In the wake of the report by by Sir Paul Kennedy, the Interception of Communications Commissioner that 1000 people are now having their telephone tapped per week, that is 1000 PER WEEK, this article from Redpepper sums up the surveillance state that we all live in today.
From telephone records to biometric passports, from
travel patterns to shopping details, it is now possible to build an
unimaginably detailed picture of our private lives. Gathering this data
without our express permission is not just unaccountable, argues Ben
Hayes, but poses a threat to the fabric of our democracy
2004, Richard Thomas, the information commissioner, warned that Britain
was ‘sleepwalking into a surveillance society’. In 2006 he suggested
that we were ‘waking up to a surveillance society that is in fact all
around us’. He hasn’t said much this year, but by implication it must
be around breakfast-time in the surveillance society by now.
It’s easy to get worked up about surveillance. By
definition, the surveillance society is not a democratic society in
which surveillance is pervasive. It’s one in which surveillance is so
pervasive that it threatens the very fabric of democracy. The
libertarian intuition that we are ‘descending into a police state’ is
borne of this concern. As ever more laws are introduced to regulate
social and material life (not least the 3,000 new criminal offences
said to have been introduced by New Labour), and ever more aspects of
our lives are monitored and recorded, the more we are asked to account
for ourselves and the more we can be held accountable for.
In a nutshell, the problem is that it is but a few
discrete steps from the information society we cherish to the
surveillance society we fear. To avail ourselves of today’s hi-tech
goods and services we have little choice but to allow those who provide
them to collect more and more information about us. And let’s be
honest: as long as they keep this information secure and confidential,
we’re not all that bothered. Secretly, we may even quite like being
profiled, targeted and ‘rewarded’ with Amazon book recommendations,
discounts and freebies.
Although unwanted ‘spam’ has gotten beyond a joke, the
principles of ‘data protection’ appear to work reasonably well in the
private sector. The 1995 and 1997 EC directives, and the 1998 UK Act,
have imposed clear legal obligations on ‘data controllers’ to protect
personal information, while ‘taking your privacy seriously’ has become
a corporate mantra.
So far so good: things to hide, but little to fear.
Bring the state into the debate, however, and the equation quickly
changes. A new generation of surveillance technologies, population
databases, identity management systems, ‘dataveillance’, data-sharing
and data-mining tools are providing the state with the capacity to
construct an almost unimaginably detailed picture of our private lives.
At the same time, our celebrated data protection laws are being
systematically circumvented and unravelled in order to legitimise the
very practices they were designed to prevent.
Who’s tapping your phone?
A few years ago, the police needed a warrant to access your
telephone records – now all they need is your phone number. This
revolution in communications surveillance was carefully orchestrated.
In 2000, parliament adopted the misleadingly titled Regulation of
Investigatory Powers Act (RIPA) which, rather than regulating state
surveillance, bequeathed to the police and a host of other public
bodies the spook-like power to access directly the records held by
communications companies. In place of a judicial warrant, an
‘authorisation’ by a senior officer would now suffice. In accordance
with data protection rules, telecoms companies were also duly deleting
our phone records after we had paid our phone bills (a matter of a few
months at most). ‘Not so fast,’ said the Home Office, using the 2001
Anti-Terrorism, Crime and Security Act (ATCSA) to introduce a voluntary
code on ‘data retention’, under which the major ‘telcos’ would not only
retain their records for up to one year, but provide the police with
direct access to their databases. The House of Lords did its level best
to restrict the purpose of the Act to ‘serious crime’ but this would
inevitably prove meaningless once data had been retained.
Not content with the voluntary code, the Home Office
now demanded mandatory data retention by all telecoms companies and
internet service providers (ISPs). But rather than returning to
parliament, which had already judged ATCSA a bridge too far, the UK
government went to the EU to seek an agreement with the force of
European law. A discreet amendment to EU data protection rules followed
in 2002, and an EC directive on data retention was eventually adopted
In 2007, the Home Office returned to parliament to make
its voluntary code mandatory by statutory order (meaning no debate),
with the justification that the UK was merely fulfilling its
obligations under EU law. This is a flagrant case of ‘policy
laundering’. Just as ‘money laundering’ describes the passage of
illegitimate funds through outside institutions and back into
legitimate circulation, policy laundering involves the use of
intergovernmental organisations to agree policies that lack political
legitimacy in order to bring them into practice.
