What's The Difference Between 'Mass Surveillance' And 'Bulk Collection'? Does It Matter?
from the words,-words,-words dept
As numerous Techdirt stories make clear, the particular words used to describe something can make a big difference in how it is perceived. For example, intelligence agencies like to avoid the use of the bad-sounding “mass surveillance,” with its Orwellian overtones, and prefer to talk about “bulk collection,” which can be presented as some kind of cool big data project. No one is more vociferous in insisting that they are not engaged in mass surveillance, but merely bulk collection, than the UK’s Home Secretary, Theresa May. She was pushing that line again last week, during a grilling by a UK Parliamentary committee about her proposed Snooper’s Charter. As BBC News reported:
She said the security minister, John Hayes, had written to the committee of MPs and peers scrutinising the draft bill to give the reasons why the government did not want to reveal the kinds of data investigators were accessing.
She insisted the practice — and the sweeping up by the security services of large quantities of internet traffic passing through the UK — did not amount to “mass surveillance” as civil liberties campaigners claim.
“The UK does not undertake mass surveillance,” she told the committee.
Given what we know that GCHQ is already doing, and adding in what the UK government says it wants to do, that seems an absurd thing to say. But Paul Bernal, Lecturer in Information Technology, Intellectual Property and Media Law at the UK’s University of East Anglia, thinks that there is more to this than meets the eye:
Precisely what constitutes surveillance is far from agreed. In the context of the internet (and other digital data surveillance) there are, very broadly speaking, three stages: the gathering or collecting of data, the automated analysis of the data (including algorithmic filtering), and then the ‘human’ examination of the results of that analysis of filtering. This is where the difference lies: privacy advocates and others might argue that the ‘surveillance’ happens at the first stage — when the data is gathered or collected — while Theresa May, [former GCHQ director] David Omand and those who work for them would be more likely to argue that it happens at the third stage — when human beings are involved.
If surveillance occurs through the act of gathering personal data on a large scale, then clearly what the UK government does (and wants to do more of) is mass surveillance. But if surveillance only takes place once a human operator looks at some of the gathered data, then Theresa May can plausibly argue that what the UK government is engaged in is not mass surveillance, because relatively little personal data is scrutinized in this way. So the question then becomes: at what point is it most appropriate to say that surveillance has occurred? Bernal offers a helpful analogy. What the UK government wants to do with the Snooper’s Charter would be like:
installing a camera in every room of every house in the UK, turning that camera on, having the footage recorded and stored for a year — but having police officers only look at limited amounts of the footage and only when they feel they really need to.
Does the surveillance happen when the cameras are installed? When they?re turned on? When the footage is stored? When it?s filtered? Or when the police officers actually look at it.
Most people would probably find the automated video recording of everything they did in the privacy of their own home intrusive, and clearly a form of surveillance, even if it was unlikely the footage would ever be seen by a human being. And in Europe, the question has already been settled by the courts:
Privacy invasion occurs when the camera is installed and the capability of looking at the footage is enabled. That?s been consistently shown by recent rulings at both the Court of Justice of the European Union and of the European Court of Human Rights. Whether it is called ?surveillance? or something else, it invades privacy — which is a fundamental right. That doesn?t mean that it is automatically wrong — but that the balancing act between the rights of privacy (and freedom of expression, of assembly and association etc that are protected by that privacy) and the need for ‘security’ needs to be considered at the gathering stage, and not just at the stage when people look at the data.
That’s important, because it is precisely this issue that the courts will have to consider when the inevitable legal challenges are brought against the UK’s Snooper’s Charter once some version of it becomes law. In the end, whether the Home Secretary thinks what she is doing is mass surveillance or merely bulk collection is irrelevant — the UK and EU courts will be the ones that decide whether it’s allowed.