The review of bulk surveillance powers by David Anderson supports the operational case for the current practices of the agencies. The review did not look at the wider impacts of mass surveillance and any further discussions need to take both aspects into account.
David Anderson’s Review of Bulk Powers gives broad endorsement to the contents of the Investigatory Powers Bill. This should come as no surprise, given his job was to determine their utility to the government and not any wider social impacts, including on human rights. The review also had a limited remit to look at potential alternatives to bulk, and found that these may exist for some of the cases examined, but are generally too cumbersome, slower or less effective. The review makes only one recommendation for reform: the creation of a new Technical Advisory Panel of independent security cleared experts to support the Investigatory Powers Commissioner.
We are concerned that the government will try to use Anderson’s review to end the public debate on mass surveillance. This would be a mistake, as the underlying issues will not go away. Countless human rights experts and bodies have condemned mass surveillance and a large proportion of the population remains concerned about their online privacy.
The IPB will be scrutinised again by the Lords in the Autumn, and the other side of the debate needs to be included in the discussions. Focusing on the utility of bulk - the operational case - is important in establishing the necessity for such powers. This does not tell us however whether wholesale collection and analysis of data is proportionate in a democratic society. As Anderson himself repeatedly makes clear in his review, these are matters for Parliament to decide.
Anderson arrived at his conclusions after looking at the classified activities of the Security and Intelligence Agencies - MI5, MI6 and the GCHQ - including several visits by him and his team. The Review also summarised most influential reports in this area, including those by the Intelligence and security Committee, Anderson’s previous report, and also some US reports that cover similar issues. Anderson found that all available evidence supports the operational case for bulk interception, bulk datasets and acquisition of communications data.
The only area where in Anderson’s view the case is not yet fully proven is bulk “equipment interference”, aka bulk hacking, as this is a new power. He quotes extensively security personnel claiming this power is required to cope with the growing threats that encryption and anonymity present to other bulk collection methods. There is little discussion about what this power may look like in practice. Documents leaked by Snowden mention GCHQ’s interference activities causing disturbance to the internet traffic of whole countries, such as Pakistan. Unfortunately, Anderson does not engage with the leaked documents and glosses over “the potential of CNE to create security vulnerabilities or leave users vulnerable to damage” (p. 108).
The review was completed in a very short period of time, rushed to avoid delaying the legislative process. Concerns have been expressed from various quarters that a lack of time might have impacted the results, but it seems unlikely that more time would have changed these. The Review was asked whether there is an operational case for bulk, and given the scope and sources of evidence the answer would almost certainly have been the same. Anderson neutralises the dissonant evidence, such as the last report from the Intelligence and Security Committee that criticised bulk hacking, or the US Privacy and Civil Liberties Board report that found there was no value in giving all phone records to the government for analysis.
The main new piece of information is the extended evidence from the security and intelligence agencies. Throughout the paper Anderson deals with criticisms of bulk by referencing new secret evidence that he has been able to see and was not available - and never will be - to critics. The argument is collapsed into a question of trust, in this case of trusting Anderson to vouch for the agencies.
Government will brandish this review’s headlines to support the Investigatory Powers Bill, but a more detailed follow up is needed. For example, the discussions on alternatives to bulk seem to point at some options, but these are quickly dismissed. It would be important for Parliament to probe these potential options in much more detail.
The recommendation for a Technical Advisory Panel can hardly be rejected, but its success will depend on how it is handled in practice. There are numerous advisory boards across government with very mixed results. Technically proficient staff should be part of the oversight and authorisation bodies, not just in advisory roles.
The review joins a veritable body of publications from security related bodies and individuals that cross-referentially support the practices of the agencies while ostensibly asking for some reforms. Since the Snowden leaks three years ago there has been a huge improvement in the level of public debate in the UK about surveillance . It would be foolish to deny that we have a much better understanding of how these systems work, and not all from the Snowden leaks. At the same time we have to ask ourselves what has actually changed in practice.
Unfortunately, the most serious concerns about the agencies do not relate to whether surveillance powers are useful and not misused, but how secrecy and pervasive monitoring affect democracy and individuals’ personal development in the medium to long term. There is little that Anderson’s review can do to allay those fundamental concerns.
Anderson puts his finger briefly on these most basic aspects, quoting his own previous report to support the need for strong surveillance powers:
A perception that the authorities are powerless to act against external threats to the nation, or unable effectively to prosecute certain categories of crime (including low-level crime), can result in hopelessness, a sense of injustice and a feeling that the state has failed to perform its part of the bargain on which consensual government depends.(p. 120)
A very different conclusion could be reached. The pervasive sense of hopelessness and insecurity created by technological change, economic crises and broader geopolitical upheaval might be perceived as the failure of the state to successfully plan, regulate and intervene diplomatically. The development of an all-powerful mass surveillance state seems the wrong overcompensation mechanism, which will do little to address the underlying causes of insecurity, injustice and disenfranchisement.