The cumulative effect of mandatory data retention
cannot be understated. All our telephone and internet traffic data must
now be stored for at least 12 months (perhaps longer in future – up to
three years as in Ireland, or five as in Italy) in case the police or
other state agencies need to look at it. The list of other agencies
includes, among others, the Tax Office, the Food Standards Agency, the
Department of Health, the Immigration Service, the Gaming Board, the
Charities Commission and 475 local councils.
Should the police wish to see your telephone records
today, they no longer need to show ‘probable cause’ to a judge. They
just need to turn on their computers (or phone a friend). In 2005/6,
this power was used a staggering 439,000 times over 12 months – a
figure certain to rise with mandatory data retention and its extension
to internet usage by 2009. The lack of independent scrutiny means we
can only guess what the police were up to, but in accessing records
more than 1,200 times a day, we can be certain that their activities
went far beyond the scope of organised crime and terrorism.
Pulling a Swift one
Telecommunications data retention is but one example of the state
placing legal obligations on the private sector to facilitate
surveillance. ‘Policy laundering’ is again in evidence, somewhat
ironically, in the EC money laundering directives of 1991, 2001 and
2005. These directives have effectively reversed the principles of
banking secrecy and privacy in financial transactions by placing a
legal obligation on financial institutions to retain data for five
years and report all ‘suspicious financial transactions’ and customers
to the police. In the UK, ‘failure to disclose’ those suspicions is now
a criminal offence punishable by up to five years imprisonment.
The money laundering directives now also apply to
auditors, accountants, tax advisors, estate agents, lawyers and
notaries, dealers in high-value goods and casinos (not that this has
done anything to curb systematic tax evasion and corruption by the rich
and powerful), while under the UK Terrorism Act 2000, we are all now
liable to prosecution for ‘failure to disclose’ any suspicions we may
harbour about terrorist activities. As these so-called ‘due diligence’
obligations come to represent the wholesale privatisation of
surveillance, government whistle-blowing, as David Kelly and Craig
Murray can testify, is positively discouraged.
Further obligations have been placed on the airline
industry to provide states with information about their passengers
(so-called ‘passenger name records’ or ‘PNR’). Under successive EU-US
PNR agreements – which the European Parliament voted against on four
occasions – US agencies now have direct access to European passenger
reservation databases. There are few meaningful restrictions on the use
or onward exchange of the data they extract. This means that even if
you’re only taking a BA flight from London to Amsterdam, up to 35
categories of personal information that you supply could find
themselves in the US Department of Homeland Security’s inbox. Perhaps
it’s time to start reading the ‘terms and conditions’ before ticking
that box? Except that if you don’t tick that box, you can’t book the
In other cases, corporations are simply handing their
data over to state agencies in the absence of any lawful requirement to
do so. In 2006 the New York Times broke the story that the US was
secretly monitoring every transaction sent through the global Swift
money transfer organisation – which is based in Brussels – via an
illegal ‘mirror’ in the US. The EU responded by formally granting the
US access to the Swift data.
It is suggested that the use of ‘mirrors’ by the US
government is widespread, and endemic where US-based multinationals are
concerned. This begs a question: when corporations are requested to
hand over or provide states with access to their data in the name of
combating terrorism or some other evil, are they really going to refuse
in practice? The same question applies to public bodies, with Transport
for London apparently all too ready to provide the security services
with a ‘backdoor’ into the congestion charge and Oystercard systems.
The debate about ID cards masks far more insidious developments.
Over the coming decade, the vast majority of the EU’s law-abiding
population will be fingerprinted, registered and placed under de facto
surveillance. Once again, governments have taken advantage of the EU to
‘harmonise’ national policy on the introduction of ‘biometric’
passports, ID cards, resident permits and visas. Article 18(3) EC of
the EU Treaty should have prohibited EU legislation from the outset as
it states clearly that the power to adopt legislation ‘shall not apply
to provisions on passports, identity cards, residence permits or any
other such document’. The member states simply ignored this provision
and then used the new ‘reform treaty’ to belatedly add these powers to
the EU mandate.
Under the ID Cards Act of 2006, from around 2010
everyone renewing their UK passport will be required to attend one of
69 ‘enrolment centres’, where they will be fingerprinted (all ten),
photographed and asked any of the 200 questions designed by the Home
Office to test the applicant’s identity, provenance and entitlement to
remain in the country. Under EU rules, applicants for a visa to any EU
member state will soon be subject to an almost identical process in
their own country (with data retained in EU databases even if the visa
Your new biometric passport will contain an embedded
radio frequency identification (RFID) chip that includes your
fingerprints and other personal data, an identity card (with another
RFID chip) and a number. The RFID chip is there to transmit your data,
from distance, to special airport scanners, which scream ‘hack me’ to
all those so inclined.
