THE NEW FRONTIERS OF PRIVACY
Mr Simon Davies
Visiting Fellow, Computer Security Research Centre
London School of Economics
United Kingdom
Privacy has become one of the most important human rights issues of the modern age. At a time when computer based technology gives government and private sector organisations the ability to conduct mass surveillance of populations, privacy has become a crucial safeguard for individual rights.
According to opinion polls, concern over privacy violation is now greater than at any time in recent history. Uniformally, populations throughout the world report their distress about encroachment on privacy, prompting an unprecedented number of nations to pass laws which specifically protect the privacy of their citizens.
The basis for this legal activity rests on a growing understanding that privacy is a fundamental right. Privacy is a concept which underpins human dignity and other key values such as freedom of association and freedom of speech. These rights are established squarely in international covenents, and are protected specifically in the constitutions of many nations. Moreover, the increasing sophication of information technology, with its capacity to collect, analyse and disseminate information on individuals, has introduced a sense of urgency to the demand for legislation.
In this talk I want to set out the factors which are driving the new surveillance societies of the world, and describe the keen awareness that is fuelling a resurgence in privacy activism. The tension between these two forces will grow logarithmicly in coming years.
I must repeat what others have said many times : privacy is endangered. New developments in medical research and care, advanced transportation systems and financial transfers have dramatically increased the level of information generated by each individual. Computers linked together by high speed networks with advanced processing systems can create comprehensive dossiers on any person without the need for a single central computer system. More important, surveillance has become a fixed design component in virtually all information technology.
Rapid advances in the development of powerful technology, in conjunction with the demand for greater bureaucratic efficiency, are promoting a seamless web of surveillance from cradle to grave, from bankbook to bedroom. New technologies developed by the defence industry are spreading into law enforcement, civilian agencies, and private companies. At the same time, outdated laws and regulations are failing to check an expanding pattern of abuses.
Human rights groups are concerned that much of this technology is being exported to developing countries which lack adequate protections. Currently, there are few barriers to the trade in surveillance technologies.
Government and citizen alike could potentially benefit from some of the IT schemes being implemented in the private and public sectors. New "smart card" projects in which client information is placed on a chip in a card may streamline complex transactions. The internet will revolutionise access to basic information on government services. Encryption can provide security and privacy for all parties.
However, the successful implementation of these initiatives require a bold, forward looking legislative framework. Whether governments can deliver this framework will depend on their willingness to listen to the pulse of the emerging global digital economy. It will also depend on industry recognising the need for strong protection of privacy.
My own view is that - notable exceptions aside - privacy is seldom recognised outise Europe, either by government or the private sector. Industry continues to pursue models of self regulation that are, at best, lowest common denominator protection for consumers. Ever since personal information became a "value added" component of business, few companies have been willing to relinquish the opportunity to amass and process all manner of data.
In 1994, conscious both of the shortcomings of law, and the many differences in the level of protection in each of its States, the European Parliament passed a Europe-wide directive which will provide citizens with a wider range of protections over abuses of their data. The Data Protection Directive sets a benchmark for national law. Each EU State must pass complementary legislation by October 1998.
The Directive also imposes an obligation on member States to ensure that the personal information relating to European citizens is covered by law when it is exported to, and processed in,countries outside Europe. This requirement has resulted in a growing pressure outside Europe for the passage of privacy law. Those countries which refuse to adopt meaningful privacy law may find themselves unable to conduct business with Europe.
The passage of the Directive highlights an interesting irony. While it is clear that privacy invasion is recognised more than ever before, it is equally true that privacy invasion has never been so substantial. And while Europe sets out to pioneer a global privacy regime, it is also setting out to create the foundations for a global surveillance society.
Earlier this year, a report commissioned by the European Parliament confiormed the existence of a network of supercomputers operated by the secretive US National Security Agency (NSA), an agency responsible for intercepting communications across the world for the benefit of American business and government.
The report "Assessing the Technologies of Political Control" commissioned by the European Parliament's Civil Liberties Committee stated "Within Europe, all email, telephone and fax communications are routinely intercepted by the United States National Security Agency, transferring all target information from the European mainland via the strategic hub of London then by satellite to Fort Meade in Maryland via the crucial hub at Menwith Hill, Yorkshire".
The report added that the NSA, in collaboration with Germany and the UK, indiscriminately intercepts electronic communications to extract valuable information using artificial intelligence systems to identify key words.
At the same time, the UK civil rights organisation Statewatch uncovered the existence of a document "Memorandum of understanding on the lawful interception of communications", signed jointly by European nations and the US, creating a global communications intercept arrangement that appears to have been agreed outside the purview of national parliaments..
The revelations have sparked activity amongst civil rights and direct action groups in some countries. The European Parliament is set to take the unprecedented step of debating the issue in plenary session on September 16.
Until recently, these and other surveillance schemes went largely unnoticed. In the past two years however, dozens of activist groups have formed loose alliances to - as one campaigner described it - "put the pieces together".
At a more mundane level, domestic surveillance and privacy invasion as falling prey to an increasingly educated public and media, who are less willing to accept "public interest" arguments in support of surveillance.
The next ten years will be interesting. I have no doubt that the current mania for establishing surveillance schemes will spawn a resiliant and dynamic privacy movement. I also believe that citizens will start to use their rights under data protection law. If Big Brother persists, he is likely to have a fight on his hands.