Spotlight: Interview with Bernard Keenan, author of Interception

We interviewed Bernard to find out more about the book, the key considerations of state surveillance from a legal perspective, and his predictions for the future. 

What is the focus of your new book, Interception: State Surveillance from Postal Systems to Global Networks?
The book attempts to both explain and theorise the history of interception powers in the UK, and more generally. I think of it as contributing to the missing history of a secret practice. I’ve taken the approach of focusing on developments in media technologies, and the point I’ve tried to demonstrate is that there is a very intimate relationship between forms of political power and the tools with which we communicate. These things are not easy to separate.

What are the key points you hope readers will take away from the book?
On one level, I want to offer a history of the state and the law as changing media have enabled and constrained interception of communication, differentiating private communication from targeted communication. I also want to suggest a more abstract idea that there is no straightforward legal right to privacy in communication. Communication between two is always mediated by a third, and the power inherent in that third – that parasitic potential of the interceptor – is in turn supposed to be mediated by the law. So it’s a relational account of power and law.

Have there been any particularly surprising ways you’ve discovered in which the state is watching us?
Once you start to study the logic of interception, nothing really surprises you. The basic position of the government is that everything which might be communicated should, in principle, be potentially intercepted. When you understand that, the problem becomes figuring out how they go about it in respect of different media technologies. This governmental ideal of total transparency has faced difficulties of late, now that people are using encrypted communications by default, for instance on WhatsApp or iMessage. Successive recent British governments have been publicly hostile to the development and deployment of these kind of encrypted communication services because they want to be able to read whatever communications they deem it necessary to read. Perhaps the surprising thing, then, is that it took until just a few months ago for the government to try to intervene, which they did by issuing a Technical Capability Notice (TCN) to Apple to prevent them from providing fully encrypted storage for users of its iCloud service. That’s really controversial, not least because someone at Apple apparently leaked the secret order to the press. We haven’t seen this kind of legal dispute before. It all happened a little too late to include in the book, unfortunately – Apple have launched a legal challenge that is going to be heard in the Investigatory Powers Tribunal later this year.

What are some of the key considerations of state surveillance from a legal perspective?
In brief, UK legislation in this field is set up to enable the state to maximise its potential capacity, while restricting the general conditions under which it can use that capacity. Under the European Convention on Human Rights, the key norms are privacy and freedom of expression. The idea behind the law is that intrusions on privacy, and the corollary chilling effect on freedom of expression, should only be allowed insofar as it the intrusion is governed by law and is necessary and proportionate in each case. The problem is of course that the specifics of the decisions are secret, as are the interception operations, and different people have very different ideas about what is necessary and what is proportionate. These ideas might change depending on the techniques used and the targets affected, as well as the degree of ‘collateral’ collection, especially with bulk interception techniques. In the UK we have a well-developed oversight system, but in order to be part of the oversight regime you have to be security vetted, and vetting includes a security assessment of the risk you might pose to state secrecy. No one who is primarily applying to work for the oversight body because they are passionately devoted to civil liberties and the restraint of state power is likely to make the cut – and there has been a case about precisely this issue. There are legitimate democratic reasons why such secret powers should be available, so one has to see both sides, but a constant criticism of oversight bodies is that they risk being too deferential to the secret services that they oversee. Here civil society, the press, and academia can play an important role too. 

The Investigatory Powers [Amendment] Act 2024 recently made a number of changes to the regime, addressing various operational problems that the services found with the Investigatory Powers Act 2016 regime, which was introduced after the Snowden leaks. There are two interesting aspects. One is that the amendments enhanced the extra territorial effect of TCNs – in other words, these technical notices can now be given to companies not primarily based in the UK (which is what happened with Apple). The second is that it enables easier use of bulk personal datasets, including those held by private firms. So these are two major changes to the relationship between the state and private sector, which reflect changes in where technical communication power lies.

Something else to be mindful of is that it’s very important for lawyers – as well as journalists, activists, and indeed anyone who is handling confidential information on behalf of others – to understand the basics of digital security and how to use encrypted communication or store data securely online. It’s essential to understand how these technologies work and the different kinds of ways in which they can be undermined or attacked.

