Select Committee on Home Affairs Written Evidence


APPENDIX 15

Memorandum submitted by the Surveillance Studies Network

AUTHORS

Dr Kirstie Ball, Senior Lecturer in Organisation Studies at the Open University Business School, UK.

Professor David Lyon, Professor of Sociology and Director of the Surveillance Project, Queens University, Canada.

Dr David Murakami Wood, Lecturer in Town Planning, Newcastle University, UK.

Professor Clive Norris, Professor of Sociology and Deputy Director of the Centre for Criminological Research, University of Sheffield, UK.

ON BEHALF OF THE SURVEILLANCE STUDIES NETWORK

  The Surveillance Studies Network is a charitable company, registered with the UK Charities Commission, dedicated to public education on the subject of surveillance. For more information, please contact the Corresponding Author.

EXECUTIVE SUMMARY

  1.  The Surveillance Studies Network welcomes this inquiry and the opportunity for high level debate on the surveillance society that it offers. We make nine observations on issues that we feel the committee should consider.

  2.  Dataveillance. Searchable and remotely accessible databases are increasingly being linked together allowing for three operations to be performed: profiling, social sorting and pre-emptive categorisation.

  3.  Targeted and Mass Surveillance. The re-emergence of mass surveillance poses particular problems for several long-standing presumptions in law: Habeus Corpus, The Presumption of Innocence; Reasonable Suspicion; and The Right to Silence.

  4.  Data Quality. If judgements are increasingly made on the basis of profiles in databases, then the quality of the data needs to be very high, however combining databases can allow low-grade data to circulate more widely.

  5.  Technology. There is a significant gap between the dreams of Joined-Up Government and the reality afforded by technologies, with contracts awarded without proper trials, and a mistaken but increasing assumption that if something is technically possible then it is good policy.

  6.  Blurring of Public and Private Boundaries. State and Private sector are increasingly bound together in surveillance practices, with important implications for data protection and privacy.

  7.  Public Awareness, Consent and Trust. The public have a strong interest in individual rights, and the two things should not be played off against each other. Consent needs to be rethought with the constant circulation of data. However oHoweverHknowledge of technology and policy issues is low, as are levels of trust in institutions.

  8.  Privacy. Data protection is inadequate for protecting the privacy of the citizen, and the concept of privacy should be strengthened in British law. However privacy may be inadequate as basis for rights in the surveillance society.

  9.  Personal Information Economies. Privacy Enhancing Technologies (PETs) cannot be regarded as a panacea, and if they become the main solution could lead to a society of privacy haves and have-nots.

  10.  The Regulator. The ICO needs greater resources and inspection capacities. However greater coordination and direction is needed at the EU level.

INTRODUCTION

  1.1  As Directors of the Surveillance Studies Network and authors of the Report on the Surveillance Society for the Information Commissioner, we welcome the decision of the Home Affairs Committee to hold this inquiry, A Surveillance Society? We feel such a high level debate is long overdue and are pleased that our report has gone some way to initiating such a move.

  1.2  The details of our arguments may be found in the full Report on the Surveillance Society, which we append. We are making a submission separate from the Information Commissioner as we believe there may be differences of emphasis, and the Committee would benefit from both of our perspectives.

  1.3  We will outline ten areas which we believe are crucial for the Committee to consider: Dataveillance; Targeted and Mass Surveillance; Data Quality; Technology and Decision-Making; Blurring of Public and Private Boundaries; Public Awareness, Consent and Trust; Privacy; Personal Information Economies; The Role of the Regulator. The following paragraphs describe the issues raised in these areas and pose questions pertinent thereto.

2.  Dataveillance

  2.1  Contemporary computer databases have added a distinctive dimension to information collection and surveillance in that they are both searchable and remotely accessible.

  2.2  Such databases are increasingly being linked together either directly or through information-sharing practices.

  2.3  The distinctive qualities of these databases allow for three operations to be performed that change the nature of the relationship between the organisation conducting surveillance and those surveilled: profiling, social sorting and pre-emptive categorisation.

