You may recall the stories from the past couple years about the so-called "snooper's charter" in the UK -- a system to further legalize the government's ability to spy on pretty much all communications. It was setting up basically a total surveillance system, even beyond what we've since learned is already being done today. Thankfully, that plan was killed off by Deputy Prime Minister Nick Clegg.
However, Prime Minister David Cameron is back to pushing for the snooper's charter -- and his reasoning is as stupid as it is unbelievable. Apparently, he thinks it's necessary because the fictional crime dramas he watches on TV show why it's necessary. I am not joking, even though I wish I was:
In the most serious crimes [such as] child abduction communications data... is absolutely vital. I love watching, as I probably should stop telling people, crime dramas on the television. There's hardly a crime drama where a crime is solved without using the data of a mobile communications device.
What we have to explain to people is that... if we don't modernise the practice and the law, over time we will have the communications data to solve these horrible crimes on a shrinking proportion of the total use of devices and that is a real problem for keeping people safe.
Yes, he just said that. Because fictional characters on crime drama TV shows make use of data, that's somehow proof that it's necessary. Perhaps someone can send Cameron a copy of Enemy of the State or any other fictional work showing how the government can abuse such information. Or, better yet, let's have our side stick with reality, and we can just point to real historical events of governments abusing such information.
The five biggest internet companies in the world, including Google and Facebook, have privately delivered a thinly veiled warning to the home secretary, Theresa May, that they will not voluntarily co-operate with the "snooper's charter".
In a leaked letter to the home secretary that is also signed by Twitter, Microsoft and Yahoo!, the web's "big five" say that May's rewritten proposals to track everybody's email, internet and social media use remain "expensive to implement and highly contentious".
In the letter, originally posted online by the Guardian, but now taken down for some reason, the Internet companies write:
Although it seems that the revised Bill will address some of the concerns we and others raised in evidence to that [Parliamentary] Committee, we expect that the core premise of the Bill -- to create a new form of retention order for the data of UK-based users of communications services -- will remain highly contentious.
However, we also do not want there to be any doubt about the strength of our concerns in respect of the idea the UK government would seek to impose an order on a company in respect of services which are offered by service providers outside the UK.
The letter rather pointedly invokes efforts to promote online freedom around the world:
The UK Foreign and Commonwealth Office in particular has played a leading role in promoting the value of freedom of expression on the Internet on the global stage. This freedom of expression is intimately linked to the fact that the Internet services are offered globally unlike traditional media channels, which may be under different degrees of state control in many parts of the world. Key to being able to offer a global Internet service is the understanding that the service provider can work primarily within the legal framework of its home jurisdiction.
It then paints a picture of what might happen if other countries brought in their own Snooper's Charter:
Service providers like ours can and do make reasonable accommodations to reflect local concerns and legal requirements including in the UK. But this is very different from a chaotic world within which every country seeks to impose potentially conflicting requirements on a global service provider in sensitive areas like the retention of personal data.
As the Guardian article explains:
The companies also detail an alternative approach to extend existing arrangements for them to meet the requests for personal data from the police and security services, including a new UK-US bilateral initiative to make the process faster and more efficient.
The letter concludes:
The Internet is still a relatively young technology. It brings enormous benefits to citizens everywhere and is a great force for economic and social development. The UK has rightly positioned itself as a leading digital nation. There are risks in legislating too early in this fast-moving area that can be as significant as the risks of legislating too late. We would urge you to follow the approach we have outlined above and see how far the needs of UK law enforcement can be met by improving existing legal instruments and treaties before making significant legislative changes.
This is a pretty significant move, underlined by the fact that traditional rivals have come together to form a common front against the UK government. If companies like Facebook, Google, Microsoft, Yahoo and Twitter refuse to cooperate with the UK's surveillance plans, it will make the scheme much more difficult to operate, particularly when it comes to spying on encrypted data streams.
If you would believe the UK government, there are two types of people. In the one category, you have law abiding citizens whose every movement, communication and social network activity must be monitored and digitally analyzed to keep them at bay, for their own good. In the other category, you have murderers, pedophiles and terrorists. If you object to belonging to the first category, you must therefore be part of the other, or at least a partner in crime of the scoundrels identified in category two. This would be so according to the unbelievably backward rhetoric of parts of the UK government not too long ago. To make sure society runs smoothly, the government devised the Communication Data Bill, aka. “Snooper’s Charter”, which would enable mass surveillance of digital communications.
