Security and privacy in the internet age

Government Communications Headquarters

March 4
12:16 2014

The internet is of course an awe-inspiring achievement.

Look at what it does - it allows people to access vast amounts of information and to connect across the globe in ever more complex ways. It is a fantastic tool for innovation and creativity, with digital startups and clusters in every corner of the UK, creating jobs and driving growth, and it has been instrumental in supporting the push for greater freedom, civil liberties and democracy around the world.

The security services are similarly awe-inspiring. Look at what they do: GCHQ has an illustrious history, from the code-breakers who defeated the Enigma machine and shortened the Second World War by at least 2 years, through to the contemporary fight against terrorism. As Deputy Prime Minister I have of course visited all 3 intelligence agencies and met the public servants who work there, and I have huge admiration for their talent and for their dedication.

International terrorism continues to present major challenges. Since 9/11 we have seen serious attempts at major acts of terrorism in Britain typically once or twice a year. Most of these plots have been thwarted and around 330 people have been convicted of terrorism-related offences. New threats arise all the time from new sources we face a new source now from people travelling to Syria, becoming radicalised and then returning to the UK. But it is not just terrorism. The threats we are facing are many and varied. They include the dangers posed by rogue and failing states, nuclear proliferation, transnational serious and organised crime, and cybercrime.

In an increasingly interconnected world, where the threats to our safety are also globalised, we rely more and more on intelligence-led security interventions to protect our people from harm. That means agencies who understand the internet, who understand how those who would do us harm use it, and who have the capability to identify and pursue them.

There will always be a question about how we balance the competing principles of freedom and security, and how in a democracy we achieve widespread political consent for the way in which we strike that balance.

This has been true in every age. But it is a particular question for now, as the potential and opportunities of the internet stretch out before us, as new technologies connect us ever closer together, and as terrorists, criminals and the authorities who try to track them down become ever more sophisticated in their operations and techniques.

Unfortunately, this debate has become caricatured in a way I believe is neither helpful, nor allows us to make progress on some of the vital questions of principle that are at stake.

This is not a binary debate between good and evil, between the forces of freedom, democracy and civil liberty on the one hand; and on the other a surveillance state, concerned only with mass collection of information on its citizens for the purposes of social control.

It is, rather, a debate about the strength of our democracy and its interaction with parts of the state that are, by their nature, secret.

It is this set of questions:

  • are the capabilities of the state proportionate to the risks we face?
  • do we have the right legal frameworks to protect our citizens human rights, freedom of communication and privacy, even as technology develops?
  • do we have the right oversight regime so that the agencies and those who work in them are held to account for their activities within those frameworks?
  • are we completely unstinting in the pursuit of transparency so that we are always confident that secrecy where it is used is a necessity, rather than simply a habit?

As President Obama has done in America, it is time to bring these questions into the mainstream of political debate.

This is a set of questions that I have been involved in for a long time, and one that requires constant discussion and challenge.

The public debate that has surrounded the Snowden leaks came on the back of a long running public and parliamentary debate about communications data.

Again, this was a debate that some caricatured in very black and white terms. But again, viewing this debate only from its 2 poles misses the point.

My challenge to the Home Offices comms data proposals was not an argument with law enforcement about the need for investigations to keep pace with new modes of communication on the internet. But in a world where internet freedoms are so highly fought for and highly prized, had we found the right, proportionate response to this capability challenge? Had we struck the right balance? My answer to this was no, and so I said that the proposed Comms Data Bill could not proceed.

There is another reason that I think we should be talking about this now. Over the past several years we have seen many of the pillars of our society deeply weakened through crises that eroded public trust. Parliament through the expenses scandal, the press through phone hacking, our banks, the BBC, the police. In each case we are having to work hard to rebuild public confidence. From these examples we have also learned that unless we act quickly to strengthen public support for these institutions, these failures can quickly become corrosive for the future. I do not want the agencies to suffer the same fate.

It is vital for the future safety and security of our country as well as the rights and freedoms of our citizens that we work tirelessly to sustain and support public trust in the security services, and secure widespread political consent for their activities and reach. And we should not be afraid if this means greater openness, and reform.

Privacy is integral to a free, fair and open society. A society in which views can be freely expressed in public and in private, whether its criticism of the government or an idea for a new business. A society in which people can move around freely and associate with whomever they please. A society in which people can reach their full potential, where no-one is enslaved by ignorance or conformity.

None of these is possible if we are constantly worrying about who might be reading our words, watching our movements, or monitoring the company we keep.

This idea - the notion that privacy is fundamental to democracy is enshrined in article 8 of the European Convention on Human Rights, the right to private and family life. Crucially, it is not what is termed an absolute right. Your private affairs are protected, but only up to a point: if youre intent on breaking the law and harming others, the state can invade your privacy.

This is a balancing test the public interest in preventing crime has to justify the level of intrusion that the state wishes to impose.

Or as John Stuart Mill put it:

the only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others.

Our intelligence agencies work within this legal and ethical framework in the defence of a liberal, open society. They have a duty to uphold the privacy of law-abiding citizens as well as the responsibility for investigating and disrupting threats to our national security.

The question is not whether the agencies uphold these values or comply with the framework. I dont doubt that. The question we need to ask ourselves is whether the frameworks we have set for them are fit for the internet age.

The agencies practices, of course, have evolved along with the communications they seek to intercept: first telegrams, then telephones, fax, email. When the internet went mainstream in the late 1990s, a new information medium was born and with it new modes of communication: discussion forums, web-based email, instant messaging, voice and videostreaming over IP, social networks, blogs, and micro-blogs.

The online world engulfed and digitised established technologies like video, music and print. Encryption flourished as individuals and businesses became increasingly concerned about cybercrime. And the web of course went mobile, extending its reach via smart phones and tablets into every corner of our lives.

This new medium has brought unprecedented opportunity, innovation, and the spread of new ideas. But it has also opened up new possibilities for criminals, terrorists and hostile states to plot, recruit and carry out attacks, while concealing their identities.

So the agencies have, rightly, harnessed the power of new technologies to ensure that our signals intelligence (or SIGINT) capability keeps pace with the technologies that people are using.

Meanwhile, the sheer amount of data we are generating has just gone through the roof. 22 billion letters are delivered by Royal Mail each year. That sounds like a lot, but roughly 2.4 trillion emails are sent every year in the UK. Thats more emails sent in 4 days than letters delivered in a whole year.

Then theres the 1 billion tweets, 23 billion Google searches, 70 billion Facebook views, 145 billion text messages, and 160 billion instant messages sent in the UK each year. Our online data and communications dwarf our real-life, real-world communications; and this trend is set to continue.

As the data mountain has grown, so has the capacity to store it, analyse it, and extract value from it. That is in many ways good news: for example, it means companies can offer us free services and applications driven solely by advertising revenues.

On the other hand, few of us are really aware of the size and nature of our electronic footprint. Smart phones, for inst

Related Articles


  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:

Post my comment

Recent Comments

Follow Us on Twitter

Share This

Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: