As published in The Times:
State snooping will hit Britain in the pocket
Distrust of mass surveillance could spark a damaging exodus of IT companies
Last week in Washington was one of extraordinary turmoil for the spies and cryptographers of the US National Security Agency. After months of growing outrage at the mass invasion of privacy by the NSA’s vast telephone-data collection programmes, President Obama commissioned a review by an expert panel.
Its conclusions astonished Washington and will have equally significant implications for the UK.
In a severely critical report the panel found that mass surveillance of the public’s telephone “metadata” — the details of who they had called, when and where they were when they did so — was ineffective as an intelligence tool and made excessive inroads into the privacy of ordinary American citizens.
As it was being published, the Senate Judiciary Committee looked at the NSA’s claim that these techniques had helped to solve or stop 54 cases. They concluded that only one stood up to scrutiny — a donation by someone in San Diego of $8,500 to al-Shabaab in Somalia. As al-Shabaab frequently exacts million-dollar ransoms for ships seized by pirates, this amount was hardly material, and certainly did not justify the size, expense and intrusiveness of the programme. The other cases simply crumbled under scrutiny. Not for the first time, the impression was left that the NSA had misled both the public and Congress.
There was the growing anger in Silicon Valley. As stories emerged of the undermining of the security of their products, in particular the breaking into Google’s servers by GCHQ in Britain, high-tech companies decided to defend their industry. The erosion of trust would lead to losses totalling $35 billion. Facebook in particular, with a young clientele, 80 per cent of them abroad, made clear that it could not tolerate these huge breaches of privacy.
Mr Obama is acutely conscious of the need to preserve the competitiveness of the high-tech sector, so he met Congressional leaders, industry representatives, privacy groups and his own review panel to try to decide what to do.
The review panel had made 46 recommendations, including closing the collection programmes, beefing up the courts that oversee the NSA, requiring judicial approval for many data-gathering exercises, huge increases in transparency and the destruction of all data obtained on US citizens not pertinent to investigations. It recommended a proper respect for the privacy of the citizens of foreign states and a curb on spying on allied leaders.
The panel was chaired by Richard Clarke, the counter-terrorism adviser to President Bush at the time of 9/11, and included the previous deputy director of the CIA. The lawyers on it are sympathetic to the Administration. These are not a bunch of left-wing radicals, but hard-headed, practical men.
So Mr Obama is likely to accept most of the recommendations. Even if he does not, a clear majority in the House of Representatives will do the job for him. In the Senate the majority is less clear, but it is likely to follow the House’s lead.
So in the next 18 months the US intelligence community will have cleaned up its act. Britain, almost alone in the West, has been remarkably complacent about the astonishing way that the NSA has, with GCHQ assistance, used an extremely loose interpretation of the law to go on a fishing expedition through the phone, internet and e-mail records of its own and allied citizens. Even if we accept that it is tolerable for British citizens to have a much poorer standard of privacy than Americans, the economic consequences of our complacency are likely to prove unpalatable at very least.
Distrust is on the rise. E-mail companies are already setting up in countries with strong privacy protection, such as Germany, to take advantage of the loss of credibility of US companies. The internet makes up about 12 per cent of Britain’s economy. If we do not act to make our intelligence-gathering systems as focused and accountable as the Americans have, the shadow of distrust could shift from them to us. That means that fewer IT-based companies will come here, and some will migrate abroad.
British industry and the British economy have benefited hugely from our country’s reputation for trust and integrity. It would be a terrible paradox if our intelligence communities’ well-intentioned efforts to protect our physical security ended up undermining our economic security.