On 23 June 2011 it was revealed that a working group under the Danish Ministry of Justice, with representatives from the Ministry of Justice, the Ministry of Science, Technology and Innovation, the National Commission of the Danish Police, the Security Intelligence Service and the National IT and Telecom Agency, had prepared a report about an expansion of the logging consolidated act and user registration of internet users.
Making difficult my criticism of this initiative – the subject matter of this blog entry – it has not been possible for me actually to get access to reading this report, as it is neither available online on the Ministry of Justice’s website nor on that of the Ministry of Science, Technology and Innovation. This in itself is totally unacceptable and inconsistent with all good principles for an open debate in an open society!
The report allegedly suggests that the already existing logging consolidated act (in Danish “logningsbekendtgørelsen“) should be amended such that non-commercial providers (such as libraries, cafes, housing associations, hospitals, etc.) are also obliged to log the users’ internet sessions. This obligation shall apply in all cases, unless the provider only provides internet access “in advance [to a] limited group of people”.
What is much worse, the report also proposes that all internet users, as well as commercial as non-commercial, partake in a validated user registration process by means of, for instance, their social security number, NemID, credit card details or tele-information. Unless these new requirements are complied with by a provider, access to the internet must simply not be given. Or, put simply, if you do not identify yourself beforehand, you may not be given access to the internet.
Many good forces, including Jacob McHangma, chief legal adviser at CEPOS, Jon Lund, chairman of DONA, and Pernille Drost, chairwoman of the Danish Union of Librarians, have spoken out in a prudent manner against the suggestions and recommendations of the report. I am in total agreement with their view that a requirement for validated user registration for both commercial as well as non-commercial providers of the internet is a serious statement against the free and open nature of the internet.
Not only is this proposal in stark contrast to the human right to freedom of communication, but it is likely to have a price-raising and limiting effect on the actual use of internet, which will limit Denmark’s potential as an IT nation.
No matter how much I agree with the criticism of this proposal, I do believe that the critics avoid, to a great extent, making up their minds about and coming up with constructive suggestions in relation to the motivation behind the recommendations of the report and, all things considered, behind the failed logging consolidated act. I choose to believe that the authors of the report do not have totalitarian or other evil intentions.
Quite simply, the critics fail to provide suggestions for alternative ways of how we can fight terrorism and international white-collar crime. These are major and very serious problems which we have the misfortune of observing in all societies, and in particular in western societies like Denmark, where IT and the internet are very widespread. Therefore, one cannot simply bury one’s head in the sand and pretend that we are not facing a huge challenge here.
My attitude is not, however, that there are no operative alternatives to extensive surveillance and registration, as suggested in the report and in the logging consolidated act, to justify these. Since the adoption of the logging consolidated act, there has been good reason to criticise it, and there is even better reason to criticise the recommendations of this report from a principle of proportionality. It is quite simply out of proportion to spend a lot of money – both state money and money from private players who shall take the measures – when it is in no way substantiated that the precautions will advance the purpose.
When this criticism is put forward, I believe that society and, in particular, the more progressive users of IT should transfer their focus from simply saying “no” to all kinds of surveillance, to a higher degree, to acknowledge that surveillance is actually, in many cases, a very sensible and natural precaution to take. We should re-evaluate our primary, negative attitude toward surveillance.
In the majority of cases, there are no moral issues related to surveilling a person’s use of the internet; it is not the surveillance itself which is the problem, but how the information obtained in conncection with this monitoring is used. Surveillance can, in this sense, be compared to technology which is traditionally considered as value neutral, as the value-loaded aspect arises in the use of the technology.
Surveillance is a reasonable measure to ensure that people act responsibly. I do not suppose that anyone would indicate that citizens of a society in general, family members within a family, or employees in a workplace should be allowed to act anonymously under all circumstances. The fact that you are being watched gives you a reasonable incentive to behave decently and respectably.
Likewise, much surveillance is implemented in the interest of those being surveilled. This applies for surveillance of patients, but to a high degree also of the surveillance which we hopefully all have been exposed to since childhood from a caring mother or father. Remember the text to the American, beautiful standard “Someone to watch over me”. We are social animals and our identity in groups is closely connected with surveillance. Our wellbeing and happiness are, to a high degree, connected to someone keeping an eye on us.
The problem with much surveillance, in my opinion, occurs when surveillance is monopolised in the sense that it is only the state which has the legal right to make the surveillance, or private companies which have the financial means to carry out the surveillance. Thereby there is a natural risk of power corruption, market failure, etc.
If surveillance, then, is not considered as an activity made by one or a few from “above”, but by many from “below”, we also conceptually move from “surveillance” to “sousveillance.
It is unrealistic – and undesirable – to believe that all citizens of a society should walk around checking everything that other people do. However, personally, I would prefer if a larger amount of the intelligence data which was gathered and used by the Security Intelligence Service and others in connection with fighting terror and white-collar crime came from citizens who were granted easier access to gather and report relevant information and data.
Some may argue that we do not want a “society of informers” with a lot of “snooping”. The reality is, however, that there is a need for intelligence data, if these serious social problems, which terrorism and white-collar crime represent, are to be solved. In all cases, the solution comes down to gathering better and useful data. Without data and information, there would be no intelligence service. In my perspective, it is better that data is gathered in a transparent and democratic way where it is unnecessary to implement legislation which, in an absolutely unnecessary manner, prevents and increases the price of using the internet in general.
It is also likely that such crowdsourcing of intelligence business intelligence would be more effective and cheaper for the state. The IT security guru Bruce Schneier has, with great emphasis, argued that practically all the IT measures which the United States have implemented after 9/11, e.g. all of the large databases and control systems which are established under the Department of Homeland Security, do not actually provide results to an extent which in any way justifies the large costs and the great changes to ordinary human rights which they entail.
He has pointed out that the majority of the solved terror attempts have been made through the good, old-fashioned intelligence service, where resourceful and experienced intelligence officers have been able to recognise a pattern in different information about behaviour, etc., which has led to reconnaissance and prevention.
Therefore, my suggestion is that rather than continuing to criticise the recommendations made by the report and the logging consolidated act, we should instead be making efforts to provide suggestions as to how the intelligence effort and the work done by the police can be improved. It is important to acknowledge that the solution cannot be found without there in another way than via silly bureaucratic proposals are given possibilities of collecting and reporting data and information about the citizens’ behaviour.