This will be the decade of the social network, and social networks have become a focus of security politics. It is not that social networks are a security threat – nothing so crude. And it is not as simple as governments wishing to spy on you. The security interest in social networks is subtler. It challenges how we think about security and privacy.
When you interact in an online social network like Facebook or Twitter, you create a web of links with other people. Combine this with information on your searches, the sites you visit, and the things you ‘like’ and ‘follow’, and the result is a revealing picture of an individual. However, security is not interested in the individual, at least not in the first instance. It is interested in networks. It is not who you are, but how you are networked.
Security agencies have realised that an individual is not an isolated unit. Human beings are social animals. To live is to interact. As such, individuals never ‘act’ alone. Even individual acts, such as Anders Breivik’s Norwegian mass murder, are preceded by social interactions, in his case with far right groups.
Creating a profile of a particular kind of individual is blunt. A profile is an ‘ideal type’. It creates a large group of ‘fits’. Looking for individuals belonging to particular groups is not only inefficient; it risks fostering group identities and then alienating those very groups. For example, the perception of a war against Muslims alienates thousands and hinders detection of the exceptional individuals and small ‘cells’ that may actually commit violence.
Social network analysis does not work on ‘ideal types’ but on links between people, often in real time. Being identified with a group is not alone interesting for security. But having links to specific individuals interested in violence, others engaged in illegal activities such as fraud, and others interested in militant politics might be.
For this reason, as Marieke de Goede has argued, campaigning against security practices in favour of individual privacy misses the point. Security is not interested in your privacy. And the security services do not care if you use technologies to hide your online identity (such as the Tor internet browser, originally funded by the US Navy and now free to use). Security is interested in your networks.
This is the rationale behind the Draft Communications Bill in the UK. It is a law for data surveillance. The security services and police will have lobbied for it. It would give British security agencies powers to monitor not the content but the use of emails, phone calls, the internet and online communication services such as Skype. As Prime Minister David Cameron told parliament:
what we are trying to do here is not to look at the content of people’s telephone calls, but to update the necessary measures for finding out who called whom and when, because it is that information that has solved almost every serious crime and certainly almost every serious terrorist offence.
It is not surprising that Cameron would argue for these powers in this way. But it is surprising that British security agencies do not already have these powers. Communications technologies have developed in ways that could not have been imagined the last time surveillance powers were legislated in 2000.
Currently, details are few, politicians are staking out their positions, and a ‘no snooper’s charter’ campaign is rolling into action. There will be a struggle, with concessions and safeguards offered. Those against the bill need to work on their arguments because the privacy argument is not enough. Some form of legislation will probably be passed in the end. Social network analysis is here to stay.