Print Friendly and PDF
only search

After Snowden, can technology save our digital liberties?

In this wide-ranging interview with human rights lawyer and former Privacy International head of advocacy Carly Nyst, we discuss surveillance politics, radical thinking, and human rights on the internet.


Rosemary Bechler (RB): I’m absolutely delighted to have Carly Nyst with us this morning for a discussion. Carly was head of advocacy at Privacy International until the end of 2015, and now she is a freelance advisor to many of the bodies that we look to, to try and monitor government and hold them to account under these circumstances.

I’d like to look back a little to contextualise where we are now, with your help. One rather crude way of doing this is to say that in 2013 you wrote a piece about data analysis in the developing world for us, saying “forget blood diamonds”. It was all too easy for developing countries to think that data analysis had “the potential to accelerate economic growth, catalyse innovation”, but in fact, look closer and there were all sorts of political challenges in defending individual rights. It strikes me that at that point you must have assumed that in the developed world we would be able to establish those rights for ourselves, and that it might be the developing world that would be stuck with the problem. Today, with the UK Investigatory Powers bill well under way, what is your thinking on that?

Carly Nyst (CN): That’s really interesting. I think that there was a feeling in around 2011-2013, prior to the Snowden revelations, that the protections around digital technologies in the ‘west’ – for want of a better word – were miles ahead of those in the developing world. And particularly with the Arab Spring and the way we saw surveillance technologies being used by Tunisia, Libya and Egypt during that period, there was a very strong sense in the EU at least that this was an illustration of how a lack of legal regulation and strong judicial oversight in the developing world had led to these really strong, really outrageous oversteps when it comes to surveillance.

Then of course, one year later, we saw that the reality of what is happening in the west matches the type of surveillance happening in those countries. So I think that was a unique moment, writing then, when we didn’t understand the depth of government intrusion into privacy via digital technologies that was happening in the EU and in north America. I say that we didn’t understand, but I think there were many people who did suspect this. There just wasn’t strong evidence of that. So there seemed at the time to be a mismatch.

The other thing to say is that there is something unique about the way these debates are being held in the developing world and the global south that contrasts them particularly to Europe – maybe more so to continental Europe than here in the UK. I definitely see a division between British attitudes as illustrated by the government, not necessarily by the people, and continental European attitudes to privacy and the internet.

But when you look at the global south, you see a very fast adoption of mobile technology and a number of other technologies that is not accompanied by regulation and by the same degree of institutional mechanisms that exist here in Europe. Biometrics, for example, you see in a great many places in west Africa, which is where I have spent time recently. You see mobile money, the use of mobile phones for a range of different things, and very poor or absent regulation across the board. So there is still a gap between the developing world and the global north, but I wouldn’t be so naïve any more as to say that things are far better here than they are there, because certainly that’s no longer the case.

RB: Edward Snowden then proceeded to transform that whole world of perceptions. The next time we hear from you is in 2014 when you’re hoping that the UN High Commissioner for Human Rights, Navi Pillay, will get somewhere by taking a defiant stand against the Five Eyes intelligence-sharing agreement.

Since then, we’ve been placing our hopes on various stages. But at each stage, this seems to slip out from under us in some way. And to ask you a very direct, personal question, have you given up? Is that why you stopped being head of advocacy at Privacy International. Have you just become a little wearied as a human rights activist and lawyer in this field?

