Last year, in writing about the US government's vindictive lawsuit against whistleblower and former NSA employee Thomas Drake, we also talked about William Binney -- another ex-NSA employee and whistleblower (who was also raided by the feds, though they failed to find anything they could pin on him in a lawsuit). Binney is the mathematical genius behind one of the key algorithms the NSA is using to track everyone. Here's what the New Yorker said about Binner over a year ago:

Binney expressed terrible remorse over the way some of his algorithms were used after 9/11. ThinThread, the "little program" that he invented to track enemies outside the U.S., "got twisted," and was used for both foreign and domestic spying: "I should apologize to the American people. It's violated everyone's rights. It can be used to eavesdrop on the whole world."

Now, the NY Times has something of a following, including a short documentary feature about Binney and his whistleblowing over the NSA's domestic spying. It's really worth watching as it very simply highlights how vast the domestic spying effort is, however powerful it can be -- and also how the NSA dances around the fact that it's not allowed to spy on Americans. They claim that as long as they're not actually looking at the content they record and store directly, it's just collecting the info and not actually spying on people. That is, they think that acquiring all this data is fine, so long as they don't directly query the info. But... as Binney explains, his algorithms (which have likely been updated quite a bit) can still go through all this info and build basic "profiles" of just about anyone. It's really worth watching, if only to wonder how anyone thinks this is acceptable.

I'd embed the video here, except the geniuses over at the NY Times seem to have not figured out how to allow embeds with their video player.

The documentary was put together by Laura Poitras, who notes that thanks to some over-aggressive surveillance she, too, is on a "watch-list," thanks to a documentary she did about Iraq.

I have been detained at the border more than 40 times. Once, in 2011, when I was stopped at John F. Kennedy International Airport in New York and asserted my First Amendment right not to answer questions about my work, the border agent replied, “If you don’t answer our questions, we’ll find our answers on your electronics.”’ As a filmmaker and journalist entrusted to protect the people who share information with me, it is becoming increasingly difficult for me to work in the United States. Although I take every effort to secure my material, I know the N.S.A. has technical abilities that are nearly impossible to defend against if you are targeted.

All of this attention, by the way, is to question why Congress is so intent on re-authorizing the FISA Amendments Act (FAA) which is what gives the NSA a pass on much of this spying, thanks to a "secret interpretation" of the law, which the public is not allowed to even know about. If this sounds like the sort of thing that shouldn't be allowed in a free and open society, you're just beginning to grasp the problem.

You may remember that almost exactly a decade ago, the news leaked that key Iran-Contra political operative John Poindexter, still working for the US government, had been working with the NSA to create a system called Total Information Awareness or TIA. The news quickly went viral, with people (quite reasonably) worried about the government snooping on their private data. Suddenly everyone was against this program, Poindexter was soon out of a job, and the TIA was officially put on the shelf. Except... that's not quite what happened. As you should be aware by now, the NSA has been Hoovering up pretty much every bit of data it can, sometimes using confusing loopholes or legal changes to make it possible.

As a writeup at the NY Times notes, the NSA is basically doing everything that was promised in the TIA program... but without the basic safeguards that were included with TIA:

What’s missing, however, is a reliable way of keeping track of who sees what, and who watches whom. After T.I.A. was officially shut down in 2003, the N.S.A. adopted many of Mr. Poindexter’s ideas except for two: an application that would “anonymize” data, so that information could be linked to a person only through a court order; and a set of audit logs, which would keep track of whether innocent Americans’ communications were getting caught in a digital net.

And let's not even waste time discussing how the NSA actually had a much cheaper program that actually did have safeguards, because the guy who exposed the world to that almost end up in jail for a few decades.

Of course, the bigger issue here is that in gathering pretty much everything they can, actually making sense of the data is becoming more and more difficult:

The N.S.A. came up with more dead ends than viable leads and put a premium on collecting information rather than making sense of it.

Of course, that doesn't mean people's privacy isn't being violated (something even the NSA itself will admit when forced -- though it still refuses to say how many Americans are having their privacy violated). So the end result is that the NSA is collecting all of this data, violating people's privacy (and, most likely, the 4th Amendment). And, out of that they're turning up very little in the way of useful leads.

That's not exactly a compelling pitch.

But, as the NYT piece notes, even though the NSA built a system more powerful and privacy invading, and less effective (and probably more costly) than the original, much decried, Total Information Awareness program, very few people seem to be raising the alarm or particularly concerned about it. Apparently, the NSA has learned the best secret of all. If you don't actually name the program something creepy and Big Brotherish, and don't have a conspiracy-theory-inspired logo to go with it, you can get away with all sorts of stuff. There. Now don't you feel safer knowing that your tax dollars are funding this kind of thing?

