Participants at a panel discussion on "The Changing Face of National Security Work - The Threat and Opportunity of Data" reiterated the importance of striking a balance: between civil liberties and national security, between sovereignty and international cooperation and between individual convenience and protection.
Amidst increasing public-private partnership in the cyber sphere, there is growing concern about cyber attacks, privacy and surveillance, and the digital aspects of ’real world’ crimes. This was the background to a panel discussion on "The Changing Face of National Security Work - The Threat and Opportunity of Data", hosted by the Observer Research Foundation on February 11, 2015. The panellists included Simon Hosking, Vice President of International Security Programmes, BAE Systems; Saikat Datta, National Security Editor for the Hindustan Times; Sachin Deodhar, CEO of Deepsense Labs; PV Kumar, former Chairman of the NTRO; and moderator Manoj Joshi, Distinguished Fellow at ORF.
The discussion kicked off with an exploration of recent security incidents with digital angles. The 2013 murder of a British Fusilier, Lee Rigby, caused heated debate in the British intelligence community. Rigby was murdered by two British citizens, who had both previously been investigated by security forces; prior to the attack, they communicated with a known extremist in Yemen on Facebook. The contention that enough data was available to indicate that an attack was going to take place, and yet was not prevented, has led to scrutiny of data collection and analysis procedures. Several Facebook accounts linked to the attackers were deactivated, but by automated processes - if a human being had been involved, there may have been more preparedness.
The central question is how to collect critical information that could have national security implications without being overly intrusive into the private lives of innocent citizens. Legislation, where it exists, has struggled to keep pace with this challenge, both in terms of the type of data retained by telecom providers and the length of time it is kept for. This is true in the UK and around the world, and has posed a particular challenge for democracies, given that privacy is one of the liberties they are meant to protect.
The first step in this process is data collection. Analytics are more likely to be successful with large amounts and different types of data, whether it’s communications data, financial information, or internet activity. In countries like India, the methods of collecting (and digitising) data vary across states, which can lead to difficulties in sharing that data - thus greatly reducing its effectiveness. Cooperation between police and other security forces within a country, and with its international partners, is critical to ensure that patterns in a suspect’s behaviour can be identified, and that the whole picture is seen. However, the quality of analytics is only as good as the quality of data available. Unstructured data and sub-par databases underlie some of the criticism of India’s National Intelligence Grid, which has not yet achieved what it set out to do in centralising data collection and analysis for Indian security. Automated verification of data has been suggested as a way to improve the quality of databases, but this would only be possible in a standardised world. India, for one, has not achieved that level of standardisation, and is still struggling with digitisation.
Storing large amounts of detailed intelligence about individuals in a central database can be dangerous, thus training the people who have access to that data is important. Public awareness about data collection has increased greatly since the mass surveillance exposures made by Edward Snowden. Individuals are increasingly using encryption to protect their data. Even companies, whose complicity in government surveillance was also revealed by Snowden, are taking steps to encrypt user data and prevent unwarranted access to it. While this may lead to safer transactions and activities for individuals online, it has also made it more difficult for security agencies to track subjects being investigated. A lack of knowledge about security processes is also a concern. For companies providing security solutions, a balance has to be struck between giving away valuable intellectual property (like the source code behind programmes) and giving clients ’black box’ solutions, which they must simply trust will work.
Linked to this is another important component of security, namely public confidence, which was harmed by revelations like the fact that government agencies were directly tapping undersea cables to get around data collection regulations. There is also a perception of unbalance regarding how information is shared between governments. The Five Eyes countries - Canada, the USA, the UK, New Zealand and Australia - share data freely, whereas there sharing with other countries is more complicated. In the investigations following the attacks on Mumbai in November 2008, information came to light about data which was not shared by foreign intelligence agencies, and data which was shared, but not acted upon in any useful manner. With countries collecting data outside their boundaries, the notion of sovereignty seems to have been set aside where cyber security is concerned.
The discussion concluded with a reiteration of a recurring theme: balance. Striking a balance between civil liberties and national security, between sovereignty and international cooperation, between individual convenience and protection - these were all topics which were raised in the analysis of how digital behaviour is impacting and shaping offline national security strategies.
(This report is prepared by Vindu Mai Chotani, Research Assistant, and Anahita Mathai, Junior Fellow, Observer Research Foundation, Delhi)
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.