CN: I want to respond to that with a positive approach, but I will admit that I have a feeling – and I think that others who have worked in this field for the past five years have a feeling – that we are slightly wearied. It does feel that every advancement is met with a new intrusion or a setback. I personally feel that the experience with the UK Investigatory Powers bill – though I won’t claim to have been doing a lot of the advocacy around it – has been a somewhat disappointing, if not soul-destroying one. To see that processes of reform have taken this arc: where we had Snowden, we had initial denials, then we had gradual acceptance and gradual willingness to engage on the part of the government, willingness to commission enquiries. We had some court decisions, we had some reports published that vindicated Snowden’s claims. We had the government concede that they would adopt a new law, and then for that law to come back and enshrine the very outrageous practices that we had expressed concern about at the beginning does feel somewhat…

RB: …  adamantine? And of course if we just push at that a little bit, it’s interesting because what Snowden did achieve, I think, was that there was a public identification with whistle-blowers, that the argument did shift in favour of people wanting to interrogate governments, and not entirely trusting what they did. So one thought there would have to be some response, on some level of government, and that’s what makes this stage so peculiar.

CN: Exactly. But, we have to take the long view. We have to think that this is how history develops and change occurs: to have things brought into the light, and then, to be expected, a government pushback on greater transparency, greater accountability. I hope that when we look forward ten years, we can see these patterns emerging, we can see the changes from a position of distance.

For example, yesterday, GCHQ launched its first Twitter account, and has also completely revised its website. They’re on the PR offensive. Now, there wasn’t even an official admission that they existed some decades ago! Even three or four years ago, they were absolutely responding with closed circles and clamped mouths to the Snowden revelations. They’re now trying to make efforts to sell their own institution. You have to look from a long-term view, you have to say that this is an increase in transparency. It’s enabling the British public to have greater scrutiny, and an engagement with their security services. That is a gain in itself. So I think it’s very easy to get bogged down in the constant setbacks and challenges, but it’s also important to take a step back and look at some of the gains we’ve had.

RB: Before we get too optimistic, just let me ask you about the conclusion from one of my favourite articles on this on openDemocracy, by Didier Bigo. He wrote us a piece called “The paradox at the heart of the Snowden revelations”, and he ends his article calling for the need to create a “European or international oversight committee, with specific powers of enquiry in the case of severe breaches of human rights (extra-judicial killing and torture, for instance), coordinating different national oversight bodies.” This is partly because he’s been arguing that some of the oversight bodies that we now see being put in place, rather publicly, are actually doing the sort of counter-job of making damn sure that the intelligence and secret services don’t get pushed to be accountable in certain areas. So he’s saying ‘no, we need something international’.

He then concludes: “If these changes are not made, the Snowden disclosures will have served only to reinforce one thing: the intrusiveness of global surveillance.” He is suggesting that paradoxically what we’ve managed to do is get the ‘chilling’ effects to start to work, but without the reassurances that we’re going to be able to fight back. So I hope we’ll now take some time to discuss how the response by expert bodies and the NGOs, the watchdogs and the whistle-blowers, might adopt a more sophisticated approach to the fight back.

CN: I would slightly disagree with Didier’s conclusion that if we don’t see the establishment of such a mechanism then the only outcome of the Snowden revelations will be to entrench the chilling effects. The rule of law is based on the people knowing what the government is doing and accepting that, and to the extent that about three years ago, the government would make no admission, let alone try to justify the fact that it was doing such invasive surveillance techniques, now we see somewhat frightening frank justifications of those same techniques.

RB: I remember you talking about how one day they didn’t admit to hacking, and the next day they passed a law which said it’s okay to hack....

CN: I think that is the pernicious thing about the law, that it can serve to justify and legitimise things that were previously done in the shadows. When they’re out in the open they’re now legitimised. On the other hand that’s why we have the rule of law. But once these things are regulated, once they’re out in the public, the people are better able to scrutinise. And again, taking the long view, we might not immediately see that happening.

But even if the Investigatory Powers bill passes as currently written (frighteningly), I think that will serve human rights ultimately, because it will allow people to hold government to account. On the question of oversight mechanisms, it’s true that early on at least, the parliamentary oversight mechanisms in the UK only served to reinforce and validate GCHQ’s position on this. The Intelligence and Security Committee’s (ISC) first statement is laughable when you go back and read it, when they talk about there being absolutely no way that GCHQ has done anything wrong. Particularly when you compare it to the more recent ISC report, which heavily criticised the Home Office and others for contents of the IP bill.

