People, We Need to Talk About Mass Electronic Surveillance

Much of the world is in a COVID19 quarantine. It is a lockdown that will save lives, but it is also blighting them on a vast scale: domestic violence, mental illness and poverty can all be expected to flourish. The full impact of the lockdown for the wider global economy is presently unknowable, but grim.

The wealthy may have to sit-and-watch hard-won lifesavings evaporate – but for the poor, the self-employed and small business owners it is likely to be much, much worse than that.

We may be fighting COVID19 for a year or more – and it could yet turn out to be a seasonal infection that we need to battle with in some-shape-or-form on an annual basis. Mass social distancing and a near total economic shutdown are blunt instruments that amount to bombing the village in order to save it. We are going to have to do better.

South Korea is already doing better – and its weapons of choice appear to be large-scale testing and electronic surveillance that enable rapid and close-to-complete contact tracing.

When the Regulation of Investigatory Powers Act was introduced into law in the UK – and the creation of an accompanying nationwide database of electronic communications data was discussed – many Liberals and Civil Libertarians cried foul, this author included. The potential for abuse was obvious and chilling. I don’t live in a police state - and I don’t much want to, thank you very much.

Those of us that opposed the creation of nationwide electronic surveillance databases now need to ask ourselves if the current pandemic – and the threat of other future potential pandemic events - changes our calculation of the balance of risks and harms. What price of individual freedoms and liberties when entire populations are already effectively imprisoned in their own homes anyway?

There is now a very good case for aggregating call detail records, cellular network and ISP data on a permanent basis - or at for least building a system and infrastructure that would enable these data to be rapidly acquired and integrated across networks for the lifetime of an emergency - to allow contact tracing, quarantine enforcement and to support improved modelling to inform public policy.

The implications to civil liberties are still serious, but if the systems were owned not by the police and security services but by national health services - and to become a “person of interest” you had to have had a positive test result - some of those objections would be moot (or at least mitigated).

Some are making the case for bottom-up approaches to contact tracing instead, based on individuals downloading applications to their smartphones. These approaches are interesting and are surely worth exploring, but it may be difficult to secure voluntary mass participation, and these apps won’t support quarantine enforcement and modelling use-cases.

The public is now discovering what those of us in the industry have always known: that predictive mathematical models are an imperfect representation of reality that are extremely sensitive both to assumptions, and to the quality of the data that they are based on: better and more complete data mean better models.

In the UK alone, better models have the potential to save perhaps tens-of-thousands of lives - not to mention the potential to dramatically improve the quality of tens-of-millions more by enabling earlier and selective lifting of the national lockdown.

Does my desire for privacy trump your right to free association? Or will a nationwide database of electronic communications data inevitably be abused and threaten the very freedoms that we seek to preserve? People, we need to talk about mass electronic surveillance.

What’s Hot on Infosecurity Magazine?