As published in the Mail on Sunday:
Your mobile phone is watching YOU,
Writes David Davis: Campaigning former Shadow Home Secretary’s own phone log reveals the insidious tracking of our every move
British security services using American technology to spy on our personal details; German leader Angela Merkel’s phone bugged; 60 million Spanish phone calls monitored by the US National Security Agency in just one month.
When this super-sized snooping operation is challenged, its defenders claim that the information collected is harmless.
It is ‘only metadata’, we are told, and does not reveal the content of phone calls and emails. If that sounds reassuring, it shouldn’t. In the wrong hands, a database containing seemingly innocent metadata (meaning data about data) could be used as an automated blackmail machine.
The authorities are forcing service providers to store the phone numbers we called and were called from, the email addresses we sent messages to and received messages from, and the time and place we did so – in other words, they are tracking us using metadata.
We know this for a fact thanks to the documents leaked by whistleblower Edward Snowden.
To see exactly what metadata can do, I asked my mobile phone provider to give me all the data they held on me for a year.
What they gave me filled a shelf. At first glance, the information looked harmless – just a long list of numbers, co-ordinates, dates and times. But what it revealed was approximately 40 ‘data points’ every day, monitoring where I had been at any one time for a year.
Using the data, I plotted a day in my life on a map. I could see exactly where I had been at pretty much every point of the day. The day I chose was one I had spent at party conference, where I had met members of the public, journalists and colleagues from Parliament.
So in conjunction with those people’s phone records, the data would show everybody I met that day at least as well as if I had been a prisoner on a tag.
That is before they look at who I called or texted – and if they had their way, at every website I visited and every email I sent.
The State rarely asks for information which isn’t of use to it. With this metadata they can learn as much about me as they can by reading my emails or eavesdropping on my calls.
And not only information about me but about the people I come into contact with. If you happen to be in a room with me then – thanks to an EU treaty – they can access your phone data too.
Metadata is a useful tool. Phone numbers all have the same format. Dates and times can be recorded in a standard way. It makes locating you and learning about your habits easier than monitoring, storing and transcribing one of the 130 million mobile phone calls we Brits make every day.
What is more, the numbers you call can be revealing in themselves. Many phone lines have a single purpose, like those for ChildLine and the Samaritans. There are helplines for people struggling with drug addiction, for gay and lesbian people who need support, and for victims of rape or domestic violence.
Even if the State cannot listen to the conversation, simply knowing that you have called a specific number can tell it something very personal about you.
In fact, analysing our communications can reveal our whole social network. People on intimate terms are more likely to contact each other late in the evening. If those calls suddenly stop, it is fair to assume that the relationship has ended. If the database shows that you only call a particular number once a year, you are most likely not close to that person. Similarly, a sequence of phone calls can tell a story. If a young woman calls her doctor, then her mother, then a man she has spoken to every day for the last three months, and then an abortion helpline, you do not need to hear those conversations to figure out what is going on.
The same goes for text messages. Take the practice of using them to make donations. Often the content is just a word like ‘DONATE’. What matters is the number you text it to – which is part of the metadata.
If you text ‘GIVE’ to 70010, you make a donation to Comic Relief. If you had texted the same word to 62262 last year, you would have helped fund President Obama’s re-election campaign. The content, which the State cannot see, would tell it almost nothing. The metadata, which it can see, can show what charities you support, your religious faith and even your political allegiance.
When it comes to internet activity, the argument that metadata is non-intrusive holds even less water. For young people in particular, friendships and relationships are largely digital activities. People hold entire conversations online. By monitoring internet activity, the State could track not just the time and date of yesterday’s emails, but also the context of yesterday’s conversations. In Germany, this kind of monitoring is not permitted. In 2010 their Constitutional Court overturned a law that required all phone and email data to be kept for six months. Judges ordered the destruction of vast amounts of personal data held by telecoms companies. In a nation that remembers the Stasi, this State monitoring touched a nerve.
Since the Snowden revelations, we know that our security services have engaged in legally dubious gathering and monitoring of our metadata. We know that they, along with many Ministers, want the legal power to do this on an even bigger scale. This has serious implications for our privacy. Even if you believe Ministers are saints, not everyone who has access to your data will be. I have spent a year unravelling action by some members of one arm of the State – the police – to stitch up former Chief Whip Andrew Mitchell.
This is not a new phenomenon. Earlier this year, a former undercover policeman revealed that senior officers asked him to ‘dig dirt’ on the family of Stephen Lawrence in order to deflect attention from the claims of racism against them.
However, the issue is not just potential State abuse of data. If the State acquires so much sensitive information, it too becomes a target for hackers and criminals who want the data for their own ends.
Hackers have gained access to the email accounts of US government officials and to sensitive IMF records. They regularly attack Government computers, aiming to steal defence secrets and personal tax details.
That is why the NSA’s decision to weaken encryption protection on Hotmail, Facebook, Yahoo and Google was so utterly foolish. Of course that made it easier for them to access users’ personal data, but it also makes it easier for cyber criminals.
To add insult to injury, governments are usually pretty bad at protecting data. Between 2004 and 2008, the MoD alone lost 121 memory sticks and 747 laptops. In 2007, HMRC lost two CDs containing the names, addresses and National Insurance numbers of 25 million people.
More recently, an NHS official lost a memory stick holding the medical details of 6,000 people. The data was encrypted, but the password was written on an attached Post-it note.
The Snowden files show not just what our security services have been up to, but also what they want to achieve – the monitoring and collection of all digital and mobile communication. Given their job description, that is understandable. But in a free society, it is not acceptable.