UK data strategy - a surveillance state, claims security survey
Recent political and policy moves that seek to enable a ‘data economy’ tie closely to the results of a new security survey, which assesses the ‘surveillance state’.
In recent months, the UK has announced a raft of new strategies, roadmaps, policies, and consultations that have had one thing at their core: the data economy, post-Brexit. But is it merely about opportunity, as the government claims? A new survey suggests the UK wants to hoover up citizen data – and has been doing so at an alarming rate since 2013.
But first, where are we now?
With the National Data Strategy and other recent documents, such as the roadmap for digital transformation, the desire is to position Britain as a “superpower” in the data-fuelled ICT realm. This embraces AI, space technology, future flight innovations, quantum technologies, fintech, and more – all important areas of UK expertise and policy focus.
Significantly, the government also signalled its determination to depart from the EU’s General Data Protection Regulation (GDPR), via a new Data Reform Bill. This is part of a likely bonfire of European regulations, which may put the UK’s essential (and fragile) data adequacy agreement with Europe at risk. Not to mention many consumer, worker, and citizen rights, of course, as the UK makes public play of its closer relationship with Singapore, and others.
The government also launched The Future of Compute Review this year, and a new strategy for using data to reshape health and social care: good news, in principle. And if all this wasn’t enough, the new Information Commissioner, in post since the beginning of the year, was given a brief of removing the barriers to data innovation as well as protecting citizens from Big Tech’s overreach: a marked shift of emphasis from the EU.
But there are problems with this overarching approach, however. For example, at the launch of the National Data Strategy in June, industry organization techUK observed:
While this Strategy is welcome, it is short-term, with the majority of actions listed already happening or set for completion on or before 2024/25. […] The Strategy is also missing a longer-term vision or statement of intent about the role that digital technologies could play in tackling the systemic problems that face the UK.
In short, it could be seen as more of a tactical document in the run-up to the General Election, rather than a coherent long-term vision for the UK. techUK added:
This feels like a missed opportunity […] It also would have been welcome to see some key targets or metrics identified, by which the government is seeking to judge success.”
So, is the government just playing to a gallery of Brexiteers and supporters, by being seen to do something – including by tearing up the Industrial Strategy, which had done a good job of galvanizing public and private investment in new technology? In its place is Johnsons’ ‘Plan for Growth’, with the UK poised on the brink of prolonged recession.
As previously reported, the aim of all this politicking has been to create a new “pro-growth and trusted data regime” under the National Data Strategy, at a time when the global direction of travel – including in the US – is towards GDPR-style rules, rather than away from them.
Surveillance is growing
But can this government really be trusted with its citizens’ data as it moves to scrap GDPR locally? A new report suggests that the UK is certainly keener than most to force Big Tech companies to divulge information about their British users.
A survey from cybersecurity, privacy, and VPN company Surfshark shows that the UK “ranks third globally in citizen surveillance”, based on the number of accounts specified in data requests by local authorities, security services, and law enforcement agencies.
According to the Government Surveillance Report, the UK requests 625% more user information from Apple, Microsoft, Google, and Facebook than the global average. This equates to 486 accounts per 100,000 people, just behind Germany and the US.
Surshark looked at the transparency reports published by those four companies, identifying 177 different countries that requested user data between 2013 and 2020. According to its research, the global trends show that “government surveillance is growing”. It adds:
The number of accounts requested globally increased more than four times from 2013 to 2020, with 2020 seeing the most significant year-over-year increase of almost 40%. The UK shows the same trend, with a 140% increase from 2013 to 2020. In raw numbers, this is over 330,000 accounts during these eight years.
By my calculations, that’s one in every 203 people, and a total larger than the population of a medium-sized UK city (e.g. Brighton, population 277,000). The report continues:
The overall disclosure rate in the UK is 81%, meaning that eight out of every 10 account information requests are fulfilled. To put this in perspective, over the eight-year period companies disclosed data on around 267,000 accounts. Facebook and Microsoft are the ones that have disclosed the highest percentage of accounts to authorities in the UK, 87% and 75%, respectively.
Globally, from 2013 to 2020, the number of disclosed requests grew by almost 280%. Apple has been leading in disclosure rates since 2016, raising them from 75% in 2016 to 85% in 2020. The remaining companies, Facebook, Google, and Microsoft, average at 70%. More than half (58%) of all requests that Apple complied with came from the US.
Surfshark adds that Google’s disclosure rate has been increasing by nearly four percent every year since 2016, while Facebook’s has been decreasing, although it remains significantly higher than in 2013 (73% vs 63%).
Interesting stuff, in the context of the government’s recent policy focus. However, does the data really show that government surveillance, per se, is growing, though doubtless the desire is there at departmental level? It is more likely to underline that cybercrime is growing in the UK, given that citizen data requests are, as Surfshark admits, evidential and in support of legal action.
If true, this changes the conversation somewhat: why is cybercrime growing more in the UK? Or perhaps, why is the government prosecuting more and more people?