The recent trial of Joe O’Reilly for the murder of his wife Rachel attracted huge public interest for a number of reasons – the gruesome nature of the crime and the demeanour of the killer among them. But another cause of this public attention was the way in which the trial revealed the extensive digital footprints we leave behind in our day to day activities. In a first for the Irish courts, the prosecution case was built for the most part on digital evidence – including CCTV footage, mobile phone location data, details of calls and text messages and the content of emails.PDF version here.
Though this was the first case to attract such attention, in the background there has been a move towards greater surveillance of everyday life for some time now. For example: since 2002 Irish law has required that telephone companies log details of every telephone call made, every text message sent, and the movements of every mobile phone and that they store that information for three years. European law will extend this to the internet, requiring ISPs to log details of users’ emails, instant messages and web use. Recent legislation has permitted the random breath testing of drivers as well as random drug testing of employees. Within the last month alone Government plans were announced to roll out extensive CCTV schemes to sixteen additional towns, to introduce a national DNA database, to introduce mandatory registration of pre-pay mobile phones, and to introduce automatic number plate recognition systems which will automatically scan all passing cars to see whether they are reported stolen or untaxed.
What do these developments have in common? US academic Gary Marx has described them as “the new surveillance”. Traditionally we might think of surveillance as being something which is unusual or uncommon, carried out by the State, targeted towards a particular individual or group, labour intensive (and thus expensive), and focused on solving or preventing a particular crime. Technological developments (making surveillance easier and cheaper) and changes in social norms (including greater acquiescence to being monitored) have now turned this on its head.
The new surveillance is pervasive – far from being unusual surveillance has become the norm. It is not necessarily carried out by the State – for example, the obligation to track mobile phone users has been effectively outsourced to the mobile phone companies. This, along with increased automation, means that the cost to the State of surveillance can be minimised, doing away with any incentive to restrict surveillance to those situations where it is essential. It is untargeted – in the new surveillance every driver, web user, mobile phone user or pedestrian passing a CCTV camera is scrutinised as though they were a suspect and irrespective of whether any crime has been or is likely to be committed. The new surveillance is also largely invisible, allowing it to fly under the radar of public inspection and concern.
Should this concern us? The underlying technology is neutral in itself – for example, CCTV can be used to prosecute crime or (as in a recent English case) it can be used by its operators to spy on a woman through her bedroom and bathroom window. What matters is the use to which it is put and the legal controls which are in place. At an absolute minimum we should ensure that surveillance is democratically approved; that it is proportionate (going no further than necessary for a particular purpose); that information gained from surveillance be retained for the minimum period necessary; that it be subject to adequate independent oversight; and that sanctions should be in place for individuals or operators who violate these controls.
Unfortunately, Irish law generally fails these requirements. In 1996 the Law Reform Commission identified a range of deficiencies in Irish law on surveillance and over ten years on those problems remain unaddressed. Instead, official surveillance and technology have developed in what is often a legal vacuum. For example, there is no law governing the interception of emails, no law providing for criminal sanctions for the misuse of CCTV systems and no effective oversight of police surveillance. In short, the new surveillance has not been matched by new legal controls, which must raise doubts as to whether many aspects of the new surveillance are compatible with the right to privacy under the Constitution and under the European Convention on Human Rights.
Wednesday, August 29, 2007
"The New Surveillance" in Ireland
I've written a short piece for the Irish Security Industry Association's Risk Manager magazine about "The New Surveillance" and its growth in Ireland: