It used to be the prerogative of God to know more about me than I knew about myself. Now it seems that Facebook, Amazon and Apple have usurped that role.
Our phones and what we do on them provide an intimate insight into our personal lives; who we know, where we go, what we buy and what news we watch. Unless you want to live under a rock it seems that we have to give that information away to the Big Tech companies.
Those Big Tech companies may be scary, but at least they do not have the power of the State (yet!). Police and Security Agencies, on the other hand, can get hold of this personal information and do so on a regular basis. As far back as 2014, the Guardian revealed that three of the four major networks in the UK handed over customer data to the Police “like a cash machine” whenever a request was made. That is because the Regulation of Investigatory Powers Act allows the police and other law enforcement agencies to access up to a year’s worth of call records from all their customers without a warrant.
That may not strike a chord with a lot who say “if you have nothing to hide, you have nothing to fear,” but allowing police and wider public authorities to access any data is a violation of our human rights, specifically, the right to respect a private and family life, home and correspondence.
At the start of this year, the Investigatory Powers Commissioner’s Office (IPCO) released data that showed that in 2020 Law Enforcement agencies had over 250,000 communication data requests waved through without Judicial process, which will have potentially seen over 780,000 items of communications data handed over.
There has to be a balance here. Clearly, it is in all our interests that the Police have the information that they need to do their job. Police deal with half a million incidents involving mental health issues and 180,000 missing persons each year. The ability to “ping” the phone of a distressed 14-year-old and locate them is an invaluable, and potentially life-saving tool if it can be done quickly.
At the other end of the scale, identifying the sources of investigative journalists who are exposing malfeasance in government, attacks the core of our democracy. The police use of profiling is already a contentious issue when employed for stop and search, add communications data to the process and you have a worrying power.
In a report published in June 2020, the UK Information Commissioner’s Office (ICO) found that Police services were “inconsistent in their approach” when it came to accessing data from mobile devices. The report also discovered “poor practices” when it comes to data handling and a “reliance on consent” in order to access data, even if the circumstances were not appropriate.
This especially rings true when you consider that over 30% of communications data requested by law enforcement in 2020 was not from suspects’ devices. Therefore police are accessing information from victims, witnesses, and vulnerable people unbeknownst to them.
While the principle of data sharing may be justified, it’s understandable that people will still be wary of the data that can be accessed so easily. The access to this highly intrusive information should only be when it is necessary and should also be proportional to the situation. Who judges that it is necessary and proportionate at 3 am when a life is at risk? Who checks that it is being done properly?
Responsibility has to be shared. The police must act respectfully but the telephone companies also have a duty to protect their customers’ data, whilst also acting as good corporate citizens, and protecting the society that allows them to make profits.
So, what is the solution? The ICO report suggests more rules for the police to follow would introduce more clarity around how and when they should extract communications data. But it seems that someone who is independent has to come in to hold both police and the telephone companies to account, and audit the release of this data.
That’s because the mobile device is no longer just a telephone. It’s your wallet, your camera, your diary, the place where you store some of the most personal information about yourself, for better or for worse. Therefore, the access and storage of this information needs to be taken seriously, it’s no longer just flicking through call records, it’s intimate details about your life.
But let’s not forget that, largely, the networks themselves do not question the requests that come in. That can be for multiple reasons, but having the confidence and maybe the personnel to challenge these requests is vital to protecting the customers they care so much about.
Be it an auditable system, more rules, or a stiffer attitude towards data sharing, there needs to be progress so that customers feel comfortable using their devices, or at the very least, only have to worry about Silicon Valley listening in on them!
Article by Ray Green, Director at Focus Data Services Ltd.