Firstly before I get instantly flamed; it'll happen anyway but let me start with this: Mass, indiscriminate, secret surveillance is bad. In my opinion (a fairly commonly held opinion) this is because of the potential for what the data collected could be used for in future. Very few people would agree that a state with such power is a good thing if they have any understanding at all of history or some current, less than benevolent regimes. I see that stance pretty much as a principle worthy of vigorous defence.
With that in mind, try putting yourself in the position of the NSA, GCHQ etc imagine there's a tool you could have that has the potential to help you identify threats to security - on some level you are going to want to have it. It's human nature to believe that you'll use that tool responsibly and for the good of your community. The best of us believe that we can be trusted but even so, you may resist that desire based on your principles. Add to that the pressure that these organisations are under to produce results and it must become very hard to defend a principle that potentially hampers your duty and is probably at odds with other principles you hold regarding protection of life. I guess the point is that I don't think it's realistic to expect these organisations to have behaved much differently. It's also very possible that they have to date, largely been using their power responsibly and for the good of the community etc. (I can feel the down votes coming but please read on...)
In my opinion, it's the responsibility of the elected government to defend such principles. Unfortunately, at this point politics is introduced so how the hell do you get a clear, sensible position on such an important issue? Imagine yourself in that situation: GCHQ etc tell you it could implement a mass surveillance program and potentially improve security. Great, but you're a good person blah blah blah and mass surveillance is against a strongly held principle blah blah blah. On the other hand, the people who elected you aren't going to be happy about being blown up. What do you do? Well you could put the responsibility onto the people and hold a referendum. Thing is, you were elected to represent the people and to make decisions for them... and besides most people don't have the information or understanding required to make a balanced decision anyway. What do you do?
Our government(s) went ahead and implemented the surveillance programs with a level of oversight. What would you have done? I think I would have done the same thing, but differently (please read on before you flame me...)
Firstly, I wouldn't have done it secretly. I would have tried to get broad, cross party agreement on how to proceed - including what oversight, checks and balances should be in place. Then I would have had all parties communicate that agreement with a common message. I recognise that in achieving this I would have to have attained god like power but part of my point is that none of this is easy for the people actually dealing with it for real.
Anyway, to continue with my plan... The oversight and control of collected data would be from an openly elected body (separate from the users of the data) who would have to publicly report every requested use of that data as well as other details such as when individuals have been identified/associated with the data (i.e. anonymity has been lost) and how many identified individuals are being routinely tracked via this data etc. Add as many measures here as needed to identify if/when the program is being used to monitor the masses rather than select individuals. I'd also have measures to identify when the data had actually done something useful like leading to conviction (none of that and it gets shut down). Naturally, on an IT level, all data that could be used to identify an individual would be encrypted and procedures would be in place to enforce the publicly communicated processes for accessing that data. There would also need to be regular IT reviews from different external companies to ensure that those procedures are properly in place and that data is secure end to end.
I would also pass a bill that automatically shuts the program down after x years unless that bill is re-ratified in parliament/congress before it expires. This gives the opportunity for it to be amended or ended on a regular basis. Also, the people elected to that body wouldn't be able to hold the position for more than a defined period of time. Hopefully this would help create an environment where whistle blowing is encouraged.
The elected officials running the body would also have responsibility for reviewing why data has been requested i.e. they would have access to the operationally sensitive information that led to the security services requesting the data. They would also have access to the names of those being investigated (ummm - why are we tracking a Mr Iain Thomson???).
I'm sure there are lots of other ideas out there that could build on or replace mine but it would be a step in the right direction. I recognise that we would still have mass surveillance but at least it wouldn't be secret, it wouldn't be indiscriminate, it would be demonstrably anonymous (for the masses at least) and it would be easier for the people to influence when it is stopped.
I know I've proposed that the principle is compromised (which I dislike too) and that's enough for a few down votes at least but would you still be so inflexible if you had just walked out of a tube station that had been blown up? If you would then I very much respect your stance - down vote away...
I can think of lots of other reasons for down voting this as well; after all, this is a comment on el Reg not a comprehensive political manifesto but I defy anyone to come up with something that isn't objectionable in some way. So before you down vote me or flame me, try coming up with an alternative and post that as well...
We're all IT professionals and hopefully quite intelligent... so what would you do?