Big Data, Intelligence, and Human
Rights
Darcie Hutton
JST495
Assignment 2
Charles Sturt University
15 January 2015
D HuttonJST495A2 2
According to Moore’s Law “the number of transistors on an
affordable CPU would double every two years” (Moore, 1998). In
simplified terms this means that computers are constantly
changing as they physically get smaller yet virtually get larger.
The growth in size of computing devices allows for larger storage
and faster processing of information and in terms of big data, it
is getting faster to collect and analyse mass amounts of
information. However, with the ability to sift through such large
amounts of information there is a responsibility that must be
undertaken by intelligence organisations to ensure that human and
civil rights are not impeded upon without just cause and for them
to take into account the risks associated with using big data
(Kuner, Cate, Millard and Svantesson, 2012).
This paper will begin by providing a definition for big data
before looking at how intelligence agencies gather and protect
D HuttonJST495A2 3privacy through examples of legal and social frameworks. From
there it will examine how big data impacts human rights and which
rights may be affected by its use by looking at PRISM and the
Section 215 program and applying an ethical framework to NSA
practices. It will conclude by looking at how there is a fine
line between protecting human rights and protecting national
security and how various countries are applying laws and Acts to
find compromise.
What is big data?
Big data is an ill defined and evolving term used to
describe large data sets that are “awkward to work with using
standard statistical software” (Snijders, Matzat, Reips, 2012).
Gartner’s defines big data as “high volume, velocity and variety
information assets that demand cost-effective, innovative forms
of information processing for enhanced insight and decision
making (Sicular, 2012). The data collected is a source for
ongoing discovery and analyses by retailers, government
organisations, businesses, statistical purposes, weather offices,
transportation systems, and any other number of sources.
D HuttonJST495A2 4
The concept of big data could rightly be mistaken for a
chapter out of Orwell’s novel 1984 with ‘Big Brother’ staring
down at us, or in this case, keeping track of everything we buy,
read, search, or glance at using electronic methods. It is about
predictions and “applying math to huge quantities of data in
order to infer probabilities” (Mayer-Schönberger and Cukier,
2013, p. 33). With such large amounts of data come ethnical
issues such as if using the data in certain ways can lead to a
violation of civil, social, political, and legal rights of the
people from whom the data was collected (Davis and Patterson,
2012).
How do intelligence agencies protect privacy?
Whilst intelligence gathering is not new, the way
intelligence is gathered and analysed with computers has only
been around since World War II when Alan Turing and his co-
workers in Hut 8 at Bletchley Park used the Bombe machine to
decipher the encrypted messages being received (Davies, 1999).
Though intelligence had been gathered, decrypted, and analysed
D HuttonJST495A2 5prior to Turing’s time at Bletchley, it was his industrial scale
machine that paved the way for computing as we know it, and the
ability to collect, and analyse big data (Davies, 1999). Turing’s
research into artificial intelligence and “thinking machines” is
the benchmark for big data, though according to Mayer-Schönberger
and Cukier, big data is less about teaching machines to think
than it is about finding the probabilities behind certain actions
(2013).
After World War II (WWII) the ‘Five Eyes’ intelligence
sharing community consisting of Canada, Australia, New Zealand,
the United Kingdom, and the United States was created, mainly to
maintain surveillance on Soviet movements and threats. This
community continues to exist and gives rise to the question of if
the sharing of information between countries is legal (SIRC,
2012). There are also issues concerning how CSIS and
Communications Security Establishment Canada (CSEC) obtain and
use intelligence gathered (SIRC, 2012). For example, in a report
by the Security Intelligence Review Committee (SIRC) in 2012, a
recommendation was made that both CSIS and CSEC avoid “extensive
reporting of non-targeted individuals” in its collection of
D HuttonJST495A2 6information. The duty of the state to protect data “arises from
the person’s right to respect for his or her privacy” (Bauman, et
al, 2014). Most democratic nations have privacy laws in place and
the information on these privacy acts are freely available for
anyone to read. Canada’s privacy laws in terms of CSIS and CSEC
states that though the nation’s intelligence agencies may cast a
wide net to obtain information, they are also to be held
accountable (Office of the Privacy Commissioner of Canada, 2014).
Along with privacy laws and Acts, Canada has also established the
CSIS Act to outline clearly established investigatory limits, and
the establishment of the SIRC (Office of the Privacy Commissioner
of Canada, 2014).
