The UK government has finally succeeded in getting its so-called “Snooper’s Charter” into law. The Investigatory Powers (IP) Act received royal assent in November and comes into force soon.
In short, it means the intelligence services, the police and other government bodies (including the tax man) can delve into how we all use the internet. ISPs must log the websites visited by internet users in the past year, devices can be hacked and there will be limits on encryption.
The new law even allows the Home Office to build a search engine (the “request filter”), that authorities can use to find interesting data kept by those ISPs.
Finally, entire chapters of the IPA concern new “bulk warrant” powers, that will permit authorities to collect and analyse online activity and phone records on a “bulk” basis.
Those who argue that monitoring individuals’ internet behaviour in this way is essential to keep us all safe are missing the point. Sit down, strap in and wait for the accusations to come flying in.
People have been sent to jail for a Tweet taken out of context or Facebook posts about a big night out getting someone fired – how long until we send someone to jail because their browsing history was taken out of context?
The collection of data in itself is not necessarily a bad thing, so long as people have a level of comprehension about who is collecting what and importantly, remain in ultimate control of their personal data to reduce the potential for misuse.
Mistakes that arise through misuse of personal data are already well illustrated by the marketing and advertising industry, where assumptions about a consumer’s interests or intent are made without context, leading to irrelevant and disruptive content interfering with a consumer’s online experience.
These assumptions are often derived from the same type of data that the Snooper’s Charter now enables the collection of.
As with the advertising industry, a glance at someone’s browsing history might disclose which sites they have visited, when and to some extent why. What it cannot always do is reveal the context or someone’s intention behind their behaviour.
For example, ‘I might have looked at a particular product online or visited a tourism website, but this does not mean I wanted to buy the item or take a holiday in that location and so, being bombarded with advertising for this will only serve to irritate me rather than trigger a buying response’.
Giving authorities the power to effectively log someone’s digital behaviour and then analyse their internet history without having a user’s permission or a proper understanding of their reasons is fraught with danger and risks damaging public trust.
It goes without saying that as awareness of the snooping law grows, the very people the legislation is designed to catch will go further underground, making more use of virtual private networks (VPNs), encryption and dark web browsing.
For the casual browser though, this creates an interesting philosophical debate. Using data collected under the new law, it stands to reason that a person could be arrested on suspicion of criminal activity and that the authorities could have obtained and analysed a person’s data – making the arrest on the assumption of intent, derived from the inaccurately modelled data – before the individual has even been able to avail themselves of legal advice.
These inaccurate assumptions could be used to build a case against the accused without taking context or intent into account, and given that the data has already been obtained, no further warrant would be required.
The potential risk in this scenario is that you could well be accused and even prosecuted for simply browsing content on the internet in a certain sequence, or with a predetermined frequency – thus supposing your intent.
If arrested and charged, you might eventually be released, but a record or even the charge could remain on your personal record with potential implications impacting your ability to travel or which jobs you are eligible to apply for.
HM Revenue and Customs (HMRC) could decide to take a person to court whose browsing history revealed they had visited a website about tax evasion.
This test case could lead to an action against thousands of similar people who had no intention of defrauding the tax authorities but might have accessed a publicly available site with relevant information on how to.
The government claims the new powers are subject to strict safeguards but critics argue that the IP Act is one of the most extreme surveillance laws ever passed in a democracy.
So what is the alternative? How do we have our cake and eat it, so to say? Perhaps it could be that in future people will install their own personal firewalls so they have to give their permission whenever someone wants access to their data.
If they refuse, they might be breaking the law but at least they would have an opportunity to explain their intentions.
The trouble with the new law is it removes the person who created the data from the process, which could lead to wrong assumptions being made.
people.io has the vision to build that firewall; where data collection, ownership and control is built around the user, ensuring greater transparency and accountability.
Data is powerful and can be used for good and bad reasons.
Yet if someone’s personal information is to be collected by the authorities surely it is only fair that the person who generated it is aware of what is happening and able to correct any misinterpretation from the outset.
Relying on algorithms to interpret intention is how the advertising industry has got it so wrong and there is no reason to suppose that Government will be able to do any better unless they involve a person in the process.
N.B. The extreme surveillance measures that make up the ‘Snooper’s Charter’ are under threat since the European Court of Justice said the Act was illegal. The British Government are taking their case to the Court of Appeal.
Sourced by Nicholas Oliver, founder of people.io