In the debate on news Ytring between Defense Minister Bjørn Arild Gram and Tekna, it is asked whether the proposed system for uncovering digital threats, so-called facilitated acquisition, is to be considered digital mass surveillance. The clear answer is yes. When the Norwegian Data Protection Authority first assessed the proposal in 2018, we concluded that the correct term was digital mass surveillance, because it best explains what the system is and what consequences it has. The system will inadvertently capture large parts of Norwegian citizens’ internet communications. The intelligence service will end up in the dilemma of what to do with knowledge of a threat they should not be allowed to know anything about. The Norwegian Data Protection Authority’s analysis is based on basic social theories about power. These can be summed up in the well-known statement “knowledge is power”. An intervention by the authorities in private life results in knowledge, which in turn entails a transfer of power from the individual to the state. This change in the balance of power affects the extent to which we dare to use the internet to obtain knowledge and exchange opinions. In the Norwegian Authority’s Privacy Survey 2019/2020, 13 per cent answered that they had refrained from searching online due to uncertainty about whether the authorities have access to the information. It is therefore crucial to understand that the surveillance potential already arises at the time of collection, and that the storage includes almost all Norwegian citizens. This is digital mass surveillance. The Human Rights Court sets a central requirement for secret surveillance systems, namely that the system must be subject to independent prior control at all stages. Before collection begins, the basis must be assessed by an independent body. It is therefore obvious that the Norwegian system deviates from the requirements of the Human Rights Court. The law stipulates that a machine test and analysis of the communication flows must be carried out to find relevant foreign intelligence information before the court has approved a search. So what does “machine test and analysis” mean? There is reason to assume that the Norwegian Intelligence Service will at least use tools that are commonly available – such as search engines, big data analysis and solutions based on machine learning and artificial intelligence. According to the EOS committee’s consultation opinion, what is being done is an “intelligence professional assessment”. Much of the damage has therefore already occurred when the court has to decide on further searches in material that has already been searched. There is little reason to believe that judicial control will be real, because it will come at too late a time. The Norwegian Data Protection Authority therefore believes that the law must be changed. The Storting must ensure that we get the necessary mechanisms for legal certainty, so that the law does not have a negative impact on our freedom and our democratic society. Follow the debate:
ttn-69