  2.3.1  Profiling, the creation of detailed files of personal information matched from multiple sources, allows for a virtual person (data-double or data-shadow) to be created within the database. What are the material consequences of profiling for individuals, groups and society?

  2.3.2  Profiling has consequences for the individual in terms of their entitlements and life chances. However, when aggregated, profiles have the potential to extend, intensify and exaggerate existing social distinctions and divisions, or to create new social categories. The potentially serious consequences for life chances need to be documented and explored, whether or not any criminal matters are involved, especially if such operations are automated.

  2.3.3  Of particular concern is the movement to pre-emptive categorisation, where individuals or groups deemed by virtue of their profiling as "dangerous", "risky" or even simply uncertain or unknown, are targeted for intervention in advance of any crime having been committed. How much is this already occurring and how does it affect the operation of law?

3.  Targeted and mass surveillance

  3.1  It is important in this context to make the distinction between targeted surveillance and mass surveillance. By targeted surveillance we refer to the surveillance of distinct individuals or groups, for a particular purpose. By mass surveillance, we refer to the undifferentiated and general surveillance of the population as a whole. Both of these take place, but the re-emergence of mass surveillance (which had been a key part of the authoritarian regimes of the mid-Twentieth Century) poses particular problems for the operation of the law in democratic countries like the UK.

  3.2  Several long-standing presumptions are currently challenged in new ways, and no longer provide clear safeguards: Habeus Corpus, The Presumption of Innocence; Reasonable Suspicion; and The Right to Silence.

  3.2.1  Habeus Corpus. Is the right to the body of the individual challenged through mass implementation of fingerprinting, DNA and drug-testing, by police and for other proposed identification purposes, and the retention of the results of such tests? There are also significant questions as to the status of the data-double in relation to the body. If such a corpus of information is increasingly as important for life chances as the physical body, is there are need not only for a re-statement of Habeus Corpus in relation to the conventional body, but also its extension?

  3.2.2  The Presumption of Innocence. Does the widespread collection and keeping of evidence and the operation of pre-emptive categorisation mean that the traditional presumption of innocence is in danger of being turned upside-down? The increasing use of "Orders" (Control Orders, ASBOs etc) seems to be of particular concern: to be instituted, these orders require no proof of criminal activity, yet breaking them is a crime.

  3.2.3  Reasonable Suspicion. Similarly, does the collection and retention of evidence from all those arrested constitute an erosion of the principle of reasonable suspicion, in favour of indiscriminate mass surveillance?

  3.2.4  The Right to Silence. What are the implications of the right to silence in a state which seems increasingly to regard citizens as needing to prove their bona fides or face the consequences?

4.  Data quality

  4.1  If judgements are increasingly made on the basis of profiles in databases, then the quality of the data would have to be unimpeachable.

  4.2  Unfortunately this is not the case. In particular, when national and local databases are combined, low-grade intelligence can begin to circulate more widely and acquire a reliability it does not deserve. Examples have included the DVLC and Criminal Records, and potentially Connecting for Health programme and others.

  4.3  What can be done to remedy this? Certainly, there needs to be a change in culture and more awareness of the poor quality of much data already in databases.

5.  Technology and decision-making

  5.1  It has to be recognised too that there is a significant gap between the dreams of Joined-Up Government and the reality afforded by technologies. Technological systems have organisational, cultural, and technical limitations: there have been many examples of the failure, limited performance or massive cost or time-overruns of state computerisation projects.

  5.2  In particular, there is tendency to regard things as so urgent as to mandate the awarding of contracts for technological systems or their implementation before proper trials, tests or audits, for example the case of UK ID cards, or indeed facial recognition attached to CCTV.

  5.3  The danger here is that the state may be seduced by commercial pressures and offers of "free" trials of systems. This is not just a question of speed but whether states are effectively subsidising the Research and Development budgets of private corporations (see also Section 6 below).

  5.4  Does there need to be greater socio-technological knowledge amongst both ministers and civil servants, and training in how to assess both surveillance technologies in themselves and their possible effects directly, indirectly and in conjunction with other surveillance systems? It is also suggested that such knowledge and training might be independent of the security and surveillance industry.

