Big Data, Intelligence, and Human

Rights

Darcie Hutton

JST495

Assignment 2

Charles Sturt University

15 January 2015

D HuttonJST495A2 2

According to Moore’s Law “the number of transistors on an

affordable CPU would double every two years” (Moore, 1998). In

simplified terms this means that computers are constantly

changing as they physically get smaller yet virtually get larger.

The growth in size of computing devices allows for larger storage

and faster processing of information and in terms of big data, it

is getting faster to collect and analyse mass amounts of

information. However, with the ability to sift through such large

amounts of information there is a responsibility that must be

undertaken by intelligence organisations to ensure that human and

civil rights are not impeded upon without just cause and for them

to take into account the risks associated with using big data

(Kuner, Cate, Millard and Svantesson, 2012).

This paper will begin by providing a definition for big data

before looking at how intelligence agencies gather and protect

D HuttonJST495A2 3privacy through examples of legal and social frameworks. From

there it will examine how big data impacts human rights and which

rights may be affected by its use by looking at PRISM and the

Section 215 program and applying an ethical framework to NSA

practices. It will conclude by looking at how there is a fine

line between protecting human rights and protecting national

security and how various countries are applying laws and Acts to

find compromise.

What is big data?

Big data is an ill defined and evolving term used to

describe large data sets that are “awkward to work with using

standard statistical software” (Snijders, Matzat, Reips, 2012).

Gartner’s defines big data as “high volume, velocity and variety

information assets that demand cost-effective, innovative forms

of information processing for enhanced insight and decision

making (Sicular, 2012). The data collected is a source for

ongoing discovery and analyses by retailers, government

organisations, businesses, statistical purposes, weather offices,

transportation systems, and any other number of sources.

D HuttonJST495A2 4

The concept of big data could rightly be mistaken for a

chapter out of Orwell’s novel 1984 with ‘Big Brother’ staring

down at us, or in this case, keeping track of everything we buy,

read, search, or glance at using electronic methods. It is about

predictions and “applying math to huge quantities of data in

order to infer probabilities” (Mayer-Schönberger and Cukier,

2013, p. 33). With such large amounts of data come ethnical

issues such as if using the data in certain ways can lead to a

violation of civil, social, political, and legal rights of the

people from whom the data was collected (Davis and Patterson,

2012).

How do intelligence agencies protect privacy?

Whilst intelligence gathering is not new, the way

intelligence is gathered and analysed with computers has only

been around since World War II when Alan Turing and his co-

workers in Hut 8 at Bletchley Park used the Bombe machine to

decipher the encrypted messages being received (Davies, 1999).

Though intelligence had been gathered, decrypted, and analysed

D HuttonJST495A2 5prior to Turing’s time at Bletchley, it was his industrial scale

machine that paved the way for computing as we know it, and the

ability to collect, and analyse big data (Davies, 1999). Turing’s

research into artificial intelligence and “thinking machines” is

the benchmark for big data, though according to Mayer-Schönberger

and Cukier, big data is less about teaching machines to think

than it is about finding the probabilities behind certain actions

(2013).

After World War II (WWII) the ‘Five Eyes’ intelligence

sharing community consisting of Canada, Australia, New Zealand,

the United Kingdom, and the United States was created, mainly to

maintain surveillance on Soviet movements and threats. This

community continues to exist and gives rise to the question of if

the sharing of information between countries is legal (SIRC,

2012). There are also issues concerning how CSIS and

Communications Security Establishment Canada (CSEC) obtain and

use intelligence gathered (SIRC, 2012). For example, in a report

by the Security Intelligence Review Committee (SIRC) in 2012, a

recommendation was made that both CSIS and CSEC avoid “extensive

reporting of non-targeted individuals” in its collection of

D HuttonJST495A2 6information. The duty of the state to protect data “arises from

the person’s right to respect for his or her privacy” (Bauman, et

al, 2014). Most democratic nations have privacy laws in place and

the information on these privacy acts are freely available for

anyone to read. Canada’s privacy laws in terms of CSIS and CSEC

states that though the nation’s intelligence agencies may cast a

wide net to obtain information, they are also to be held

accountable (Office of the Privacy Commissioner of Canada, 2014).

Along with privacy laws and Acts, Canada has also established the

CSIS Act to outline clearly established investigatory limits, and

the establishment of the SIRC (Office of the Privacy Commissioner

of Canada, 2014).

