Surveillance technology is of two main types – equipment that keeps tabs on you in the physical world, and processes that track your activity “online” where computers keep a record of your communications and your financial activity.
The physical world is reasonably straightforward to understand. For instance, large numbers of CCTV cameras are installed in public and private spaces in the UK and recordings are kept of what they see. The cameras may be fixed, or a remote operator may be able to choose where they point and how much they zoom in. Newer systems can produce high quality material to enable precise identification of individuals and may also capture audio to accompany the pictures.
“Online” tracking can be equally revealing of people’s actions and movements. Mobile phones continuously interact with nearby cell towers so that incoming calls can be delivered. The phone companies are obliged to retain data about the location of a phone whenever a call is made or received, but if your phone is powered up then they have access to your location at all times and can provide this to law enforcement in real time if this is required.
The records that telephone companies (both fixed line and mobile) keep can be rapidly interrogated to provide lists of calls made from any particular phone, or to any particular phone. These lists will also include the duration of the call and the physical location of the endpoints. Call records can be identified either by the phone number or the phone’s unique IMEI device identifier – permitting the tracing of phone activity even when the SIM has been changed.
When interaction is by email instead of by phone then the authorities can still get lists of who is communicating with whom. The email provider is obliged (if they are within the European Union) to keep records of who email was sent to or from, along with timestamp information and exactly how large each email was. Once again, law enforcement regularly requests lists of this email metadata, which can be indexed by sender or receiver.
So far, all of the surveillance and tracking systems have been considered in isolation. One of the provisions of the draft Communications Data Bill was the creation of a data correlation system dubbed a “Filter”. This system would combine enormous amounts of data from different systems, hoping to identify activity that would not have been apparent within a single system.
It is fundamentally inherent to this proposal that Filter data should be collected on everyone’s activity and that this data should be made available en masse from the private companies, the ISPs and telephone companies that provide services, to government systems for the correlation processing. The data won’t necessarily be physically combined on a single system (in fact it would be poor engineering to do this) but it will be logically combined. The original collectors of the data will not have any knowledge of what it is being used for, or possibly even how much data is being processed, so there will be no opportunity for whistle-blowing should excesses occur.
This integrated processing promises to make it much harder for criminals to communicate over a diversity of systems and thereby avoid being tracked – records of phone calls, emails and tweets could be easily combined. But the system’s capabilities go much further than that and the type of “big data” system envisaged will be capable of complex data mining tasks.
To take a fictional example from Charlie Brooker’s National Anthem, the source of a YouTube upload could be identified by the uniqueness of its size and timing; or, closer to real life, the source of an embarrassing leak could be identified by cross-correlating records to pick out exactly who in Whitehall sent out an email whose reception by a journalist triggered an immediate call to the relevant newspaper editor.
The trade-off for these new insights into criminal activity is that more information must be automatically collected about everyone (“just in case”), it must be stored for long periods, measured in years, and it must be handed over to the government operated filter for processing with the inherent assumption that the processing will be necessary, proportionate and authorised. There is tremendous scope for misusing such a system; a police state would relish the opportunity of correlating data on everyone out on the streets for a demonstration, everyone gathering in groups behind closed doors – or just collating a list of everyone who passed on an email containing a subversive joke. The complexity and secrecy of the proposed “Filter” system will make it extremely challenging to ensure that misuse, or just simple “mission creep”, does not occur.
This is an extract of a longer chapter on the technologies of surveillance in from Open Rights Group’s Digital Surveillance report which offers less intrusive alternatives to the Communications Data Bill, or “Snoopers’ Charter”, which Nick Clegg blocked last week.