What's The Difference Between 'Mass Surveillance' And 'Bulk Collection'? Does It Matter?

from the words,-words,-words dept

As numerous Techdirt stories make clear, the particular words used to describe something can make a big difference in how it is perceived. For example, intelligence agencies like to avoid the use of the bad-sounding “mass surveillance,” with its Orwellian overtones, and prefer to talk about “bulk collection,” which can be presented as some kind of cool big data project. No one is more vociferous in insisting that they are not engaged in mass surveillance, but merely bulk collection, than the UK’s Home Secretary, Theresa May. She was pushing that line again last week, during a grilling by a UK Parliamentary committee about her proposed Snooper’s Charter. As BBC News reported:

She said the security minister, John Hayes, had written to the committee of MPs and peers scrutinising the draft bill to give the reasons why the government did not want to reveal the kinds of data investigators were accessing.

She insisted the practice — and the sweeping up by the security services of large quantities of internet traffic passing through the UK — did not amount to “mass surveillance” as civil liberties campaigners claim.

“The UK does not undertake mass surveillance,” she told the committee.

Given what we know that GCHQ is already doing, and adding in what the UK government says it wants to do, that seems an absurd thing to say. But Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law at the UK’s University of East Anglia, thinks that there is more to this than meets the eye:

Precisely what constitutes surveillance is far from agreed. In the context of the internet (and other digital data surveillance) there are, very broadly speaking, three stages: the gathering or collecting of data, the automated analysis of the data (including algorithmic filtering), and then the ‘human’ examination of the results of that analysis of filtering. This is where the difference lies: privacy advocates and others might argue that the ‘surveillance’ happens at the first stage — when the data is gathered or collected — while Theresa May, [former GCHQ director] David Omand and those who work for them would be more likely to argue that it happens at the third stage — when human beings are involved.

If surveillance occurs through the act of gathering personal data on a large scale, then clearly what the UK government does (and wants to do more of) is mass surveillance. But if surveillance only takes place once a human operator looks at some of the gathered data, then Theresa May can plausibly argue that what the UK government is engaged in is not mass surveillance, because relatively little personal data is scrutinized in this way. So the question then becomes: at what point is it most appropriate to say that surveillance has occurred? Bernal offers a helpful analogy. What the UK government wants to do with the Snooper’s Charter would be like:

installing a camera in every room of every house in the UK, turning that camera on, having the footage recorded and stored for a year — but having police officers only look at limited amounts of the footage and only when they feel they really need to.

Does the surveillance happen when the cameras are installed? When they?re turned on? When the footage is stored? When it?s filtered? Or when the police officers actually look at it.

Most people would probably find the automated video recording of everything they did in the privacy of their own home intrusive, and clearly a form of surveillance, even if it was unlikely the footage would ever be seen by a human being. And in Europe, the question has already been settled by the courts:

Privacy invasion occurs when the camera is installed and the capability of looking at the footage is enabled. That?s been consistently shown by recent rulings at both the Court of Justice of the European Union and of the European Court of Human Rights. Whether it is called ?surveillance? or something else, it invades privacy — which is a fundamental right. That doesn?t mean that it is automatically wrong — but that the balancing act between the rights of privacy (and freedom of expression, of assembly and association etc that are protected by that privacy) and the need for ‘security’ needs to be considered at the gathering stage, and not just at the stage when people look at the data.

That’s important, because it is precisely this issue that the courts will have to consider when the inevitable legal challenges are brought against the UK’s Snooper’s Charter once some version of it becomes law. In the end, whether the Home Secretary thinks what she is doing is mass surveillance or merely bulk collection is irrelevant — the UK and EU courts will be the ones that decide whether it’s allowed.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “What's The Difference Between 'Mass Surveillance' And 'Bulk Collection'? Does It Matter?”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

The camera or the eye

The example they used is actually pretty close to what I was thinking while I read.

If someone found a camera hidden in their bedroom and tracked down who had installed it, I don’t imagine many courts would accept the claim that while yes the camera was installed, and yes it was recording, the person who installed it hadn’t watched the footage, which meant that the privacy of the person recorded hadn’t been violated.

The violation of privacy occurs as soon as the camera is installed, as soon as the intent to collect the data is put into motion. It doesn’t matter if no-one ever watched the resulting footage, or(using the peeping tom defense popular by US politicians defending the NSA) if the person being watched never learns about it, the violation still happened.

Yes, I know I'm commenting anonymously says:

As Lewis Caroll wrote

The name of the song is called ‘Haddocks’ Eyes.”
‘Oh, that’s the name of the song, is it?’ Alice said, trying to feel interested.
‘No, you don’t understand,’ the Knight said, looking a little vexed. ‘That’s what the name is called. The name really is ‘The Aged, Aged Man.”
‘Then I ought to have said ‘That’s what the song is called’?’ Alice corrected herself.
‘No you oughtn’t: that’s another thing. The song is called ‘Ways and Means’ but that’s only what it’s called, you know!’
‘Well, what is the song then?’ said Alice, who was by this time completely bewildered.
‘I was coming to that,’ the Knight said. ‘The song really is ‘A-sitting On a Gate’: and the tune’s my own invention.’

