Theresa May has rejected claims that the UK is a surveillance society, stressing instead the extensive oversight of intelligence and the need, as she sees it, to increase legal capacities to survey online communication.
By virtue of her office, May has a privileged view of both the perceived threats to UK security and the activities of the security and intelligence agencies. This puts her in an influential position; she can speak with unrivalled authority as to the reality of the UK’s security. But it also means that her perspective is not neutral.
While she might “not believe it is surpassed by any other country”, her view of the oversight of UK intelligence and security is inescapably influenced by her awareness of the real and substantial threats to security that exist.
As advanced in the speech, her argument that the UK is not a surveillance state rested on two core points: that the Regulation of Investigatory Powers Act 2000 (RIPA) effectively limits surveillance, and that the relevant agencies neither can nor want to monitor all of us and all of our communications.
May was quite right to say that RIPA regulates surveillance, but she failed to acknowledge the well-founded criticisms of the Act including the grey areas within it that the intelligence and security agencies can (and seemingly do) exploit. It is not enough for an activity to be nominally regulated by law; the content and quality of that law are also important.
The claim that the UK is not a surveillance state because it does not actually monitor the activities of everyone relies on an unfeasibly narrow conception of surveillance. Surveillance is not only about what data the state actually “reads”, but rather about the scale of data that the state is able to access. Judged in this way, the UK is without question a surveillance society (although it is also hardly alone).
Britain is saturated in CCTV, it spear-headed the ill-fated data retention regime in the EU (which resulted in all telecommunications data being retained by service providers for access by the state in investigation of serious crime), and it has a sprawling intelligence service that thinks it has the legal capacity to access all external communications, including many routine online communications.
Even if the state does not actually access and use our information after obtaining it this way, that does not mean we are not all under the state’s close scrutiny. It does not mean we are not all under surveillance.
Reining it in
The key to ensuring both security and liberty in a state like ours is the design and implementation of robust legislative and oversight systems; ones that simultaneously limit state overreach and enable appropriate intelligence-gathering. This is no easy task.
Theresa May is undoubtedly frustrated by the extremely heated debate over surveillance in the UK. Her priority is to secure the state, its interests, and its population. In this light, she has rightly identified the particular challenges that the online world poses. Her solution, it seems, is to revisit a previous proposal for a so-called Snoopers’ Charter: the Draft Communications Data Bill.
That bill proposes to require all communications service providers to retain metadata as to browsing activity, email correspondence, social media accounts and so on for a period of 12 months. The retained data would be processed in a manner intended to ensure it was used only for targeted surveillance; the state could only access it with the authorisation of a designated officer.
As it currently stands, the Draft Communications Data Bill is presented as a modernised mechanism for accessing data that takes account of our increased migration to online communications. But if it is introduced, it will expand the state’s surveillance capacity in serious and problematic ways.
Getting it right
In a recent decision striking down the EU’s Data Retention Directive, the Court of Justice of the European Union rejected claims that the collection of metadata did not have privacy implications.
In that case, the court held that such data “may allow very precise conclusions to be drawn concerning…private lives” so that, in order for any retention regime to be proportionate, safeguards and limitations would need to be built in. This same consideration is clearly relevant to the so-called Snoopers’ Charter.
If blanket surveillance is to be avoided, we have to ensure that filtering processes discriminate effectively so that the state in fact only accesses data relevant to the investigation of serious crime. Different retention periods should be used for different categories of data depending on their apparent usefulness to investigations, and any intelligence service requests to access such data must meet clear and objective criteria.
In other words, even if a communications data retention scheme of this kind is appropriate and necessary, as the home secretary believes is the case, it must be designed in to minimise the potential for abuse or misuse.
That is not just a matter of putting political and independent oversight in place; the legislation has to be designed in as restrained and careful a manner as possible, taking on the board the lessons of the ill-fated EU data retention regime.