Along with privacy laws, it is up to the big internet players to protect vast stores of personal data, writes JOHN GAPPER
IN GK Chesterton's The Man Who Was Thursday, a secret policeman who infiltrates a violent seven-man anarchist gang in Edwardian London discovers that all the other members apart from Sunday, the mysterious ringleader, are secret agents too.
Scotland Yard would not need to go to so much trouble these days. It could simply, with the approval of the courts, listen to the anarchists’ phone calls, scan their e-mails and place software on their computers to monitor their internet use.
The shift over the past two decades towards the use of e-mail, the internet and other technology – by both companies and individuals – has provided a potential trove of data for security services and governments. Were it not for privacy laws, data encryption and companies’ scruples, the world would be a far easier place for police and spies.
That is why the battle in the Gulf between the governments of the United Arab Emirates and Saudi Arabia, and Research in Motion (RIM), the maker of the BlackBerry smartphone, is vital. If companies that store and transmit vast amounts of personal data do not provide protection against routine snooping, we can all wave goodbye to privacy.
The UAE, which has threatened to block BlackBerrys unless RIM makes it easier to monitor e-mails and messages, has a clever argument for insisting on limiting civil liberties. Such “soft” surveillance – virtual security checks instead of physical barriers – is the price to be paid for life in a peaceful state. The Gulf state wants to be able to scan the mobile spectrum for terrorist and anti-state chatter. It also wants RIM to maintain servers within the country so that, when it identifies someone who is acting suspiciously, it can find out what else he or she has been up to. Saudi Arabia, meanwhile, has ordered its network operators to block unspecified BlackBerry services.
These countries are not alone. India is in the middle of a similar dispute with RIM over e-mail encryption, and UAE officials claim that RIM has been co-operating with other countries including Russia and China (an accusation that Mike Lazaridis, co-chief executive of RIM, yesterday described in The New York Timesas "patently false").
The UAE lumps what Mohammed al-Ghanim, director-general of its telecommunications regulator, calls “so-called open countries” into the same category. Both the US, which has accused the UAE of setting a “dangerous precedent”, and the UK allow security services and police to search data on computers with a subpoena or warrant.
Western countries are not shy about trying to probe private lives. Google keeps a log of requests from government agencies for information about users and Brazil and the US top the list, with more than 3,000 inquiries each between July and December last year.
Due process has also been under pressure in the West since the terrorist attacks of September 2001. The US Patriot Act made it easier for agencies to make cable and telecoms companies provide customer data, and Yahoo is currently fighting an effort by US prosecutors to obtain e-mails without warrants. There is, however, a big difference between inquiries into individuals approved by judges and routine scanning of data by agencies and the police.
The rule of law is the best hope for innocent users of the internet and mobile phones to keep their civil liberties. The second best hope is the determination of companies not to disclose personal data. The dangers of security services forming public-private partnerships with companies to monitor individuals’ behaviour are large and growing.
Technology companies, particularly those such as Google, RIM and Apple, which operate mobile software and services, now routinely hold a huge array of information about people’s private lives, from their friends, e-mails and browsing habits to their location at any moment. Some plant software “cookies” on computers to follow which websites a customer uses so they can serve up advertisements targeted by interests; they keep phone records and address books in “the cloud” of remote servers; they know when someone searches for weapons, or just sex.
It has serious implications if such companies are not prepared to resist governments’ efforts to get hold of this information without having to justify intruding. The importance goes well beyond the need to protect their reputations by not breaching bland promises of privacy.
Google has taken a salutary stand following its discovery of attempts to break into Gmail accounts of Chinese dissidents. It has switched to providing uncensored Chinese language search results from Hong Kong and started to encrypt Gmail and search services.
There is still ambiguity about how hard RIM is prepared to fight against surveillance, despite Mr Lazaridis’s insistence it will not surrender on encryption of corporate e-mail. Even now, individual BlackBerry users enjoy less e-mail security than corporate users.
There are strong incentives for firms to install local servers to allow government agencies easier access to data, or to point them to corporate customers that hold data. They are not eager to be punished for non-co-operation by being shut out of promising new markets. Despite that, they should demur. Our lives are already stored in our computers; we do not want the secret police there too. – (Copyright The Financial Times Limited 2010)
Lucy Kellaway is on holidays