Ninja (profile) says:

Does it really matter if humans will only see a tiny part of it at any determined point? Because what triggers such scrutiny is what should really strike fears on every single one of us. Maybe MS May is a good person and everybody under her authority is borderline saint and we really don’t have to worry about our privacy being invaded (except, you know, if we are doing something terrorist-ey but don’t ask how broad the definition of terrorist is).

But suppose for a moment that in the next Government somebody from the Kin dynasty in North Korea gets into power. What could possibly go wrong with such wealth of data? So it does not matter if it’s mass surveillance, bulk collection or my little pony, the fact that it can be abused should be enough to make it forbidden and carry severe punishment for those who engage in such collections. Collections to find terrorists are problematic enough as the word has been expanded to be so broad that an angry crying baby could be included even though the term actually means “people who engage in criminal acts because they don’t accept differences”.

Anonymous Coward says:

“Rogers: …. You can’t have your privacy violated if you don’t know your privacy is violated.”


(Somewhat depressing looking at the dates on old articles. Around and around and around and around.

Anonymous Coward says:

Re: Re:

“That is a nice donation Rogers got there.”
“How do you know?”
“I have a program that collects all his private emails!”
“But isn’t that illegal?”
“Well, you see, I collect all activity on his account and run it through a filter to ignore confidential stuff. This slipped through.”
“But that is surely illegal.”
“It is only illegal if he knows about it!”

DocGerbil100 (profile) says:

Oh, FFS.

Whether you call a spade a spade or a shovel, it’s all the same damn thing if you’re using it to dig up shit about people.

It’s the capture of genuinely private information that’s the problem, not merely its examination by human eyes.

The potential for chilling effects, for industrial espionage, for blackmail are all at the point of capture, not at the point of use.

A breach of Data Protection law is still a breach.
An indecent image of a child is still an indecent image.
A copyright offence is still an offence.

In the UK, there can be few, if any, parts of our legal system that will tolerate this kind of semantic evasion. It won’t wash.

Causing a computer to leak classified information to some insecure computer somewhere else is a criminal offence, perhaps even a terrorism offence, regardless of whether another human being ever sees it or not. The intelligence services themselves wouldn’t have it any other way, so why should anyone else?

Anyone who believes the load of utter crap coming out of Theresa May’s fat face right now needs their head placed under surveillance.

Lewis Carrol says:

Through the looking glass

‘I don’t know what you mean by “glory”,’ Alice said.

Humpty Dumpty smiled contemptuously. ‘Of course you don’t — till I tell you. I meant “there’s a nice knock-down argument for you!”‘

‘But “glory” doesn’t mean “a nice knock-down argument”,’ Alice objected.

‘When I use a word,’ Humpty Dumpty said, in rather a scornful tone, ‘it means just what I choose it to mean — neither more nor less.’

‘The question is,’ said Alice, ‘whether you can make words mean so many different things.’

‘The question is,’ said Humpty Dumpty, ‘which is to be master — that’s all.’

Vic says:

That reminds me something...

When actually theft takes place?

A couple of guys extract a windshield from a car, thinking that this is a car of one of their friends and they are just “practically joking”. They place the windshield next to that said card and leave, giggling and whatnot.
Another couple of guys just happen to pass by, see a pretty good quality windshield laying idle on the ground, with nobody next to it to claim, so they pick it up and carry it away.

That’s a very old scheme of how to steal a windshield from a car without obvious stealing act or actors.

The governments learn from criminals. Or is it the other way around? Or is it just the same crowd?

tqk (profile) says:

Re: Re:

Does anyone else think that this feels like an article on quantum physics?

It sounds like someone attempting to explain Einsteinian forces with Newtonian physics.

On the other hand, I’m still trying to get beyond the visual resemblance of May to the wicked witch from the Wizard Of Oz movie, and I’m pretty much stuck so far. All I’ve got is she’s in (rainy) Britain and “I’m melting!” Oops. Maybe there’s a rainbow at the end.

Of course, that doesn’t even begin to touch on her so far questionable intellectual, or legislative, achievements. She does appear to have an amazing propensity to shrug off negative performance reviews. So, par for the typical politician.

I hope she dies soon. I suspect she’ll be much happier that way. Still, I’ve got to say, what an ugly woman!

Home Sec. T. May says:

I’m afraid your analogies are more than a little hyperbolic. My good friend Jim Comey, a true wordsmith, suggested a more appropriate comparison: think of bulk collection as a government-mandated daily stool sample. It can’t be mass surveillance because it’s much less intrusive than a colonoscopy.

