GCHQ’s homepage, today. The reason for mentioning the UK’s signals-intelligence agency may not be immediately clear, but bear with me…
The announcement last week of annual financial results for a price-comparison website might not appear to have anything to do with signals-intelligence or national security. But a plan unveiled to accompany Moneysupermarket.com’s 2013 results – or, more specifically, the lack of any kind of public response to it – speaks to one of the key issues facing governments and their security agencies in the digital age.
Moneysupermarket is already Britain’s biggest price-comparison website, and in 2013, the company saw revenues rise 10 per cent to a shade over £250m. Growth so far this year is lower, but the FSTE 250-listed business needs shareholder sentiment to stay on the sunny side, so its chief executive, Peter Plumb, chose the release of the figures as the occasion to unveil a big new plan. Moneysupermarket thinks it can increase income and boost its business by interrogating its massive customer database and selling information about national spending plans and trends to the businesses it currently charges for referrals.
The sums may seem relatively modest – the firm reckons it will generate £10m from selling cutomer data to insurance companies during 2014 – but the theory is sound. Moneysupermarket claims its database includes information on upwards of a third of the population of the UK – information that goes beyond what can be acquired from public records, and digs down deep into the mindsets and motivations of an unprecedentedly broad swathe of the nation. They’re not proposing to sell identifiable personal data – what’s on offer isn’t names, email addresses or phone numbers, but the aggregated patterns that could help other businesses assess what marketing plans are working. Moneysupermarket isn’t going to tell them that Dave in Solihull has just been on the site looking at home-loan rates, but it thinks they’ll be keen to know how often ABC1s in the West Midlands think about remortgaging.
What’s striking here isn’t Moneysupermarket’s vision and imagination, or the fact that a market for such information is buoyant enough to be identified as an important new revenue stream by a successful internet company. It’s that aggregated metadata can be advertised and traded openly, with only passing mention made of anonymisation and privacy concerns, and that nobody seems to care.
For the past year, information-security and privacy have driven the public debate over the internet. The surveillance programmes outlined in information leaked by former Booz Allen Hamilton contractor Edward Snowden have ignited a firestorm around the globe, as privacy activists and those who believe the state has no business snooping on our web-browsing habits condemn GCHQ. The botched introduction of the NHS digital information-sharing programme has had questions over the anonymity of Britons’ health records asked in Parliament. Yet here’s a commercial entity, openly touting a comprehensive database, built by interrogating the most intimate and personal financial information gleaned from one in three people in the country – and nobody is batting an eyelid.
The only newspaper to report the Moneysupermarket data-sale concept was the Financial Times (subscription required, up to eight articles per month viewable for free once signed in); by contrast the Guardian, which has reported the Snowden leaks extensively and has also published a vast amount of comment and opinion on the issues they raise, last covered Moneysupermarket in January, when the company unveiled a new advertisement featuring the rapper Snoop Dogg. Something doesn’t add up.
The key difference, it appears, is that Moneysupermarket give people an online service for free. GCHQ, of course, also provide their services to the public without a charge at the point of delivery: but because their work is of necessity secret, and its principal benefits are that it prevents things from happening rather than trumpeting the savings to the end-user that a service such as Moneysupermarket’s is designed to deliver, to today’s web-enabled society where Facebook “like”s and comment-thread kudos are the only currencies that matter, the security agency and the success it conspicuously demonstrates every day something bad doesn’t happen seems not to count. They are perceived not just as organs of the state and therefore worthy of suspicion, but as an entity that acquires data without returning anything to the online milieu. (They don’t ask permission, of course, which is a key difference: though it’s debatable whether the permissions site-users give to companies like Moneysupermarket seem unlikely to be fully understood by the majority, so it’s difficult to argue that informed consent exists there either.) The free service gives Moneysupermarket cover and removes them from the discussion, because a voluntary transaction is deemed to have taken place (my data for your cheaper car-insurance quote); the lack of one makes GCHQ the enemy of privacy.
Much talk has been heard in recent months about what the security services can do to win public trust. Legislation and oversight are the repeated refrains, but here’s a simpler option which the Acumin blog offers the government (for free! Of course): GCHQ should develop and distribute a smartphone app. It doesn’t matter what it does, as long as it meets a need that as yet nobody realises they have but in the cool-obsessed, low-friction world of the digital enconomy they’ll soon wonder how they lived without. If they give it away, the public will feel they’re getting a bargain. If it’s branded credibly and promiently, users will become hard-wired to associate GCHQ with something cool and helpful in their day-to-day lives. And criticism will disappear as if someone’s highlighted it on their screen and hit the delete key.