For anybody with an interest in protecting democracy, privacy, freedom of expression, and a free press, a recent ruling from the EU Court of Justice is cause for celebration.
In a landmark ruling – its first major post-referendum judgment involving the UK – the court ruled that our government is breaking the law by collecting all our internet and phone call records, then opening them up freely to hundreds of organisations and agencies.
This was a challenge brought by Labour deputy leader Tom Watson (and, initially, Brexit minister David Davis), and represented by Liberty, to the Data Retention and Investigatory Powers Act (Dripa) – a temporary “emergency” law covering state surveillance, rushed on to the statute books in a matter of days in 2014.
It makes communications companies store records of all our emails, texts, phone calls, and internet correspondence. This treasure trove of private information can then be accessed by a huge number of organisations and government agencies – from police forces to HMRC – and of course by hostile powers and terrorist hackers too.
If police wanted to root through your bedroom drawers, you’d expect them to have a warrant and a bloody good reason. But if they want to dip into this deeply sensitive personal data, they have a year’s supply of information sat waiting and can grant themselves permission. No need for sign-off from a judge. No need to suspect someone of a crime. If you’ve done nothing wrong, you shouldn’t be worried, some argue; fair enough. But it’s more than than; it’s about who has access to my information, and how far and wide it’s shared. I don’t like the unfettered access that this act gives away to all and sundry.
The act breaches the fundamental rights of the British people, and the courts agree. They ruled that this national data hoard lets the state draw “very precise conclusions” about people’s private lives – including “everyday habits, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons, and the social environments frequented by them.”
The judges also said it’s not right to gather data on innocent people – that instead it must only be harvested where there is suspicion of serious crime. And they said if someone is spied on, they have a right to know about it afterwards so that they can challenge it if it was wrong, and so we all know the true scale of the state’s surveillance regime. These are simple, vital safeguards to introduce fairness, accountability and transparency into an otherwise shady world.
Dripa expired on 31 December 2016. So why does any of this matter? Because a new law – the Investigatory Powers Act – has been passed to replace it. It is a behemoth of surveillance laws; huge, impenetrable, and capable of doing massive damage.
It replicates all the same powers found unlawful by the European Court, but also goes so much further. It forces service providers to generate and store records of all our internet histories. Every site we visit, every app we open, every piece of software we download.
What do your internet searches give away, when you think about it, that might be dangerous in the wrong person’s hands? Your religion? Sexual interests? Health concerns? Political views?
As with Dripa, this can then be accessed by hundreds of public bodies – everyone from the Department for Work and Pensions to the Gambling Commission. No need for a judge to authorise access. No need for suspicion of crime.
These powers are also a major threat to our cyber security. These records are stored in vast databases which – at a time when companies and governments are under increasingly debilitating attacks from hackers – create goldmines for criminals and foreign spies. And it’s set to cost an estimated £170m.
But wait: there’s more. Under the Investigatory Powers Act, the state has the ability to indiscriminately hack phones and computers, intercept our communications, and build and acquire huge databases containing sensitive information on millions of people – including everything from your Oyster card logs to Facebook messages.
The government has announced it will try to fight the EU court’s ruling. That’s completely illogical; it should instead amend the act to create a targeted surveillance system, rather than one which sweeps up everyone’s private lives and swamps our spies with too much data.
The concept of privacy more widely is the ability of an individual or group to seclude themselves, or information about themselves, and express themselves selectively. When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps security, which can include the concepts of appropriate use, as well as protection of information.
The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries’ privacy laws, and in some cases, constitutions. Almost all countries have laws which in some way limit privacy. An example of this would be law concerning taxation, which normally require the sharing of information about personal income or earnings.
Privacy may be surrendered willingly, normally in exchange for perceived benefits and very often with specific dangers and losses, although this is a very strategic view of human relationships. Research shows that people are more willing to voluntarily sacrifice privacy if the data gatherer is seen to be transparent as to what information is gathered and how it is used. In the business world, a person may volunteer personal details (often for advertising purposes) in order to gamble on winning a prize.
There are various categories that privacy falls into;
- The right to be let alone.
- The option to limit the access others have to one’s personal information.
- Secrecy, or the option to conceal any information from others.
