JISCMail - DATA-PROTECTION Archives

Email discussion lists for the UK Education and Research communities
Subscriber's Corner
Email Lists
DATA-PROTECTION Archives

data-protection@JISCMAIL.AC.UK

View:

Message:
[
First
Last
]
By Topic:
[
First
Last
]
By Author:
[
First
Last
]
Font:
Proportional Font
		LISTSERV Archives
		DATA-PROTECTION Home
		DATA-PROTECTION January 2016
Options

Subscribe or Unsubscribe
Get Password
Subject:
Re: FW: Hawktalk: Draft Investigatory Powers Bill ignores data protection when collecting bulk personal datasets [long response]
From:
Lawrence Serewicz <[log in to unmask]>
Reply-To:
Lawrence Serewicz <[log in to unmask]>
Date:
Fri, 8 Jan 2016 13:12:06 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (98 lines)
Roland and Chris,
Thanks for the interesting discussion on the bill.

I was struck by the CCTV analogy. While of interest, I think it betrays a conceptual problem facing the legislation.

I will set out what I mean on two points. The first is minor and relatively obvious. The second is more elaborate and speculative.

First, CCTV no longer needs an army of spotters. With facial recognition software a machine can track people and find them in real time without storing anything.

Second, the bill suffers from a central paradox, flaw, within liberalism as expressed in the technological possibilities. (Ok, what does that mean?)

Intelligence and policing are related but different. Traditionally Intelligence was about preventing something and policing was responding to something.

In intelligence, there is less need for rigorous evidence as it is not being tested in court. When the UK killed two of its citizens in a drone strike, it was not agreed through a court that they have been convicted of a crime where evidence was assessed publicly with cross examination decided by a jury or judge.* The burden of proof was lower.

By contrast, the police working within a domestic framework have rigorous (relatively speaking) evidentiary requirements. We know the chain of evidence control can be a reason for a case being dismissed or weakened. Consider the OJ Simpson case where defence was able to raise some doubt that the DNA samples had been tampered with because the chain of evidence control was shown to be weakened. Further, the evidence is tested in court with defence having a chance to inspect the evidence and supply their own to counter evidence. The court then has to decide on the balance of probabilities or beyond a reasonable doubt, depending on the court and the crime, that the evidence is sufficient to convict the alleged criminal.

In policing, the goal is to connect the dots from the event to the alleged perpetrators. They have to gather as much evidence as is available.

By contrast, intelligence as two related but different approaches reactive and preventive.

If they are reacting to an event, they need to connect the dots backwards as quickly as possible to a possible source so that they can either prevent further attacks or attack the source of the event.  In this they are like the police but without the same rigour as they are not going to test the evidence in open court to determine beyond a reasonable doubt of the court that this is the source. (Yes, they will test it and they take these concerns but how intelligence agencies decide to kill someone is not done through a court)

If they are being proactive, the increased concern of this digital domain, they are trying to prevent something from occurring. It is the world of pre-crime.** They need to see the potential of the data and from it chart or map potential scenarios or events based on the relatively known characters. Thus, they track someone who picks up a gun and then they intercept them outside a public building before they can use that gun. (Incidentally, this is what happened with Mark Duggan except that they were not fearing he was about to use it.)

They need to collect more and more data to create the patterns and networks that will show behaviour and potential intent. The goal is to prevent something from happening a contingent event. The more data collected about the person, their wider known network, and their context, the better chance to understand their future behaviour based on surmised goals. (It would be silly for the intelligence services to place me under surveillance as I fit none of their immediate criteria as a threat (no guns, money, targets or access to any of those or even the expertise in any of those). However, they would need to collect my data as part of a wider context if I interact with anyone (which I do) who has guns, money and potential access to targets.***

So why is this a problem for liberalism?
Liberalism is based a strict separation of public and private, domestic and foreign. The sovereign is constrained domestically but relatively unconstrained externally. The problem here is that the person who decides the exception, that is to engage the intelligence services. An exception refer to an abrogation of the normal laws. In this case, it is the sovereign as it relates to national security.  In other words, the tension is that the old system relied on a clear basis to decide the exception, the dividing line between domestic and foreign in terms of national security. The concern here is that the demarcation disappears. There is no domestic. Everything is now foreign as it relates to national security.

We cannot assume or apply domestic laws, based on a bounded sphere of liberty, to the international domain. To put it differently, we cannot use police men to fight terrorists. We have to engage intelligence agencies. Thus saying that we have to limit bulk collection because it is forming a records is a police man's approach. The intelligence service is saying this is not a record, it is probable cause to prevent something.

Even if we try to finesses this by saying "They are both answerable to the law", the point of the exception is that the law is abrogated in that moment. If anything, we revert back to the most basic law (self-preservation of the state). By the way, this *is* how the UK justified killing its two citizens when it wrote to the UN to explain why it had done this.