Your special number relates to your record in the UK
national identity register (NIR), which links you to every other piece
of information the state has ever collected about you. As the campaign
group NO2ID has explained, the NIR will become ‘an index to all other
official and quasi-official records. Through cross-references and an
audit trail of all checks on the register, the NIR [will] be the key to
a total life history of every individual, to be retained even after
At the same time, a new generation of ‘e-borders’ will
mean that all entrants are fingerprinted upon entry and given a de
facto police record. The UK ‘e-borders’ system is to contain up to 90
specific categories of data on individuals and will record all movement
into and out of the UK.
Shocked by the Stasi analogy in the subheading? You may
be missing the point: the Stasi didn’t ask many questions because they
already knew all the answers. Nor is it simply a case of ‘Business or
pleasure, sir?’ making way for some rather more direct questioning. As
more and more data is collected on the premise of border control, the
techniques and technologies deployed at the border are simultaneously
being deployed on the streets. ‘Multi-agency’ police checks (basically
roadblocks with benefits, tax, immigration and DVLA inspectors in
attendance), massive immigration raids and collective expulsions,
hand-held fingerprint scanners, mobile access to police computer
systems – these are all now matters of policy rather than legislation,
and the subject of little if any debate.
You are a security risk
States are also investing heavily – and usually secretly – in the
kind of predictive algorithms developed for direct marketing purposes
in the belief that ‘risk profiling’ will help identify terrorists,
criminals, psychopaths, problem children (see ‘Generation ID’,
opposite) and other dangerous people before they have the chance to do
us harm. This corresponds to more and more ‘preventative’ police powers
– Asbos, security-based detention and so on. As EU policies, ‘terrorist
profiling’ and computer-assisted passenger screening are now being
introduced across Europe.
These types of programmes raise several fundamental
objections. Primarily, by using assumptions about ethnicity, religion,
nationality, lifestyle, education, health, wealth or criminal record as
indicators of risk, these systems are intrinsically discriminatory. In
turn, they inevitably lead to actions against large numbers of innocent
people on a scale that renders the exercise both unacceptable and
pointless. In the wake of the discovery of the Hamburg cell’s
involvement in the 9/11 conspiracy, for example, German federal police
agencies collected and analysed data on some 8.3 million Muslims (and
suspected Muslims) in Germany but failed – despite hundreds of
surveillance operations, arrests and interrogations – to find a single
As Douwe Korff, international law professor at London
Metropolitan University, points out, it is important to stress that
this is not something that can be fixed by better design: ‘Attempts to
identify very rare incidents or targets from a very large data set are
mathematically certain to result in either an unacceptably high number
of “false positives” (identifying innocent people as suspects) or an
unacceptably low number of “false negatives” (not identifying real
criminals or terrorists). This is referred to scientifically as the
“base-rate fallacy”; colloquially, as “If you are looking for a needle
in a haystack, it doesn’t help to throw more hay on the stack.”’
Despite the fact that the judicial regulation of surveillance is
fast disappearing, many liberals have faith that the surveillance
society can be somehow ‘democratised’ – a few new data protection rules
here, a little bit more accountability there. This is disingenuous to
say the least: mass surveillance, data retention and risk-profiling are
the very things data protection law was designed to prevent. Once these
practices are introduced, the law can give little practical effect to
the supposedly fundamental right to protection from undue or arbitrary
interference by the state.
Others suggest that the very same technology used to
hold the citizen to account can be turned inwards, so that ‘glass
citizens’ are governed by transparent states, as it were. But in a
country that won’t even allow telephone intercepts as evidence in court
because the police and security services don’t want to compromise their
secret listening programmes, this appears a remote proposition.
So the job rests firmly with what remains of society.
But in the absence of any rational appraisal as to the desirability and
effectiveness of surveillance systems, never mind more concerted
efforts to halt the march of the surveillance state (particularly via
the EU), there can be little cause for optimism. And if you tolerate
this, your children really will be next.
All of the above measures were brought in by the NuLab government, with the explicit support of the Conservatives and LibDem's.
The biggest threat to your health, safety and freedom is the government itself.
Still want to vote for the same old evil…or even the lesser of the 3 evils.
Now there is an alternative, a real alternative. The Libertarian Party.
So if you ever get the chance to vote again, think long and hard. Do you want more of the above, or do you want your life back.