You can see, then, the effects of politics on parliamentary oversight communities, because that is the influence of Dominic Grieve having led the ISC in more recent times and taking a much harsher position towards the security forces. Whereas, under the leadership of Malcolm Rifkind, there was a very close alignment with the interests of GCHQ.

That in itself illustrates the problem though of parliamentary oversight mechanisms being the main ways in which intelligence services are scrutinised. Some European countries are doing a far better job with oversight. I know there is coordination between some countries, like Belgium, the Netherlands and Luxembourg, when it comes to oversight of intelligence. So Didier’s point is probably right, that there could be a greater coordination of European oversight.

The UK aside, there are very strong post-hoc oversight mechanisms which are very effective, but it is my sense that more attention needs to go into authorisation – particularly moving to judicial authorisation – and the restraining of those powers in the first place, rather than investing solely in retrospective oversight.

That’s a broad statement, and I wouldn’t want to stand by it necessarily in all contexts - the UK, I think, could definitely improve its post-hoc oversight. But – and maybe this is an opinion I have formed because I’ve seen so many members of the government wanting the debate to go towards oversight rather than restraining powers – we need to focus as much on restraining, and the lawfulness of surveillance powers to begin with, as well as overseeing their implementation. So particularly in the UK, I would like to see judicial authorisation of surveillance, warrants, before they take place, rather than merely overseeing them afterwards.

RB: Is that something to do with the predictive nature of the data mining that is going on?

CN: It’s predictive, but it’s also because at the moment, it’s indiscriminate. It’s not targeted. Whereas if there was a requirement for judicial authorisation, any judicial officer would see the problem with that more clearly than those who are not really charged with looking at human rights or proportionality. They’re not really charged with making that calculation. They’re really looking at what’s a cost-effective way of doing this kind of surveillance. It may be more cost effective to do it that way, so it’s important that there’s someone looking at that: but it’s equally important for someone to be looking at what are we trading off in that process. If you were to put a judicial officer in charge of authorising warrants that had whole cities listed on them or towns or even countries, I think most judicial officers would find it quite difficult to make that calculation.

So we’ve moved to a point where not only do you not need to name anyone on your warrant and you don’t need to show any suspicion of that person, that city, that town, you merely need to reference terrorism or online child paedophilia as justification. We’ve lost what was originally the calculation around reasonable suspicion or probable cause to put somebody under that surveillance in the first place.

RB: What about Germany and France ­– can I ask you about them? Because they were rather shocked by being used by the Five Eyes rather than being welcomed on board. What’s happening there?

CN: Those two countries are polar opposites in many respects. Firstly, in Germany you have a very long history of privacy protections, and we all know the historical roots behind the German people’s rejection of the intrusion of state power and of excessive power given to security services. In modern jurisprudence, in the last 10 to 15 years, we have seen many cases in Germany that have gone up to the European courts where individuals have tried to restrain the power of intelligence agencies in Germany. They have quite a strong oversight mechanism which can definitely be improved, but I think they are exemplary in many respects. They did get some egg on their face during the process of the Snowden revelations, when, having come out very strongly against the NSA because of the Merkel revelation, and taking the very laudable step of establishing an enquiry, it then came out in the course of that enquiry that they were in fact very closely enmeshed with the NSA…

RB: …and eager to be even more closely enmeshed.

CN: Absolutely, so I think they’ve gotten themselves into a slightly difficult position, politically, because they’re also leading the way at the UN in developing protections around privacy in the digital age.

RB: It does show how strong the undercurrent of this basic compulsion is: to be on the cutting edge?

