The Malta Independent 18 October 2021, Monday

The security services and the trade-off between privacy and security

Martin Scicluna Sunday, 7 July 2013, 08:53 Last update: about 8 years ago

European Commissioner for Justice Viviane Reding recently wrote an impassioned article in The Times of Malta entitled “Privacy through a PRISM” in which she lambasted the so-called PRISM scheme “which allows the national security agencies of the United States of America to access EU citizens’ personal data”.

“Here we go again,” she wrote (Ms Redding was a Luxembourg journalist before she became prominent in politics so a little bit of journalese is not unexpected), “another violation of the basic right of privacy. Another public outcry. Another blow to citizens’ trust in the security of their personal data. Yet more evidence that something fundamental has to change if we want to stop citizens from worrying about somebody watching every time they visit a website or write an email.”

The European Union is one of the few places in the world that already has strong data protection rules in place that fastidiously protects its citizens’ data. Ms Redding is therefore right to express concern about PRISM (which collects e-mails, files and social networking data from firms such as Google, Apple and Facebook). But she is wrong either to be surprised that this is happening on an industrial international scale, or more importantly, to fail to mention anywhere in her article the security imperatives that drive it.

European Union leaders meeting in Brussels for their summit last week expressed ‘shock’ that the United States had been listening in to information on EU countries. Yet, it is well known that the French listen in to the British and the British eavesdrop on the French. The Chinese listen in to the Americans, and to the French, British and Germans and any other European Union country that is worth listening to. It has been ever thus. Intelligence gathering is not solely confined to a country’s enemies but also to its friends. It is a way of reaching the parts that normal diplomatic exchanges cannot reach.

The difference is that what was once done using short-wave radios is now done by massive computer systems capable of ingesting huge quantities of information. During the Second World War, short-wave radio was the Facebook of its time. There were thousands of people on the Allied side in the United Kingdom and throughout “free” Europe listening in to the Germans. After the war, their successors, including now the West Germans, were listening throughout the Cold War to the Soviet Union and protecting the west from the threat of nuclear attack.

Since its creation over 60 years ago, the US’ National Security Agency has been listening in to the world’s communications systems, from drunken Soviet leaders to Osama bin Laden’s satellite telephone. For decades, the NSA, the United Kingdom government’s communications headquarters at Cheltenham and other advanced nations’ surveillance stations around the world have operated listening stations that intercept troves of telephone and data traffic. It is the job – the duty – of intelligence agencies to try to find things out about certain people. Spies spy. Rapid technological advances mean that the amount of snooping is growing at a faster rate than laws and regulations have been able to keep up.

To express shock at this, as Ms Redding has done, is to be naïve (or obtuse) in the extreme. Surveillance stations and the intelligence services that use them are only doing what is necessary for security. Al-Qaeda’s assaults on 11 September 2001 demonstrated to politicians everywhere, especially in Europe, that their first duty was to ensure the safety of their own citizens, a lesson which was reinforced by the terrorist attacks in Madrid, London and elsewhere, and again just recently in Boston in the US and Woolwich in London.

The expressions of dismay in Europe at American spying through the use PRISM will presumably last until the next Woolwich Islamic axe murderer strikes somewhere else in Europe, at which point there will be a call for a greater government crack-down on terrorists who, like everyone else, seem perfectly content to communicate their secret views on the Internet. The fact is that Islamist bombers come from a population that is hard for western security services to penetrate, and they make wide use of mobile phones and the Internet. Their intelligence monitoring is vital to our safety.

On security grounds, therefore, all other factors being equal, the case for surveillance is unanswerable. But in a democracy all factors are not equal. There has to be a trade-off between privacy and security. The issue raised by the exposure of PRISM is whether, in its enthusiasm to protect the citizen, the state has intruded needlessly and unjustifiably into his right to privacy and freedom of speech. As details of American snooping have spread, sales of George Orwell’s 1984, a story of an ever-watchful state, have rocketed. Spying in a democracy depends for its legitimacy on informed consent, not simply on blind trust.

What does the EU’s Commissioner for Justice propose to find this difficult balance between privacy and security? She makes four proposals. First, clear provision that companies outside Europe have to abide by EU data protection laws when they offer and sell products and services in the EU. Secondly, there must be a broad definition of personal data. Thirdly, “processors” of data, as well as companies collecting citizens’ data, should also be included in the EU’s data protection rules. And fourth, the rules “have to ensure that EU citizens’ data are only transferred to non-European law enforcement authorities in situations which are clearly defined, exceptional and subject to judicial review”.

These proposals seem fine in principle as a means of tightening up the protection of personal data within the EU. But they make not the slightest difference to how individual national intelligence agencies operate within their own countries, and the bilateral intelligence arrangements they make with third countries. Most democratic countries, including Malta, give wide powers to their law enforcement and secret services. For states to run properly they must have – and be able to collect – secrets.

In Malta’s case, as in other democracies, the key question we should ask is: is the level of public scrutiny by the Security Commission, Parliament and the courts adequate and are there sufficient rights of redress against our security service? Secret intelligence agencies need secrecy, but not on everything, always and everywhere. The costs and intrusion on civil rights must be proportionate to the threat.

Some operational efficiency is surely worth sacrificing, because public scrutiny should be a condition for popular backing. Even allowing for the need to keep some things under wraps, all citizens need a clearer idea of what their surveillance agents are doing in their name. Constant vigilance is needed by our security and intelligence services to guard against the threats of violent extremists. But this must be matched by constant vigilance to ensure this does not come at the cost of individual freedom and liberty. There is always a balance to be struck between liberty and security. There will always be a trade-off between privacy and security – though I personally would put national security above personal privacy.

  • don't miss