All we’re doing is grabbing all your shit. It’s not surveillance until we take a deeper look.

Whatever (profile) says:

I think there is a huge difference between mass surveillance and bulk collection. It starts with the very basic concept that one is active and directed and the other is passive and wide ranging.

Mass surveillance suggests a huge agency looking and and reviewing the actions, calls, whatever of each and every person on an active basis. it smacks of North Korea.

Bulk collection is more of a “stick it all in the warehouse and we’ll look at it if we need to someday”. It’s collecting the data (in often automated ways) but not actually paying people to review everything you do on a daily basis. You might get some phone calls or what not hoovered into the system, but the chance that anyone actually every even considered them for review is about nil. It’s a passive collect of data in case it’s your name every comes up in a more active investigation.

Collecting data without ever looking at it isn’t really surviellance, is it?

Chronno S. Trigger (profile) says:

Re: Re:

As Whatever so vary unintentionally points out, those who are in favor of mass violations of human rights are using words and definitions to distract everyone from the actions that are taking place.

The question should not be “Is what we’re doing best described as mass surveillance or bulk collection?” The real question is “Should the mass collection of everyone’s data be legal?” And the answer to that is quite clearly “Oh fuck no.”

Anonymous Coward says:

Re: Re:

The cameras at a convenience store aren’t called “collection cameras”, even if nobody has looked at the footage yet. They are “surveillance cameras”. You don’t know when they’ll be looking. It gives great power to whoever controls it.

Collecting data without ever looking at it isn’t really surviellance, is it?

But they DO look at it. It’s documented that several NSA employees spied on their significant other. Because they could. When they need to get warrants and spy on one person at a time, there is a paper trail. A judge needs to sign the warrant, and maybe someone at the phone company needs to set up the tap. When they just collect everything and look at whoever they feel like, nobody knows who they’re spying on unless they tell us.

The other half of the problem is the secrecy surrounding the very existence of the program. For all we know, they could have another program that taps into every single person’s cell phone and turns on the camera and microphone so they have a constant audio recording, and a video recording whenever they take it out of their pocket, of everyone who owns a phone. If they did have such a program, they sure wouldn’t tell us.

You might get some phone calls or what not hoovered into the system,

If by “some” you mean EVERY SINGLE ONE, then sure.

tqk (profile) says:

Re: Re:

I think there is a huge difference between mass surveillance and bulk collection. It starts with the very basic concept that one is active and directed and the other is passive and wide ranging.

You are such a pathetic being. No, don’t take that as criticism, it’s not. It’s just that you are such a pathetic being!!!

No value judgment, no approbation whatsoever, except you are such a pathetic being!!! What? You take exception to that? How?!?


That One Guy (profile) says:

Re: Re:

Collecting data without ever looking at it isn’t really surviellance, is it?

Yes, it is. It’s still collecting the data that can be used to track the behavior and actions of someone, that this might not occur immediately isn’t important. Using your example, if North Korea gathered up all the information, but only looked at it when someone caught their eye and they felt like making an example out of someone, would that make it ‘bulk collection’ and therefore any better than ‘mass surveillance’?

However, whether it is or not, it would absolutely be a violation of privacy, as can be easily demonstrated.

Say someone proposed to set up a program to track everywhere you go online, what emails you send and to who, who sends you emails and when, when you call and who, who calls you and when, and all that sort of stuff. None of the specific data(promise), ‘only’ the metadata. However, they promise that they would never look at the data collected.

Would you object, and if so why?

Remember, they promised that they’d never look at the data they were collecting, they’d just collect it, so if you don’t believe that the collection itself is a violation of your privacy, you should have absolutely no objection given that.

Anonymous Coward says:

Or when the police officers actually look at it.

This would be plausible if intent couldn’t be industrialized. However software CAN industrialize intent.

It isn’t the act of physically looking that constitutes the intrusion, it is the act of intelligent evaluation. And that requires no human presence. In fact it is often more productive WITHOUT a human presence.

However, the subject view would be consistent with political practices that go back centuries. The general tactic is that people don’t understand something, so that something can be used to to obfuscate an act of appropriation. In this case that something is software, but it doesn’t have to be.

The same basic practice is used by Congress and SCOTUS to circumvent article 1, and that has been going on since the dictionary act of 1871. The idea is that nobody understands corporations, so if we subvert civil rights through the corporate system, liability from a tyrannical act is somehow externalized.

There is (of course) a false economy to this. The French revolution clearly demonstrated that. The tragedy of it is that good leadership CAN fill the gaps, and allow the economy to grow and normalize. And that isn’t happening for a number of reasons. But a good place to start might be:

Overturn Citizens United. Reinstate Glass Steagall. Bust the trusts.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...