To protect the privacy of Canadians, the Acts were to

regulate the practices of intelligence organisations operating

within the country by strengthening the accountability regime,

bolstering the powers held by federal bodies reviewing national

security operations, increasing coordination of Parliament’s

oversight role, and reforming existing privacy legislation

(Office of the Privacy Commissioner of Canada, 2014). In the

D HuttonJST495A2 7United Kingdom safeguards have been put in place to make the

security services more transparent and accountable to the public

such as the creation of an independent Commissioner to review

warrants, as well as Commissioners with the sole purpose of

protecting data, surveillance, use of closed-circuit television

(CCTV), and intelligence services (Office of the Privacy

Commissioner of Canada, 2014). T

These Acts were meant to protect the rights and freedoms of

Canadians from unnecessary or illegal searches and data

collection by the national intelligence organisations. However,

despite the establishment of the Acts there are still serious

questions surrounding if and how the intelligence organisations

actually do protect private data and what they are protecting it

from.

Types of human rights issues associated with big data

Whilst big data can have many implications in concern to

human rights violations all of the violations seem to fall under

the umbrella of privacy issues. Though privacy, at first glance,

D HuttonJST495A2 8may not seem like a human rights violation, we must look at how a

lack of adherence to privacy laws and practices can undermine the

idea of democracy. By going about our everyday business we are

subject to any number of data collection methods. Retailers, at

least in North America, routinely ask for email addresses or

phone numbers when making purchases tying your purchase to a

unique identifier easily found through an online search, or

dumped in to a larger database that can track your spending

habits (de Zwart, Humphreys and van Dissel, 2014). Whilst you may

consent to a retailer or commercial entity obtaining your

information, you may not be consenting to that information being

provided to security agencies (de Zwart, Humphres, and van

Dissel, 2014). Retailers are not the only avenues for data

collection in the public sphere. With the rise of smart phones

with WiFi and Bluetooth capabilities, the endless search by

phones for WiFi hotspots can allow systems to obtain information

directly from our phones including GPS locations and contact

lists, and previous online searches (de Zwart, Humphries, and van

Dissel, 2014). The very idea that retailers are using our

information for their own uses as well as passing it on to

D HuttonJST495A2 9security agencies sounds like a dystopian novel with the

government spying on us through our everyday activities. However,

in 2011, it was leaked that this is exactly what was happening.

Case Study: Prism

PRISM is a collaboration between various security agencies

and corporate entities who have partnered to share

information obtained through commercial means. The main

players in PRISM are companies that many of us use every day

for our daily businesses or pleasure. Microsoft, Apple,

Google, Facebook, and Yahoo, among others, were implicated

when PRISM was blown open by Edward Snowden in 2011.

Snowden, a contractor with the National Security Agency

(NSA) leaked Powerpoint slides of PRISM to journalists after

fleeing the United States for Hong Kong. The slides leaked

damaging information on how corporations were sharing, data

gathered through Cloud Computing, social networking,

telephone records, chat logs, and purchasing information

with, amongst others, the NSA and the United Kingdom’s

Government Communications Headquarters (GCHQ). Some of the

D HuttonJST495A2 10

companies were sharing voluntarily and others were forced

into collaborating with the security organisations (Bauman

et al, 2014). The main goal of PRISM was to obtain Internet

metadata so it could be cross-checked and analysed by NSA

analysts (Greene, 2014). Along with PRISM which captured

Internet metadata, the section 215 program sought to capture

telephony metadata, specifically from the carrier Verizon.

The information obtained by the NSA from Verizon included

all call information for calls placed between people within

the United States and those placed to overseas numbers

(Greene, 2014).

Where, then, do human rights issues come in to play with

PRISM and section 215? Within the United States surveillance

of US persons must be in compliance with constitutional and

legal requirements such as obtaining warrants prior to any

surveillance (de Zwart, Humphreys, and van Dissel, 2014).

Though these rules do not apply to non-US persons on foreign

soil, due to the globalised nature of big data and the

sources from where it was obtained, the lines between

D HuttonJST495A2 11

domestic and foreign were blurred giving the NSA

unprecedented access to intimate and private details of the

lives of both US citizens and foreign nationals.

Davis and Patterson have set out a framework for big data

ethics. They cite four elements: identity, privacy,

ownership, and reputation, they believe should be considered

when dealing with the ethical side of data collection and

analysing and these elements can be applied to intelligence

agencies as well as retailers and other entities (2013, p.

3). Whilst identity (the relationship between online and

offline identities) is important, it is the other three that

seem to have be more relevant when it comes to intelligence

data. If we apply the framework set out by Davis and

Patterson to the actions of the NSA through PRISM and

section 215, we can obtain a more clear picture of how

privacy rights have been trampled.