To protect the privacy of Canadians, the Acts were to
regulate the practices of intelligence organisations operating
within the country by strengthening the accountability regime,
bolstering the powers held by federal bodies reviewing national
security operations, increasing coordination of Parliament’s
oversight role, and reforming existing privacy legislation
(Office of the Privacy Commissioner of Canada, 2014). In the
D HuttonJST495A2 7United Kingdom safeguards have been put in place to make the
security services more transparent and accountable to the public
such as the creation of an independent Commissioner to review
warrants, as well as Commissioners with the sole purpose of
protecting data, surveillance, use of closed-circuit television
(CCTV), and intelligence services (Office of the Privacy
Commissioner of Canada, 2014). T
These Acts were meant to protect the rights and freedoms of
Canadians from unnecessary or illegal searches and data
collection by the national intelligence organisations. However,
despite the establishment of the Acts there are still serious
questions surrounding if and how the intelligence organisations
actually do protect private data and what they are protecting it
from.
Types of human rights issues associated with big data
Whilst big data can have many implications in concern to
human rights violations all of the violations seem to fall under
the umbrella of privacy issues. Though privacy, at first glance,
D HuttonJST495A2 8may not seem like a human rights violation, we must look at how a
lack of adherence to privacy laws and practices can undermine the
idea of democracy. By going about our everyday business we are
subject to any number of data collection methods. Retailers, at
least in North America, routinely ask for email addresses or
phone numbers when making purchases tying your purchase to a
unique identifier easily found through an online search, or
dumped in to a larger database that can track your spending
habits (de Zwart, Humphreys and van Dissel, 2014). Whilst you may
consent to a retailer or commercial entity obtaining your
information, you may not be consenting to that information being
provided to security agencies (de Zwart, Humphres, and van
Dissel, 2014). Retailers are not the only avenues for data
collection in the public sphere. With the rise of smart phones
with WiFi and Bluetooth capabilities, the endless search by
phones for WiFi hotspots can allow systems to obtain information
directly from our phones including GPS locations and contact
lists, and previous online searches (de Zwart, Humphries, and van
Dissel, 2014). The very idea that retailers are using our
information for their own uses as well as passing it on to
D HuttonJST495A2 9security agencies sounds like a dystopian novel with the
government spying on us through our everyday activities. However,
in 2011, it was leaked that this is exactly what was happening.
Case Study: Prism
PRISM is a collaboration between various security agencies
and corporate entities who have partnered to share
information obtained through commercial means. The main
players in PRISM are companies that many of us use every day
for our daily businesses or pleasure. Microsoft, Apple,
Google, Facebook, and Yahoo, among others, were implicated
when PRISM was blown open by Edward Snowden in 2011.
Snowden, a contractor with the National Security Agency
(NSA) leaked Powerpoint slides of PRISM to journalists after
fleeing the United States for Hong Kong. The slides leaked
damaging information on how corporations were sharing, data
gathered through Cloud Computing, social networking,
telephone records, chat logs, and purchasing information
with, amongst others, the NSA and the United Kingdom’s
Government Communications Headquarters (GCHQ). Some of the
D HuttonJST495A2 10
companies were sharing voluntarily and others were forced
into collaborating with the security organisations (Bauman
et al, 2014). The main goal of PRISM was to obtain Internet
metadata so it could be cross-checked and analysed by NSA
analysts (Greene, 2014). Along with PRISM which captured
Internet metadata, the section 215 program sought to capture
telephony metadata, specifically from the carrier Verizon.
The information obtained by the NSA from Verizon included
all call information for calls placed between people within
the United States and those placed to overseas numbers
(Greene, 2014).
Where, then, do human rights issues come in to play with
PRISM and section 215? Within the United States surveillance
of US persons must be in compliance with constitutional and
legal requirements such as obtaining warrants prior to any
surveillance (de Zwart, Humphreys, and van Dissel, 2014).
Though these rules do not apply to non-US persons on foreign
soil, due to the globalised nature of big data and the
sources from where it was obtained, the lines between
D HuttonJST495A2 11
domestic and foreign were blurred giving the NSA
unprecedented access to intimate and private details of the
lives of both US citizens and foreign nationals.
Davis and Patterson have set out a framework for big data
ethics. They cite four elements: identity, privacy,
ownership, and reputation, they believe should be considered
when dealing with the ethical side of data collection and
analysing and these elements can be applied to intelligence
agencies as well as retailers and other entities (2013, p.
3). Whilst identity (the relationship between online and
offline identities) is important, it is the other three that
seem to have be more relevant when it comes to intelligence
data. If we apply the framework set out by Davis and
Patterson to the actions of the NSA through PRISM and
section 215, we can obtain a more clear picture of how
privacy rights have been trampled.
