Stopping the Spies. Jane Duncan

Чтение книги онлайн.

Читать онлайн книгу Stopping the Spies - Jane Duncan страница 7

Stopping the Spies - Jane Duncan

Скачать книгу

or methods for the processing of data and for the purpose of establishing patterns. Search engines like Google mine people’s internet searches to analyse personal interests, and then on-sell this information to advertisers. But big data is being used increasingly by intelligence agencies as well. One of the challenges of living in the digital age is that we are not necessarily who our data suggests we are: we can develop ‘data doubles’, or digital identities that may bear little, if any, resemblance to who we really are and what we really think.16 These identities can then be used to profile people as terrorists or criminals, even if they are innocent. So, intelligence analysts may tell computers to analyse datasets for individuals who have searched for information on how to buy a gun, have spent time in Syria or Iraq recently – where ISIS established its strongholds – and have made enquiries about travelling to Paris. Such an individual could match the profile of a terrorist. Yet, he or she could also match the profile of a researcher seeking to understand ISIS as an organisation, its criminal networks and its reach into Western countries. Or the individual may simply have travelled to the Middle East for personal reasons, have an interest in collecting guns and wish to take a holiday in Paris, with no underlying motive linking these actions and interests together.

      Big data analysis is meant to bring a measure of objectivity to intelligence-gathering, profiling possible suspects on the basis of clear criteria. In the process, analysts assume that they can eschew the subjective assumptions (even prejudices) to which analysis undertaken by humans is susceptible. Intelligence agencies like GCHQ have argued that mass surveillance does not violate privacy as there are no (or limited) human interventions in the process given that surveillance is a machine-driven process. The automated nature of the process means that the vast majority of data that is intercepted is discarded without human beings ever having looked at it. Once data of interest is identified, then an examination warrant is needed before the examination can be undertaken.17 However, the reality of big data analysis is somewhat different. There are six stages in the surveillance process: initial interception of the signals, often from cables as they enter the country; extraction, the stage where the signals are converted into an intelligible format; filtering, where analysts identify particular information of interest; storage, where this information is retained for further analysis; analysis, where the stored information is queried or examined; and dissemination, where the information is sent on to the relevant agencies.18 Spy agencies are reluctant to admit that privacy is interfered with at all stages of the surveillance process, while data is being diverted from its original and intended path, but this impacts on communications privacy even if it is an automated process.19 The most glaring privacy invasion occurs at the level of filtering, though. Analysts need to identify the search terms (known as selectors) for the processing of the raw data, and this involves subjective decisions about what matters and what doesn’t; so, clearly, there is human intervention at this stage, even if the selectors are used to undertake an automated filtering process.

      Analysts may use hard selectors (such as email addresses or telephone numbers), a combination of selectors (such as an Internet Protocol address combined with a name), or what Eric King, director of Don’t Spy on Us, an organisation campaigning for surveillance reform in the UK, has referred to as ‘fuzzy selectors that can easily be critiqued’ (such as ‘all Muslims living in the city of London’).20 Once analysts have the data, they may become so overwhelmed with the volume that they may bring their own subjective lenses to bear on the analytical process. As a result, agencies have a vested interest in being as precise as possible, but the dangers of overbreadth remain, nonetheless. According to King:

      Mass surveillance and targetted surveillance aren’t adequately precise. This doesn’t do justice to agency practice, which is to collect on a very large scale but in a targetted manner. Sometimes they overcollect. They may be going after a group, then may collect far more than they need … Targetted and mass surveillance are functionally hard to separate … What I take umbrage with is the limiting of people’s rights in the process. Where I have a problem, is the gathering of information of a whole country. Intrusion occurs when data is filtered out of the cable, irrespective of how much. There are a number of cases where communications have been intercepted when they were the target and where they weren’t the target.21

      US attorney Brandon Mayfield is a real-life example of just how wrong big data-driven intelligence work can go. In 2004, he was falsely linked to the Madrid train bombings after his fingerprints were matched incorrectly to those found at one of the scenes of the crime. His fingerprint had found its way into an International Criminal Police Organisation (INTERPOL) database for an arrest two decades earlier on a charge that was subsequently dropped. In addition to his matched fingerprint, Mayfield became a prime suspect because he had converted to Islam and, as an attorney, had represented a person accused of attempting to assist the Taliban. Another suspect who did not fit this profile was ignored.22 Yet, in spite of the real dangers of falsely accusing people of a crime through big data analysis, and using the analysis to confirm already existing prejudices against social groups (Muslims, for instance), intelligence agencies are relying more and more on intelligence gleaned from big data.

      ICTs have made contemporary life much more convenient; but they have also created new mechanisms of potentially anti-democratic social control. Is it really desirable for the state and private companies, sometimes working together, to regulate the most private actions and even thoughts of its citizens? The concerns about powerful institutions having such intimate knowledge about us have led to many becoming concerned that we are living in a surveillance society, where the collection, retention and analysis of vast quantities of data for the purposes of controlling human behaviour become central to our social fabric. Even more worryingly, we may be living under a surveillance state, in which the state uses this information to control citizens more effectively than in the past, because it has access to their most intimate details.

      The surveillance society and state did not come out of nowhere; they have been under construction for many years. David Lyon has warned about the dangers by referring to what he calls ‘the slow cooker of surveillance’, in which the practices and technologies that are being deployed now have evolved over several decades,23 but such warnings have been confined largely to the arcane forums of academic publishing, rarely spilling over into public debate. The ‘slow cooker’ effect becomes apparent only when people understand the full extent of the surveillance architecture and how different elements of the surveillance assemblage link together. This bigger picture allows active citizens to anticipate what the state’s capacities are likely to be, and how the corporate sector bolsters these capacities: information which, in turn, can be used to anticipate when the state is becoming too powerful.

      Surveillance creates mistrust between governments and citizens, leading to a reluctance to speak out on controversial issues of public importance, and even self-censorship. Being watched, or the fear of being watched, has a chilling effect in that it may dissuade people from expressing their innermost thoughts, and, when they do, they may alter what they have to say to please those who they think may be watching. In this regard, a distinction needs to be drawn between targeted surveillance and mass surveillance. Targeted surveillance involves the observation and gathering of information about individuals and groups where there is a reasonable suspicion that they have been involved in a crime, or where there are strong reasons to believe that they may be intending to commit a crime. This form of surveillance has also become known as ‘lawful interception’, as communications service providers are usually required by law to assist with such interceptions for the purposes of surveillance. Governments generally prescribe certain standards that communications companies must meet in making their networks surveillance-capable for lawful interception purposes: standards that originated from the Communications Assistance for Law Enforcement Act (CALEA), passed by the US Congress in 1994 to respond to law enforcement concerns that their ability to monitor networks was declining (or ‘going dark’) as more networks were digitised. The Act required network operators to use digital switches or handover interfaces that have surveillance capabilities built into them: a requirement that was subsequently incorporated into EU regulatory frameworks as well, according to standards set by the European Telecommunications Standards Institute (ETSI),

Скачать книгу