Security, Privacy, Information and Surveillance Discussion by Prof William Webster, Prof Charles Raab and Dr Andrew Neil

We live in a surveillance age where digital technology has become ingrained in almost every part of our lives, and the personal data is collected, pooled and examined by various commercial and political agencies. With such developments we are yet to find our feet with how information should be regulated and in what ways it should flow from one system to another. Privacy seems to be traded off with security in many dichotomous statements made around who gets to do what, but are these helpful or correct ways of perceiving the issues at stake ?

In a time when our personal information is a mass commercial product, many aspects of social existence are being affected by information abstracted from digital footprints we make. Our opportunities and choices are influenced, and our personal habitats are scoured by CCTV and algorithms analysing and interpreting who and what kind of person we are.

These issues are of critical importance as we negotiate our collective and individual futures. To help us understand the nuances and various aspects of the issues a panel of thinkers was brought together in the Royal Society of Arts Festival of Ideas.

Here you can listen to the presentations which they gave and read the annotated transcript of the audio recording below. The three thinkers, Professor William Webster, Professor Charles Raab and Dr Andrew Neil are all involved in thinking through what is at stake as computers extend the human capacity to watch, collate, track and surveill the human environment.

They have written extensively on the themes discussed and their work is available to access online or through libraries and bookstores. As a part of the Royal Society of Arts they all contribute to the aim of the organisation which is to support the generation of an Enlightenment society.

Table of Contents

Professor William Webster

Professor of Management Work and Organisation at Stirling Management School, he has researched Closed Circuit Television (CCTV) surveillance cameras and Interactive Digital Television (iDTV) for over 20 years.

Regarded as an expert in his field his continuing work focuses on governance in the information age (e-government) and sits as a member of the Public Sector Management Research Group as well as the European Group of Public Administration and the International Research Society for Public Management.

Time started: 0 min 0 seconds

Im a codirector of a research centre called CRISP (Centre for Research into Information, Surveillance and Privacy)

One of my other codirectors – Professor Charles Raab (Edinburgh) – is going speak immediately after me. We are interested as a research centre of the consequences and impacts, and meanings of living in a surveillance society; issues to do with information processing, privacy, and surveillance.
You can find out much more information about us on the website, of course, and we are relatively easy to find. Ok, so what we are going to talk about this morning… Ive been asked to talk about surveillance and your lives in a surveillance society; Im also setting up the two presenters who will be talking after me.

So, Im going also say something about privacy; Im going to also say something about security, to show how the world of surveillance permeates all different sorts of topic areas – including the things we are going to be talking about this morning.

So the surveillance society… When we talk about surveillance people instinctively think about modern technologies, new technologies, but I think we can have a starting point which is about surveillance as a normal human instinct. I think this is one of the reasons of why we are so accepting of surveillance; it is because we understand as a basic human need to undertake surveillance in different sorts of environments.

So, for example, think about the mother and the new born child. The mother watching over the child, looking after the child. Think also about some elements of how religion works; about the all seeing god and about looking over the local community. Think about local social groupings, the way that they look after each other.

Think about also the way that castles are constructed on hills to oversee the environment – to look out and protect those communities. Surveillance is something which has always happened, it is not necessarily linked to new technology.

It is also about power and controls. The mother has control over the child, she is looking after it, she exercises the power. And the same goes in those other examples I used – in religious settings, in the medieval castle setting. There is an element of power and control, so somebody is doing the surveillance and somebody is being surveilled.

So the background is that it is not just about new technology. All we have with new technology is that we have new developments in ICT (Information and Communications Technology) which have expanded the potentials to undertake surveillance in new and maybe unforeseen ways.

So we see lots of technologies which are a part of our everyday life. So it is very difficult to live in ones society without using new technologies. Think about, for example, CCTV (Closed Circuit Television), our use of the internet, bank cards, credit cards, store cards. We might have smart TVs; we might have lots of different technologies you interact with on a regular basis – your mobile phone’s probably being used a lot today already…

These technologies gather information about us. They process information about us and they share information about us. And this happens on a massive scale. These technologies may or may not be in your mind surveillance technologies, but the point is that they have surveillance potentials.

Some surveillance technologies like CCTV – they are very explicit surveillance technologies; we know they are their for safety, security etcetera etcetera. But other technologies have latent surveillance potentials.

So your mobile phone may be a communications device but it is also a tracking device which could be used to track you. It could be used retrospectively to see where you have been. Also as a device for identifying you. Other technologies which do process information have surveillance capability.

What we use in academia is the phrase ‘technologically mediated surveillance practices‘. This is to differentiate between ordinary surveillance that you might do naturally as a human being, and surveillance which is mediated by technology.

So when we talk about a surveillance society what we are talking about is the degree to which these sorts of technologies have permeated everything we do. And these information flows shape our activities and they shape our life chances – this is why surveillance is very important.

So your use of your mobile phone, your use of the internet actually shapes your future because your profile as a result of using those technologies; you are tracked. That might determine what services and what products are made available to you.

So that in turn is shaping your use of those services in the future. The point being that living in a surveillance society; living in a society in which we rely on these sorts of technologies – these everyday technologies (they are not special security technologies; they are everyday technologies) – these do shape our life chances and our futures.

