Equipment Interference: an Unruly Horse?
The future of UK State surveillance has serious implications attached to it
Many years ago, the most precious property one could own was their private papers. At least this was the notion exhibited in one of the landmark cases in public law, that of Entick v Carrington.
In that 18th century case, the Earl of Halifax, a member of the King’s Privy Council, issued a warrant authorising the King’s messengers to enter the premises of John Entick, accused to be the author of ‘seditious papers’ criticising His Majesty’s Government.
Entick argued that the search and seizure was unlawful, while the Crown defended the warrant on the grounds that the conduct permitted under it was necessary for the interests of the State. At the time, it was commonplace for the Crown to issue warrants for arrest for high treason and seditious libel, but warrants for search and seizure was not a recognised power. Accordingly, Entick emerged successful in his claim.
In delivering his judgment, Lord Camden enunciated his famous dictum: ‘if this is law it would be found in our books, but no such law ever existed in this country’. Effectively, it was held that the Crown could not exercise powers for which there exists no identifiable legal authority.
These notorious stipulations remain a crucial aspect of the rule of law doctrine not only in English law, but in legal regimes across the world. This includes its incorporation in the European Convention on Human Rights, in which any interference with the right to privacy must be in accordance with the law.
But apart from this, Entick has also been noted for its dictum on property interference by the State. Lord Camden noted that ‘the law holds the property of every man so sacred’ and any law permitting interference with such without permission ‘would destroy all the comforts of society’.
It might be inferred that Entick not only condemned search and seizure warrants due to the absence of legal authority, but also because it would permit conduct that might be considered unconscionable given that such warrants would allow interference with the ‘dearest’ of property, justified merely on the basis that the State considers it necessary.
Today, not only does the law look very different, but so does the context within which it operates. It is increasingly the case that the most sensitive aspects of one’s personal life will be contained not in tangible form but in digital form on a mobile device.
The significance of this transition from papers to pixels was realised in the American case of Riley v California. In that case, the US Supreme Court ruled that police would need a warrant before searching an arrestee’s mobile phone, holding that such a search would not constitute a merely narrow intrusion of privacy.
This is because of two reasons. The first is that such devices have a vast storage capacity capable of storing lots of data revealing wide-ranging information about its user.
The second is that the very information stored on that device can be particularly illuminating and sensitive. The combination of these mobile devices, the apps they run and their interconnectivity facilitated by the internet culminate in a data-intensive society in which almost every aspect of our lives can be tracked and recorded like never before.
These stark differences between a mobile device and other items which may be found on an arrestee’s person thus necessitate legal authority to be able to search the former. However, the law’s ability to permit only legitimate interferences with privacy in the digital age has proven difficult.
The Investigatory Powers Act 2016 is the latest statutory codification of the powers available to the UK’s security and intelligence agencies. This includes putting equipment interference, recently avowed and examined in the Greennet case, on an explicit statutory footing for the first time.
Such a power, which may be more simply defined as computer hacking, has featured in the surveillance regime long before the IPA. Yet, the consequences of its use are now more significant than ever. This is the case in three respects.
Firstly, the application of EI itself involves grave interference of an individual’s privacy. As identified in Riley, when a State can tap into one’s mobile phone, or any mobile device, it can potentially extract and examine that person’s whole life. The IPA permits the State to obtain a wide range of information, including ‘speech, music, sounds, visual images or data of any description’.
Secondly, the use of EI poses severe threats to cybersecurity, a necessary corollary of digital privacy. The emergence of the ‘Internet of Things’ connecting a myriad of devices produces a situation whereby the breach of one device potentially exposes the security of all the others. This collateral damage is not only initiated by the State in the initial use of EI, but can be exploited further by cybercriminals with even more malicious intentions.
The third way relates to the international implications of EI in bulk form. In October 2018, the Belgium Government accused GCHQ of hacking the country’s biggest telecoms company. If true, it would be the first reported instance of an EU Member State hacking the critical infrastructure of another Member State. But it will doubtless be the last. The advent of international terrorism and other national security threats inevitably requires surveillance operations to take place on a global scale. As such, even the head of GCHQ has called for an international effort to tame such operations.
But the domestic controls imposed on EI and other investigatory powers may be highlighted as the true problem. The IPA requires warrants for EI and other powers to be both necessary and proportionate, elements of which are subject to judicial review within the warrant-authorisation process. However, the actual standards contained within these statutory requirements are not always sufficient and can produce unsatisfactory results.
Ultimately, the effectiveness of these checks and balances will heavily depend on their application to EI, since it is a power with growing utility. It is one of the few that can overcome the increased use of encryption and other means to protect communications and data from surveillance. As such, it will become an integral part of the UK’s national security efforts. Even the Government has admitted as much.
In doing so, EI may be one of the most intrusive destructive powers available to the State. Yet, it is only one of a set of powers contained in the IPA which form the modern surveillance framework: bulk acquisition warrants and bulk personal dataset warrants are also now codified in the Act. Together, these powers arguably produce a surveillance regime that is far more intrusive than any that has existed beforehand.
But the threats which face the UK, most notably international terrorism, will always be part of a convincing narrative in support of the operational value of such powers. Thus, the balance between upholding national security and protecting human rights will always be at the heart of any debate in relation to State surveillance. The question is therefore whether, for now, a desirable balance has been achieved.