It is a gross violation of privacy for communications companies to monitor their users despite what the intelligence services may claim.
The recent parliamentary inquiry about the death of Fusilier Lee Rigby of the streets of Woolwich in 2013 attempts to shift the blame for the lack of intelligence about the two murderers onto internet and communications companies, but that should never be a role for private companies.
After Rigby’s murder, an internet communications company, rumoured to be Facebook, passed details of a conversation one of the murderers had recently had with a foreign jihadist to British police in order to help with their investigation and prosecution of the two murderers. It is not clear whether this information was collected after a request from British police or MI5, or whether Facebook offered it up themselves – but helping with a police investigation like this is definitely something with which internet companies should help.
However, before any criminal or terrorist act has been committed, neither Facebook nor any other communications company should be actively monitoring any users unless issued with a judge-sanctioned warrant. If the police or intelligence services are unable to obtain a warrant because their evidence is too speculative, then it is certainly not for private companies to spy on their users.
The intelligence agencies generally do a good job of protecting the British public from terror attacks, and their actions in doing so should be commended – but when they have an intelligence failure, as in the case of Rigby’s murder, then they should accept the blame. Privacy is a human right, and there needs to be good reason for governments to interfere – which is why warrants are needed and no internet company should provide details on their users to governments unless forced to under the law. We would rightly condemn these internet companies if they gave personal information to authorities in China or Iran, which led to the arrest of pro-democracy campaigners, but inexplicably the intelligence services believe that they should have carte blanche for invading the personal lives of British citizens because they are the “good guys”.
Royal Mail was never expected to steam open the envelopes of all its customers just because a small minority may be using the service for something illegal, but that is what is being asked of internet companies. Private discussions are meant to be private and those snooping lack the context of the conversation – context which can only be gained from a more full investigation.
The Snowden revelations showed that GCHQ and the NSA regularly invaded people’s private lives without a warrant and catching many completely innocent citizens in their huge dragnet monitoring activities. Their actions in hacking the systems of many internet companies has caused many to improve encryption, which is now preventing them from accessing the data they once did. However, this does not mean that legislation like the new Counter-Terrorism and Security Bill should be passed to force internet companies to offer up that information and spy on their users for them.
The inquiry does say that some internet companies do not comply with warrants as they are US-based firms and only feel they should respect US laws, which is problematic – but this is a broader question about the governance of a global service. Most of these companies have offices in the UK, or at least in the EU, and so warrants from British authorities should be respected, and in most cases are, but this is a very different question to the monitoring of all users in case one turns out to be a terrorist.
Photograph by g4ll4is
Pingback: Information Security Breach Report – 27 November 2014 | SRM Blog