How does this affect what we do on a day to day basis ? We generate vast quantities of information as we use the internet or as we use our mobile phones or as we drive our cars – as we use government services. The data which we generate has value, and it can be used by others to provide services; it can be used by marketing agencies to target specific services at us; it can be used by public agencies to profile us – to think about the likelihood of us being a terrorist for example.

And the digital footprint, as we often refer to it – those little digital trails which we leave as we go about our business. We use a digital footprint on the CRISP banner to indicate the link between the information society and surveillance society.

What I would say about the surveillance society is that it is big business. So there is lots of companies and lots of organisations that are busy engaged in activities which support our economy but also support the emergence of a surveillance society.

Think, for example, about companies which do online marketing; think for example, companies which use the internet which sometimes seem to be free like Facebook or Twitter or Google – these companies all use our information to provide the service. We don’t pay for them directly but our data is what is given value, and they sell that data on for advertising and for other reasons.

Also surveillance is about having an infrastructure – a telecoms infrastructure, the cable, the satellites – even government facilities. The security industry which is increasingly use all of these technologies for public safety and to tackle issues like terrorism. So surveillance is big business which is integrated into what we do, it is integrated into our economy and integrated into our institutional lives in the UK.

So what we can say about the modern surveillance society is that it is all around us. It is ubiquitous. It is subtle. It is normal. It is mundane. We are not talking about secret services and spies, we are just talking about everyday and ordinary behaviour that happens all around us. We shouldn’t be surprised when we find out that our information is used to profile us because this is happening all the time.

We shouldn’t be surprised when they capture terrorists because they have been profiling their use of the internet and they have been profiling their friendships networks, for example. So surveillance is embedded into the fabric of everyday life, partly hidden, partly subtle, sometimes difficult for us to see – but we shouldnt be surprised when these sorts of things take place.

Academics also talk about something called surveillance creep. The idea behind surveillance creep is very simple – and this happens also with all sorts of technologies – you introduce a technology for one sort of purpose, over time it migrates into other purposes.

I think this is what makes surveillance technologies sometimes contested because people might introduce a technology like CCTV to combat crime and disorder but then it is used for issuing parking tickets. So these sorts of ‘creeps’ we find in all sorts of technologies; sometimes they upset people, so sometimes they are contested.

So for example, those of you who have bought a new car recently – certainly not academics amongst us I suspect – will now realise that you now don’t need to have a tax disk. You don’t have to display a tax disk on a car anymore because there is a national network of ANPR (Automatic Number Plate Recognition) cameras that check whether or not your car doesn’t just have road tax, but is valid to drive; that it is owned by somebody legitimate in the UK; and that it has an MOT; and that it has insurance – all these sorts of things. So that sort of technology – ANPR – has crept into check all these different aspects of car usage.

Ok, so surveillance can be contested. It is often contested, or it may be resisted even, because it involves power relations. It is about an agency, be it a commercial company or the state, surveilling people and influencing their behaviour. That is often why surveillance is contested, sometimes resisted, and there are many examples of that.

People try to, for example, rebel against their use of Facebook, rebel against the use of CCTV. So there is no coincidence that the rise of the hoodie coincides with the rise of the CCTV camera revolution. People do feel sometimes that surveillance involves an intrusion into their personal lives, an intrusion into their own personal privacy.

So surveillance, control, maybe resistance. In the UK it is often said that we resist surveillance far less than other European countries, which may be a point for discussion later on. Because surveillance is controlling, because surveillance shapes our lives, it therefore requires very careful governance.

We need to think very carefully about the rules in which people can use – the ways in which people do use our information. What purposes are valid ? What purposes aren’t valid ? How much information can be collected ? How can it be exchanged ? How do we set those parameters ?

On this final slide I just wanted to talk about how the surveillance society links into privacy and security, which the two following speakers are going to talk about. And the point I would make here is that the three – surveillance, privacy, and security – are increasingly intertwined; they are closely joined together in modern society.

So in terms of privacy I have already alluded to these huge mountains of data which we all create – and which are used – they have value; they are used by public agencies, they are used by marketing firms…

So what sort of rights do we have as individuals in a modern society about the use of this information ? Can we as individuals determine what information is collected ? Can we determine how it is used ? Can we determine when we want it to stop being collected ? Do we have any ownership over the information at all ? Is all the information created and owned by the state or by private agencies ?

These are all very pertinent questions for privacy in a surveillance society.

In terms of security I think increasingly that we will all be aware that we have this explosion of surveillance oriented security systems and practices, so these kinds of things which I have been talking about – mobile phones, the internet, ANPR, CCTV – are all used for public security, national security, tracking terrorists; so tracking, profiling, identifying.

And often we see news items about how these sorts of technologies are used in this way. Now the issue then becomes, should this sort of surveillance take place for security purposes at the mass level – i.e. the sorts of systems that Edward Snowden has alerted us to – or in a more targeted way ?

Should profiling then target the people who are most likely to be terrorists, most likely to be robbers or car thiefs ? Ok, so the final point I have made about the link between surveillance and security is that they are both very highly emotive subject areas. And interestingly they are said to be like flipping the side of a coin. So you have security; everybody wants security; everybody wants to be safe, so security is good for us and good for society.