- Control over others’ use of information about oneself.
- States of privacy.
- Personhood and autonomy.
- Self-identity and personal growth.
- Protection of intimate relationships.
In 1890, the United States jurists Samuel D. Warren and Louis Brandeis wrote The Right to Privacy, an article in which they argued for the “right to be let alone”, using that phrase as a definition of privacy. There is extensive debate over the meaning of being “let alone”; it has been interpreted to mean the right of a person to choose seclusion from the attention of others if they wish to do so, and the right to be immune from scrutiny or being observed in private settings, such as one’s own home.
Privacy can mean different things in different contexts; different people, cultures, and nations have different expectations about how much privacy a person is entitled to, or what constitutes an invasion of privacy.
Financial privacy, in which information about a person’s financial transactions is guarded, is important for the avoidance of fraud and identity theft. Information about a person’s purchases, for instance, can reveal a great deal about their preferences, places they have visited, their contacts, products (such as medications) they use, their activities and habits, etc. In addition to this, financial privacy also includes privacy over the bank accounts opened by individuals. Information about the bank where the individual has an account with, and whether or not this is in a country that does not share this information with other countries can help countries in fighting tax avoidance.
Medical privacy allows a person to withhold their medical records from others, perhaps to avoid the embarrassment caused by revealing medical conditions or treatments. Medical information could also reveal other aspects of one’s personal life, such as sexual preferences or proclivity. A right to sexual privacy enables individuals to acquire and use contraceptives without family, community or legal sanctions.
Political privacy has been a concern since voting systems emerged in ancient times. The secret ballot helps to ensure that voters cannot be coerced into voting in certain ways, since they can allocate their vote as they wish in the privacy and security of the voting booth while maintaining the anonymity of the vote. Secret ballots are nearly universal in modern democracy, and considered a basic right of citizenship, despite the difficulties that they cause.
Microsoft reports that 75 percent of recruiters and HR professionals now do online research about candidates, based on research from search engines, social-networking sites, photo and video-sharing sites, personal web sites and blogs, and Twitter. They also report that 70 percent of U.S. recruiters have rejected candidates based on internet information.
The ability to do online inquiries about individuals has expanded dramatically over the last decade. Facebook is currently the largest social-networking site, with nearly 1,490 million members, who upload over 4.75 billion pieces of content daily. Over 83.09 million accounts were fake. Twitter has more than 316 million registered users and over 20 million are fake users.
Importantly, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer secondary information about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.
In recent years there have been only few attempts to clearly and precisely define a “right to privacy.” Some experts assert that in fact the right to privacy “should not be defined as a separate legal right” at all. By their reasoning, existing laws relating to privacy in general should be sufficient.
In the United Kingdom, it is not possible to bring an action for invasion of privacy. An action may be brought under another tort (usually breach of confidence) and privacy must then be considered under EC law. In the UK, it is sometimes a defence that disclosure of private information was in the public interest. There is, however, the Information Commissioner’s Office (ICO), an independent public body set up to promote access to official information and protect personal information. They do this by promoting good practice, ruling on eligible complaints, giving information to individuals and organisations, and taking action when the law is broken.
The privacy paradox is a phenomenon that, while online users make plain their concerns about privacy, their behaviors are not consistent with their concerns. Susan B. Barnes firstly used the term “privacy paradox” to refer the ambiguous boundary between private and public space on social media. When compared to adults, young people tend to disclose more information. However, this doesn’t mean that they’re not concerned about their privacy. Barnes gave an example: in a television interview about Facebook, a student addressed her concerns about disclosing personal information online. However, when the reporter asked to see her Facebook page, she had put her home address, phone numbers, and pictures of her son on the page.
Privacy is going to be the key discussion point of the next decade; whether it’s a person’s sexuality, faith, income levels, disabilities, or so on, how much the state and corporations are entitled to know will be an ongoing matter for debate. I have my own issues with my personal information being shared around for anyone and everyone to see; I don’t want people having my data without my express permission, unless it’s for valid reasons – and those valid reasons are very limited and tight, such as to make sure I’m paying the right tax, for example (sigh). But other than that, my general philosophy is – back off, my information is mine to control.