Memorandum submitted by the Surveillance
Dr Kirstie Ball, Senior Lecturer in Organisation
Studies at the Open University Business School, UK.
Professor David Lyon, Professor of Sociology and
Director of the Surveillance Project, Queens University, Canada.
Dr David Murakami Wood, Lecturer in Town Planning,
Newcastle University, UK.
Professor Clive Norris, Professor of Sociology and
Deputy Director of the Centre for Criminological Research, University
of Sheffield, UK.
The Surveillance Studies Network is a charitable
company, registered with the UK Charities Commission, dedicated
to public education on the subject of surveillance. For more information,
please contact the Corresponding Author.
1. The Surveillance Studies Network welcomes
this inquiry and the opportunity for high level debate on the
surveillance society that it offers. We make nine observations
on issues that we feel the committee should consider.
2. Dataveillance. Searchable and remotely
accessible databases are increasingly being linked together allowing
for three operations to be performed: profiling, social sorting
and pre-emptive categorisation.
3. Targeted and Mass Surveillance. The re-emergence
of mass surveillance poses particular problems for several long-standing
presumptions in law: Habeus Corpus, The Presumption of Innocence;
Reasonable Suspicion; and The Right to Silence.
4. Data Quality. If judgements are increasingly
made on the basis of profiles in databases, then the quality of
the data needs to be very high, however combining databases can
allow low-grade data to circulate more widely.
5. Technology. There is a significant gap
between the dreams of Joined-Up Government and the reality afforded
by technologies, with contracts awarded without proper trials,
and a mistaken but increasing assumption that if something is
technically possible then it is good policy.
6. Blurring of Public and Private Boundaries.
State and Private sector are increasingly bound together in surveillance
practices, with important implications for data protection and
7. Public Awareness, Consent and Trust.
The public have a strong interest in individual rights, and the
two things should not be played off against each other. Consent
needs to be rethought with the constant circulation of data. However
oHoweverHknowledge of technology and policy issues is low, as
are levels of trust in institutions.
8. Privacy. Data protection is inadequate
for protecting the privacy of the citizen, and the concept of
privacy should be strengthened in British law. However privacy
may be inadequate as basis for rights in the surveillance society.
9. Personal Information Economies. Privacy
Enhancing Technologies (PETs) cannot be regarded as a panacea,
and if they become the main solution could lead to a society of
privacy haves and have-nots.
10. The Regulator. The ICO needs greater
resources and inspection capacities. However greater coordination
and direction is needed at the EU level.
1.1 As Directors of the Surveillance Studies
Network and authors of the Report on the Surveillance Society
for the Information Commissioner, we welcome the decision of the
Home Affairs Committee to hold this inquiry, A Surveillance
Society? We feel such a high level debate is long overdue
and are pleased that our report has gone some way to initiating
such a move.
1.2 The details of our arguments may be
found in the full Report on the Surveillance Society, which we
append. We are making a submission separate from the Information
Commissioner as we believe there may be differences of emphasis,
and the Committee would benefit from both of our perspectives.
1.3 We will outline ten areas which we believe
are crucial for the Committee to consider: Dataveillance; Targeted
and Mass Surveillance; Data Quality; Technology and Decision-Making;
Blurring of Public and Private Boundaries; Public Awareness, Consent
and Trust; Privacy; Personal Information Economies; The Role of
the Regulator. The following paragraphs describe the issues raised
in these areas and pose questions pertinent thereto.
2.1 Contemporary computer databases have
added a distinctive dimension to information collection and surveillance
in that they are both searchable and remotely accessible.
2.2 Such databases are increasingly being
linked together either directly or through information-sharing
2.3 The distinctive qualities of these databases
allow for three operations to be performed that change the nature
of the relationship between the organisation conducting surveillance
and those surveilled: profiling, social sorting and pre-emptive
2.3.1 Profiling, the creation of detailed
files of personal information matched from multiple sources, allows
for a virtual person (data-double or data-shadow) to be created
within the database. What are the material consequences of profiling
for individuals, groups and society?
