Mass Surveillance and the Private Sector Understanding Corporate Responses to Government Surveillance Regimes Professor Kirstie Ball Post 9/11 surveillance legislation which involves the private sector • Anti-terrorism, Crime and Security Act 2001 • Proceeds of Crime Act 2002 • Immigration, Asylum and Nationality Act 2006 • Counter Terrorism Act 2008 • Data Retention and Investigatory Powers Act 2014 “AOL is committed to preserving the privacy of our customers’ information, while respecting the right of governments to request information on specific users for lawful purposes. AOL is proud to unite with other leading Internet companies to advocate on behalf of our consumers.”—Tim Armstrong, Chairman and CEO, AOL Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information. The US government should take this opportunity to lead this reform effort and make things right.”—Mark Zuckerberg, CEO, Facebook “The security of users’ data is critical, which is why we’ve invested so much in encryption and fight for transparency around government requests for information. This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world. It’s time for reform and we urge the US government to lead the way.”—Larry Page, CEO, Google “People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it.”—Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs, Microsoft “Twitter is committed to defending and protecting the voice of our users. Unchecked, undisclosed government surveillance inhibits the free flow of information and restricts their voice. The principles we advance today would reform the current system to appropriately balance the needs of security and privacy while safeguarding the essential human right of free expression.”— Dick Costolo, CEO, Twitter Questions for discussion • How do you find that balance between customer privacy and customer data use in your businesses? • How do you reassure the customer about how you are using their data? • Is there anything you would like to do differently? Feedback More acceptable surveillance technologies: • Institutions using them were trustworthy • How effective they perceived the technology to be • Whether they perceived that it was targeted at them or not Less acceptable surveillance technologies • If the technology was perceived it as intrusive in itself • If the technology raised privacy concerns more generally • If citizens were worried about what the technology would do in future • If citizens could see it being deployed in their immediate environment • If citizens had prior knowledge about the risks it posed E Borders Programme • Immigration, Asylum and Nationality Act 2006 • Passport data transferred from Airlines to UKBA (now UK Visas and Immigration) between 24 hours and 30 minutes of departure • Should have been rolled out across rail, sea and airports by 2014. Implementation difficulties • Trusted Borders Consortium • Access to Global Distribution Systems • Non industry standard data transfer protocols • Rented ground handling systems • Sacking of main contractor The importance of maintaining the customer relationship • Airseats have multiple points of sale • Work intensification, dangerisation, double jeopardy • Human rights Mass surveillance: the issues for business • Cost and relative distribution of the regulatory burden • Reputation • Quality of the customer relationship • Supply chain relationships • Other legal obligations Issues for citizens • Transparency of Process • Accountability • Trust Thank you