CN: I think that’s right. I hesitate to get onto terrorism so early on in our conversation, but I don’t think you can underestimate the power that the counter-terrorism debate has had on the surveillance debate, and how closely enmeshed the two are. Which brings us to France, where I really think that is what you’ve seen in the last two years. France had a long history, like the UK, of very secretive intelligence work. Their intelligence agencies were not regulated by public legislation at all. It wasn’t the Snowden revelations, but the Paris attacks which catalysed the development of the law around intelligence in France, and the leaping forward to far greater and more intrusive powers. The legislation they have passed in the last two years is just as frightening as the Investigatory Powers bill. There you’ve seen really just how strong a motivator terrorism is in trying to expand state surveillance powers.

For example, one of the provisions that is in their legislation now is the installation of black boxes on internet cables, which can be used to filter in order to identify terrorist content. Now we don’t really know what they mean by this, whether or not they’re putting together a list of words, that includes ‘bomb’ and ‘kill’, for example, and then they’re filtering everybody’s Google searches on the basis of those words. I personally don’t know the details of it. But I think that in France we have seen a much stronger leap forward in favour of surveillance than we have in Germany, which I would say is trying to rein things back. But it’s really the French experience of terrorism in the last couple of years which is really pushing that legislation forward.

RB: How does that relate to the statements that we’ve had in the UK that extremists are going to be monitored through Google speech mechanisms? Doesn't that put us in a similar category?

CN: It does. I would say that the French narrative is being adopted just as quickly by British politicians to justify an extension of British surveillance. This is really why this issue is quite a complex one, because we are at a point where the threat of terrorism – while, in my opinion, it continues to be overstated – has a unique structure: being decentralised, and being home-grown I suppose. Rather than the threat coming from a foreign country, you are trying to identify burgeoning terror threats within one’s country. That’s part of the very nature of being digital, in the sense that there’s a range of tools available in terms of material acquisition that there weren’t even 10 to 15 years ago.

It’s a unique posture, the terrorist threat at the moment. It’s in a unique place that positions it so that the answer from the security point of view is for more surveillance. 15 years ago that wasn’t the case and perhaps in another 10 years it will have changed again or been eliminated, so that it’s no longer ripe for manipulation to justify these policies. But at the moment, it’s a perfect storm. British politicians are able to point to the nature of the Brussels attack or the Paris attacks, and say that the precise thing we need to counter this is the greater monitoring of text messages, or the ability to break encryption, because terrorists are using encrypted text messaging services. It provides the perfect question to which they have the answer. So I think that’s a really unique and complex part of the debate at the moment.

There are definitely ways to demonstrate that this is not the answer. One of the really difficult things around the surveillance debate is effectiveness. How effective actually are these tools in fighting terrorism? And then you go into counterfactuals, because of course we haven’t had a terror attack in Britain for the last ten years. Is there a causal relation between the lack of terrorism attacks and the increase in surveillance? The government will say yes. We have no way of proving otherwise.

RB: But it’s quite interesting isn’t it, that some of the foremost whistleblowers who were formerly working at the NSA have such a concerted line of argument about the sheer amount of data being mined, and how this prevents you from actually being efficient in the pursuit of terrorists. They argue that in fact it is old fashioned, really good undercover policing that is decisive in that battle.

CN: That’s a really good point. I’ve heard a lot of ex-police officers and others in law enforcement say that in the past ten years, their budget has decreased for human intelligence and investigatory policing while the budget for digital surveillance has increased. Your point is exactly right, that things like the Brussels and Paris attacks, and even Woolwich, serve to illustrate that perhaps we’ve done ourselves a disservice by investing so much in digital surveillance, from a strictly utilitarian perspective, because police forces aren’t able to do the type of policing which actually could have been decisive on those last three occasions.

RB: Let’s move on to what’s going to happen next. What do you think are the key turning points either in Britain or internationally, and in what state of preparedness are the forces that are trying to defend our human rights?

CN: One of the ways I’d cut it is to look at law and technology. In terms of the law, we have some real challenges ahead. We have new surveillance laws in countries like Britain, in the Netherlands, in Switzerland, potentially Finland, Denmark, France just recently, which really seek to expand existing powers that are on the books and not necessarily to expand protections. So I think we have a European trend towards legitimising greater surveillance in the law.