How aware do you think the general public is about the surveillance practices adopted by the state? 
In 2013, Edward Snowden, a former CIA contractor, disclosed classified documents from the US and UK intelligence services that revealed extensive global surveillance programmes. It was the biggest intelligence leak in recent history and fuelled debates over mass surveillance, government secrecy and individual privacy. Snowden gave an interview to the Guardian in which he said he felt that the public lacked ‘technical literacy’ about the digital technologies that had transformed how we communicate. Part of his aim in disclosing the documents was to try to educate people about what such technology can do and how governments can exploit that. I think today, 12 years on, the level of technical literacy is generally much better – I think people are more aware of things like encryption, interception, phishing and hacking, and students who seek these topics out tend to arrive with a good degree of knowledge. More generally, we can all think of examples where cyber-attacks have happened, for example to the NHS or – very recently – Marks and Spencer. People are much more aware of the enormous value of private and personal data, not just for intelligence and policing, but for commercial purposes too, and the potential threats it poses to the integrity of democratic processes.

A related point is that human rights law (at least under the European Convention of Human Rights) requires that there be legislation which makes the kinds of surveillance powers open to the government both ‘accessible and foreseeable’ to the public. This is an interesting concept because it’s essentially a legal test of how legible the law itself is. It’s very hard to measure what it means in practice – it’s not an empirical test of social understanding – but in principle, it means people should be able to read the law and get a working sense of what is possible. The law is supposed to be a reliable guide to conduct in respect of techniques that always take place secretly. One aim of the book is to help people become more aware of this and to show how fragile and historically contingent the legal regime seems to be. It’s flawed, but even what we have might not last. 

Where could all of this conceivably lead in the near future?
In a sense, the era of interception is arguably over – I cover about 400 years of it, but it seems like we might now be entering an era of ‘integration’ between state intelligence and private providers of personal data (and analytic tools). Recent news and legislation indicates that centralised platforms storing – and selling – private data about millions of people to the intelligence agencies and police are emerging and consolidating. This is big business, and it’s built on the commercial data exchanges and interfaces already in operation. Ironically, it’s in part a response to the rise of encrypted services. To start an intelligence platform, you buy access to advertising and social media streams, train AI tools to interface with and interrogate the data in different ways, produce intelligence from it, and contract the service to national security agencies, ideally from a jurisdiction that makes this kind of thing easy. The privatisation and marketisation of a very old state function is extremely interesting and concerning from the perspective of privacy and human rights. It commodifies surveillance powers on a massive scale and detaches the potential to use such powers from public control. From a legal point of view, it remains to be seen whether the law can catch up with this rapid acceleration of media. 

What was your favourite part about researching/writing the book?
I really loved visiting archives – the National Archives, the manuscripts of the British Library, the Post Office Archive, and the British Telecom Archives in particular. When you find something that hasn’t been opened for decades, or that hasn’t been looked at before in the way you see it, that’s very exciting. The philosopher Jacques Derrida wrote about ‘archive fever’ – the drive to reduce memory to only that which can be recorded, mastered, and archived, and he related this idea to the way that official control over the archives is essential to the workings of power, authority, and law. And so, when you investigate secret practices via materials that are marginal in – or missing from – the archives, or materials that were suppressed from release for a long time, there are two sides. On one hand you can feel how power materially operated, you can see it materialised in the archive. On the other hand, you shouldn’t be seduced by archive fever. Archives should be viewed with some suspicion. Critical distance from the stories power tells about itself is essential. 

Is there any further reading you’d recommend for anyone interested in this subject area?
Phil Glover’s history of the law in this area, Protecting National Security is very thorough and detailed. Paul Scott has recently published National Security Constitutionalism in the Commonwealth Five Eyes States, which compares the legal regimes around national security powers in the ‘5-eyes’ interception alliance (USA, UK, Canada, Australia and New Zealand). The Codebreakers by David Kahn is the classic history of encryption and enciphering techniques, it’s also a great read. And The Listeners by Brian Hochman is a great account of telephone tapping in US law. Behind the Enigma: The Authorised History of GCHQ by John Ferris is worth reading for the official history of GCHQ, and GCHQ by Richard Aldrich is a classic unofficial history. Much of the secret history of the British surveillance state was uncovered by Duncan Campbell. His website is a great resource.