Privacy vs. Security – Finding the Right Balance

13 · NOV ·2014

There is an old saying when it comes to information: knowledge is power. This is why the UK government is currently locked in a battle with Internet Service Providers (ISPs) over the amount of information they should legally be allowed to have access to, especially when it comes to those suspected of being involved in illegal activity. Over the past few months there have been numerous stories concerning terrorist groups across the world using the Internet to plan attacks as well as recruit new members, which is why the government wants greater access to users’ information.

Earlier this week GCHQ chief Robert Hannigan slated some of the biggest ISPs in the world for not co-operating when it comes to supplying data that the intelligence organisation believe would help them in the battle against terrorism. In an article for the Financial Times named “The web is a terrorist’s command-and-control network of choice” he stated that without the support of ISPs and other corporations in the private sector national security could be at risk. He added that even though GCHQ respect individuals’ privacy the organisation requires certain information in order to protect citizens across the world.

It is not surprising to hear that a number of ISPs are not comfortable with disclosing their customers’ information, especially to the government, as it will ultimately lead to them becoming mistrustful. Furthermore, some claim that this is an abuse of power and that users have a right to privacy as well as knowledge of what– if any – information about them is being made available to the government. Isabella Sankey, director of policy at the civil rights group Liberty, said: “These firms have pushed back because they realise how [continuing cooperation] might involve them breaching laws in other countries. The tech firms realise that this is walking into a legal no man’s land.

“How would the British government feel if the Saudi government asked the internet service companies to intercept British people’s communications? GCHQ seems unable to grasp this. There’s been no attempt in the UK to engage in debate. It’s breathtaking to come out with a piece like this while [resisting claims] in the IPT.” Meanwhile, Nicholas Lansman, secretary general for the UK’s Internet Service Providers’ Association, said: “Ultimately, the public will be the arbiters of where the line should be drawn between privacy and security. For this to happen, an honest and frank debate is required based on the full facts. The comments from GCHQ fall short of this.”

However, earlier this week the Prime Minister said that he supported Hannigan on the matter, with his official spokesman stating that David Cameron “very much shares the view that is being expressed there around the use of web-enabled, internet-access technologies by violent and extremist groups amongst others, and the need to do more.” Ed Richards, head of the media regulator Ofcom, agrees that websites, particularly social media sites, have a “social responsibility” when it comes to helping international security.

He added: “I think it is fair to say that there are social responsibilities that come with a media that is as prevalent and as significant as social media has become.” This summer the government rushed through a new piece of legislation named the Data Retention and Investigation Powers (Drip) Act which requires ISPs and telecommunications providers to retain users’ information for 12 months and provide said information to around 600 public bodies if requested.

This poses a huge problem for not only individuals but also businesses who manage sensitive information on behalf of their clients. Under the new Act medical records, insurance claims and details of personal finances can all be accessed by the government, police and a range of other political bodies. This means that businesses are unable to promise their clients that their data will remain private – no matter how many security solutions they implement including firewalls and anti-virus software.

Simon Stokes, Strategic Account Director at Fluidata, said: “Security and anonymity are, in my opinion, at the heart of the coming of age of the digital age. At Fluidata we architect and deliver extremely secure networks and private UK cloud infrastructure but we are of course still subject to the law. Like every service provider Fluidata have an acceptable usage policy and as you would expect this allows us to remove users who break the law.

“There is however still a duty of care to protect information and it is our policy not to release any sensitive information to any organisation without a warrant. This is not the case for many organisations whose terms will quite clearly state that information will be shared with relevant government organisations (check those terms before you sign up to a hotspot). The American National Security Agency sum up our own governments approach quite well in there “If you have nothing to hide you have nothing to fear” website page on how they collect data. Worth a read if you are worried about a minority report type early arrest.”

The government already has a number of powers that enable them to request information from ISPs, which is why many providers are against further regulations coming into effect. It is true that a number of terrorist groups use the Internet to organise attacks, however does this mean that every user should have their information logged and shared without their knowledge? The key here is finding the right balance.

Share on

Posted by Dan Pope