At the same time, and interestingly, we have a European trend towards stronger European privacy regulation, particularly in the general data protection regulation which was adopted early this year and which will come into force in 2017. There we see a pretty strong commitment to improving privacy protections for consumers and for individuals. So if we compare those two trends – greater surveillance powers amongst European states, but also stronger privacy protections – we can see this exceptionalism for national security and law enforcement, but also a real desire to protect privacy vis-à-vis companies and consumer issues. I think that’s an interesting contrast.

You can probably cut that in a range of different ways around European attitudes and different political interests pushing up against each other, but one way to look at it is that national security issues will continue to be an exceptionalist area of policy that allows for these powers to expand. The trends in Europe around surveillance are going to continue to be mimicked and followed by countries outside of Europe.

One of the means by which that happens is through the use of cyber-crime legislation to increase surveillance powers. One interesting development in the law camp is that as cyber issues become more and more relevant and part of public consciousness, we see cyber-crime and cyber-security as broad policy justifications that are being rolled out to justify a range of different things. The public is much more in tune to what cyber threats are, and how cyber-security might be relevant to them in a very real day-to-day sense, and there’s a tendency to use precisely that to roll out a range of different powers. One of the ways we see that in developing countries is the adoption of cyber-crime legislation which is in fact surveillance legislation, or even legislation which restricts certain speech online. So, for example, in a number of countries in the Middle East, the cyber-crime legislation will contain restrictions on whether or not you can criticise the government on the internet.

That’s a really interesting area of law and policy. It’s also difficult because cyber-crime is a real threat, cyber-security is an important policy driver and countries are very integrated in their concerns; it’s very hard for the UK to protect its security without working with other countries throughout the world on their cyber-security issues. So there’s a really strong global driver for greater cyber-security policy and law. But at the same time, that’s being used by some countries as a shield for them to expand their own surveillance and intrusions into online speech.

RB: Can we just linger on online speech and this development that if you criticise the government or mainstream media, you could find yourself being monitored for 'extremism'. Will this monitoring of speech be an international frontline that we’ll have to push back on, or do you think it will be particularly acute in cases like Egypt?

CN: There's no doubt that the idea of countering online extremism is becoming a very popular way to describe a number of different policy initiatives, and I think we’ve seen right here in the UK the way that the term 'extremism' can be used.

RB: You have said that you are worried about the homogenisation of culture, within that trend.

CN: Absolutely, because of this idea that extremist speech is radical speech and that radical speech is this speech that counters mainstream ideas, which we almost see verbatim in UK policy documents. They don’t put it that plainly, but the material given to the parents of children in schools, trying to educate parents about what it looks like if your child is displaying extremist tendencies include: if they disagree with mainstream media, if they show disapproval of mainstream political ideologies. What underpins this must be a rejection of radical ideas and radical thinking. That’s where I feel we are in fact promoting homogenised cultural attitudes and political attitudes. It isn't necessarily the same concern that exists in countries like Egypt. But in the US and in the UK we see this used to counter violent extremism very strongly.

RB: Moreover, hate speech legislation has a similar effect, because you can never answer the question of who decides where to draw the line. So maybe this is part of a much more general undermining of pluralist politics, with its sense that security in a democracy is guaranteed by the very fact that you can raise very alternative views? If this is the case, it should surely feed into some kind of international solidarity with countries where you simply can’t criticise the government at all, as in Egypt or Turkey. What relation do you see, if any, between the authoritarian, illiberal societies and democracies on those sorts of themes? Because we can be really complacent, can't we, that we’re not going to be in the same kind of trouble?

CN: If you look at different regional and geopolitical arrangements, you see different countries taking different positions on this. So in the US and the UK you see content restrictions or speech restrictions are only justifiable in the name of countering extremism or countering terrorism. But they’re beyond the pale, particularly in the US, in all other circumstances: the first amendment is so strongly embedded into cultural ideology there.

