Dunne: Only a first step in the data battle
The exposure of Thompson and Clark's spying activities for Government agencies may be a small first victory in the fight to recapture control of personal data, but there is further to go and more questions to be asked, writes Peter Dunne.
Seldom does a day go by these days without there being a report of a personal information security breach or an action that could compromise personal security somewhere.
This week alone, there have reports that the ACC has admitted spying on some of its claimants to help assess the validity of their compensation claims.
A national databank has been proposed to better manage the collection and storage of DNA samples, and a number of Government agencies have been severely criticised for using a private investigation firm, Thompson and Clark, to spy on their clients for a range of purposes.
Add to this the ongoing controversy about the way in which Facebook has been gathering and misusing personal data around the world, and the determined efforts of some Five Eyes countries, including New Zealand, to shut out the Chinese telecommunications company, Huawei, from significant roles in the upgrading of their domestic telecommunications infrastructures because of strong suspicions that Huawei's close links with the Chinese Government raise real questions of potential espionage by that country, and one could be forgiven for the view that the information revolution has had starkly negative consequences for most people and their personal freedom.
At the same time, many thousands of New Zealanders will have been online to make their holiday bookings, do their Christmas shopping, pay their bills, renew their passports, update their medical prescriptions and a range of other activities, without the blink of an eyelid about any threat to their personal privacy. And they are almost certainly right to be not that worried.
The reality is people are happy to share their personal information when they perceive it to be to their advantage to do so. At the same time, they oppose their data being shared without their knowledge, or for reasons other than that for which it was originally collected.
From Facebook to the local pharmacy, from their phone company to the local utility, people rightly view the data they provide about themselves as still being their property, and they simply want be in control of their information and how it is used for their benefit.
For their parts, governments need to always remember this. The information they gather from their citizens remains the individual’s information; mass collection does not make it the Government’s information, and its use is therefore regulated by the citizen’s consent. As it should be.
Was any information provided, formally or informally, to the intelligence services by Thompson and Clark, and was any information gathered at the behest of the intelligence services?
Aside from being a gross breach of that implicit covenant between the Government and its citizens, the actions of Thompson and Clark and the agencies they interacted with raise a number of questions. It is pretty clear that no individual citizen spied on by Thompson and Clark ever consented to their doing so, nor was ever made aware such surveillance was taking place. That is serious enough, but an even more sinister question arises in respect of our intelligence and security agencies. For years, they have been giving assurances that they were not undertaking any concerted domestic surveillance.
At face value, this may be strictly so, especially since the law changes of recent years have better codified what they can and cannot do, but what confidence can there be that such work had not effectively been contracted out to Thompson and Clark, to carry out on their behalf? Was any information provided, formally or informally, to the intelligence services by Thompson and Clark, and was any information gathered at the behest of the intelligence services?
As issues regarding personal privacy and public information gathering have become more prominent over the last 70 years or so, governments around the world have become far more specific in prescribing by law how much and what official information is being collected, how that information is to be managed and released, and the interests of the citizenry protected.
In many cases, however, the laws they have introduced to give effect to these protections are so complex and their administration so cumbersome that in practice they offer very little protection to citizens at all.
Our own Official Information Act is a case in point: a very noble, thorough and well intended piece of legislation reduced to being almost worthless because of the way successive governments have stalled or emasculated the release of official information sought under the Act, and the walls of bureaucratic safeguards built up around it.
So, ironically, the greatest impediment to citizens having more control over the information gathered and held about them may in fact be the complexity of the very mechanisms set up to give them that control. The fight to recapture control of personal data will most likely first be a fight to break down the protective walls built up around it.
The Thompson and Clark exposure and outcome may be a small first crack in that elaborate facade, but the public struggle is far from over.
It is a depressing thought on which to bring 2018 to its close. The hope, probably well-meaning and naive, is that 2019 will see the Government more cognisant of and determined to address these issues in the interests of our citizens, not the protection of its interests and agencies.
In the meantime, however, my best wishes to all readers for a happy and peaceful Christmas, leading to hopefully a freer New Year for all of us.