Metadata and privacy: surveillance state or business as usual?
By NSC Research Fellow Dr Adam Henschke
The public discussion seems split between two poles. One side argues that we’re entering a world of perpetual government surveillance. Others contend that business has been collecting our metadata for years – with barely a murmur from the public – so why the panic?
Underneath this discussion lies a deeper set of questions. Are the new laws ethical? Do they do something new? Or are they simply the government making into law what telecommunications company were doing anyway?
An important way to think about these questions is to consider if there’s something truly different or new about government using this metadata.
Privacy and government intrusion
Does the government have any business peering into our personal lives at all? Privacy has often been seen as a zone free from the government. On this understanding of privacy, by looking at our metadata, the government is doing something wrong.
But as federal Attorney-General George Brandis pointed out, it is surely part of a government’s duty to investigate and prevent serious crimes. If metadata can help prevent crimes such as terrorism and child pornography, then we ought to use it.
However, in investigating serious crimes, a warrant is often needed for police surveillance. So, if Brandis' comparison holds, such warrants should also be required in cases of metadata.
Government vs private use of metadata
The next question is whether there’s some special difference between the government using this information and a private company using it, such as a telecommunications company.
We accept that many of our internet services will create, collect and store certain metadata about us for commercial purposes, typically without any moral panic. Why the concern when the government does the same thing? Arguably, given the seriousness of the crimes, the government would be more justified if this would stop these crimes.
One important difference between a company and the government using our metadata is that the government has what is called the “monopoly on violence”. The government has police, military and other security agencies, which private institutions and citizens simply don’t have.
The power that a government can wield is of a totally different kind to that of a private actor. Therefore, there is a far deeper concern about government misusing metadata than a company. Countries such as Australia have long-standing sets of laws and restrictions on just how the police, military and security agencies can legitimately exercise this force. Such traditions ought also extend to how metadata is accessed and used.
We need also bear in mind that, given our increasing dependence on computers and the internet, people are quite vulnerable to corporate misuse of personal information. If anything, we should be quite concerned about these companies and what they’re doing with our information.
They may not have the force of police or military, but there’s a great deal of power that private companies can wield over individuals. So perhaps there ought to be tighter oversight of corporate actors, with limits placed on what they can do with metadata.
Informed consent and informational justice
The final point of difference builds from the idea of informed consent.
If a telecommunications company needs to retain certain metadata for commercial purposes, and we sign an agreement that allows this, then there doesn’t seem to be any violation of privacy. Such an agreement would need to meet the basic conditions of informed consent: that we are properly informed and meaningfully consent. Where we encounter a problem is if another company, person or institution then uses that retained information for another purpose.
Jeroen van den Hoven, a leading figure in philosophy of technology, calls this an “informational injustice”: that is, when personal information given in context A is used in context B without the person’s consent.
The concern is that if we have allowed our metadata to be used by a telecommunications company for commercial purposes, then an informational injustice might occur should a government agency access this information for the purposes of a criminal investigation. For example, we wouldn’t consider it a problem if a GP asked for our recent medical history as part of a diagnosis. But if that personal information was then used for commercial purposes, without our consent, then we might have a violation of privacy.
In many case a criminal investigation is totally justified, and seeking the suspect’s informed consent to be investigated would be absurd. But we need to recognise that the metadata ought to be treated with care, and only be accessed by specific government agencies for serious reasons. Otherwise, we shift from business as usual to something warranting serious public criticism and concern.
This article first appeared in The Conversation.
Dr Adam Henschke is an ethicist and research fellow at the National Security College.