Should privacy advocates justify surveillance by measuring its benefits?

Should privacy advocates justify surveillance by measuring its benefits?
By Simon Davies

gchq-kelsey

By Simon Davies

A controversy has been slipping increasingly into the privacy realm over the past couple of years. It concerns the question of whether intrusive surveillance can be justified through its results. That’s to say, if surveillance can be shown to – even marginally – benefit public safety, should we accept it?

It’s the sort of discussion that pervades many areas of advocacy, though usually with a more unequivocal outcome. Prison reformers don’t applaud rhetoric; they want measurable improvements. Environmental protection campaigners don’t want fancy CSR language; they seek an evidence-based approach that guarantees positive change. The question in my mind is whether privacy advocates can – or should – use such an equation.

To some extent, many of us already do use that equation. I’ve lost count of the number of times I’ve attacked surveillance initiatives on the basis that they simply cannot work and are therefore an orchestrated confidence trick. This is a legitimate argument to link self-interest, hypocrisy and deceit with the premeditated denial of rights. But while such a position is admirably suited to, say, carbon emissions, does it work equally well for privacy? Volkswagen’s reputation was utterly annihilated because of the recent emissions scandal, but the reputation of Verizon following the Snowden revelations has remained at least vaguely intact. One breach is regarded as non-negotiable while the other is navigable.

What, for example, if it could be proved that mass surveillance was useful even to a fraction of the claimed extent? Would this undermine the principle that we should be able to live our lives free from mass surveillance?

Of course not all branches of human rights will tolerate such an argument. The “non-derogable” (absolute) rights certainly don’t. Freedom from torture is freedom from torture, regardless of the pragmatics. When, for example, O.J.Simpson defence lawyer Alan Dershowitz advocated warranted torture he was roundly condemned. Equally, the absolute right of freedom from slavery cannot be compromised simply through pragmatic or economic arguments.

The right to privacy may rest on a slightly more negotiable foundation, but we nonetheless need to get that foundation secured. Much has been written about transparency and accountability in surveillance. Measurability, less so. This gap is understandable. Many privacy advocates are righty wary of supporting formulae that may undermine the foundations of privacy rights. What, for example, if it could be proved that mass surveillance was useful even to a fraction of the claimed extent? Would this undermine the principle that we should be able to live our lives free from mass surveillance? And who would be empowered to make such judgments? The courts talk up such considerations, but particularly in Europe they largely leave the final decision to the dubious machinations of national governments. My dilemma is whether the long term interest of privacy is served by agreeing that surveillance can be quantifiably justified, or whether that approach makes this fragile right hostage to fortune.

We all accept at least some degree of surveillance in our lives and I am well aware of an irony – or even a hypocrisy. Here’s one example from personal experience.

Some background. One of the best kept secrets in Washington DC happens to be located in one of its most public spots. Some readers will know this place. If you amble down Madison Place by the side of the President’s home via the South Lawn, you end up in a quite lovely park – the Ellipse. The White House stands behind you, and the great monuments of Washington are lined up in front. If you’re lucky, you may catch the President fluffing his bedding before sleep.

Even by Washington standards, this is an iconic spot. Millions of people know it, evidenced by the hordes that inhabit it each day. But at night the place is deserted. This stands to reason. Everyone knows DC parks are not the sort of places to hang out at night. Well, for most of us anyway.

Still, for twenty-five years (until 2013, when I boycotted traveling to the US), I regularly visited this place in the dead of night. With friends, colleagues, companions, lovers, we would sit under the moonlight with bottles of whisky in the shadow of the White House and take in this most amazing of locations. And we were utterly alone.

Even the most ardent of privacy advocates agree there must be some sort of equation for assessing the public interest of surveillance. The difference between the view of privacy advocates and view of the surveillance hawks is that we – the advocates – believe this equation must be based on accountability, transparency and measurability.

Of course, when I say “alone” I’m being ironic. Only a fool would imagine you could sit in the shadow of the White House and be alone. I was fully aware that our every move was being scrutinised. Snipers on the White House roof were watching us. Covert security operations had already relayed our existence. The park was deathly still, but there was a hive of secret activity that paranoically hovered around us.

Did I care? Not really. It was a controlled situation that worked to my advantage. I never encountered thugs, hoodlums or desperados. And I knew if any such characters were to appear, the last thing the Administration wanted was a scandal involving violence so close to the White House.

