After the second terrorist attack in about two weeks in the UK, Prime Minister Theresa May claimed that the Internet needs regulating, and is a safe space for terrorists following on from the attack June 3rd. This got me thinking. Part of me feels this is a good thing – to regulate the internet to prevent terrorism. The other part of me thinks it’s a bad idea for government to go snooping around on what we call a “fishing expedition.” Then I went on a run and came up with these arguments. In reality, there are so many issues here, it’s difficult to fathom, but I’ll try to pick them off one at a time.
The crux of the issue here is “what does it mean ‘to be regulated’?” Is May suggesting that some government agency should intercept all email and VOIP communications in an attempt to listen to “chatter” that might point to a pending plot? That proposal is fraught with issues.
- First, is it feasible? Is there enough storage and processing power to make this happen? Would the UK government be required to funnel resources to this venture where those resources might otherwise be used to beef up the infrastructure of, say, the NHS so it’s not susceptible to the next malware attack? As you may recall, the NHS was hit hard because it didn’t have the resources to update a number of Windows XP machines. By redirecting resources to internet regulation, that would by necessity mean fewer resources for these types of required upgrades. Government investment is always a trade off.
- Second, it’s been done. Several years ago in the United States, thanks to Edward Snowden, the National Security Agency (NSA) was caught with its “hand in the cookie jar” spying on its citizens. While it claimed to only be collecting “metadata” on phone calls, the NSA certainly lost the PR war. Yet, is this really problematic; namely, collecting all internet-based metadata? Haven’t governments including the US government had access to this information for more than a hundred years? When you send a letter (snail mail) to a friend, doesn’t the US Postal Service know when you sent it, to whom you sent it, how big it was and when the receiving party received it? Isn’t the definition of communications metadata? Why is collecting this information for email or VOIP any different? It should be noted that to my knowledge, at least publicly, no terrorist attack was thwarted as a result of the NSAs actions.
- Third, what does it mean to collect ALL data? Shouldn’t the government attempt to focus its efforts on “suspected” individuals? Should an internet-based inspection method be used to confirm suspicions as opposed to being the initiation point for suspicions? In the United States, law enforcement must seek a warrant before it can begin inspecting the specifics of the lives of any individual. It aligns to our Fourth Amendment rights which reads: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Perhaps a focused expedition makes sense here. I understand this is the current path in the States where agencies must seek a “secret” warrant from the FISA court.
- Finally, with the two recent attacks in Manchester and London, I can see how the government and citizenry is outraged and calling for more aggressive measures to find and stop these ongoing threats.
This is perhaps one of the most complex and ethically delicate paradoxes facing our world today. Privacy and security are oftentimes pitted against one another in an eternal tug of war. There is no right answer and each government and its citizens must decide at each point in time what is right for its situation. What’s most disappointing is that we live in a world where we have to make these decisions.