But people feel a bit ambivalent towards surveillance, maybe even more strongly than ambivalent; maybe people feel that surveillance is bad. People are a little bit scared of surveillance. They feel that surveillance is slightly threatening to them on an individual level. So whilst the two are so closely interlocked, we have different feelings about them; we have different feelings about the purposes of security.

So I’m going to finish now – Ive had my two minute warning. Hopefully Ive given you an overview of the surveillance society. Hopefully Ive given you a few ideas about how it is linked into privacy and security. And my concluding comment would be – given what I have just said in the last 15 minutes about our existence in a surveillance society, how on earth do we decide what levels of surveillance are appropriate and how do we govern those levels of surveillance when we have decided what levels of surveillance are appropriate ? So that would be my parting comment.

Chair: Thank you very much William. So lots of information there… and now Professor Charles Raab…

Professor Charles Raab

Professor of Politics and International Relations at the School of Social and Political Science University of Edinburgh, Charles Raab has held the Chair of Government at the University of Edinburgh from 1999 to 2007 and from 2012 to 2015.
His work has focused on public policy, governance and regulation, and particularly information policy which broaches the areas of privacy protection and public access to information; surveillance and security; identity and anonymity; information technology and systems in democratic politics, government and commerce; and ethical and human rights implications of information processes.

He sits on various research groups and committees including the Steering Committee of the Centre for Security Research (CeSeR), and is codirector of CRISP (Centre for Research into Information, Surveillance and Privacy).

Time Started: 13 minutes 10 seconds

Thank you very much. I’m Charles Raab I’m Professor of Government at University of Edinburgh, and of course surveillance will be used this afternoon at Murrayfield… May the better team win, and it probably will. What I want to talk about is nicely led into by William my fellow co-director of CRISP (Centre for Research into Information, Surveillance and Privacy).

It relates not just to how to decide about how much surveillance and rights and so on, there is also the question about who decides that, and how that goes through awareness processes and decision making. And one of the things which I wanted to jump off from which set me thinking was the call about the leak of 2013 by the Intelligence and Security Committee, in the wake of the Snowden revelations about the collection of mass communications by security agencies in this country and the USA.

And in the committee, which is a committee of parliament, decided that they would have an investigation into the relationship between privacy and security. I don’t want to talk about the findings in their report which was published last week.

Time Started: 13 minutes 10 secondsThank you very much. I’m Charles Raab I’m Professor of Government at University of Edinburgh, and of course surveillance will be used this afternoon at Murrayfield… May the better team win, and it probably will. What I want to talk about is nicely led into by William my fellow co-director of CRISP (Centre for Research into Information, Surveillance and Privacy). It relates not just to how to decide about how much surveillance and rights and so on, there is also the question about who decides that, and how that goes through awareness processes and decision making. And one of the things which I wanted to jump off from which set me thinking was the call about the leak of 2013 by the Intelligence and Security Committee, in the wake of the Snowden revelations about the collection of mass communications by security agencies in this country and the USA. And in the committee, which is a committee of parliament, decided that they would have an investigation into the relationship between privacy and security. I don’t want to talk about the findings in their report which was published last week.

Taking too long?

Reload document

Open in new tab

Download

Source: http://isc.independent.gov.uk/files/20150312

Taking too long?

Reload document

Open in new tab

Download

Source: http://researchbriefings.files.parliament.uk/documents/SN02178

But this was the call for evidence, and it said – as you can read – “in addition to considering the current statutory framework governing access to private communications remains adequate, the committee is also considering the appropriate balance between our individual right to privacy and the collective right to security.”

…and when I saw that I thought there are problems there. I think fundamentally that the formulation is mistaken. It is rhetorical and it’s imprecise because look at what it does; it pits the individual right to privacy against the collective right to security…

…which is very rhetorical as a kind of ring; is kind of, why should the individual with his or her privacy interests stand against the collective right, brackets good, of security – national security – preventing us from threats of terrorism or criminality or so forth.

And I think that that formulation impedes a deeper understanding of what’s at stake. There are three difficulties which I want to outline in my talk. One has to do with “what we mean by privacy”, the second has to do with “what we mean by security”, and third is “what we mean when we say national security versus personal privacy”.

I think that the better question that the committee could have asked is something like “In combating terror and other threats through surveillance, how can we ensure that through more nuanced understanding, the claims for security measures don’t always prevail when other values and rights are also at stake.”

Let me move on from that and consider privacy. As I am sure you know, privacy is a right, it is enshrined in rights legislation and declarations of human rights. It is a fundamental right, it is not an absolute right; it can be overridden for various reason which then have to be demonstrated to be valid reasons.

But it is an individual right, and the individual right assumption ignores the wider importance of privacy and what privacy means to us – why we want privacy and why we need privacy. It seems to me that privacy is a crucial underpinning of interpersonal relationships. That sounds paradoxical, we think of privacy as a retreat from connections but in fact it is a facilitator of personal relationships. If we know that those relationships can be kept private within a sort of membrane which embraces other people who are relating to each other.

It is an important principle in society itself and the workings of the democratic political system. Think, for example, about how we vote – this used to be, in fact, where one came to vote in this constituency and there is the booth. You go in and nobody can see what box you tick, and the secrecy of the ballot is an important principle of democratic politics.