The problem for us, as citizens, is that the exception becomes the normal. In the past, the exception was an obvious one time or very rare event. Like declaring war. What is happening now is that the sovereign says that we are always under threat, always at war, always preventing an attack, so that the exception (war, threats, fear of death) becomes normal and the normal (peace, cooperation, tranquillity) becomes the exception. This has always been the case since at least Aristotle as shown through Hobbes, who founded the modern nation state, but what has changed is that the technological threat means that the natural or physical divided is transcended in such a way to blur the lines between the domains and creates the contradiction for liberalism.

The problem for liberalism, relying on the duality, is that the sovereign is always right in determining the exception. The only way out of this, (this is very speculative) is that we reduce our fear of death and we have to accept that to have a decent life, of peace, prosperity, and cooperation) we have to accept that people will be killed and we cannot *prevent* death or attacks. The further we want to prevent such attacks (which is what is driving this demand (not catching killers after the attacks which can be done by police men or tracing the issue back to the source (which can be done by policemen) the more we will have the exception as the normal. In other words, technology is driving us further from liberalism as we indulge our fear of violent death. We are pushing to a greater control of human nature, we must prevent violent attacks, to the point human nature disappears. (again speculative.)

Thus, the issue of bulk collection is not that it is happening. It is whether full omniscience would be enough? In other words, if the goal is to prevent an attack, and that is higher than our desire to live within the law with some freedom, then there is no limit to what we will collect and more importantly there is no limit that we can impose. Thus, we have to discuss the political question of whether we really want to prevent attacks at the cost of our liberty. The question is not bulk collection or a technological question. The central question or implicit question, of which talk of bulk collection or other types of collection is immaterial, is how people are we willing to let die from violent deaths so that we can live in freedom.

Until we discuss those questions, our discussion of bulk collection will be nugatory as it cannot address the problem of the exception as no amount of information is ever enough.

Best,

Lawrence

*I am leaving the question of whether the victims' families would have a right to review the evidence or whether the state even needs to justify to anyone but itself that they had the evidence to kill these citizens. (That other citizens cannot find out why the state acted as it did speaks volumes to the level of freedom. In other words, if the state does not have to justify itself publicly, in ways that the citizens can assess, shows the extent to which the government rules the citizens. (The strong do as they will. The weak do as they must.))

**On the issue of pre-crime I would suggest my blog on it, https://lawrenceserewicz.wordpress.com/2015/12/15/in-the-uk-political-philosophy-is-a-pre-crime/  but also these two articles. Lucia Zedner (2010) Pre-crime and pre-punishment: a health warning, Criminal Justice Matters, 81:1, 24-25, and Jude McCulloch and Sharon Pickering Pre-Crime and Counter Terrorism: Imagining Future Crime in the "War on Terror" British Journal of Criminology 2009 49 (5) 628-645

***Don't be alarmed, I am not interacting with known terrorists. :) I interact with people on Twitter who I know own guns,  who have money,  who have access to potential targets.  They are not terrorists, they are just people who fit the possible threat criteria that intelligence agencies might use.

-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Roland Perry
Sent: 08 January 2016 11:17
To: [log in to unmask]
Subject: Re: FW: Hawktalk: Draft Investigatory Powers Bill ignores data protection when collecting bulk personal datasets

In message <[log in to unmask]>, at 00:14:18 on Thu, 7 Jan 2016, Chris Pounder <[log in to unmask]> writes

>He also said the case for retention and bulk data collection was not
>explained fully (i.e. not made).

But he was only going on the 300 page document originally published, and not even any of the previous evidence given to the Committee. It's not really the role of that document to make the case for every clause - it would be 500 pages or more if it tried.

Most of that case-making will emerge either in more written evidence (the main tranche was published yesterday) in responses to the Joint Committees report, and in Committee when the final Bill is being debated.

One of the witnesses earlier this week was perhaps inadvertently making quite a powerful argument for the retention (he also said the bulk collection of Comms Data is already happening because of taps on fibre connections, which is outside the scope of the CSP-based ICR regime).

My version of what he was saying harks back to a CCTV analogy. He described the futility of having too much data being collected which overwhelms the analysts, which would be equivalent to having public CCTV cameras viewed in real time by armies of spotters.

But one of the more powerful uses of CCTV is to *record* it, so when you realise that something needs investigating you can "rewind" and look at a very focussed subset of the entire CCTV footage in the country. The "filtering arrangements" are even more powerful in the sense that having discovered (eg) which vehicles are of interest you could automatically re-scan and run ANPR over, the CCTV recordings to highlight where a specific vehicle had been seen.

Continuing the analogy, you might then see the bank robbers getting out of the car into a different one, and then you try to follow that one through the CCTV recordings instead.
--
Roland Perry


________________________________


Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Top of Message | Previous Page | Permalink
JiscMail Tools

Files Area | help
RSS Feeds and Sharing

Search Archives

Advanced Options