitrary use of state power intruding into private life; and that it does not sufficiently indicate to citizens when their communications may be monitored. The case was given a rare ‘priority’ designation by the Court – though it was later put on hold pending the outcome of proceedings brought by other organisations before the UK’s Investigatory Powers Tribunal (due to be heard in July 2014). Privacy International also filed a separate complaint before the IPT in May, which seeks to challenge the use of hacking tools by the intelligence services.
Our Government should not wait for the outcome of these cases before authorising an independent and expert review of the legal framework with full access to all relevant information. In the US, the Privacy and Civil Liberties Oversight Board had full access and recommended that that the Administration should develop principles and criteria publicly identifying the authority under which it conducts surveillance. It was explicit that this should include “post-enactment novel interpretations of laws already on the books”. This recommendation should be followed in the UK.
The need for transparent and effective safeguards against misuse of powers was exemplified by David Miranda’s case, shortly to be considered by the Court of Appeal. Miranda is the partner of Graham Greenwald, the journalist who first reported Snowden’s revelations in The Guardian. The police stopped Miranda at Heathrow August 2013 under suspicion that he was carrying some of the leaked intelligence material. Under sweepingly broad powers conferred by the Terrorism Act to stop, question, detain, strip search, take biometric samples, and search, seize and retain electronic devices, in order to establish whether a person is involved in terrorism, the police questioned him for nine hours and seized his encrypted storage devices.
The police are not required to suspect a person is involved in terrorism in order to detain them. The High Court decided in favour of the government and rejected the claim that the police had used their powers improperly, disproportionately or in breach of the right to free expression. Yet this judgment was possible only because the law is worded too broadly. Before the case arose, Lord Pannick QC and I attempted in the House of Lords to change the law so that the police could only use their power if they had reasonable grounds for suspecting that a person is or has been involved in terrorism. But the Minister replied that the Government considered that this “would undermine the capability of the police” and pointed out that individuals may be at risk of being involved in terrorist activity unknowingly as well as knowingly. That is how it was possible to apply anti-terror powers in the context of Miranda’s journalistic activity – Miranda’s intentions in relation to the material were not a relevant consideration. The scope of the authorities’ discretion must be restricted.
There is a pressing need to act now. Louis Brandeis, great champion of free expression and personal privacy and the rule of law, famously observed that “Sunlight is said to be the best of disinfectants; electric light the most efficient policeman.” It is not in the best interest of the security services, whose work depends so much on public confidence and our willingness to co-operate with them, to adopt the attitude of the grumpy father in Ring Lardner’s story.His daughter asked tenderly “Are we lost, daddy?” “Shut up,” he explained.
Lord Lester of Herne Hill QC is a Liberal Democrat Life Peer and member of Blackstone Chambers. Zoe McCallum is Parliamentary Legal Officer to Lord Lester QC.