Monday, July 6, 2015

Seminar 3 Position Statement: Iain Bourne, Group Manager – Policy Delivery, Information Commissioner’s Office

These views are my own and do not represent the ICO.

This is a difficult debate and one in which the secureaucrats are always at a disadvantage. Explain their successes may mean revealing secret intelligence gathering techniques or prejudicing current or future operations. And when our agencies do try to further transparency – for example by publishing the outlines of cases or statistics about operational successes – their critics will simply not believe the information to be true. So really the agencies can’t win and the debate is framed in terms of (dis)belief and political scepticism rather than evidence of what information is being collected, how it is being used and what the result of this is.
Any system of transparency must take place within the bounds of the law. It is not for individual operatives to make decisions about the release of secret information the consequences of which they cannot accurately predict. Maybe there is no place for whistle-blowing in national security contexts? We have two main pieces of transparency law – freedom of information for information held by public authorities (including the police and security agencies) and data protection for accessing your own personal information. Neither gets you very far. Both contain very powerful exemptions relating to national security. In data protection law, the DPA is essentially suspended where an exemption from its provisions – for example those relating to transparency - is required for the purpose of safeguarding national security. A Ministerial Certificate is conclusive evidence of this. End of story. In FOIA, to be exempt, the information requested from one of the agencies simply has to have been supplied directly or indirectly by one of the named security bodies, or relate to one of those bodies. As it is a class based exemption there is no need for the disclosure to prejudice the work of those bodies in any way. The duty to confirm or deny whether information is held is also suspended. End of story. 
Some won’t like this, but the power of these exemptions – which means in effect that individuals have very little or no statutory right of access to information held by the agencies – ultimately reflects the will of Parliament. If we want more transparency we will have to pass different laws and there is no political appetite for that. In a democratic system this principle must be respected, by those working for the agencies and by everybody else. It is initially for the regulator (in this case the ICO) and ultimately for the courts to make the decision as to what degree of access – if any – the public has to information about the work of our agencies. We have to accept the fact that the agencies will go about their work and in reality outsiders will know very little about it. Maybe that’s the best outcome in terms of public security if not informational transparency. If you can only have one or the other, which would you prefer? 
So how can we improve things – assuming the improvement is needed? Maybe the Interception of Communications Commissioner’s annual report could provide more operational detail, although the ICC recognises that “it is a challenge to provide a full public account of what the intelligence agencies in particular actually do because much of the operational detail is sensitive for understandable reasons”. The ICCs reports though do contain a lot of information about the scale of authorisations for interception and so forth, if people can be bothered to read it. How much more do we want to know? How much more can we know?  What do those that criticise the national security agencies on the grounds of a lack of transparency actually want? Is there an exemplar model in operation elsewhere? What do citizens of other countries get to know that we don’t, if anything? I expect the situation is pretty much the same everywhere and there’s a reason for that. 
It is important to stand back and consider the political context of all this. Many of those who care to think about state surveillance and the work of the agencies – most people don’t and why should they – would probably see themselves as the beneficiaries of state surveillance rather than as its victims. This is because they believe that the state – our state at least – is essentially benign and is acting in our interests: stopping the bad guys blowing us up or turning our critical national infrastructure off. In fact mass data collection – which is different to surveillance – has no impact on the vast majority of people. Have we really become less free or more psychologically inhibited as the result of it? No – this is a trade-off we are happy to make – we surrender some privacy for the protection of the state. A perfectly rational position based on trust. In fact our personal freedom is dependent on state surveillance. It may be possible to limit data collection and to target it more effectively. However, it is the ‘golden thread’ that connects information about people within a huge mass of data that can lead us to the bad guys. Those capacities are never going to be dismantled. We will never go back to collecting information only about known baddies because we don’t know who the baddies are, well not all of them.     


  1. Iain deserves enormous credit for speaking to the group, and was a welcome voice from an alternative position. While it is clear that surveillance does have a contribution to make to national security there clearly needs to be more engagement with wider society and the concerns being articulated there. For example Bourne argues that there is no interest in privacy in the UK, despite a range of empirical evidence that the is. Indeed, during the election privacy issues were rated the number one concern of younger voters, above immigration and health.

    The disconnect between these public concerns and the bodies responsible for representing the public is concerning. Other research suggests a cynicism about these issues on the part of the public, or a passivism that people cannot do anything about these issues. These are not reasons for public bodies to ignore concerns, but rather evidence that those bodies are not empowering members of the public.

  2. This incorporates fortifying security activities and keeping up great channels of correspondences and support for the Palo Alto Networks clients crosswise over Asia-Pacific. Sean will be a key expansion to the Palo Alto Networks Threat Intelligence group, Unit 42, effectively adding to the APAC point of view on the most recent discoveries on digital dangers. "