When the Guardian offered John Lanchester access to the GCHQ files, the journalist and novelist was initially unconvinced. But what the papers told him was alarming: that Britain is sliding towards an entirely new kind of surveillance society.
- The Guardian, Thursday 3 October 2013 19.01 BST
In August, the editor of the Guardian rang me up and asked if I would spend a week in New York, reading the GCHQ files whose UK copy the Guardian was forced to destroy. His suggestion was that it might be worthwhile to look at the material not from a perspective of making news but from that of a novelist with an interest in the way we live now.
I took Alan Rusbridger up on his invitation, after an initial reluctance that was based on two main reasons. The first of them was that I don’t share the instinctive sense felt by many on the left that it is always wrong for states to have secrets. I’d put it more strongly than that: democratic states need spies.
The philosopher Karl Popper, observing the second world war from his academic post in New Zealand, came up with a great title for his major work of political thought: The Open Society and Its Enemies. It is, in its way, a shocking phrase – why would the open society have enemies? (But then, the title of Charles Repington’s The First World War, published in 1920, was shocking too, because it implied that there would be another one.)
We do have enemies, though, enemies who are in deadly earnest; enemies who wish you reading this dead, whoever you are, for no other reason than that you belong to a society like this one. We have enemies who are seeking to break into our governments’ computers, with the potential to destroy our infrastructure and, literally, make the lights go out; we have enemies who want to kill as many of us, the more innocent the better, as possible, by any means possible, as a deliberate strategy; we have enemies who want to develop nuclear weapons, and thereby vastly raise the stakes for international diplomacy and the threat of terrorism; and we have common-or-garden serious criminals, who also need watching and catching.
I get all that. It doesn’t thrill me to bits that the state has to use the tools of electronic surveillance to keep us safe, but it seems clear to me that it does, and that our right to privacy needs to be qualified, just as our other rights are qualified, in the interest of general security and the common good.
My week spent reading things that were never meant to be read by outsiders was, from this point of view, largely reassuring. Most of what GCHQ does is exactly the kind of thing we all want it to do. It takes an interest in places such as the Horn of Africa, Iran, and North Korea; it takes an interest in energy security, nuclear proliferation, and in state-sponsored computer hacking.
There doesn’t seem to be much in the documents about serious crime, for which GCHQ has a surveillance mandate, but it seems that much of this activity is covered by warrants that belong to other branches of the security apparatus. Most of this surveillance is individually targeted: it concerns specific individuals and specific acts (or intentions to act), and as such, it is not the threat.
Even Julian Assange thinks that, and said as much in his alarming and perceptive book Cypherpunks: “Individual targeting is not the threat.” When the state has specific enemies and knows who they are and the kind of harm they intend, it is welcome to target them to make the rest of our polity safe. I say again, on the evidence I’ve seen, this is mainly what GCHQ does. I would add that the Guardian and its partners have gone to a lot of trouble to prevent any unnecessarily damaging detail about this work being published.
Problems and risks
The problems with GCHQ are to be found in the margins of the material – though they are at the centre of the revelations that have been extracted from the Snowden disclosures, and with good reason. The problem and the risk comes in the area of mass capture of data, or strategic surveillance. This is the kind of intelligence gathering that sucks in data from everyone, everywhere: from phones, internet use from email to website visits, social networking, instant messaging and video calls, and even areas such as video gaming; in short, everything digital.
In the US, the Prism programme may have given the NSA access to the servers of companies such as Google and Facebook; in the UK, GCHQ has gained a similar degree of access via its Tempora programme, and the two of them together have a cable- and network-tapping capabilities collectively called Upstream, which have the ability to intercept anything that travels over the internet. This data is fed into a database called XKeyscore, which allows analysts to extract information “in real time”, ie immediately, from a gigantic amount of hoovered-up data.
In addition, the NSA has encouraged technology companies to install secret weaknesses or “backdoors” into their commercially available, supposedly secure products. They have spent a very great deal of money ($250m a year alone on weakening encryption), on breaking commercially available security products. Other revelations have been published in Der Spiegel, and concern the NSA exploitation of technology such as the iPhone.
Access all areas
What this adds up to is a new thing in human history: with a couple of clicks of a mouse, an agent of the state can target your home phone, or your mobile, or your email, or your passport number, or any of your credit card numbers, or your address, or any of your log-ins to a web service.
Using that “selector”, the state can get access to all the content of your communications, via any of those channels; can gather information about anyone you communicate with, can get a full picture of all your internet use, can track your location online and offline. It can, in essence, know everything about you, including – thanks to the ability to look at your internet searches – what’s on your mind.
To get a rough version of this knowledge, a state once had to bug phones manually, break into houses and intercept letters, and deploy teams of trained watchers to follow your whereabouts. Even then it was a rough and approximate process, vulnerable to all sorts of human error and countermeasures. It can now have something much better than that, a historically unprecedented panoply of surveillance, which it can deploy in a matter of seconds.
