I’m sure that this point has been made somewhere or other in the general debate on email spying and the NSA/Snowden revelations, but in my opinion not often enough or forcefully enough. People who want to dismiss the whole thing as “no big deal” are, in my view, totally underestimating the scale of the blind trust that’s required of them. In other words, even opponents of ubiquitous surveillance (like Kieran in this worked example) tend to assume that the institution which has access to your information is the institution which collected it. But that’s not necessarily the case at all.
The Leveson Inquiry in the UK demonstrated that the Police National Computer could be accessed by more or less any tabloid journalist with a phone and an account with a crooked detective agency (which served as the conduit to crooked insiders). The Manning and Snowden revelations, whatever else they’ve shown us about the world, have made it clear that mid-level employees can get access to huge amounts of top secret data as long as they’ve got the wit to smuggle it out on a thumb drive.
So the question is not so much “do you trust the CIA/NSA/MI6/etc?”. It’s “Do you trust every single sysadmin working for these organisations? Every single analyst? Every single middle manager?”. The CIA might not be interested at all in my dull mobile phone conversation metadata, but someone else might – the Leveson inquiry was told how the UK’s PNC was used by one copper to check out his daughter’s new boyfriend. In terms of our personal data, the kind of uses which the agencies want to be allowed to make, while worrying enough in themselves, are the tip of the iceberg. And all the policies which might prevent it from being accessed by blackmailers, tabloid journalists, nosey neighbours and basically anyone else, are themselves top secret and not subject to any sort of legal oversight.
This isn’t a conspiracy theory, as you can see; it’s based on the fact that big and complicated systems are set up to malfunction, particularly if they are able to declare themselves above any regulation at all. And the way in which this particular system is set up to malfunction is easily predictable and potentially very damaging to innocent people. I am personally not at the stage where I trust every single person who might be hired for a low level IT job in a security agency, and I’m not sure that I trust an entirely opaque set of safeguards with no accountability either.