On the balance between civil liberties and intelligence operations.

In recent days there have been claims that there has been both more and less spying by New Zealand intelligence agencies. Proponents and opponents of the intelligence community have seized on one or the other claim to argue in favour or against NZ’s involvement in the 5 Eyes signals intelligence network and the expansion of powers awarded the NZ intelligence community under amendments to various security Acts during the past few years. Given that there is a forthcoming parliamentary review of the NZ intelligence community, it is worth cutting to the gist of the issue of “balance” between civil liberties and intelligence operations.

Monitoring and intercept technologies available to signals and technical intelligence agencies today are superior to those of ten years ago, especially in the field of telecommunications. This allows signals and technical intelligence agencies to do much more than was possible before, something that legal frameworks governing signals and technical intelligence collection have had difficulty keeping pace with. It would therefore seemingly defy credulity to claim that that spy agencies are doing less spying now than in the past, especially given what is known about the 5 Eyes network from the Snowden documents currently being introduced into the public domain.

But perhaps there is a way to reconcile the opposing claims. Can spy agencies actually be doing less with more?

The assertion that there is less spying by NZ intelligence agencies now than seven years ago can be reconciled with the recently released GCSB annual report stating otherwise by understanding that under the intelligence community’s interpretation, “mass collection” is not equivalent to “mass surveillance.” Although the 5 Eyes and other national signals intelligence agencies use systems like PRISM to grab as much meta-data as possible as it passes through nodal points, that data has to be mined using systems like XKEYSCORE to obtain collectable information. Bulk “hovering” of all telecommunications in specific geographic or subject areas by agencies like the GCSB still has to be searched and analysed for it to become actionable intelligence. That is where the use of key words and phrases comes in, and these are not just of the usual “jihad” or “al-Qaeda” variety (since the bulk of intelligence collection is not focused on terrorism).

Although the GCSB may be doing more bulk collection of electronic data, it claims to be analysing proportionately less of what is collected than during the last year of the Fifth Labour government. So it is doing less with more. But a fundamental problem remains when it comes to intercepting telecommunications in democracies.

That problem is that whether it is analysed or not, mass collection of so-called meta-data of everyone’s personal and professional telecommunications presumably violates the democratic right to privacy as well as the presumption of innocence because it is obtained without there being a particular suspicion or specific reason for its collection (much less a warrant for its collection). Bulk intercepts can then be data-mined after the fact using classified search vehicles in order to build a case against individuals or groups.

That runs against basic tenets of democratic jurisprudence. Moreover, indefinite storing of meta-data that has not been analysed but which could be in the future in the event target (and key word) priorities change is something that is the subject of legal argument at this very moment.

There are therefore fundamental principles of democratic governance at stake in the very collection of meta-data, and these cannot be easily set aside just because the threat of terrorism is used as a justification. The issue is constitutional and needs to be resolved before the issue of “balance” can effectively be addressed.

However, for the sake of argument let’s accept that bulk collection is not mass surveillance and that the former is legal. How does one balance civil liberties and security under such circumstances?

The implementation of balance under such conditions starts at the point where data mining begins. What are the key phrases and words that identify targets for closer scrutiny? What are legitimate targets and what are not? Some search terms may be easy to understand and broadly accepted as necessary filters for the acquisition of more precise information about threats. Others might be more controversial and not widely accepted (say, “opposition leader sex life” or “anti-TPPA protest leaders”).

That is where the issue of effective intelligence oversight comes into play and on that score NZ is sorely wanting. There have been some cosmetic changes in the workings of and a slight extension of the powers of the Inspector General of Intelligence and Security, and the process of issuing domestic security warrants made more robust with the participation of the Commissioner of Security Warrants. Yet any honest assessment of the oversight mechanisms of the NZ intelligence community will show that they are inadequate when it comes to providing effective and transparent proactive as well as retroactive oversight and review of our intelligence community’s activities given the range and scope of the latter.

These mechanisms are fewer and less effective than those of most liberal democracies (including our 5 Eyes partners), which means that NZ’s intelligence partners may well ask it to do things that they cannot do themselves due to the restrictions imposed by their own oversight mechanisms. That possibility should be of concern and needs to be addressed. Relying on the good faith of NZ intelligence agencies involved is not enough, especially given their history of playing loose with the rules when it suits them.

