Trust, privacy and digital security

The pace with which the UK government is forcing through legislation to permit its security agencies legally to gather information about the use of digital technologies by people living in the UK raises ethical issues of the utmost importance. In the past, I have very much emphasised the significant concerns that citizens should have about the use of their ‘digital lives’ by both global corporations and governments. In so doing, I have sought to emphasise the interesting conjuncture of ideas surrounding the three concepts of trust, privacy and the law that lie at the heart of such discussions (for some early thoughts, see my 2010 paper on ICTs, citizens and states).

One of the most remarkable things about digital technologies, and particularly the extremely rapid expansion of social media, has been the ways that people have been willing to make so much information available for public view that was previously considered to be ‘private’. Why, for example, if people are providing so much of their information on-line for free should they have any concerns about whether or not governments make use of this? Social media companies have benefited hugely from the willingness of people to give for free without thinking too much about the consequences, and so too have those providing search engines and location based digital services.  So why should governments not likewise use this information?

In trying to unravel some of the complexities of these issues, it is useful to contrast two very different perspectives on what privacy actual is:

• The dominant view would seem to follow Etzioni (2005) in accepting that privacy is in effect a good that can be weighed up against other goods. From this perspective, people are willing to give up some of their ‘privacy’ in return for various perceived benefits. Hence, people seem to be willing to let companies use information about their e-mail or search engine usage, in return for having a ‘free’ e-mail account or the ability to search the Internet for ‘free’ for some information that they want to find. Similarly, it can readily be argued that governments can, and indeed should, be permitted to pry into the lives of individuals in order to protect all citizens, especially if a justification, such as preventing potential ‘terrorist’ action can be provided.
• An alternative type of definition of privacy, though, is offered by Friedman (2005) who instead sees privacy as a means through which we have power over our own lives. He emphasises the asymmetric power relationships between states and citizen. Few citizens, for example, possess their own tanks or fighter aircraft, and few have the digital analysis technologies that large corporations and governments possess. As he suggests, in referring to the state, ‘limiting its ability to protect us from bad things done to us by ourselves or by other people, may not be such a bad deal’.

In the past, I have very much supported Friedman’s arguments, and on balance still do. However, this is where notions of ‘trust’ become so important. From conversations in many different countries, I have come to the clear view that where people do not trust their governments, then they are much more willing for their digital lives to be known by companies, but where they do trust their governments then the reverse is the case. Governments have the power to do very bad things to their people, and digital technologies have the potential to offer them very large amounts of knowledge indeed in support of such actions.

The interesting observation to be made here is that it is actually the companies, be they ‘phone operators or social media corporations, that actually already collect this information on a regular basis, and indeed use it to generate their profits. Whilst there is much angst against governments for wanting to access some of this information, I am surprised at how little concern there actually is about the uses that companies already make of such information. Again, in part, this comes down to trust, but I think this is only in part. Companies seem to me to be much more circumspect in telling people actually what data they collect and how they use it. They leave the governments to take the flack in wanting to access such information!

The arguments currently being debated as the Data Retention and Investigatory Powers Bill moves through the UK Parliament are ultimately derived from social contract theory. In essence, building on the ideas of Hobbes and Locke in the 17^th century, the idea that citizens are willing to give up some of their rights to governments in return for protection of their remaining rights has become central to much of the way in which our governance systems work. Following Etzioni’s line of thought, citizens might therefore consider giving up some of their privacy in return for greater protection from other citizens (or ‘terrorists’) who for whatever reason wish to do them harm. It becomes incumbent for governments therefore to show that there is indeed a very considerable increase in the potential threat to citizens from ‘terrorism’, or indeed any other harmful effects, if they want to pry further into citizens’ privacy.

This is, in effect, what the UK government is seeking to do, without perhaps illustrating the full extent of the threat. As I learn more about these matters, and speaking with many people who I have come to trust over the last couple of years, I am becoming increasingly aware of just what the level of threat is, and I am much more persuaded by the arguments that some greater surveillance might indeed be necessary. However, the challenge for a government is that it is difficult for it to indicate just what these threats are because of the obvious security implications, and so citizens have to place a lot of emphasis on trusting their governments.

How can this be achieved? The most important thing in building trust on such matters is to have as full, open and transparent a debate as possible amongst relevant stakeholders. Rushing legislation through Parliament is therefore unwise, unless the level of threat is very severe indeed. I cannot judge this, but unfortunately recent failures of trust over such things as the UK’s support for the USA in the invasion of Iraq over ‘weapons of mass destruction’, make it very difficult for people to believe a UK government of any political colour on such matters.

MPs would therefore be wise if they are to pass this Bill to insist that immediately in its aftermath a wide-ranging and fully transparent consultation should take place, so that the issues are debated openly and constructively. This will take a considerable amount of time, but will ultimately be worth it, not only in rebuilding trust, but also in reaching a wise decision on how to balance privacy and security.

This does not, though,  resolve the concerns raised by Friedman, with whom my own allegiance really lies. The balance of power between states and their citizens is indeed unequal, and there must be mechanisms whereby governments and their servants can be held to account for their actions and misdemeanours. It is here where I believe the law is so important, and it seems to me that judges have a particularly crucial role to play in determining the appropriate balance. The separation of the judiciary from the executive is another important heritage of the British political system, and one that is shared to a greater or lesser extent in many Commonwealth countries. Whatever outcomes are agreed on in the consultation that I encourage, they must be enshrined in a very carefully constructed legal framework that can indeed insist on the severest of penalties for misuse of the powers that are being discussed in Parliament as I write.