The use of ‘metadata’ is the cutting edge of electronic surveillance. It surprises none in the world of security that a programme like PRISM is being run by the United States National Security Agency. The traditional method of intercepting communication where the messages were looked at individually was overwhelmed when the gates of electronic communication were opened. There is no means by which any group of people or even machines can read through the trillions of emails, phone calls, text messages and so on that now zip back and forth across the planet. Combined with the legal requirements of most democracies that opening up messages still require judicial permissions, electronic surveillance looked like a lost cause.
Metadata examination exploits two factors. One is technological, the other legal. The technological one is the development of algorithms that can search through telephone call logs or email flows to look for patterns of behaviour that allow a terrorist hunter to reduce billions of jabbering people to a few thousand with curious SMS habits. The point is this: the messages themselves are not read, even the telephone numbers are not looked at. Only the patterns of activity. This leads to the legal opening that metadata exploits. The US judiciary, like many other legal systems, had ruled in the 1990s that ‘third party’ information could not be treated as a person’s private affair. After all, call logs, Internet searches and so on are even recorded by the firms that provide these services. They are stored in dozens of servers around the world. This can’t be treated as the property of a person. It is this access that a system like PRISM lives on. It is not merely intelligence agencies who use this, so do companies. If one uses a search engine like Google, for example, the search pattern is recorded by Google and used to target advertising to you.
Metadata is here to stay. The real concern that governments should have about PRISM, including India, is whether they have similar surveillance technology. The legal question is whether democracies need to introduce a judicial screening process for even the electronic trail of personal communications. In other words, have the principles that lay behind the ‘third party’ decisions of the 1990s become obsolete? The concept of privacy is changing and becoming increasingly less about what one says or does. A new generation simply assumes that its communications are to be read by all and sundry — whether spies, friends and grandparents — which is why it hangs them up on the Internet for all to see.