2.3.2 Profiling has consequences for the
individual in terms of their entitlements and life chances. However,
when aggregated, profiles have the potential to extend, intensify
and exaggerate existing social distinctions and divisions, or
to create new social categories. The potentially serious consequences
for life chances need to be documented and explored, whether or
not any criminal matters are involved, especially if such operations
2.3.3 Of particular concern is the movement
to pre-emptive categorisation, where individuals or groups deemed
by virtue of their profiling as "dangerous", "risky"
or even simply uncertain or unknown, are targeted for intervention
in advance of any crime having been committed. How much is this
already occurring and how does it affect the operation of law?
3. Targeted and mass surveillance
3.1 It is important in this context to make
the distinction between targeted surveillance and mass surveillance.
By targeted surveillance we refer to the surveillance of distinct
individuals or groups, for a particular purpose. By mass surveillance,
we refer to the undifferentiated and general surveillance of the
population as a whole. Both of these take place, but the re-emergence
of mass surveillance (which had been a key part of the authoritarian
regimes of the mid-Twentieth Century) poses particular problems
for the operation of the law in democratic countries like the
3.2 Several long-standing presumptions are
currently challenged in new ways, and no longer provide clear
safeguards: Habeus Corpus, The Presumption of Innocence;
Reasonable Suspicion; and The Right to Silence.
3.2.1 Habeus Corpus. Is the right
to the body of the individual challenged through mass implementation
of fingerprinting, DNA and drug-testing, by police and for other
proposed identification purposes, and the retention of the results
of such tests? There are also significant questions as to the
status of the data-double in relation to the body. If such a corpus
of information is increasingly as important for life chances as
the physical body, is there are need not only for a re-statement
of Habeus Corpus in relation to the conventional body,
but also its extension?
3.2.2 The Presumption of Innocence. Does
the widespread collection and keeping of evidence and the operation
of pre-emptive categorisation mean that the traditional presumption
of innocence is in danger of being turned upside-down? The increasing
use of "Orders" (Control Orders, ASBOs etc) seems to
be of particular concern: to be instituted, these orders require
no proof of criminal activity, yet breaking them is a crime.
3.2.3 Reasonable Suspicion. Similarly, does
the collection and retention of evidence from all those arrested
constitute an erosion of the principle of reasonable suspicion,
in favour of indiscriminate mass surveillance?
3.2.4 The Right to Silence. What are the
implications of the right to silence in a state which seems increasingly
to regard citizens as needing to prove their bona fides or face
4. Data quality
4.1 If judgements are increasingly made
on the basis of profiles in databases, then the quality of the
data would have to be unimpeachable.
4.2 Unfortunately this is not the case.
In particular, when national and local databases are combined,
low-grade intelligence can begin to circulate more widely and
acquire a reliability it does not deserve. Examples have included
the DVLC and Criminal Records, and potentially Connecting for
Health programme and others.
4.3 What can be done to remedy this? Certainly,
there needs to be a change in culture and more awareness of the
poor quality of much data already in databases.
5. Technology and decision-making
5.1 It has to be recognised too that there
is a significant gap between the dreams of Joined-Up Government
and the reality afforded by technologies. Technological systems
have organisational, cultural, and technical limitations: there
have been many examples of the failure, limited performance or
massive cost or time-overruns of state computerisation projects.
5.2 In particular, there is tendency to
regard things as so urgent as to mandate the awarding of contracts
for technological systems or their implementation before proper
trials, tests or audits, for example the case of UK ID cards,
or indeed facial recognition attached to CCTV.
5.3 The danger here is that the state may
be seduced by commercial pressures and offers of "free"
trials of systems. This is not just a question of speed but whether
states are effectively subsidising the Research and Development
budgets of private corporations (see also Section 6 below).
