Thursday, October 17, 2013

ORG interviews, the ISC inquiry & Benkler re the Snowden leaks

The Open Rights Group has done a series of interviews about the Snowden leaks with such luminaries as former GCHQ chief David Omand, human rights and freedom of information campaigners Peter Tatchell and Heather Brookes and the former Conservative foreign and defence secretary, Malcolm Rifkind.

Particularly telling is Mr Omand's point that we've got to grow up and have a public debate about the powers of the intelligence services to engage in operational surveillance, what that means in practice and what the boundaries, checks and balances of such powers should be.

Mr Rifkind, comes across as believing in the magic powers of computers, given enough personal data about everyone, to point out the bad guys. It doesn't matter, you see, that the data of the rest of us is in there too; because as long as it's only seen by the computer which grades us as innocents then there is no harm done.

His lack of understanding might not be a problem except for the fact that he is chairman of the parliamentary  Intelligence and Security Committee (ISC) charged with overseeing the work of the intelligence services. The ISC is also the committee that has announced it will look into the Snowden leaks. Unfortunately Mr Rifkind is also framing this inquiry as examining
"the appropriate balance between privacy and security in an internet age...
There is a balance to be found between our individual right to privacy and our collective right to security.
Wrong, wrong, wrong.

It is not about "balancing" privacy and security. They are not opposite sides of the same coin. More privacy does not mean less security any more than more security means less privacy. Door locks and strong fences provide privacy and security. Security gets pitched against privacy in the context of mass surveillance and identity; and the anti-privacy security measures like mass surveillance and identity cards not only don't work but can undermine security. (All the 9/11 attackers had their photo identities checked before boarding their planes.)

If Mr Rifkind does not understand that he should not be chairing such an influential parliamentary committee in this area. If he does understand it he's engaging in manipulative politics, framing the "inquiry" to get pre-ordained "answers".

Even if we did have Mr Rifkind's magic terrorist catching machine and it was 99.9% accurate (no existing surveillance system comes close to this) it would be still be useless.


Because even if the machine was watching only the 60 million people in the UK, it would wrongly accuse roughly 600,000 innocent people of being terrorists every time it was asked for a suspect. That’s a lot of false leads for the police and security services to follow whilst the bad buys get lost in the noise.

So even if there were 1000 terrorists (unlikely), our 99.9% accurate terrorist catching machine would be wrong more than 99.8% of the time (599,000/600,000).

Yet the machine still might miss the terrorist! Because not only will it wrongly identify innocent people as bad guys, it will also identify real bad guys as innocents.

Tuning the machine to accuse fewer innocents will make it more likely that it will miss the bad guys.
Finding a terrorist is a needle in a haystack problem. You don’t find the needle by throwing more electronic data hay on the stack. It requires targeted, intelligence led surveillance and investigation - targeted intelligence led data preservation not blanket data collection and mass surveillance.

So not only does the Rifkind-approved mass surveillance apparatus not work, it blows a hole in the constitutional, common law, statutory and international protections for privacy.

Yochai Benkler spelt it out nicely in yesterday's Guardian:
"Pervasive surveillance proponents make two core arguments.
First, bulk collection saves Americans from foreign terrorists. The problem with this argument is that all publicly available evidence presented to Congress, the judiciary, or independent executive branch review suggests that the effect of bulk collection has been marginal...
The second argument that defenders of mass surveillance offer is that detailed, complex and faithfully-executed rules for how the information that is collected will be used are adequate replacements for what the fourth amendment once quaintly called "probable cause" and a warrant "particularly describing the place to be searched, and the persons or things to be seized". The problem with this second argument is that it combines two fundamentally incompatible elements.
Mass surveillance represents a commitment to near-universal all-seeing gaze, so as to assess and respond to threats that can arise anywhere, at any time. Privacy as a check on government power represents a constitutional judgment that a limited government must have limited power to inspect our daily lives, and that an omniscient government is too powerful for mere rules to restrain. The experience of the past decade confirms this incompatibility...
Technology has enabled government to have investigative and situational awareness on a scale and scope that were science fiction when the Stasi shut its doors. The "state of emergency" mindset necessary to justify the program in the first place drives those charged with assuring the safety of Americans to always use this technology to its full potential; it also gives them an independent source of legitimacy for their actions – the fierce urgency of necessity.
Their mission clashes with the fundamental premise of privacy as a civil right: that state power is best contained by making the overwhelming majority of what goes on in society invisible to the state. As Justice Alito put it in the supreme court's decision to strike down GPS tracking:
[Historically] the greatest protections of privacy were neither constitutional nor statutory, but practical.
Once the state knows about behavior, it is hard to rely on rules alone to bear the full burden of preventing overreach by those who wield its awesome power...
Rules alone cannot hold back the millions of potential abuses of an omniscient state.
As long as government is allowed to collect all internet data, the perceived exigency will drive honest civil servants to reach more broadly and deeply into our networked lives. Bringing an end to mass government surveillance needs to be a central pillar of returning to the principles we have put in jeopardy in the early 21st century."
Mr Tatchell and Ms Brookes, as you would expect, are articulate on the need to protect human rights, expose wrong doing on the part of government, protect whistleblowers and wax skeptical about the constant 'trust us it's a matter of national security' refrain on the part of governments.