In the UK, you have slightly more willingness to control speech, under the ambit of terrorism and countering extremism. But when it comes to hate speech in the UK, you have quite a strong rejection of what in Europe is much more commonplace; countering and even criminalising xenophobic and racist hate speech is much more welcome in Europe – to the extent of additional protocol to an international convention called the Budapest convention on cybercrime. That convention is signed by 50 countries around the world, including the US. But there’s an additional protocol on banning racist and xenophobic hate speech, and the UK and the US are not part of that.

Then when you look at what we consider, more willingly, as authoritarian or totalitarian governments, there the restrictions are less about countering hate speech and extremism, and more about protecting power and preventing speech which undermines power. There is much more of a black and white problem there around the content restrictions on speech which in any way might threaten government power. These are used very heavy-handedly and are clearly interferences in freedom of expression. Whereas hate speech sits in a very murky place in international human rights. Certainly hate speech which amounts to inciting violence should be banned under law.

RB: That’s the only clear part of it. The rest of it is murky indeed.

CN: Exactly. So I think that we see every country in the world struggling with this, such that there are types of expression which may not be acceptable in every society. The questions we need to grapple with though are: what role should the law play with respect to that expression? And how does the internet change things, how does it make it more complicated? Because it enables speech to be more quickly disseminated and also speech outside one’s society to enter your society.

Maybe it can also bring the temperature down in the debate, because a lot of people say that the way they counter hate speech is with more speech. So, we do see the internet playing that role. You can find any number of horrendous statements online, but because of the very volume of information available, some of it is drowned out. I think it’s a really complex debate which deserves to continue.

Adding a layer of complexity, we have things like the right to be forgotten: the idea that you should be able to protect your reputation online by having things that are out-dated or irrelevant or excessive removed or at least disassociated with your name on the internet. In a way, it’s another form of content restriction, we’re kind of working out what the limits of that are. And again we see a big difference between the US where there’s a very fundamental opposition to any type of right to be forgotten or right to erasure, really coming from a 'free expression' point of view. And again, European attitudes are different in that respect.

This is a veritable minefield when you talk about what speech is acceptable and where, and how you can address it with law. There was a case a couple of years ago of an anti-Semitic hashtag that was being used by French Twitter users, and there was a lawsuit against Twitter in California, that they should be blocking the use of this hashtag. And Twitter said, "we’re not taking anything off the internet." They very much had an American free speech attitude, and the French had very little power over this Californian organisation. So these ideas of jurisdiction are really problematic at the moment.

RB: How could one turn that into a positive debate? Because, ideally, this is an opportunity for very different angles and nuances on an issue to be brought forward.

CN: Human rights law aspires to be specific enough to give people concrete rights, but general enough to be able to be implemented in different countries in different cultural circumstances. So as a human rights lawyer, I would say we should be able to find common ground in human rights law that unites us. I don’t think we can ask for anything more in terms of international law at the moment; I don’t think we could have, for example, an international convention which goes into detail on speech, and which types of speech are acceptable and which aren’t. At the end of the day, law is politics, particularly international law, and I’m not sure you’d want to open up such a debate to a political fight.

From a human rights perspective, we’re better off using the tools we have currently to try and find guidance in international human rights law. There is an ongoing fluid conversation and law is a social instrument. It’s a living instrument. It has to change as social attitudes change. We need to leave it open for debate. I don’t think that’s a negative approach. It’s a positive stance to say we have the tools that we need to have in human rights, we just need to continue to engage in international conversation about these things.

On the other side of that, there is some convergence internationally around some things. So if you look at data protection law, you see Europe taking a really strong lead, and that’s filtering out to many other countries, really through necessity and economic drivers, because you have European companies that want to send data to the Philippines, for example, and then we saw the Philippines adopt data protection laws that were of equal strength to Europe. So we see some international convergence on protection rights like that as well.