Privacy: who should control access to the data? If companies
such as Facebook and Google have obtained the information,
D HuttonJST495A2 12
is it ethical that they then release that information to
security agencies? Both entities are publicly traded
companies accountable to both shareholders and users and
have an obligation to protect privacy. However, there is
evidence that a number of companies involved in both
operations were forced by the United States government into
assisting.
Ownership: Piggybacking on privacy, if the Internet
metadata is obtained by companies such as Facebook, whose
entire platform is based on personal information being
shared in unprecedented amounts, do they own the
information? If so, can they transfer the ownership to
another entity?
Reputation: reputation speaks more of the reputation of the
data obtained than it does about the source of the
information. People share all sorts of information on public
online forums, and it is difficult to determine what is
true, what is embellished, and what is false. Analysing the
D HuttonJST495A2 13
activities of nearly 1 billion users is a gargantuan task.
(Davis and Patterson, 2012) and there are questions as to if
the information assembled through big data is an accurate
representation of the people from whom it has been gathered.
The information has been subjected to algorithms and
reassembled into reasonable facsimiles of those represented,
but in reality they are just an aggregation of data (de
Zwart, Humphreys, and van Dissel, 2014).
We must also look at how the big data collected by
intelligence agencies can and has been used to circumvent legal
due process in criminal matters. In most democratic countries
there is the expectation that a person accused of a crime is
innocent until proven guilty and that evidence obtained by law
enforcement will be done so using legal methods. However, there
are instances when the intelligence community and the law
enforcement community have collaborated to circumvent the legal
process to obtain the desired outcome. Let us take the example of
Belgium where, in 2010, ten people were arrested after
information gathered by the intelligence services was used to
D HuttonJST495A2 14tip-off police (Eijkman and van Ginkel, 2011). The case in
Belgium showcases the difficult decision when dealing with
information gathered by intelligence services as there is no way
to discern if the information was gathered in a legal manner
according to the law and since much, if not all, of the
information is protected as secret for state security purposes
(Eijkman and van Ginkel, 2011).
Aside from unlawful evidence gathering there is the
democratic practice of fair trials. If a person is charged with a
crime using illegally obtained or secret information, that person
is being denied a fair trial. Canada, the United Kingdom, and New
Zealand have all enacted special advocate laws to adapt to the
change in how information is gathered (Eijkman and van Ginkel,
2011). Special advocates are members of counsel with the
appropriate clearances who are assigned to work in the best
interests of the defendant. With security clearance, the special
advocate is privy to information the defendant could not be thus
providing, though not without issues, the ability to make use of
D HuttonJST495A2 15big data analysed by intelligence agencies that may not fit in
with Canadian, British, or New Zealand common law standards.
What is more important: human rights or human safety?
The Belgian case gives rise to the question of what is more
important: human rights or human safety? Belgium is not the only
country grappling with the delicate balance between the two,
Canada has also been attempting to protect human security whilst
safeguarding human rights (Eliadis, 2011). The Canadian Security
Intelligence Service (CSIS) has, in the past, expressed the
viewpoint that they were above the law and not subject to the
Canadian Charter of Rights and Freedoms, though this is
completely incorrect as they are Crown corporations (Eliadis,
2011) and as such are subject to the same legal requirements in
terms of data collection and usage, at least on paper. Canada is
not the only country to circumvent the legal process. In the
United States court case Al-Haramain Islamic Foundation, Inc. vs. Obama, a
religious organisation was notified that their communications had
been wiretapped and documented without consent. When they
D HuttonJST495A2 16attempted to sue the government for privacy breaches, the state
quickly hid behind sovereign immunity and invoked their
privileges when it came to state secrets (Greene, 2014).
According to Greene it is “fundamental that private citizens have
the ability to challenge the constitutionality of policies and
laws that have been enacted and carried out by its representative
government” (2014, p. 796). There is a fine line between
expectations of privacy and living in a secure nation. Rights and
liberties afforded to those living in democratic nations are
frivolous and easily taken away, however, the use of big data has
allowed intelligence agencies to obtain data without us knowing
and no way of proving where the information was obtained (Greene,
2014). Despite democracy being trotted out in opposition to
clandestine big data collection by security agencies via
commercial entities, it is still something that can be limited or
removed to “secure the primary order of nation-states in a system
of such states” (Bauman, et al, 2014). It is a lose-lose
situation as the public demands protection from, for example,
terrorist attacks, but yet protest against governments when they
make attempts to use any method available to provide information
D HuttonJST495A2 17that could prevent an attack. However, the catch-22 only exists
if the governments in question are using the information gathered
for purposes related to national security and not to impose their
own domination. National security has, for now, trumped
individual privacy and rights when it comes to intelligence
gathering.