Privacy: who should control access to the data? If companies

such as Facebook and Google have obtained the information,

D HuttonJST495A2 12

is it ethical that they then release that information to

security agencies? Both entities are publicly traded

companies accountable to both shareholders and users and

have an obligation to protect privacy. However, there is

evidence that a number of companies involved in both

operations were forced by the United States government into

assisting.

Ownership: Piggybacking on privacy, if the Internet

metadata is obtained by companies such as Facebook, whose

entire platform is based on personal information being

shared in unprecedented amounts, do they own the

information? If so, can they transfer the ownership to

another entity?

Reputation: reputation speaks more of the reputation of the

data obtained than it does about the source of the

information. People share all sorts of information on public

online forums, and it is difficult to determine what is

true, what is embellished, and what is false. Analysing the

D HuttonJST495A2 13

activities of nearly 1 billion users is a gargantuan task.

(Davis and Patterson, 2012) and there are questions as to if

the information assembled through big data is an accurate

representation of the people from whom it has been gathered.

The information has been subjected to algorithms and

reassembled into reasonable facsimiles of those represented,

but in reality they are just an aggregation of data (de

Zwart, Humphreys, and van Dissel, 2014).

We must also look at how the big data collected by

intelligence agencies can and has been used to circumvent legal

due process in criminal matters. In most democratic countries

there is the expectation that a person accused of a crime is

innocent until proven guilty and that evidence obtained by law

enforcement will be done so using legal methods. However, there

are instances when the intelligence community and the law

enforcement community have collaborated to circumvent the legal

process to obtain the desired outcome. Let us take the example of

Belgium where, in 2010, ten people were arrested after

information gathered by the intelligence services was used to

D HuttonJST495A2 14tip-off police (Eijkman and van Ginkel, 2011). The case in

Belgium showcases the difficult decision when dealing with

information gathered by intelligence services as there is no way

to discern if the information was gathered in a legal manner

according to the law and since much, if not all, of the

information is protected as secret for state security purposes

(Eijkman and van Ginkel, 2011).

Aside from unlawful evidence gathering there is the

democratic practice of fair trials. If a person is charged with a

crime using illegally obtained or secret information, that person

is being denied a fair trial. Canada, the United Kingdom, and New

Zealand have all enacted special advocate laws to adapt to the

change in how information is gathered (Eijkman and van Ginkel,

2011). Special advocates are members of counsel with the

appropriate clearances who are assigned to work in the best

interests of the defendant. With security clearance, the special

advocate is privy to information the defendant could not be thus

providing, though not without issues, the ability to make use of

D HuttonJST495A2 15big data analysed by intelligence agencies that may not fit in

with Canadian, British, or New Zealand common law standards.

What is more important: human rights or human safety?

The Belgian case gives rise to the question of what is more

important: human rights or human safety? Belgium is not the only

country grappling with the delicate balance between the two,

Canada has also been attempting to protect human security whilst

safeguarding human rights (Eliadis, 2011). The Canadian Security

Intelligence Service (CSIS) has, in the past, expressed the

viewpoint that they were above the law and not subject to the

Canadian Charter of Rights and Freedoms, though this is

completely incorrect as they are Crown corporations (Eliadis,

2011) and as such are subject to the same legal requirements in

terms of data collection and usage, at least on paper. Canada is

not the only country to circumvent the legal process. In the

United States court case Al-Haramain Islamic Foundation, Inc. vs. Obama, a

religious organisation was notified that their communications had

been wiretapped and documented without consent. When they

D HuttonJST495A2 16attempted to sue the government for privacy breaches, the state

quickly hid behind sovereign immunity and invoked their

privileges when it came to state secrets (Greene, 2014).

According to Greene it is “fundamental that private citizens have

the ability to challenge the constitutionality of policies and

laws that have been enacted and carried out by its representative

government” (2014, p. 796). There is a fine line between

expectations of privacy and living in a secure nation. Rights and

liberties afforded to those living in democratic nations are

frivolous and easily taken away, however, the use of big data has

allowed intelligence agencies to obtain data without us knowing

and no way of proving where the information was obtained (Greene,

2014). Despite democracy being trotted out in opposition to

clandestine big data collection by security agencies via

commercial entities, it is still something that can be limited or

removed to “secure the primary order of nation-states in a system

of such states” (Bauman, et al, 2014). It is a lose-lose

situation as the public demands protection from, for example,

terrorist attacks, but yet protest against governments when they

make attempts to use any method available to provide information

D HuttonJST495A2 17that could prevent an attack. However, the catch-22 only exists

if the governments in question are using the information gathered

for purposes related to national security and not to impose their

own domination. National security has, for now, trumped

individual privacy and rights when it comes to intelligence

gathering.

