Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Some observations on surveillance Blair Stewart
20 November 2014 at 09:21

dodo edit 2

Surveillance and privacy is a heady mix. So much has been happening in that space before and since Edward Snowden’s revelations that it can be hard to keep track of the twists and turns and to see the big picture of the issues.

Wouldn’t it then be helpful for an expert in privacy to provide a summary and point us to some of the key issues?  Well, someone has …

Many in the New Zealand privacy community will well remember Paul Chadwick, the first Privacy Commissioner for the Australian State of Victoria (2001-06). Since leaving that role, Paul has gone on to a five year stint as director of editorial policies at the Australian Broadcasting Corporation and is now a non-executive director of the Britain’s Guardian news organisation in Australia.

We were fortunate to secure Paul as moderator of the ‘Surveillance versus Dataveillance’ panel session at the 36th International Conference of Privacy and Data Protection Commissioners. The conference was held in Mauritius on 13-16 October. In introducing the session, Paul was able to bring his usual clear style and insightful approach, honed by years as a privacy commissioner and journalist, to telling the story and distilling the essence of what has been going on. It is a useful read for all who are interested in privacy and state security.

Paul’s full presentation is available on the conference’s website. He began his presentation with three things we have long known about surveillance:

  • digital technologies reduce the cost of surveillance and make it easier to undertake surveillance on a mass scale
  • surveillance can serve legitimate purposes but it can also pose serious risks
  • to manage the risks we need a framework of law - confidence in that framework gives legitimacy to the trade-off between privacy and security in democracies.

But in the last 18 months, he observed that much has been revealed in the Edward Snowden aftermath about collection and use of personal data by the United States and, by implication, its allies in the Five Eyes group - the United Kingdom, Canada, Australia and New Zealand.

In brief, he suggests that:

 “We have learned:

  • surveillance of phone, email, social media and internet activity is far more extensive than previously understood
  • frameworks of law that were thought to operate to give surveillance legitimacy in democracies have been, if not broken, then stretched perhaps beyond usefulness
  • oversight mechanisms seem to be inadequate since what happened has taken place despite the existence of those oversight mechanisms.”

He goes on to recount the initial response of some governments and then the later and evolving responses. For New Zealand readers, there may be some interest in mention of one local response in the form of a presentation “Privacy & Security: Identity Society and the State in the Internet Age” to our Privacy Forum earlier this year by GCSB director Ian Fletcher.

In comparatively high praise, Paul commented that “Unlike many statements by leaders of the intelligence and security community and their spokespeople elsewhere, Mr Fletcher’s speech was not dissembling, platitudinous or fear-mongering.”

Paul goes into some detail on several specific current controversies before ending upon the fundamental issue of public trust in democratic institutions: 

“One of the most troubling aspects of the Snowden disclosures for a person familiar with privacy and data protection work is the potential of the disclosures, combined with the initial response, to shake the confidence of the public in the valuable work that is done by some legislators, judges, privacy and data protection agencies and privacy specialists within large corporations and government organisations.  That is, the work done by most of you attending this conference.

“You work routinely to try to ensure the proper handling of many diverse types of personal data.  Most of it has nothing to do with national security and we trust that on a mass scale it is of no interest to intelligence and security agencies.  Medical data is one example.  Public confidence in the proper collection and use of that kind of data is essential. 

“Crises of legitimacy have their costs. 

“People who lack confidence in institutions’ assurances start taking self-defensive measures which can be self-defeating.”

These are timely reminders for all who are involved in data protection whether they are in government, industry or regulators’ offices.

,

Back