How is it that a provocative privacy advocate of thirty years standing is happy to voluntarily submit to intensive surveillance? The answer, I believe, is simple. I did so because I believed the trade-off worked measurably in my favour. I entered into the situation in full knowledge of the consequences and in full knowledge of the dynamics.

The reason for relating this story is that it goes to the heart of the privacy issue and yet it remains one of the toughest questions for many people to resolve. There was much heat and little light last week when I discussed this matter with strangers in an Austrian bar. Many believed there was some sort of newfound public duty to support surveillance, regardless of outcome.

That pub conversation stirred some misgivings in my mind. Is it more important for privacy advocates to contest the “fact” of surveillance, or should we focus on pragmatism? Do we cut a deal (e.g. more transparency) or do we fight surveillance on principle?

Even the most ardent of privacy advocates agree there must be some sort of equation for assessing the public interest of surveillance. The difference between the view of privacy advocates and view of the surveillance hawks is that we – the advocates – believe this equation must be based on accountability, transparency and measurability. Sadly, those elements are rarely present.

Returning to my anecdote, the White House scenario equated to a tacit agreement between the security forces and I. Yes, I agree to them peering at me through telescopic sights in return for my protected iconic experience. No, I do not agree to them covertly placing audio bugs in the park or using facial recognition software. That’s a deal breaker. Fortunately, facial recognition equipment doesn’t reliably work in the dark at 150 meters. And using covert audio bugging in a public place would quickly become a fourth amendment issue, so I felt fairly confident.

Just about everyone – including privacy campaigners – regularly enter into such arrangements. And if we don’t do it for ourselves, we certainly do it on behalf of vulnerable loved ones.  Still – for most sensible and sensitive people – the White House equation applies. We need an assurance that surveillance is fit for purpose and that it is confined to agreed limits.

Rare exceptions aside, government departments can’t get away with living in the world of the subjunctive, nor should they. They are required to quantify risks and benefits.  

Countries such as the UK have been grappling with this question for some time. In Britain, for example, CCTV has created a surveillance canopy across the entire country and yet the benefits to public safety are anecdotal at best. This fact has not stopped the expenditure of billions of pounds on the technology. The measurability applied by privacy advocates against the technology is often trumped by the criteria applied by authorities in favour of it (i.e. it makes the public feel safer and “what price a life”?)

This is powerful logic. TV footage of some poor victim being mugged proves in the public mind the worth of CCTV, even though the mugging was never prevented. And even if it were to be proved prevented, that one incident would be fodder for authorities to proclaim the universal value of the technology. Problem is you can’t prove a negative – and many people are driven by fear. Hence the widespread support for surveillance.

In some respects, applying quantification in privacy can be dangerous. Such measurability is best suited to outcome-based analysis such as with environmental protection, healthcare, public transport reform or health and safety. If we move in that direction do we end up with some sort of “privacy sustainability”, just like discredited sustainable development? That is, a deal that is cut for convenience. Back in 1991 I told a US conference that this syndrome is “pragvocacy” (pragmatic advocacy).

I wrote a piece on this site last year arguing that security forces and police must be subjected to the same level of accountability and scrutiny that apply to health authorities. Despite some nervousness, I stand by that assertion. Historically, security services survive on the subjunctive – the “what if”. What if we didn’t identify a terrorist plot? What if there was a planned revolution and we didn’t see it? What if the Chinese gained an advantage over our country’s crude oil bid?

Rare exceptions aside, government departments can’t get away with living in the world of the subjunctive, nor should they. They are required to quantify risks and benefits. Public disease control departments gain their budgets in the margin of the measurably possible, not the speculative. They tell parliaments what is plausible and then identify the spectrum of likely outcomes for the country. They then run prevention and mitigation mapping that shows how much an increased budget will reduce risk and be cost effective.

Not so the security agencies. Their subjunctive narrative is limitless, bolstered not just by an “if you knew what we know” mantra, but also a beautifully crafted argument that if incidents of terrorism are shown to have declined, agencies can say this trend is the result of more efficient security, and if the trend is to continue budgets need to be increased to keep pace with new technologies. If terrorist incidents rise, then the budgets are increased without question.

Regardless of where we end up on the question of principle over pragmatism, the standards of transparency, accountability and honesty must apply. As for measurability, that’s perhaps a question for the future.

August 15, 2016 at 01:26PM
via The Privacy Surgeon http://ift.tt/2aXOTmU

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s