Therein lies the core problem with regard to balancing civil liberties and intelligence operations. If there is effective intelligence oversight before the fact (“proactive” in the sense that oversight mechanisms dictate was is permissible data-mining before it occurs) as well as after the fact (“retroactive” in the sense that oversight mechanisms hold intelligence officials to account for their use of bulk collection and data-mining), then balance can be achieved. However, if such effective oversight is lacking–again, both proactive and retroactive in nature–then the “balance” will be skewed heavily in favour of unaccountable intelligence collection and usage. That is not acceptable in a democracy but is in fact the situation at present in New Zealand.

Then there are the issues of how national security is defined and what role intelligence agencies play in its defense, on whose behalf NZ intelligence agencies engage in espionage, and with who the intelligence obtained by human, signals and technical means is shared. This matters because trying to achieve balance between civil liberties and intelligence operations without addressing the larger context in which the latter occur is much like putting the cart before the horse.

Drifting toward a surveillance culture

As a propaganda geek, I’m concerned (some might say paranoid) about surveillance and its growing use as a means of social control, or as a tool to gather information used to justify and enact other social control mechanisms. Surveillance is the flipside of propaganda, and propaganda systems of social control can’t function properly without the feedback which surveillance provides; effectively, without surveillance, the controller is blind. This encompasses both the hard kind (cameras, enforced ID checking, enhanced search and detention rights) and the soft kind (data mining and data matching, consumer profiling, and so on). For this reason I don’t have a Facebook account, or a Fly Buys card, and I don’t use my gmail account for anything much other than website registrations as a spamtrap; and everything into or out of my webserver in Texas is encrypted. Although since they decided that registration wasn’t mandatory I do have a Snapper card (I wrote about potential surveillance problems with Snapper a bit over a year ago). I feed it with cash. Note: I’m not paranoid about hiding my identity; I’m paranoid about what other information might be matched to it and how an interested party might use that information to target me for use as part of their agenda.

Anyway. Surveillance is becoming increasingly ubiquitous, as people trade off privacy against security, but the problem is that the trade-off is implicitly framed as a matter of who you choose to trust – the ‘crims’ (those with something to hide and therefore something to fear), or those who maintain that security (and who necessarily have greater powers to put that information to use).

I’m working on a project at present which involves reviewing a great deal of media coverage about antisocial behaviour in Western Australia, and surveillance appears widely regarded as the key to cracking the (apparently endemic) problems they have over there. These include:

  • Cameras in streets, cameras in parking lots, cameras on nightclub doors; cameras above dance floors, cameras everywhere, in many cases mandated by liquor licensing regulators
  • Rights for police and other authorities to access footage in real time
  • Fingerprint scanners on club doors
  • The requirement to ‘sign in’ to clubs by giving over your ID as a condition of entry
  • Systems by which one club can (must? not sure about this) immediately share its patron database with other clubs in the area, so if a patron is ejected from one club they are barred from them all
  • Powers for police and licensing regulators to ban ‘problem patrons’ from every single licensed premise in the state for a period of up to five years, without them having been found guilty of any offence

ID cards have worked well in Europe beforeFrankly, it’d be enough to put me off going to the pub. The culture there has become so accepting of surveillance that this is generally unquestioned by those in authority, and the electorate demands nothing more of its representatives. Perhaps even worse is the UK, whose national ID card scheme was the subject of an excellent but unsuccessful counter-propaganda campaign.

While we have some surveillance cameras (most notably in Queen Street and central Christchurch) and a reliance on RFIDs (in passports, for instance), and we have a police culture of aggressive surveillance and with strong authoritarian tendencies, things aren’t so bad in New Zealand. So it is with some dismay that I read yesterday’s op-ed by Chapman Tripp solicitors Simon Peart and Richard May on the NZ Herald website which warns of the alarming powers of surveillance and social control which could be exercised by regulatory bodies including the Commerce Commission, the Reserve Bank (!) and MAF under the newly (and quietly)-introduced Search and Surveillance Bill. They really are quite alarming – the right to covertly surveil ordinary citizens in their own homes, the extention of enforcement powers normally the preserve of the police to other regulatory bodies, the right to infiltrate and surveil computer networks and to secure premises against their legitimate owners, and, frighteningly, the nullification of legal privilege in some communications. Read the article. Read the bill if you can spare the time (it’s 196 exhausting and obfuscatory pages).

As I said, this comes down to trust. The problem is that, even though I generally trust governments, I don’t trust their regulatory and social control agencies which are not subject to electoral veto. That’s the problem with this bill – it seeks to remove the matters of surveillance and investigation from the political sphere where it belongs and create a new surveillance culture norm in NZ.

Edit: I have somehow missed the Gordon Campbell’s excellent piece on the same topic. Read that, too.

L