RB: What are the things to look out for in the fight-back?

CN: I’m a lawyer and I’ve always been in a position where law is the tool that we need to use to protect digital rights and to solve these complex issues. But I’m increasingly of the opinion that technology can provide some of the solutions that we’re after, particularly when it comes to encryption and how encryption interacts with privacy and data protection. And we’ve seen that in the last year or two, really at the forefront of current affairs and political debate, particularly in the case of the Apple and FBI encryption scandal. We’ve seen a number of companies stepping up to extend the encryption that they offer in a way that provides really tangible gains in terms of privacy and digital rights.

So a company like WhatsApp, that hundreds of millions of people use around the world, has now provided end-to-end encryption which means that people, governments, cyber-criminals cannot intercept your text messages. That’s a really tangible advancement for shoring up digital rights around the world. It is at risk, but I think at the end of the day it will triumph and we will see a greater roll out of encryption so that it becomes more of a standard part of our interaction with the internet and with technologies, and starts to destabilise some of the even more pernicious surveillance apparatuses out there. They will become less effective as technology provides the answers to privacy problems.

RB: So you think this demand of governments that they should have backdoors to encryption is going to be stopped?

CN: I think so. There was never really a strong push for that. What we should be more concerned about is the Apple-FBI example, where they’re using hackers and others to get around the technologies. But this idea that governments will push for legislation requiring backdoor access won't come to fruition, simply because it’s not in the interests of any government around the world to weaken security across the board. As I said before, cyber-security is still a huge policy driver for governments as well – protecting their national infrastructure, protecting the infrastructure of banks in the City of London is a huge driver for governments and for British security agencies. GCHQ spends half its time doing surveillance and half its time protecting the companies and the government, so at the end of the day they’re not interested in pushing for anything that undermines that security either.

In terms of the fight ahead, I see some shining lights in terms of technological advancements that assist in the fight. Broader constituencies and the involvement of a greater range of activists, groups and segments of society is really the key to digital rights becoming more mainstream and enjoying more support. I see in the space of five years an immense change in how your average man on the Clapham omnibus can understand and talk about these issues, about how people’s own experiences with privacy are changing, and their experiences with the internet. People are much more attuned to the very real need for greater privacy and the protection of speech online. I see a lot of promise in how many groups, how many media sources and how many segments of society are coming together on some of these issues.

RB: And is technology becoming better at articulating itself in ways that lawyers and the general public might understand?

CN: That remains a challenge. Again, the fact that they’ve now included coding in their curriculum from the age of five is an amazing – if not terrifying – advance, and in the long-term that’s going to make all the difference to helping ordinary people be much more conversant with technology. It will give people much more agency over how they use technology and where their data goes. In the long term, that will really breed a new ideology around freedom of speech and privacy on the internet which will allow people to control their data, and control their own experiences online. For such a long time, we were really helpless in the hands of Google and Facebook, and I don’t think that that’s the future. We are becoming more empowered to make choices.

RB: Let me give you three harbingers of the future: trading algorithms on the stock exchange, the transfer of digital data by means of packet-switching, smart cities. Thinking of robotics and the internet, I can't help wondering to what extent the general public are always destined to be fighting the last battle, rather than the next one?

CN: Most of those things you listed are already commonplace and even with the internet and with smart cities, you’d be surprised at the extent to which your home is already transmitting data. But it’s true that the law struggles to keep up with technology and social debates. I still think the law has a large role to play, but if you look at data protection regulation, it took five years to negotiate the data regulation. It’s a strong piece of law, but there’s the risk it will again be out-dated in the next five years. People say the same things about the Investigatory Powers bill of course, that it’s written for today’s capabilities.