The ability to get together with other people in groups and talk about politics and maybe even to form political parties and pressure groups without being surveilled is a very important principle sustaining democracy.

So privacy is not just important for the individual, as me myself an autonomous person, but in order to make those kinds of political and social connections. And therefore when privacy is protected, then the full fabric of society, the political processes and the exercise of important freedoms – freedom of association, the freedom of assembly, the freedom of speech – are also protected through the protection of privacy.

And therefore, the corollary of that is that when it’s eroded – when privacy is eroded – not just the individual might be harmed but society and the political system as well. Therefore, I would contend that privacy is important in the public interest. Not just in my interest, and in your individual interest, but there is a public interest in making sure that privacy can be protected in a society and political system in which we live.

Also, when we talk about privacy we may mean very different kinds of things. There is privacy of the person, of the physical body; privacy of our thoughts and feelings, behaviour, action, location and space – William was talking about tracking people through surveillance techniques in real time and space.

Privacy of our personal communications, which is very much at stake in the whole Snowden episode. Privacy of our personal data and our images. There is also privacy of our associations

Now I am going to move on to talk about security which is also a right. It is enshrined in rights and legislation, it is enshrined in international declarations. And there are many ways of understanding security, and its compliment, which one might say is public safety.

The words safety and security kind of go together, we sometimes don’t differentiate. In a recent speech by the Secretary of State for Defence; just last week he was talking about security – national security – and I checked how many times he used the word safety.

Keeping us ‘safe’, the intelligence agencies and whoever else are keeping us ‘safe’, is kind of blurring what we mean by safety and security. It is never really clearly defined.

There is personal security, of course; when we talk about people who are living in castles, and ‘a persons home is their castle’ it means not only that they are defending there and that they are secure, but that they also able defend the privacy that they have in that castle, and what they do in that castle from prying eyes and others outside.

Then there is collective security and collective safety. Whether its national or local neighbourhood social group – at that level people feel safe in their neighbourhoods; secure in their streets. Then another aspect of security is not clear about whether we are talking about something objective, as it were, to do with the probabilities to do with risk undermining our security – or as a subjective feeling; the feeling of being insecure which may not have anything to do with the so called ‘objective determination’ of the probabilities of risk. There is a very complex relationship between the subjective and the objective senses of security.

It is not a question of which is better, which is true – and so on; if people feel insecure then that is a real fact that the political system has to take account of, even if it is objectively. They are not at risk; young men from the ages of 18 to 25 are far more at risk of physical harm than elderly people walking about at night.

How can we reconcile these different views ? Well, again – as with privacy which had those different sorts of things (privacy of thoughts and associations, and all the rest), security likewise has many different kinds of cobbles. In the security and privacy debate, as exemplified by ISC’s (Intelligence and Security Committee) call for evidence, there is a rather narrow definition related to terrorism and organised crime, and maybe things to do with border security.

But for the general public, security has a whole range of different sorts of things, much more related to physical security, political security, socio-economic security (is my job safe), cultural security, cultural identity (big issue in the UK), environmental security (climate change), radical uncertainty security (…it refers to a real deep seated feeling of not knowing what is coming next in regards to anything that might affect our bodies), and also information security (…which of course has to do with mass communications and other forms of the flow of personal data for example).

Now privacy, as civil liberties and freedoms, are valuable because of the security and safety, not least, the safety and security of personal data, that are provided to individuals, groups and societies. Privacy is closely related to those liberties and freedoms; and security is mixed up in there as well. A woman said that security, surveillance and privacy are increasingly discussed in the same framework of discussion and discourse.

Taking too long?

Reload document

Open in new tab

Download

Source: https://www.justsecurity.org/wp-content/uploads/2013

Well, where can we go to look at it a little bit more ? What is the advantage ? In the wake of the Snowden revelations, President Obama set up a committee to produce a report on liberty and security in a changing world, and this is what they said – I don’t want to read the whole thing, but you can read it there; anyone who wants my slides, I can send it to you. In the report it said:

“The United States Government must protect, at once, two different forms of security: national security and personal privacy. ‘In the American tradition, the word “security” has had multiple meanings. In contemporary parlance, it often refers to national security or homeland security. One of the government’s most fundamental responsibilities is to protect this form of security, broadly understood.

At the same time, the idea of security refers to a quite different and equally fundamental value, captured in the Fourth Amendment to the United States Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . . ”. Both forms of security must be protected.”

In terms of what I have just been saying, they looked at privacy and national security as two different forms of security. So they are not opposed to each other, security or/versus privacy. They are two forms of security and that is a very important insight.

Now we come to look finally at the whole ‘what about national security versus personal privacy?’ question. As I have been suggesting, the relationship is far more complex than that formulation. Partly because the concepts of privacy and of security are themselves much more complex and therefore I want you to be skeptical about the idea of making a balance, or trade-off which is the usual mantra which is given about how to reconcile that A versus B thing.

If you are doing a balancing act, well, what kind of things is that between one right and another; is that between privacy and security ? Between one individual right and a collective right ? Between an individual right and a social and collective utility ? In other words, something which is seen as important for society but something which is not yet seen as a right people feel that they have and can point to in any documents and seen as being a collective right; but it is a utility and it is important to have it.

