Tuesday, 10 March 2015

Reader reply: Isn't collection the same as surveillance?

I received an interesting reply about questioning whether there's a difference worth teasing out between "mass surveillance" (as the media loves to say) and collection of digital data. In my opinion, this is the central misunderstanding at the bottom of the question of modern intelligence gathering.

Re: your article, isn't it essentially the collection and analysis of every phone call and every email ever sent? They look for certain words and phrases in varying levels of detail. Sounds like mass surveillance to me! And they do it using the Waihopi spy Base.

That’s the interesting thing about the leaks from Mr Snowden. All they tell us is that the Five Eyes partnership collects digital data en masse. There’s some extremely sophisticated techniques involved in doing this and the public is right to be concerned about the potential for abuse of the system.

But none of the leaks detail what sort of analysis happens to the data once it’s caught in the net. It’s fairly common knowledge that none of the agencies in CAN, AUS, NZ, US, UK have the required peoplepower to view/listen to all that data to ascertain whether it’s useful or not. Neither do they have the funds to do that task if they wanted to. There’s no way they can process it all.

It’s becoming clearer each day that the NSA etc are drowning in data. There’s too much of it to deal with and the only thing they can do to cope is invent “google for spies” (XKEYSCORE) and other algorithms to search primitively for keywords and other tags. They know they’ll miss a whole swathe of useful information, but they hope that they’ll at least find some of it. The reality is - proven by Snowden’s documents - is that the Five Eyes simply cannot analyse the amount of data they are gathering.

Which means they are almost guaranteed not to be looking at your data, even if they gather it (which, if you’re a citizen in the Five Eyes countries is almost certainly not happening). So the question actually is: if the GCSB is “collecting it all”, what qualifies as analysis? Is the fact that your information may or may not be sitting on a server in Bluffdale, Utah – never to be seen again by yourself or a NSA analyst – proof positive that the NSA is spying on you? Is gathering data the same thing as spying? Or does spying only occur when an analyst actually looks at your information?

After all, that’s the way intelligence has always been done, right? I mean, given the possible amounts of information out there, spies have always wanted to “collect it all” just in case there’s something in the pile they need in the future. They may never need it and it could all be junk. But how will they know what the needle looks like if there’s no haystack to search? It’s both more important and more possible to do this in the age of the internet. That’s a plus and a minus for intelligence when it comes to balancing security and privacy in a modern world.

My concern is that there’s a huge undercurrent of narcissism in thinking that our personal information is both relevant and interesting enough to have a spy want to look at it. There’s this leap of logic we’re all doing going from, “they’re gathering all the internet data!”, to, “my personal life and privacy is therefore at risk!”. That’s never been the case. Spies look for bad people, sure, but they also look for interesting people. You have to ask yourself, what would the spies want with your information? Are you really interesting enough for them to spend their precious time looking at the conversation you had with your boss or partner?

Of course it isn’t. But while I understand the importance of oversight for these agencies, we have to be more cognizant as a society that the GCSB exists to benefit us, not hurt us. Spying has this negative ring to it that doesn’t always sound so good in the public ear. But that’s largely a fault of the media and fiction books. Sure spies have done some bad things in the past, but the majority of intelligence efforts is conducting for the defence of the country’s citizens. It would be a fallacy to judge an organisation on a minority of adverse events when a preponderance of evidence suggests it is doing good the majority of the time.

No comments: