Wednesday, 26 November 2014

How do I expect my communications to be monitored?

I have a range of expectations when it comes to having my communications monitored.

I don’t want spam, so I expect my communications and internet service providers to do whatever they feel appropriate to prevent it from reaching and clogging up my in-boxes. This means that my incoming communications will be reviewed – perhaps not the actual content of a message, but at least on the basis of the metadata that accompanies the content. 

If, for example a provider notes that a huge volume of communications of an identical length are uncharacteristically spewing out of a single address, I would expect it to carry out some form of investigation in an attempt to determine to whether the communications are solicited or otherwise.

By the same token, I don’t want my outgoing messages monitored.  Whatever I have to say is for me to determine. Surely, this is what freedom of expression is all about.

When working for EE, I had to address the issue of what steps the company should take to ensure that not only was the confidentiality of its customers’ communications preserved, but also that if what appeared to be inappropriate activity came to EE’s notice, it was reported to the appropriate authorities.

Inappropriate activity was invariably discovered by chance, rather than as a result of a deliberate effort to monitor a customer’s lifestyle. It was very occasionally discovered when customers left their own mobile devices in stores in order that the device could be repaired. Staff had very strict instructions  never to look at any content the customer may have left on their personal devices. However, it was necessary to ensure that, when borrowed devices were returned to the store, the factory settings had been restored and that no inappropriate content (in the form of personal texts or images) remained on the borrowed device.

There were a few horror stories of customers alleging that they had borrowed a mobile phone from a store whilst their own device was being repaired, and were shocked at the images that had apparently been left by a previous user. Sometimes they would demand compensation, otherwise they would tell the media. Occasionally, they forgot to look at the date / timestamps – if they had, they would have realised that the offending images were downloaded to the device after the device had left the store, not before.

Very, very infrequently, loan devices were returned with images that were considered so disturbing that I reported the incident to the police.  The only occasions I can recall involved images relating to child cruelty. Quite what happened to the people who were responsible for such cruelty, I’ll never know. I saw it as my job just to make sure that the appropriate police force was formally notified. If that force decided to take any further action against the individuals involved, that was a matter for them.

I certainly didn’t think that I had any further duty to monitor those individuals. I had neither the skills nor the legal powers to do such a thing.

That’s what I expect law enforcement officers to do.

And that’s why I’m reassured, in a way, that an “unnamed” internet service provider has recently been criticized for failing to closely monitor the communications of one of their customers who turned into a terrorist.

I don’t expect my service providers to have the means (or the will) to monitor all of my communications manually, and consider contextually, whether any are sufficiently offensive for them to be reported to the authorities.

Yes, they may well have some automatic programmes in place that identify the most egregious communications / images that are sent by criminals, and I'm happy for the digital fingerprints of my images to be compared with those that the authorities are trying to prevent from being circulated. I understand that the illegal list really does contain just the most appalling images, not those that "the man on the Clapham omnibus" would merely consider distasteful.  

However, I do expect my service providers, wherever they are based in the world, to develop close working relationships with the UK’s law enforcement community, in order that when investigators do exercise their legal powers to monitor my communications, providers can respond speedily.