Conclusion

There is little doubt that the collection of big data

has and will, in the future, shape how we live our lives and how

our governments are run. It has crept in to our every day lives

without many of us being aware of its existence. This paper has

looked at how intelligence agencies have made use of big data and

the human rights and privacy violation issues that have come out

of such practices. Prior to Edward Snowden leaking the files on

PRISM and the Section 215 program, the use of big data by

intelligence agencies via corporations was only rumour, but has

since become a very real issue in our lives. The data collected

and analysed can and has been used to foil terrorist plots

through arrests of potential perpetrators, but at what cost? It

D HuttonJST495A2 18is impossible to determine which is the lesser of two evils:

government spying on our mundane lives in hopes of finding those

few who may commit a criminal act or ensuring our right to

privacy and insisting on our human rights being protected at all

costs. Perhaps the common ground can be found in the ethics used

by intelligence agencies when dealing with the obtained big data

as right now there seems to be little faith in intelligence

organisation practices throughout the democratic world due to a

reduction in their reputations through perceived malicious

intent. It is also possible that, as citizens of Western

democratic nations, we are deluded into thinking that privacy and

human rights are inherent.

D HuttonJST495A2 19

References

Bauman, Z., Bigo, D., Esteves, P., Guild, E., Jabri, V.,

Lyon, D., & Walker, R. (2014). After Snowden: Rethinking

the impact of surveillance. International Political Sociology,

8(2), 121-144.

Davies, D. W. (1999). The Bombe: A remarkable logic machine.

Cryptological, 23(2), 108-138.

Davis, K., & Patterson, D. (2012). Ethics of big data. Sebastopol,

CA: O'Reilly.

De Zwart, M., Humphreys, S., & Van Dissel, B. (2014).

Surveillance, big data and democracy: lessons for

Australia from the US and UK. UNSW Law Journal.

Eijkman, Q., & Van Ginkel, B. (2011). Compatible or

incompatible? Intelligence and human rights in terrorist

trials. Amsterdam Law Forum, 3(4).

Eliadis, P. (2011). National Security and Human Rights. Retrieved from

Canadian Human Rights Commission website:

D HuttonJST495A2 20

http://www.chrc-ccdp.ca/sites/default/files/eliadis-

eng.pdf

Greene, M. (2014). Where has privacy gone? How surveillance

programs threaten expectatioins of privacy. The John Marshall

Journal of Information Technology & Privacy Law, 30(4). Retrieved

from http://repository.jmls.edu/cgi/viewcontent.cgi?

article=1750&context=jitpl

Kuner, C., Cate, F., Millard, C., & Svantesson, D. (2012). The

challenge of 'big data' for data protection. Journal of

Cybersecurity, 2(2), 47-49.

Mayer-Schönberger, V., & Cukier, K. (2013). Big data: A revolution that

will transform how we live, work, and think. Boston, MA: Houghton

Mifflin Harcourt.

Moore, G. (1998). Cramming more components onto integrated

circuits. Proceedings of the IEEE, 86(1).

Office of the Privacy Commissioner of Canada. (2014). Checks and

controls: reinforcing privacy protection and oversight for the Canadian

D HuttonJST495A2 21

intelligence community in an era of cyber-surveillance. Retrieved from

Office of the Privacy Commissioner of Canada website:

https://www.priv.gc.ca/information/sr-rs/201314/sr_cic_e.

asp

Security Intelligence Review Committee. (2012). Section 2: Summaries

of SIRC reviews and complaints. Retrieved from Government of

Canada website: http://www.sirc-csars.gc.ca/anrran/2012-

2013/sc2a-eng.html

Sicular, S. (2013, March 27). Gartner's Big Data Definition

Consists of Three Parts, Not to Be Confused with Three

"V"s. Retrieved from

http://www.forbes.com/sites/gartnergroup/2013/03/27/gartn

ers-big-data-definition-consists-of-three-parts-not-to-

be-confused-with-three-vs/

Snijders, C., Matzat, U., & Reips, U. (2012). 'Big Data': Big

gaps of knowledge in the field of Internet science.

International Journal of Internet Science, 7, 1-5.