Is balancing a method, or is it the outcome of a method ? That is also left ambiguous. And finally, some questions to ask for us to look at. The question about how much should we give up of one thing to have the other is very rarely asked in terms of how much security should we give up to protect privacies.

It is always the other way around. We have to give up some privacy to protect ourselves in terms of national security. What would happen if we reversed the polarities of that question ? Also, how do you do a balancing when there isn’t a common metric or a common understanding of what we mean by an equilibrium ?

And then there is the question of distribution. Who’s privacy should come second to who’s security ? And how can we justify that ? Are the inequalities, inequities in terms of social policy would we find reprehensible ? I wont go further on that slide, I just want to come to the very end, it’s my final slide…

There is a project called PRISMS – not PRISM as a way of performing mass surveillance – PRISMS which is an academic study which I am a part of which has been doing surveys of citizens attitudes towards privacy and security. And just in a nutshell the findings are that if you look across Europe, at people in 27 member states of the EU – there are 28 including Croatia…

Both privacy and security are important to people. They don’t perceive it as a trade off, it depends upon the context in which different kinds of privacy and different kinds of security are being implicated. So what people might feel about propriety of surveillance in a football stadium is different from what we might perceive about propriety of surveillance in neighbourhood streets.

People have a nuanced attitude towards this and it can be summed up as a kind of omnibus idea of privacy versus security – which do you prefer ? Those are the final things which I want to say, and I hope you have some thought provoking questions and critical comments… thank you very much.

Dr Andrew Neal

Senior Lecturer in Politics and International Relations at the University of Edinburgh, Dr Neal’s research encompasses international relations theory, political theory, sociology and security studies. With a particular interest in poststructural, critical and sociological approaches to security he examines the work of Carl Schmitt and Michel Foucault in International Relations and security studies.

Published extensively and a public commentator on Security, Accountability and Shared Governance in Scotland and in the UK, he is a founding executive member of the Theory Section of the International Studies Association and a co-investigator in the ESRC training network ‘An International Collaboratory on Critical Methods in Security Studies’. He also serves on the editorial board of the journal Security Dialogue.

Time started: 29 min 22 secs

Thank you very much. Ive been leading a Research Council funded seminar series looking at Scotland’s security and constitutional change since about 18 months ago. These were closed door events at the University of Edinburgh under the Chatham House Rule.

What we did was bring together a variety of academics – from politics, international relations, law and criminology and so on – and a number of practitioners who are involved in security governance – these included at different times, counter terrorism police, Scottish Government officials, Scotland Office officials, and former members of the intelligence community; often retired individuals who are more free to speak.

We began our event before the white paper was published so there was a lot of unknown in the debate and we had to respond to developments as they happened during the independence campaign.

I think that the seminars were successful in their end in so far as we did contribute to the national debate about Scottish Independence. We had some media coverage and made a few choice interventions about security matters, however, we did find it difficult to get measured analysis into the press.

Security is one of those topics where it is almost too easy to generate headlines and all too often they are alarmist headlines – even if that is not the intention. So what we never argued was that an independent Scotland would have poor national security, but what we did argue was that there were many unanswered – and in many ways unresolvable questions – given the highly politicised context of the referendum campaign.

Issues included security service continuity after independence. It was fairly clear to us and many other commentators actually, that there would have been a question of a gap in security service and intelligence service cover. Between the official independence day and an independent Scotland, and a fully independent operational Scottish intelligence service. Some estimates put five or ten years on how long it would take for a fully operational service up and running.

Same with high level cyber security cover. You cant just buy that kind of thing off the shelf; you cant just replicate GCHQ overnight for example. And the same with foreign intelligence; the foreign intelligence that comes from MI6 and the “Five Eyes” intelligence sharing arrangements which provide amongst other things, upstream early warning of threats.

Now, given the politics of the debate, we had to make a few assumptions. We assumed that independent Scotland’s future friends and neighbours would have an interest in Scotland being secure and safe. So we didnt think that Scotland would be completely left out in the cold.

But we thought that the issue was more a matter of national competition, national advantage. You have to remember that national intelligence systems are not only used for defensive purposes, although normally that is how they are justified when they are discussed. The intelligence services serve the purposes of providing security and defending economic well being.

Now that is a rather large and amorphous concept. The point is that intelligence is also used for commercial advantage, and actually the Treasury is one of the main ministerial customers of intelligence within Whitehall. Looking at this slightly differently, both the UK and Finland have made a national priority to turn their own country into the safest places in the world to do business online.

GCHQ (Government Communications Headquarters )

So cyber security is being sold as a way to attract international inward investment, and we came to the conclusion that an independent Scotland could simply not compete on this basis. So not that Scotland would not be insecure, but that it would not be able to sell itself that Finland and the UK can sell themselves as secure places to do business; and they would not have a commercial advantage that MI6 and GCHQ can give to the Treasury for example.

I’ve even met a senior cyber security professional in the private sector, a self declared lifelong Scottish Nationalist who claimed to have voted no on this very issue – on the issue of cyber security – despite all his lifelong dreams and so on. So much of this is moot for now, but perhaps we will have a re-run in a few years time.

