Saturday, March 21, 2015
Seminar 2 Position Statement: Dr Brent Mittelstadt (Oxford Internet Institute)
Trust: The Missing Element in Surveillance
The Snowden revelations revealed global surveillance occurring at unprecedented levels and granularity. Debates over the ethical acceptability of intra- and inter-national surveillance often conceptualise the problem as finding the appropriate balance between privacy and security, wherein monitoring the interactions and communications of citizens are seen as a way to enhance national security and enforce law. This dichotomy is false, in that it is not necessary to locate a balance between the two values which can be universally applied to all instances of potential surveillance. Rather, it may be that more invasive violations of privacy can be justified within certain contexts, for example when an identified threat to national security (or other values) is imminent. A model for justifying surveillance is thus established wherein the degree of severity or invasiveness of a particular surveillance action is justified directly by the identification of a specific imminent threat. If this model functions properly, perpetual invasive surveillance cannot be justified by the vague possibility of a future threat or attack.
The proposed model of surveillance is missing a key element to justify the violation of citizens’ privacy: trust. In the Snowden revelations a relationship of trust between the NSA, GCHQ and citizens was missing, indicated most clearly by the secrecy of the surveillance operations and underlying legal processes. Trust is interpreted as an interaction between a system that collects and processes data, the users that provide the data, and stakeholders who access it. Trust can be seen as a sum of the credibility, motivation, transparency and responsibility of a system. Credibility is linked to ‘loyalty’ or ‘reputation’; a stakeholder must be seen as responsible or credible enough to handle sensitive personal data. Motivation refers to the intentions of stakeholders, or how they intend to use the data of users. To achieve trust these motivations, as well as the extent of data held, must be transparent to users so that the system (and its custodians) are seen as responsible: as a citizen, you must let me know what data you are capturing and how you plan to use it in order for me to consent to targeted or increasingly invasive forms of surveillance in times of crisis.
Trust is something that develops over time, based upon development of the system and stakeholders involved. Trust allows for violations of privacy to be justified in particular contexts. For trust to exist, transparency is required on the part of the organisation conducting the surveillance. A trusting relationship thus requires fidelity and transparency on the part of the surveillance organisation, and consent from data subjects. Participation in decision-making regarding appropriate forms of surveillance may also be required, in particular to establish appropriate limitations on transparency in the interest of operationally-required secrecy. When trust is breached, it must be clear who can be held responsible, and to what extent. Similarly, new or increasingly invasive forms of data analysis require notification within a trusting relationship. Systems and stakeholders that clearly establish responsibility before a system is implemented are, according to this conception of trust, more trustworthy. Each of these elements was lacking in the surveillance operations revealed by Snowden, indicating a lack of public good will which must be re-established if future surveillance practices are to be broadly justified.