This process is not without supervision, of course. In order to target you via one of these “selectors” – that’s the technical term – the agent of the state will have to type into a box on his or her computer screen a Miranda number, to show that the process is taking place in response to a specific request for information, and will also need to select a justification under the Human Rights Act. That last isn’t too arduous, because the agent can choose the justification from a drop-down menu. This is the way we live now.
What this means is that we’re moving towards a new kind of society. Britain is already the most spied on, monitored and surveilled democratic society there has ever been. This doesn’t seem to have been discussed or debated, and I don’t remember ever being asked to vote for it. As for how this trend appears in the GCHQ documents, there is something of a gap between how the spies talk in public and how they can occasionally be found to talk in private.
It is startling to see, for instance, that the justification for the large-scale interception of everybody’s internet use seems to be a clause in Ripa allowing interception of “at least one end foreign” communications. Whack on to this a general purpose certificate from the secretary of state, and a general warrant, and bingo, this allows full access to traffic via companies such as Google and Facebook – because their servers are located overseas. I can’t believe that that was the intention of the people who drafted Ripa, who were surely thinking more of people taking phone calls from moody bits of Waziristan, rather than your nan searching for cheaper tights.
There is a revealing moment in the most recent piece written for the Guardian by Sir David Omand, former head of GCHQ. He said that “the real debate we should be having … is about what privacy in a cyber-connected world can realistically mean given the volumes of data we hand over to the private sector in return for our everyday convenience, and the continued need for warranted access for security and law enforcement”.
That’s a total non-sequitur: Omand seems to think that just because we hand data over to Google and Facebook the government automatically has the right to access it. It’s as if, thanks to a global shortage of sticky gum, envelopes can no longer be sealed, so as a result the government awards itself a new right to mass-intercept and read everybody’s letters.
Staying within the law
All through the GCHQ material there is a tremendous emphasis on the legal basis of its operations, particularly in respect of article 8 of the Human Rights Act, which grants: “Everyone has the right to respect for his private and family life, his home and his correspondence.”
It is repeatedly stated that “GCHQ operates within the law” and that “GCHQ does it legally” and that surveillance always has to be “justified, necessary and proportionate”. Good – it would be terrifying if that weren’t the case. But if GCHQ seldom breaks the law, it’s because the law is so broadly drafted and interpreted it’s almost impossible to break.
Also, in the GCHQ papers there are occasional glimpses of a different attitude, usually to be found in slides which are marked as “hidden” in PowerPoint presentations, or in the presenters’ notes to other slides. (Many of the clearest documents are internal GCHQ briefings laid out in the form of PowerPoint talks. I was reminded of Malcolm Gladwell’s great joke, in response to whether he needed audio-visual aids for a lecture: “All power corrupts, but PowerPoint corrupts absolutely.”)
For instance, a legal briefing on the Human Rights Act lists the instances in which it is legal for the state to breach article 8: “In the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
The notes make the point that national security, public safety and serious crime are the three current reasons for which GCHQ is allowed to eavesdrop, but there is a chilling addition: “‘Just’ 3 at the moment. No reason why GCHQ’s remit would not be changed in the future but this is what we are allowed to do at the moment.”
It’s usually only in books that people’s blood runs cold, but mine did when I read that. “Just” three at the moment: in other words, there are “just” three reasons why GCHQ can violate article 8, the right to privacy. But that could change. It would be legal in human rights terms for GCHQ’s mandate to cover “the prevention of disorder”, not to mention “the protection of health or morals”.
Extending state power
The totalitarian state in Orwell’s Nineteen Eighty-Four would need no broader legal justification than that: it really does allow a government to do anything it likes. It was at this point that I became convinced that Snowden’s revelations are not just interesting or important but vital, because the state is about to get powers that no state has ever had, and we need to have a public debate about those powers and what their limits are to be.
At a moment of austerity and with a general sense that our state’s ability to guarantee prosperity for its citizens is in retreat, that same state is about to make the biggest advance ever in its security powers. In public, the state is shrinking; in private, it is shrinking until it gets just small enough to fit into our phones, our computers, our cars, our fridges, our bedrooms, our thoughts and intentions.
Another secret slide is headed SRA – a mysterious acronym that is not explained. The slide concerns 2P intelligence, 2P meaning second party, ie other countries in the “five eyes” alliance of the US, UK, Canada, Australia and New Zealand. It says that an SRA, whatever it is, “authorises receipt of 2P intelligence on UK based targets where GCHQ has no authorisation”.
Since GCHQ can spy on any foreign national it wants, this can only mean the surveillance of people on whom it isn’t legal for GCHQ to spy. That looks to me an awful lot like a means of obtaining permission to spy on people – British citizens? – outside the law.
We’ve heard a lot of talk about the distinction between content and metadata – content being the stuff inside communications, metadata the who and when and where and how of the communication, but not the content. The idea is that the spooks focus on the metadata and ignore the content – so they notice your nan logging on to the net, where and when and for how long, but don’t read the actual content of the search.
This distinction is written into the law in both the US and the UK. This would be reassuring, if the notes didn’t say this: “GCHQ policy is to treat it pretty much all the same whether it’s content or metadata.” Put all these together and it is no wonder the documents contain a boast about the UK’s “more permissive legal environment”.