Now our seminars are still running as we have had to put them on hold. It is very unclear what status security has in the post referendum politics and in the Smith commission process. So from September we had to wait all the way through to the new year so that we could see the outcome of the Smith Commission and the new Scotland Bill.

Now there is only one substantial mention of security in the Scotland Bill and in the Smith Commission report, and this relates to devolution of the Crown Estate. This is a relatively minor issue but it does somehow get to the heart of the matter.

So the Crown Estate is going to be devolved to Scotland, or the Scottish part is going to be devolved to the Scottish Parliament; and that includes the Crown Estate’s seabed, urban assets, rural estates, mineral and fishing rights. It is the mineral rights – ie. Oil, gas – which are the most important.

So both documents talk about how devolution must not be detrimental to UK wide critical national infrastructure in relation to matters such as defence and security, oil and gas and energy, thereby safeguarding the defence and security importance of the Crown Estate’s foreshore and seabed assets to the UK as a whole.

Now what does that mean ? Well, it reaffirms the main principle which is that security remains a reserved matter for Westminster and there is no real question of that changing, however, constitutional change does present some lingering ambiguities which may become more apparent as we move ahead.

So I am going to talk about my own submission to the Smith Commission process which tried to highlight some of these ambiguities through eight points. So first point:

The traditional policy areas relating to security are defence and foreign relations – and those have long been understood as the core functions of sovereign states. However, we can no longer assume that security is confined to defence and foreign affairs policy areas. The boundaries of security are become blurred.

Point number two: As I have said security is no longer confined to military intelligence and foreign affairs matters and we can see this in the UK national security strategy. The national security strategy, in effect considers that almost any area of social, political and economic life could give rise to security threats.

Taking too long?

Reload document

Open in new tab

Download

Source: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61936/national-security-strategy.pdf

For example, not just traditional security concerns like war and terrorism, but flooding – regional flooding, trade disruption, climate change – all of these could flare up to become national security threats.

Cyber security for example has now been made a tier one threat under the current government and the NSS (the National Security Strategy) serves the purpose of setting the national security priorities; and in that sense it is an interesting development in British security governance. It has only existed for seven or eight years.

And it is true that government action on national security doesn’t always match up to the policy wording. So for example, the national security council tends to be pre-occupied with traditional foreign affairs security matters rather than the other issues – flooding, trade disruption and so on – but of course, that could change.

But given this new conceptualisation of security as a rule arising from any part of social, political and economic life, it follows that security could become an issue in almost any policy area; and that could involve any ministry or any parliamentary committee finding themselves with a stake of interest in security matters.

So for example, Ebola as a health and security threat doesn’t simply involve ministries of defence and foreign affairs but health ministries as well. Energy security – the energy committee at Westminster has published several reports for energy security. Trade disruption, cyber security, bring in Business and Skills for example.

So we have broadening out of security from a core administering government, to potentially any ministry or part of government. In the official language, security has become a “whole of government problem”, and this means that ministry’s like Business and Skills – even Culture, Media and Sport, have a designated role in the National Security Strategy, and in the related Cyber Security Strategy.

National Cyber Security Strategy — **Click Image To Download Copy**

Source: www.gov.uk/government/uploads/system/uploads/attachment_data

Point number four: Few security threats will only affect a particular constituent nation of the UK. So it is unlikely that there will be threats that will only have concern to England, or only have concern to Scotland.

You could have regional level issues like flooding for example, is unlikely to affect the whole of the UK at the same time, but we have to assume that threats are not usually geographically confined; they are a concern for the whole of the UK. Further devolution to Scotland could complicate the possibility of coordinated action in response to various non-traditional security threats; and indeed traditional security threats as well.

At the moment, there are mechanisms for coordination. We have CoBRA in London, the resilience and emergency management committee, and an equivalent body in Edinburgh which is called SGoR – the Scottish Government Resilience Group. They can work together as necessary and Scottish ministers can speak to CoBRA as needed; that happened with the oil refinery attacks in north Africa where several Scots were working, and the Glasgow airport attacks as well.

Taking too long?

Reload document

Open in new tab

Download

Source: www.gov.scot/Resource

Point number six: And this is where I think it gets more interesting. Devolved regions need to have a clear role in the democratic oversights of UK wide powers agencies such as intelligence services, such as the new National Crime Agency which may eventually take the lead role in counter terrorism efforts.

And there start to be a few constitutional oddities here. The National Crime Agency officially covers the whole of the UK, but it can only direct police chiefs in England and Wales. In Scotland it can only work the devolved police. There is already an uneven role there; if the NCA starts to play the lead role in counter terrorism rather than the Metropolitan Police or Police Scotland for example, there could be some kind of uneven application there.

Perhaps that is a practical matter rather than a constitutional matter. Lets think about the intelligence agencies. The intelligence agencies are active in Scotland, and they are active for Scotland; but accountability and oversight entirely resides at Westminster. There is no intelligence service accountability at all at Holyrood.

Now the intelligence and security committee does have several Scots on it at the moment – Malcolm Rifkind, Ming Campbell, Lord Lothian – we dont know what the next membership will look like. No note that these Scottish members are all former ministers or senior politicians of one kind or another.