I do think that that’s why ensuring that human rights are socialised amongst the people who are building the technology is a really important goal. So having technologists understand the human rights implications of the technological choices they make, could have a real impact on the direction that technology goes. Of course the thing on everybody’s lips at the moment is bitcoin and the block chain. This is essentially a human rights facilitating technology – it secures transactions and it provides anonymity and privacy. I think as long as we have innovators like that involved in the development of technology, as long as they see the social impact of technological choices, then we could see some positive developments.

Nevertheless, there are always going to be dark forces, particularly when it comes to things that make people money. That’s why we can’t rely on technology alone to protect human rights. We do need the law and policy around the technology to restrain power, and I’m not sure that I have a solution for how the law could keep up with technology, other than to just make everybody more technologically savvy: politicians, MPs, lawyers, judges.

And ensure that we’re all looking forward at all points. But the law is the lumbering beast that is not always going to keep up with technological change. I guess if we take that long view, there is a kind of leap-frog effect that is just going to continue to happen, that technology will continue to happen, and the law will catch up, eventually.

RB: Is there anything going on at the UN, anything anyone ought to look to the Council of Europe to do, or any other particular institutional moment in the next year that we ought to be looking out for?

CN: The UN is at a bit of a wait-and-see moment. The special rapporteur on privacy was appointed last year. He presented his first introductory report in March and he has a three-year mandate in which he will be investigating these issues and pronouncing on them. So we should see how that process goes. My sense is that there is a lot of international attention being directed toward the Investigatory Powers bill, and that will be some kind of line in the sand when it is adopted, which I expect will be in November. That’s important, not only for the UK, but globally.

RB: Yes, you were saying that Pakistanis were writing to you and saying that ‘if this one goes through, we’ve had it’.

CN: Absolutely. They’re dealing with their own cybercrime law at the moment, which is basically a Trojan Horse for a range of different surveillance laws.

So there’s definitely international attention on what’s happening here in the UK. The other institution we’re looking towards is not the Council of Europe but the Court of Justice of the European Union, which will give its opinion on the David Davis and Tom Watson case in August. This was brought by these two UK MPs against the data retention laws here in Britain. The European Court of Justice invalidated data retention in Europe, and then the UK brought new legislation reintroducing data retention after the Court of Justice had basically outlawed it. So of course that raised the ire of some MPs here, who took the case to court. It’s been expedited by the European Court of Justice and if they, as we hope and expect, basically invalidate the British law, that will have a big ripple effect on the Investigatory Powers bill.

RB: It might push us out of Europe?

CN: Well another fascinating part of this whole debate is how intertwined it is in many respects with the European debate. At the moment, the last bastions of hope around the Investigatory Powers bill are the Court of Justice and the European Court of Human Rights, and one is associated with Brexit and the other with a campaign for a new bill of rights here in the UK, and exit from the European Court. Should either of those campaigns make any headway this year, I think that will also destabilise the debate around surveillance, because we’re waiting on this decision from the Court of Justice. There’s also the decision of the Strasbourg court due on the legality of mass surveillance, and we expect that that will come later this year.

So there’s quite an interesting timing question about when the decisions from the European courts will come. How will it affect the legislative process?

RB: Earlier you were commenting on real differences in British and continental attitudes. Now you’re talking about a whole political terrain – things to play for in this direction, other things to play for in that...

CN: Exactly. I don’t want to overstate the cultural differences between Britain and Europe, because I’m also of the opinion that there is a very strong tie between Britain and Europe. But we’ve seen, interestingly, in the Court of Justice and the Davis-Watson case – there’s one German judge on the bench who has publicly expressed to the media his own dissatisfaction with the UK’s laws, and his own commitment to privacy. So there’s even an interesting political thing happening in the court there. Again, it’s really a perfect storm this year in the UK with Brexit, the IP bill and forthcoming decisions. It’s anyone’s game.

Do you care about online rights? digitaLiberties needs your support to keep publishing alternative perspectives on surveillance, net neutrality and privacy. Please help by donating whatever you can.

We encourage anyone to comment, please consult the
oD commenting guidelines if you have any questions.