Wednesday, July 03, 2013

Metadata is intrusive

The GCSB thinks it can pillage your metadata (phone records, phone location, who you emailed and when) without a warrant. The government is currently passing a bill to ensure that they can. But lots of people aren't concerned, because they don't think it matters.

They should be worried. Really worried.

We've already had one good (though C18th) example of the dangers of metadata, showing how it could be used to find Paul Revere. Most people aren't Paul Revere however, or engaged in protest against the government, so don't care. But here's a better example, which demonstrates just how powerful metadata is as a surveillance technique: you can use it to build up a near-total picture of someone's life:

Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet.

By pushing the play button, you will set off on a trip through Malte Spitz's life...

And it shows you a moving map of what he did, combined with what he publicly said about what he did. Where he went, who he met, how many phone calls and text messages he received, how much he used the internet.

Under current law, the GCSB - or the police for that matter - can do this to you. And they can do it without needing any form of warrant. In fact, they can do it to all of us, all at once, and then mine the data for patterns to see who talks to who and who is "acting suspiciously" (whatever that means). Which is pretty much what the NSA is trying to do with PRISM. And we cannot trust their little brother agency the GCSB not to do the same.

Why does this matter? Because people act differently when they are being watched. Surveillance tends to lead to conformity with the surveillers wishes. Mass-surveillance leads to mass conformity. And when it is the government doing the watching, that is downright dangerous to our democracy.

(Alternatively, as in the UK, everyone starts wearing hoodies. But there's no equivalent of a hoody for your phone call, internet and cellphone location metadata. At least, not without radically changing those technologies to make them functionally immune to government surveillance and then marketing those changes successfully so as to bring about mass-adoption in the face of a hostile government - which is already threatening to simply outlaw foreign-hosted services which protect our privacy).

I don't want to live in a panopticon where my actions are scrutinised 24/7 by the government. I want to be left alone, to go about my business, unless there is some actual reason for intruding on my life. Metadata is so intrusive that it should require an interception warrant, the same as for listening in to phone calls. Its that simple.