What effect will further devolution have on the role of Scottish MPs at Westminster ? Are they going to be able to rise to these senior positions being former ministers, senior politicians and so on. Are Scottish MPs going to have an increasingly meager role at Westminster ? Is their legitimacy going to be questioned ?

Could you have a Scottish MP being Secretary of State for a ministry which only applies to England and Wales (Health, Education, Business and Skills, Culture-Media-and-Sports) ? Will Scottish MPs ever be future Prime Ministers ? Scotland has been over represented in the history of British Primeministers – will that stop ? Will UK level politics become dominated by English MPs ? All of this has implications for security accountability.

Point number seven: Any reduction in the role of MPs needs to bear in mind the emerging status of security as a ‘whole-of-government’ problem. If security can involve any part of government but national security and ministries which are only related to England and Wales are dominated by English MPs – what effect will that have on Scottish representation on national security issues ?

And finally point number eight: This actually is what has troubled me most in the whole process. Our present Scottish Parliament has demonstrated little interest, possibly no interest in security matters. Scottish democratic accountability of security, defence, foreign affairs, and security as a ‘whole-of-government’ problem relies on Scottish MPs at Westminster who’s roles are increasingly – I think – going to be shrunk and challenged in terms of legitimacy.

So this is what has troubled me most of all this lack of interest or engagement. There are all sorts of reasons to explain why there is a lack of interest; MSPs rightly speaking have other things on their mind in the run up to the referendum and I think that we do need to be careful about talking up the threat.

I certainly would not like the situation where security becomes politicised at Holyrood and I certainly dont think that MSPs should become more fearful of security threats in their public discourse. But, if security is now going to be a ‘whole-of-government’ problem but dominated by Westminster and English MPs, then MSPs do need to better consider their stake in national and internationally involved accountability structures.

Thank you very much.

Questions and Answers

Time Start: 43 min 57 sec

Chair: So in the constitutional context this discussion is about security and what we do with it. So ladies and gentlemen it is over to you. We have 15 minutes of questions, there is a roving microphone; if you would care to address your remarks, you might want to introduce yourselves but there is no compulsion.

Guy Mitchell: Thank you for the fascinating and insightful presentations. Two observations which combine into a question for me… what we are looking at in relation to surveillance… there is an emphasis on personal and social security…

…but that made me think about some of the kinds when we might not be looking at through current surveillance techniques like tax avoidance which might be regarded as a larger social nuisance depending on the sums of money that are involved. How does that pan into some of the discussions ?…

And I guess that a strong them right across the presentations was the that of rights of various kinds of the individual and social, what have you. The flip side is something around duties or responsibilities. I guess I’m wondering what discussion there is around what surveillance would look like through a lens of duties in the rights discussion.

Professor William Webster: I will kick off. OK, so you mentioned that the emphasis was on certain kind of technologies and security and privacy, and you gave the example there of tax avoidance. These sorts of surveillance systems which we were talking about are extensively used for looking at the banking and finance industries; looking at how money transfers around the globe.

There are vested interests in some parts of the world to make sure that those sorts of processes aren’t too vigorous, but certainly in the UK there is a sizeable number of people who do look at the movement of money using surveillance systems on the internet and also other sorts of systems. It is not my area of expertise but I have come across various articles, various bits of research which do look at that.

You mentioned rights and the rights of individuals, the rights of citizens in society, and you are correct. Often discussions around surveillance and security come back to issues of rights and the other side of the coin that we often teach our students is that we often talk about duties and responsibilities.

Interestingly I have seen a very prominent technologist recently say that our duties and responsibilities in a surveillance society are to participate; are to give out our data, to allow these companies like Facebook to flourish, allow Google to help us in the surveillance society. And I wonder whether our responsibility is to know more ourselves about how these sorts of things work.

Our responsibilities may be more to know, for example, what information are we giving out regularly ? Because if we know more about the sorts of things that go on it is much easier for us to make judgements about whether we feel happy about or whether or not those kinds of practices are good or bad. At the moment we know too little, so it is pretty difficult to make those judgements in my view.

Professor Charles Raab: Firstly I want to take on the question of things like tax avoidance. One of the areas of research that I am involved in has to do with how information processes, information flows can be regulated – and how they are regulated. And in the area financial transfers there has been a great deal of consternation over how large scale transfers between banks – how information and monitoring…can be less effective.

And there is a thing called SWIFT which is the Society for Worldwide Interbank Financial Transfers – or something like that, based in Brussels and they oversee these kind of things. But when you look at the jurisdictional issues which concern the flow of information and e-flows of money across national jurisdictions where you have…different systems for safeguarding that kind of information, the huge issue is between the EU and the USA about transfer of SWIFT information.

Between European banks and USA; that has not been resolved, and it illustrates the difficulty of arriving at global or international means of regulation for surveillance information which is what we call monitored financial transfers.

That is a big job, and if you take it outside the matter of financial transfers into other kinds of transfers of information, then you have different jurisdictions, different levels, different suspicions about how the data might be secured; and when you are going into another jurisdiction where it might not be secure in your privacy. Those are abiding problems that are going to be with us for a long time as more and more things are digitised and information is flowing increasingly across boundaries into countries where the levels of protection are poorer.