A new panopticon
The prospect this presents is something like the “panopticon” which Enlightenment philosophers advocated as a design for the ideal prison in the 18th century, and about which the French philosopher Michel Foucault wrote in his book Discipline and Punish. “He who is subjected to a field of visibility, and who knows it, assumes responsibility for the constraints of power; he makes them play spontaneously upon himself; he inscribes in himself the power relations in which he simultaneously plays both roles; he becomes the principle of his own subjection.”
When I first read Foucault’s account of the panopticon, where the individual at the centre can simultaneously see and judge a whole multitude of other individuals, I thought it was brilliant but overheated. Now, it actually seems like somebody’s plan. That’s what we risk becoming: a society which is in crucial respects a giant panopticon, where the people with access to our secrets can see, hear, intercept and monitor everything.
Members of the security establishment always want more abilities, more tools, more powers for themselves and fewer rights for us. They never say “thanks a lot, we’re good from here, we have everything we need”.
From their point of view – the point of view of wanting ever more invasive secret powers – al-Qaida and its affiliates are the perfect enemy. Because al-Qaida combines the characteristics of an ideology and a network, it is everywhere, it is invisible, it is never more dangerous than when you can’t see it.
The new emphasis on anticipating the actions of “lone wolf” terrorists raises this danger even higher: the risk of terrorism from people who have never been caught committing a crime, who have no known terrorist affiliations, who are invisible, who could be anywhere … It is the ultimate version of the scare story that used to be called “reds under the bed”. How can the state every hope to protect us against people like that, if not by permanent, omnipresent, ever-increasing surveillance?
If we are going to remake society in the image of the fight against terrorism, and put that secret fight at the heart of our democratic order – which is the way we’re heading – we need to discuss it, and in public.
When we do so, it might be helpful to consider something called the banana equivalent dose (BED). This is a term used in physics to measure the amount of radiation emitted by a banana. It is a number popular with people who think the dangers of radiation are exaggerated, and who use it to make the point that almost everything is radioactive. A dental x-ray has a BED of 50; serious radiation poisoning takes a BED of 20m; sleeping next to someone for one night has a BED of 0.5 and living within 50 miles of a nuclear power plant for a year has a BED of 0.9.
Since 9/11, 53 people have been killed by terrorists in the UK. Every one of those deaths is tragic. So is every one of the 26,805 deaths to have occurred on Britain’s roads between 2002 and 2012 inclusive, an average of 6.67 deaths a day. Let’s call that the SDRD, standard daily road deaths. The terrorist toll for 12 years comes to 0.0121 SDRD. This means that 12 years of terrorism has killed as many people in the UK as eight days on our roads.
The security establishment will immediately reply that this figure leaves out deaths of terrorism victims abroad and the lives saved by its secret actions, none of which can be made known without jeopardising current and future operations.
Is that enough of a justification for the scale and extent of what is happening to our privacy? Is the current supervisory regime – which involves senior judges inspecting GCHQ‘s actions, “within the circle of secrecy”, and issuing a secret report – adequate to the scale of the state’s powers?
I’d repeat the point that as digital technology, and the ability to enact surveillance through technology, expands its remit, those powers are increasing almost by the day.
In the UK we have a strange sleepy indifference to questions of surveillance and privacy. “The innocent have nothing to fear,” says William Hague. But who gets to define who is innocent? Who gets to say what is contradictory to the “economic wellbeing” of the UK? If the innocent have nothing to fear, why is the state reading so many of our emails, and sucking up so much metadata from our phones and computers, under the umbrella of “sigint development”?
People misunderstand what a police state is. It isn’t a country where the police strut around in jackboots; it’s a country where the police can do anything they like. Similarly, a security state is one in which the security establishment can do anything it likes.
We are right on the verge of being an entirely new kind of human society, one involving an unprecedented penetration by the state into areas which have always been regarded as private. Do we agree to that? If we don’t, this is the last chance to stop it happening. Our rulers will say what all rulers everywhere have always said: that their intentions are good, and we can trust them. They want that to be a sufficient guarantee.
There’s no need for us to advance any further down this dark road. Here are two specific proposals. The first is that the commissioners who supervise GCHQ include, alongside the senior judges who currently do the work, at least one or two public figures who are publicly known for their advocacy of human rights and government openness. The “circle of secrecy” needs to include some people who are known for not being all that keen on the idea of secrecy.
My second proposal is for a digital bill of rights. The most important proviso on the bill would be that digital surveillance must meet the same degree of explicit targeting as that used in interception of mail and landlines. No more “one end overseas” and “sigint development” loopholes to allow the mass interception of communications. There can be no default assumption that the state is allowed access to our digital life.
As the second most senior judge in the country, Lord Hoffmann, said in 2004 about a previous version of our anti-terrorism laws: “The real threat to the life of the nation, in the sense of a people living in accordance with its traditional laws and political values, comes not from terrorism but from laws like these. That is the true measure of what terrorism may achieve.”