The development of technology in the digital age has created a platform for access to, and exchange of data in an unprecedented way, bringing with it a number of concerns relating to the retention and control of data by state and non-state actors.
If we accept that the ordinary citizen is largely unaware of the privacy consequences of such developments in the digital age, the possibilities that citizens’ data is being harvested without consent, and that the collection and processing of data are inadequately regulated, then this prompts questions about the democratic legitimacy of such practices.
The Snowden revelations of 2013 which exposed the extent of state surveillance generated collective action and resistance against such measures, challenging its legitimacy, and is evidenced by the recent ruling of the European Court of Human Rights which held GCHQ’s digital surveillance and bulk interception regime violated Article 8 of the European Convention on Human Rights, which guarantees privacy. It is these revelations which were the catalyst for the privacy driven social movement we are now witnessing.
The theory of the ‘chilling effect’ and panoptic nature of surveillance has created a new mode of resistance that centres on the blocking and circumvention of such data interception as well as seeking to ensure greater levels of accountability and scrutiny. It is this emergent strategy of ‘Techno-Legal’ resistance that combines the continuous development and mainstreaming of cryptographic software, legal mobilization aimed at expanding human rights jurisprudence and notions of privacy, with a paradigm shift that deconstructs and rejects the counter-extremism narrative as being the ‘unquestionable’ justification for data retention and regulation regimes by reconstructing it as a dangerous slip into casual authoritarianism that risks the erosion of democracy by entrenching hegemonic power.
In the United Kingdom, the onus for data retention, regulation and censorship is placed on internet service providers (ISPs) by government. The use of cryptographic software to secure one’s digital privacy and circumvent measures of ISPs is neither restricted nor prohibited. Such software is freely available, openly promoted and continuously developed to counter new and specific actions taken by ISPs.
Stakeholders – such as activists, ‘hacktivists’ (those who engage in the subversive use of technology to further political or social mobilization often relating to issues of human rights and free internet.), and technology developers – are beginning to resist ISP measures by creating and using cryptographic software designed to detect and circumvent internet censorship and data retention practices.
As the UK places requirements on ISPs rather than individual service users, then an individual’s use of cryptography for the purposes of securing their digital privacy and autonomy, even if such use deliberately circumvents measures taken by ISPs, fails to fall within the scope of the current regulatory framework.
This disparity between these two spheres of regulatory activity – the data retention and regulation policies of ISPs on the one hand, and individuals’ use of privacy-protecting cryptographic software on the other, has created a collision of normative orders between state law and the emergent order of those engaging in cryptography to secure their privacy and autonomy.
This interdisciplinary research will be carried out under the co-supervision of Law and Computer-Science and seeks to explore the extent to which the equilibrium between digital privacy and control of citizens data is distorted. Through this collaborative approach between Law and Technology this research will examine not only the theoretical implications of the use of cryptography to secure digital privacy, but how this can be achieved, is being achieved, and to what extent.