Dr Andrew Neil: Yes, I just wanted to add something on the question of tax avoidance. One of the things I have discovered recently by speaking to people in the financial security sector is that there is very much a continuity in the kinds of tools which are used for financial security.

So for example, what began in the 80s and 90s as tools to prevent money laundering connected to drugs cartels was turned into a mechanism for tracking terrorist finance in the years of the war on terror, and has now been developed into a system for tackling global tax avoidance.

So the question is one of political priorities. I think since the financial crisis global tax avoidance has been on the political agendas of many countries and the weight of the financial securities mechanism has, through regulation, been turned towards this. So I think that there isnt such a distinction between what is and what is not looked at; it is more a question of what policy priorities do you turn your existing tools towards.

Chair: We have time for two questions, so we have two hands up, and we will take your two questions and then everybody answers as a conglomerate…

Man with first question: …these were really really good presentations. Just to pick up one point, I am fascinated by the concepts of personal privacy having a societal benefit. It has benefits far beyond the simple rights of the individual. We all often hear politicians rather flippantly comment that ‘if you have not done anything wrong, you’ve got nothing to hide’. Can you give us a fifteen second rejoiner to that flippant comment.

Man with second question: the gentleman on the right was talking about public opinion surrounding privacy and one of the things which has been quite interesting following Snowden and the Wikileaks stuff is there has been a surprising lack of public criticism of this. I mean that in places like Iceland there has been very strong reactions but in places like the UK and in America there has not been a very strong political reaction against this kind of idea of surveillance. So why do you think that is ?

Professor Charles Raab: On that last one, one is given to suspect that there is Valium in the water supply that has made this country have a rather laid back, non-responsive attitude towards these things. Whereas in Iceland, and in the USA, for example, it is much more vocal than in the UK. It is very interesting in trying to explain this, and surveys show that fairly consistently British attitudes are much more laid back about invasions of privacy than elsewhere.

That in itself does not mean that people want to be laid back about these things. We shouldn’t make our policy simply by what people say they want or don’t want. There are very important rights involved and if we can show why there are dangers involved that are really quite ever present, even if people don’t realise. So it is a kind of anomaly compared to other European countries, for example Germany where the reaction on invasions of privacy and so forth have been extremely adverse; and also on a historical and cultural and also legal constitutional reasons for that.

Let me segway to the first question. I cant give you fifteen seconds, I can probably give you fifteen hours… I think that it’s probably an unusual position to take that privacy is something that is important for society. There is increasing philosophical and sociological argument to substantiate that kind of claim and if we do thought experiments; if we think of what it would be like to be in a society in which you couldn’t have your privacy protected – and the need for that, in thinking about some of the former countries in the Soviet orders where you couldn’t be guaranteed that the privacy of your thoughts, your communications, your conversations in the pub were not being overheard at some level.

And look at what that does for the fabric of society. It means that you have basically a kind of society made up of people who are in constant fear of contact with others – for purpose, for lives, their jobs, whatever else might be at stake. And therefore if you ponder all that then you can begin to see how privacy, the importance of the protection of privacy for fabric of society as a whole and not just for me, me, me…

Professor William Webster: And very briefly I want to address the point on ‘I have nothing to hide so I have nothing to fear’. Ive been doing research on CCTV for 20 years now and I cant think of how many policemen have put this proposition to me. It also appears in numerous policy documents about CCTV, and I think I have also had on live TV journalists pose this to me.

And how I normally respond is that this actually poses the problem incorrectly because you could say why then do we also have curtains in our houses ? We don’t have curtains because we are all criminals. Maybe some of you are. We don’t have curtains because we are up to no good. We have curtains because we want to retain part of our lives which are private, which aren’t the legitimate business of other people.

So really the question that should be posed is more along the lines of ‘what legitimate right have you got to know all these things about me ?’. Interestingly I saw an argument – I was out having dinner at an international conference – and there was a very very animated argument between a Dutchman and somebody from Belgium, and this very issue of curtains in the houses.

Because one country insists that every house should have very thick curtains, and in the other country the norm is to have the curtains open at all times of the day so people can see in and see what is going on.

Dr Andrew Neil: It’s a very good question and I think the ‘we have nothing to hide’ – it misunderstands the nature of security and privacy in an important way. There are many many reasons, as William just suggested for having secure forms of privacy. And often there are contradictions in policy around it.

So David Cameron announced that he wants there to be nowhere that the government cant see. I once said that he questions whether there should be encryption, he wants the government to be able to see into every conversation and so on, if necessary for the right reasons. But online banking would be impossible without encryption. If the British government want Britain to be the most secure place to do business in the world and at the same time they want to ban encryption – those are completely contradictory.

And you cant make a system which is open to the eyes of government but not open to the eyes of – I don’t know – online hackers; they are one in the same thing. So encryption is already with us, everywhere in everything we do. To start making exceptions to that would break encryption, you couldn’t have exceptions for the government and then security for all the other nefarious people who are trying to get in.

Chair: So, I think we have come to the end of our session, and I would like to thank our participants. It has been interesting to find that people think that curtains arent there to keep in heat, or that there is something in the water – which is why Im going to continue to drink highland spring. So I would like you all to thank our participants in the usual fashion