Last week saw the publication of the review into the UK's data investigatory powers by David Anderson QC, who labours under the title of the "Independent Reviewer of Terrorism Legislation". The media response predictably focused (with some helpful nudges by government sources) on whether ministers should be able to unilaterally issue interception warrants without judicial oversight, framing it as a contest between different powers within the traditional state and thus an issue of checks and balances - an interpretation that all sides (i.e. insiders) feel comfortable with. The question of the rights of citizens (let alone the rights of non-citizens) and the related question over the nature of online data were both marginalised. We continue to fail to adequately address the management of the haystack (the bulk-collection of data), fussing instead over the correct protocol for extracting needles.
The key principles that inform Anderson's recommendations are "minimise no-go areas" and "limited powers". In other words, the state should be able to harvest whatever commercial data companies gather, but within a legal framework, which is essentially the status quo. The special safeguards to be made for privileged groups - such as journalists, MPs and lawyers (section 12.60-67) - is an example of the "judicious" approach that assumes surveillance is targeted, should be proportionate, and treats subjects as specific "persons of interest". It thereby also flatters the named groups. This is an operational model that has been out of date since at least the mid-90s and arguably since the arrival of digital phone switches in the 1970s. When someone like Piers Morgan knows how to hack a mobile phone, what this highlights is not just systemic corruption and a crisis of ethics within a privileged sector, but that data storage and communication is wide open to abuse.
The sophisticated neoliberal commentariat, with the lofty Martin Kettle to the fore, offer an alternative dichotomy of competing interests in the form of securocrats versus libertarians. The fundamental assumption remains the same: we require a compromise and fortunately there are men and women of good will on both sides (they probably went to college together) so a middle way can surely be found that serves the "public good", an ideal that is best determined by ignoring the public. The idea that the interests of each and every individual citizen would be safe in the hands of judges, and that this represent a categorical improvement on ministerial oversight, is predictably naive, but that pales beside this choice Kettlism: "The champions of online privacy have often been unwilling to concede, sometimes even as a matter of principle, the claims of the guardians of the state for necessary powers of intrusion to protect the public." That's often, not always, but the slur serves to characterise the opponents of the state as absolutist and unreasonable, as if they intended to abolish the police into the bargain.
In fact, the contest that the review reveals is one between those who wish to exploit the new asset of "big data", the Internet companies and the state, and the basis of their dispute is purely financial: who pays for the infrastructure of surveillance? The interests of society, the source of that data, are treated as irrelevant. Anderson fails to consider that the activities of data companies may constitute a threat, his analysis (section 3) instead biasing towards "national security" and "good order/public safety". Instead, he separately concedes the concerns of critics only insofar as they can be expressed as a quid pro quo, and therefore a commercial exchange, quoting Bruce Schneier thus: "The bargain you make, again and again, with various companies is surveillance in exchange for free service". Schneier's choice of words was unfortunate, as "bargain" suggests an arrangement freely entered into, but we know that few people fully understand the terms of the deal, even if they trouble to read the EULA.
If he wants to treat the relationship of the individual and Internet businesses wholly in terms of a commercial exchange, Anderson needs to bear in mind that consumer law isn't limited to caveat emptor. The state has enacted a wide range of protections. So why is it reluctant to do the same in respect of online data? The answer can be found when Anderson directly addresses private sector activity (8.65-106) and concludes: "(a) It may legitimately be asked, if activity of a particular kind is widespread in the private sector, why it should not also be permitted (subject to proper supervision) to public authorities. (b) The extent to which we think it normal to share personal information with private sector providers will in any event tend to condition the terms in which we think about what it is acceptable to allow the state to do on our behalf." Clearly the state is neither disinterested nor independent when it comes to online data.
Historically, a mixture of self-interest (e.g. capital's incentive to keep Labour healthy) and democracy (i.e. the demand for universal rights) has encouraged government to regulate commercial practices. Though we can see the regulation of commodities and the development of consumer protection as an extension of biopolitics, i.e. techniques for the control of the population, we shouldn't ignore the extent to which it was also brought about by democratic pressure: the people demanding the right not to be bilked or endangered. That same pressure exists in respect of online activity, however it is being diverted in the UK through the false dichotomies of minister/judge and securocrat/libertarian, while in the US it is being diverted by the equally false dichotomy of citizen/non-citizen. While the weight of recent history makes other developed nations cautious in the area of surveillance, in the anglosphere there has been a distinct ideological turn towards treating advocates of "privacy rights" as shrill, marginal and even (horror of horrors) anti-business.
Anderson's treatment of what is "widespread" and "normal" in the private sector as intrinsically right also tells us that the "free at the point of use" model of the Internet has normalised the belief that the state should have unfettered access to citizens' data. Had the early commercial Internet in the 90s adopted a system based on micropayments, as many advocated, this would not necessarily have been the case. It is possible that an assumption of privacy and the restricted use of data would have become the norm, and while that would have limited the development of some (parasitical) applications, it would probably have enrichened datasets and thus created other opportunities. Of course, it's also possible that even with a viable micropayments infrastructure we'd still have ended up in exactly the same situation as we find ourselves in today, as savvy providers offered free service in return for unfettered data exploitation. The world will be bought up, one way or another.
Anderson's view on bulk personal data collection by the state (8.26-29), including GCHQ's harvesting of public sector datasets, is that this is a "powerful tool" and "entirely useful and rational". You can almost hear the panting. He continues the disingenuous distinction between content and metadata that the government and intelligence services have been pushing for years: "GCHQ has therefore suggested that there should be a new power to intercept only this information [i.e. metadata] rather than, as at present, all content as well. It points out that such an approach would intrude less into privacy" (10.28). He is obliged to separately note that there are many among "civil society" who question this interpretation (12.27). This is a classic example of British judiciousness: on the one hand this, and on the other hand that. The choice will be left to the politicians who commissioned the review, but it is clear enough what the establishment position is.
The review is what you would expect from a QC: a discussion about the balance of powers between privileged parties (ministers and judges) and an assumption that the law is a wholly adequate means to provide both executive control and safeguards to allay public concerns. There is no real acknowledgement of the nature of data as property, while the contrasting idea that data is an extension of the person (and thereby inherits rights) is limited by the assumption that its management is the proper and exclusive concern of the state. The historic shift, over the course of the twentieth century, from a society predominantly based on manual labour to one based on "knowledge work" has moved the emphasis of biopolitical control from the physical and categorical (i.e. the intrinsic value of individuals as units of production) to the cognitive and relational (i.e. the contingent value of the activities of fragmented individuals and groups). While opportunism and institutional paranoia plays its part, the state's eager interest in data surveillance fundamentally reflects this evolution: from the attempt to control what we do, to the attempt to control what we think.