As Glyn Moody noted, the Snooper’s Charter has been declared effectively dead after Liberal Democrat leader Nick Clegg announced his party would not support the Bill after some heavy scrutiny by two critical parliamentary committees. The debate on digital surveillance is far from over, however, as several sectors of law enforcement will continue to push for ubiquitous interception, because it is ‘useful’. Of course, conveniently forgetting about proportionality when dreaming up laws to use or control digital technology has become an all too common thread worldwide.
The UK Open Rights Group, an EFF sister organization, has released a report and a series of particularly funny videos to put an end to the Snooper’s Charter, and also to inform policy makers and the public at large about how the discussion about digital surveillance should be held (disclaimer: I helped compile this report).
In the report, twelve experts from different fields explain clearly how and why digital surveillance has come about, what its intent is, and why mass surveillance such as that proposed by the Snooper’s Charter is probably the worst possible next step to take, considering the ability of current technology to effectively monitor everyone and everything.
Journalist and surveillance expert Duncan Campbell puts the Snooper's Charter in historical perspective and explains:
“The manner in which the new Bill has been introduced and managed, fall full square within long British historical precedents that position privacy rights as an irritant to be managed by a combination of concealment, secrecy, information management, and misinformation.”
One of the most notable features of the Snooper’s Charter is the de facto centralized search engine – or “Filter” – which scours several public and private datasets to analyze communications in-depth. Cambridge University computer scientist Richard Clayton explains:
“It is fundamentally inherent to this proposal that Filter data should be collected on everyone’s activity and that this data should be made available en masse from the private companies, the Internet Services Providers and telephone companies that provide services, to government systems for the correlation processing.”
Information privacy rights advocate Caspar Bowden does not mince any words:
“It ought to be obvious that continuously recording the pattern of interactions of every online social relationship, and analyzing them with the “Filter”, is simply tyrannical.”
Rachel Robinson from “Liberty”, the National Council for Civil Liberties, considers what this type of surveillance will likely lead to:
“If the present proposals for the collection of communications data become law, proposals for other types of blanket or random surveillance irrespective of suspicion “just in case” are a logical next step.”
Professor Peter Sommer explains one of the underlying problems:
“Legislators need knowledge of the technical capabilities of surveillance technologies” because: “The legal words need to reflect the reality of how the technology works.”
Joss Wright, computer scientist at the Oxford Internet Institute, notes a fundamental and frequently repeated mistake in thinking about regulating internet technology:
“Equating the Internet with historical technologies when making policy is not simply wrong, it is dangerously misleading.”
Together with Professor Emmenthal below, policy makers should finally start realizing that “technology’s interaction with the social ecology is such that technical developments frequently have environmental, social, and human consequences that go far beyond the immediate purposes of the technical devices and practices themselves […]” (Kranzberg, 1986). Fortunately, the Open Rights Group established 10 clear recommendations to continue the discussion on digital surveillance law, which will also be applicable in other countries.
Since the UK government published the draft version of its Communications Data Bill -- better known as the "snooper's charter" -- with plans to store data about every British citizen's emails, mobile calls and visits to Web sites, there has been almost total opposition to it from everyone else. Indeed, there has been growing resistance even within the UK government's ranks, largely from the smaller of the coalition partners, the Liberal Democrats. Here's what the party's leader and Deputy Prime Minister, Nick Clegg, has been up to, as described by one of the Liberal Democrat MPs, Julian Huppert:
Nick refused to allow the Bill to go ahead, and forced the Home Office to publish the Bill as a draft, allowing us all to see what the Home Office were planning. Nick appointed Paul Strasburger and I onto a Committee to scrutinise it in detail. We went through the evidence, heard from many experts and published a cross-party report. This was damming of the Home Office proposals -- it unanimously describe some of the Home Office information as 'fanciful and misleading'.
Following Nick's intervention and our report, the Home Office was given the chance to rethink. To build a proper case and look for proposals which were proportionate to the problem.
However, instead of trying to answer the huge range of criticisms of the proposed Bill, the Home Office simply insisted that such an intrusive system of surveillance was needed. As a result:
Nick has just this morning announced that he has killed off the Data Communications Bill, dubbed the "snooper’s charter".