  5.5  It must also be recognised that there often should be limits placed on technologies. There is a tendency for the availability of certain technologies or the "needs of the system" to be used as reason for their use. However, because something can be done this does not mean that it should be done.

6.  Blurring of public and private boundaries

  6.1  The state makes increasing use of the private sector (through the Private Finance Initiative, Public-Private Partnerships and contracting out) to design and deliver public service interventions, even with regard to surveillance. Does the involvement of private organisations, with their own commercial interests, impact on the design and reliability of such systems and on the circulation of personal data?

  6.2  In addition there is increasing pressure for the government to derive commercial benefit from the data it holds on citizens. Should such moves be possible with the existing framework of consent and data-protection laws?

7.  Public awareness, consent and trust

  7.1  Discussions of surveillance tend to oppose the interests of "public safety" against individual rights. However this is misleading. The public (citizens collectively) have a strong interest in individual rights, and the two things cannot be so readily played off against each other. In addition it cannot always be held that the state has the right to interpret the "public interest". What mechanisms would be needed to rebalance the debate in favour of the interests and rights of the citizen?

  7.2  There is a key question as to the knowledge of citizens regarding the systems of surveillance to which they are subjected. In the current climate, it is clear that citizens have little knowledge or awareness of the surveillance systems to which they are subject, and indeed when they are so subject. They also have little knowledge as to the destination and use of the personal data which is collected by surveillance systems.

  7.3  Hence, the question of consent must be addressed. If consent cannot be sought for every movement of data and every occasion on which data is used for purposes beyond that of its original collection, what can replace consent and what mechanisms would be used to enforce it?

  7.4  Fundamentally, the question is one of trust: both trust of the citizen in the state, and of citizens in each other. What is needed for trust in a surveillance society? Could it be greater accountability and transparency on behalf of government? It would appear that if increasing amounts of data are to be sought from citizens, that they should have a corresponding increased right first to know what is done with that data individually and collectively, to ensure its accuracy. and, second, to enjoy far greater rights of freedom of information and transparency of state institutions and surveillance systems.

8.  Privacy

  8.1  Data protection regimes are inadequate for protecting the privacy of the citizen, indeed the Data Protection Act does not mention the term.

  8.2  Should the concept of privacy be strengthened in British law and what mechanisms would be needed for this?

  8.3  Is individual privacy inadequate in itself as a right to deal with life in a surveillance society? Certainly ideas of collective or group privacy might extend the concept further, but what alternatives might there be? For example, in a surveillance society, one could make a case for a baseline assumption of transparency of citizens, private corporations and the state, moderated by specific exceptions.

9.  Personal Information Economies

  9.1  Privacy Enhancing Technologies (PETs) are increasingly used and will continue to be so used as the data-double increases in importance.

  9.2  However, PETs cannot be regarded as a panacea. Do PETs represent simply a market response to problems of surveillance and privacy? If so, their spread and relative effectiveness will replicate social and economic divisions, leading to a society of privacy haves and have-nots.

  9.3  Are we seeing the emergence of Personal Information Economies, where the wealthy will be able to manage their "data-double" and benefit from personal, consumer and state surveillance and technologically-enhanced privacy? In contrast, will the poor, marginalised and excluded, be increasingly subjected to both mass surveillance, categorisation and control without the means for the protection of their rights and freedoms?

  9.4  In this context there must be a role of active regulation (see Section 10 below).

10.  The role of the regulator

  10.1  In our work for the Information Commissioner it became apparent that the ICO is not adequately equipped to watch state-commercial-citizen data-relationships in the surveillance society. This is through no fault of the ICO.

  10.2  The ICO needs greater resources and particularly inspection or audit capacities with regards to government departments and agencies.

  10.3  However it is unreasonable to expect the ICO to protect all the rights of citizens with regards to surveillance and privacy. So who can do this? In the absence of any convincing right of privacy in law, the British courts can do little, and perhaps this needs to be and EU-wide initiative. This would require greater work at the European level, perhaps in the form of a new Surveillance and Privacy directive, but this should also not be used as an excuse for not strengthening and extended the powers of the ICO.

April 2007





 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2008
Prepared 8 June 2008