5.4 Does there need to be greater socio-technological
knowledge amongst both ministers and civil servants, and training
in how to assess both surveillance technologies in themselves
and their possible effects directly, indirectly and in conjunction
with other surveillance systems? It is also suggested that such
knowledge and training might be independent of the security and
5.5 It must also be recognised that there
often should be limits placed on technologies. There is a tendency
for the availability of certain technologies or the "needs
of the system" to be used as reason for their use. However,
because something can be done this does not mean that it should
6. Blurring of public and private boundaries
6.1 The state makes increasing use of the
private sector (through the Private Finance Initiative, Public-Private
Partnerships and contracting out) to design and deliver public
service interventions, even with regard to surveillance. Does
the involvement of private organisations, with their own commercial
interests, impact on the design and reliability of such systems
and on the circulation of personal data?
6.2 In addition there is increasing pressure
for the government to derive commercial benefit from the data
it holds on citizens. Should such moves be possible with the existing
framework of consent and data-protection laws?
7. Public awareness, consent and trust
7.1 Discussions of surveillance tend to
oppose the interests of "public safety" against individual
rights. However this is misleading. The public (citizens collectively)
have a strong interest in individual rights, and the two things
cannot be so readily played off against each other. In addition
it cannot always be held that the state has the right to interpret
the "public interest". What mechanisms would be needed
to rebalance the debate in favour of the interests and rights
of the citizen?
7.2 There is a key question as to the knowledge
of citizens regarding the systems of surveillance to which they
are subjected. In the current climate, it is clear that citizens
have little knowledge or awareness of the surveillance systems
to which they are subject, and indeed when they are so subject.
They also have little knowledge as to the destination and use
of the personal data which is collected by surveillance systems.
7.3 Hence, the question of consent must
be addressed. If consent cannot be sought for every movement of
data and every occasion on which data is used for purposes beyond
that of its original collection, what can replace consent and
what mechanisms would be used to enforce it?
7.4 Fundamentally, the question is one of
trust: both trust of the citizen in the state, and of citizens
in each other. What is needed for trust in a surveillance society?
Could it be greater accountability and transparency on behalf
of government? It would appear that if increasing amounts of data
are to be sought from citizens, that they should have a corresponding
increased right first to know what is done with that data individually
and collectively, to ensure its accuracy. and, second, to enjoy
far greater rights of freedom of information and transparency
of state institutions and surveillance systems.
8.1 Data protection regimes are inadequate
for protecting the privacy of the citizen, indeed the Data Protection
Act does not mention the term.
8.2 Should the concept of privacy be strengthened
in British law and what mechanisms would be needed for this?
8.3 Is individual privacy inadequate in
itself as a right to deal with life in a surveillance society?
Certainly ideas of collective or group privacy might extend the
concept further, but what alternatives might there be? For example,
in a surveillance society, one could make a case for a baseline
assumption of transparency of citizens, private corporations and
the state, moderated by specific exceptions.
9. Personal Information Economies
9.1 Privacy Enhancing Technologies (PETs)
are increasingly used and will continue to be so used as the data-double
increases in importance.
9.2 However, PETs cannot be regarded as
a panacea. Do PETs represent simply a market response to problems
of surveillance and privacy? If so, their spread and relative
effectiveness will replicate social and economic divisions, leading
to a society of privacy haves and have-nots.
9.3 Are we seeing the emergence of Personal
Information Economies, where the wealthy will be able to manage
their "data-double" and benefit from personal, consumer
and state surveillance and technologically-enhanced privacy? In
contrast, will the poor, marginalised and excluded, be increasingly
subjected to both mass surveillance, categorisation and control
without the means for the protection of their rights and freedoms?
9.4 In this context there must be a role
of active regulation (see Section 10 below).
10. The role of the regulator
10.1 In our work for the Information Commissioner
it became apparent that the ICO is not adequately equipped to
watch state-commercial-citizen data-relationships in the surveillance
society. This is through no fault of the ICO.
10.2 The ICO needs greater resources and
particularly inspection or audit capacities with regards to government
departments and agencies.
10.3 However it is unreasonable to expect
the ICO to protect all the rights of citizens with regards to
surveillance and privacy. So who can do this? In the absence of
any convincing right of privacy in law, the British courts can
do little, and perhaps this needs to be and EU-wide initiative.
This would require greater work at the European level, perhaps
in the form of a new Surveillance and Privacy directive, but this
should also not be used as an excuse for not strengthening and
extended the powers of the ICO.