Conclusion
There is little doubt that the collection of big data
has and will, in the future, shape how we live our lives and how
our governments are run. It has crept in to our every day lives
without many of us being aware of its existence. This paper has
looked at how intelligence agencies have made use of big data and
the human rights and privacy violation issues that have come out
of such practices. Prior to Edward Snowden leaking the files on
PRISM and the Section 215 program, the use of big data by
intelligence agencies via corporations was only rumour, but has
since become a very real issue in our lives. The data collected
and analysed can and has been used to foil terrorist plots
through arrests of potential perpetrators, but at what cost? It
D HuttonJST495A2 18is impossible to determine which is the lesser of two evils:
government spying on our mundane lives in hopes of finding those
few who may commit a criminal act or ensuring our right to
privacy and insisting on our human rights being protected at all
costs. Perhaps the common ground can be found in the ethics used
by intelligence agencies when dealing with the obtained big data
as right now there seems to be little faith in intelligence
organisation practices throughout the democratic world due to a
reduction in their reputations through perceived malicious
intent. It is also possible that, as citizens of Western
democratic nations, we are deluded into thinking that privacy and
human rights are inherent.
D HuttonJST495A2 19
References
Bauman, Z., Bigo, D., Esteves, P., Guild, E., Jabri, V.,
Lyon, D., & Walker, R. (2014). After Snowden: Rethinking
the impact of surveillance. International Political Sociology,
8(2), 121-144.
Davies, D. W. (1999). The Bombe: A remarkable logic machine.
Cryptological, 23(2), 108-138.
Davis, K., & Patterson, D. (2012). Ethics of big data. Sebastopol,
CA: O'Reilly.
De Zwart, M., Humphreys, S., & Van Dissel, B. (2014).
Surveillance, big data and democracy: lessons for
Australia from the US and UK. UNSW Law Journal.
Eijkman, Q., & Van Ginkel, B. (2011). Compatible or
incompatible? Intelligence and human rights in terrorist
trials. Amsterdam Law Forum, 3(4).
Eliadis, P. (2011). National Security and Human Rights. Retrieved from
Canadian Human Rights Commission website:
D HuttonJST495A2 20
http://www.chrc-ccdp.ca/sites/default/files/eliadis-
eng.pdf
Greene, M. (2014). Where has privacy gone? How surveillance
programs threaten expectatioins of privacy. The John Marshall
Journal of Information Technology & Privacy Law, 30(4). Retrieved
from http://repository.jmls.edu/cgi/viewcontent.cgi?
article=1750&context=jitpl
Kuner, C., Cate, F., Millard, C., & Svantesson, D. (2012). The
challenge of 'big data' for data protection. Journal of
Cybersecurity, 2(2), 47-49.
Mayer-Schönberger, V., & Cukier, K. (2013). Big data: A revolution that
will transform how we live, work, and think. Boston, MA: Houghton
Mifflin Harcourt.
Moore, G. (1998). Cramming more components onto integrated
circuits. Proceedings of the IEEE, 86(1).
Office of the Privacy Commissioner of Canada. (2014). Checks and
controls: reinforcing privacy protection and oversight for the Canadian
D HuttonJST495A2 21
intelligence community in an era of cyber-surveillance. Retrieved from
Office of the Privacy Commissioner of Canada website:
https://www.priv.gc.ca/information/sr-rs/201314/sr_cic_e.
asp
Security Intelligence Review Committee. (2012). Section 2: Summaries
of SIRC reviews and complaints. Retrieved from Government of
Canada website: http://www.sirc-csars.gc.ca/anrran/2012-
2013/sc2a-eng.html
Sicular, S. (2013, March 27). Gartner's Big Data Definition
Consists of Three Parts, Not to Be Confused with Three
"V"s. Retrieved from
http://www.forbes.com/sites/gartnergroup/2013/03/27/gartn
ers-big-data-definition-consists-of-three-parts-not-to-
be-confused-with-three-vs/
Snijders, C., Matzat, U., & Reips, U. (2012). 'Big Data': Big
gaps of knowledge in the field of Internet science.
International Journal of Internet Science, 7, 1-5.