UK - Data mining: what happens next?
Friday 28 June 2013 by Jonathan Goldsmith
Although I try to vary the topic covered each week, to show the range of issues being dealt with at European or international level, I do not apologise this week for going back to a subject that I have covered recently: the fall-out from the data mining revelations by the American whistleblower Edward Snowden. That is because, at a time when there are very serious issues facing our profession – the cuts to the Ministry of Justice’s budget being an obvious example – I still believe that there is no matter more serious facing the legal profession than this one. We just don’t realise it yet. Reductions in government funding are of course very grave, and affect access to justice and our livelihoods. But the wholesale collection of data by governments, including our own, removes at a stroke probably the most important protection that we offer clients in a state governed by the rule of law, namely confidentiality and legal professional privilege.
There have been various developments since I last wrote. The European Commission has established a high-level transatlantic working group to deal with the consequences of the revelations. My organisation, the Council of Bars and Law Societies of Europe (CCBE), has already been in informal contact with an official on the European side to explain our concerns (although I should stress that we have not yet had the opportunity to discuss this issue formally within our organisation, and so all views expressed here are mine alone). And in a separate move, which is likely to have a connection with the data mining operation, the European Commission has recently announced the formation of a group of experts to look at contracts with cloud computing providers, to which we plan to make a nomination.
I should add as a side comment that this scandal and the response to it provide a classic justification for the existence of the EU, and our continued membership. Not only is the EU the only global body of size able to square up to the US to demand effective protections for its citizens, but it is also of assistance to UK citizens – and lawyers – in dealing with the news that our own government, through GCHQ, is undertaking the same sort of exercise as the US’s National Security Agency (NSA) by tapping into 46 undersea fibre-optic cables to hoover up telephone conversations and internet traffic. To this end, the EU commissioner for justice, Viviane Reding, has just written to William Hague expressing concern about GCHQ’s actions and asking for clarifications: is the snooping restricted to national security? Is it limited to individual cases or is it in bulk? Is the data shared with third countries like the US? And do UK and EU citizens have any legal recourse when it comes to their data?
However, it is the longer-term consequences that I want to examine in more detail. The legal profession must first decide whether it cares that its communications are being spied on by its own, and by a foreign, government. If not, then we continue as before. But I do not support that conclusion, because it removes one of our core values. So what can we do? I have previously suggested that our professional organisations, the bars and law societies, must take action to protect professional secrecy. Yet that is not so easy, since the level of security required to guarantee it might be beyond our resources.
Let us just look at what we know so far. We have been given the list of companies which have apparently co-operated with the US government: Microsoft, Yahoo, Google, Facebook, Paltalk, YouTube, Skype, AOL and Apple. In the meanwhile, GCHQ has had access to a large number of undersea cables. Are we to say that no lawyer should use professionally any of the above companies or cables, even supposing we know which traffic goes through which cables? That seems to me impossible. And would we be sure that any system built by a bar would be able to withstand the powerful interception devices which are doubtless in the possession of the NSA and GCHQ? Even with the most high-level technical advice, which would need to be sought on a long-term and recurring basis, with the investment of considerable resources, this again seems to me impossible.
It could be that the market will provide a solution. Lawyers cannot be the only ones who are assessing what to do next. Doubtless large multi-nationals with sensitive commercial secrets will also be wondering what they can do to escape the roving eyes of the US and UK governments. If nothing else, there must be opportunities here for IT companies to announce that they are not Google or Microsoft, and that they will build systems to protect people who prefer not to disclose everything to governments. This may see the fragmentation of what has been up to now a system dominated by a few internet giants.
The IT landscape for lawyers is likely to face drastic changes in the near future. I hope that it does.
Jonathan Goldsmith is secretary general of the Council of Bars and Law Societies of Europe, which represents about one million European lawyers through its member bars and law societies. He blogs weekly for the Gazette on European affairs