By withdrawing the support of the Liberal Democrats, Clegg makes it practically impossible to pass the Bill, since the UK government will lack the requisite majority to push it through. However, this is by no means the end of the story.
Clegg will be under huge pressure from the Prime Minister, David Cameron, and his Conservative party colleagues, to agree to some slightly watered-down proposals. Cameron will doubtless invoke all the usual reasons -- tackling terrorism, paedophiles, organized crime etc. -- knowing that this plays well with enough of the electorate that Clegg won't be able to ignore it completely. So we can probably expect to see new plans in due course. The question then becomes to what extent they address the huge flaws in the original snooper's charter, and whether they represent an approach that is truly "proportionate to the problem", as the cross-party report puts it. If they don't, the battle will doubtless begin again.
Back in June, Glyn wrote about the so-called "Snooper's Charter" in the UK. It was a draft Communications Bill that had some ridiculous surveillance measures, such as data retention by ISPs on all emails. There was an open comment period, and apparently over 19,000 emails were sent in. And, it turns out, the score was over 19,000... to zero. Yes, not a single comment submitted in support of the bill. From the Joint Parliamentary Committee:
... we have not seen a single email supporting the draft Communications Data Bill, or even agreeing that there may be a case for the security services and law enforcement agencies having greater access to communications data than they do at present.
While many of the emails received were generated from organizations opposed to the bill, you'd think that someone out there would be in favor of it. At the very least, hopefully this leads to a pretty big rethinking of the effort.
The draft bill of the UK's "Snooper's Charter", which would require ISPs to record key information about every email sent and Web site visited by UK citizens, and mobile phone companies to log all their calls, was published back in July. Before it is debated by politicians, a Joint Committee from both the House of Commons and House of Lords is conducting "pre-legislative scrutiny."
Jimmy Wales, the founder of Wikipedia, has sharply criticised the government's "snooper's charter", designed to track internet, text and email use of all British citizens, as "technologically incompetent".
He said Wikipedia would move to encrypt all its connections with Britain if UK internet companies, such as Vodafone and Virgin Media, were mandated by the government to keep track of every single page accessed by UK citizens.
He went on to suggest that other Internet companies would do the same, forcing the UK authorities to resort to what he called "black arts" to break the encryption. As he pointed out: "It is not the sort of thing I'd expect from a western democracy. It is the kind of thing I would expect from the Iranians or the Chinese."
To a certain extent, this is just bluster: Wales has no formal power to instruct Wikipedia to encrypt its connections, and even assuming that happened, it's not certain that companies like Google and Facebook would risk fines or imprisonment for their staff by refusing to hand over encryption keys. But Wales' intervention had a big symbolic importance: he's not only the co-founder of Wikipedia -- which even politicians have heard of and probably use -- he's also one of the UK government's own special tech advisers, appointed back in March.
His comments are, therefore, a real slap in the face, and a useful reminder that by pushing for this kind of total surveillance the UK government is not only making itself look oppressive, but stupid too.
As expected, the UK government has published its Draft Communications Bill (pdf) -- better known as the "snooper's charter," since it requires ISPs to record key information about every email sent and Web site visited by UK citizens, and mobile phone companies to log all their calls (landline information is already recorded).
Since this was only released a few hours ago, people are still trawling through it to find out what delights it holds, but an eagle-eyed David Meyer has already spotted something rather extraordinary: the UK government seems to be proposing to log not just every IP packet, but every physical packet -- and letter, and postcard -- too.
That's thanks to Section 25 of the Draft, which states:
Part 1 [the main requirements to log communications data] applies to public postal operators and public postal services as it applies to telecommunications operators and telecommunications services.
And if you were wondering what "communications data" means when applied to letters and postcards, it includes:
postal data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of a postal service by means of which it is being or may be transmitted
Letters, telephone calls, email and the Web -- this is a level of total surveillance that countries like China, North Korea or Iran can only dream of. What remains unclear is how the UK government will try to gather this incredible flood of information, and whether it can access it in real time. Here's what the site Privacy International thinks will happen:
The government today published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install 'black boxes' in order to collect and store information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information.
That article points out that two important questions on the Internet side of things remain unanswered:
However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be brought under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption.
When an official was pressed on that last point, he gave a rather disturbing reply:
At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will."