We've written many times about the FISA Amendments Act (FAA), of which there is a secret interpretation that certainly appears to allow the NSA to spy on all sorts of email communications without a warrant -- something that is not at all obvious upfront (and, in fact, which many in Congress apparently do not know about). While Senators Wyden and Udall have been working hard to try to force the government to reveal either the secret interpretation or how many Americans have been spied on, the rest of Congress appears to not want to know, while rubber stamping the renewals to let the effort continue.

There have been some questions about how all of this came about, and just why law enforcement officials keep insisting the FAA is so vital. Julian Sanchez may have worked out some key details, and provides a very compelling explanation. Seven years ago, the Supreme Court ruled in the Brand X case (the same day the Grokster ruling came out), basically saying that cable networks did not qualify for "common carrier" status, because they were "information services" rather than telco services. The direct end result was that broadband providers no longer had to share lines with service providers. But, as Sanchez notes, there may have been an unrelated indirect impact: by removing the common carrier designation, the NSA may have lost its legal authority to "tap" live communications on such networks without a warrant. Sanchez explains the nitty gritty:

“If FISA’s reference to ‘common carrier’ were interpreted in accord with the Communications Act,” Kris and Wilson explain, explicitly citing the Brand X decision, “information (such as e-mail) being carried on a cable owned and offered by a cable modem service provider would not be a ‘wire communication’ under FISA, and acquisition of such information would not be ‘electronic surveillance’ under” the definition that applies to traditional phone calls.

Sanchez provides a lot more detail, which is worth reading in full, because it's quite complex. However, it suggests that the Bush administration's focus on "deregulating" cable may have undercut the NSA's "spy on everyone" program through a simple definition change. The FAA, then, was put in place (partly) to once again enable the NSA to get access to a bunch of live communications legally, whereas it's quite possible that the FISA court had found, in light of Brand X, that the efforts had been against the law. Now, you can argue that the change due to the Brand X decision is no big deal, because it was just clarifying some rules, and dealing with antiquated language in the statute. But, again, since so much of this happened in secret, if Sanchez's story is accurate, it more or less allowed the government to write very broad rules, such as those now allowing such broad surveillance.

So the FISA Amendments Act allows the government to target foreigners and capture conversations with Americans — with no warrant required, so long as they aren’t actually trying to wiretap the American via a technical loophole.

But if the government’s problem is an inability to reliably determine the location of parties to a communication, it’s not clear why we should be confident that interception under this broad new authority can reliably avoid acquiring many purely domestic communications. Even if it can, blanket authority to acquire the international communications of Americans — with no requirement that the foreign side of the conversation be suspected of any connection to terrorism or espionage‹seems like an incredibly broad way of addressing the issue.

Perhaps Kris and Wilson are correct that a narrower solution to the problem would have been unworkable. On the other hand, perhaps legislators would have tried a bit harder to craft a viable narrow solution if they, and the general public, had clearly understood exactly what the problem was.

Sanchez goes on to point out that if this story is accurate, and if the FISA court had basically upended the feds' spying program becuase of some definitional issues, a more reasonable and transparent approach would simply be to work together with lawmakers and civil liberties experts to actually focus in on the specific problem. Instead, it appears they may have used this loophole to massively expand spying capabilities, with no public oversight at all.

We just wrote about yet another (in a long line) of manufactured terrorist plots, in which the FBI creates its own terrorist plot to arrest anyone who can be coaxed into going along for the ride, even if they had no interest or ability to push the plot forward on their own. In that case, it was even more ridiculous, because they couldn't even find anyone willing to go along with the plot -- and the main "suspect" actually alerted the FBI to the informant who was trying to coax him into taking part in a plot (which didn't stop him from being arrested, even if the case was eventually dropped).

Of course, the FBI is not alone in its incredibly ham-fisted anti-terrorism efforts in which the focus seems to be much more about someone's religious leanings, rather than any actual interest in creating terror. The NY Police Department got plenty of attention for deciding to build their own local versions of the FBI and CIA to try to catch terrorists. That link describes the NYPD as a sort of new "elite" intelligence agency, hiring people out of other intelligence agencies and then placing agents around the globe to try to beat the FBI and CIA at their own game.

Back at home, apparently this included following on the FBI's tactic of assuming that "brown skin = terrorist." As such, they've spent the past few years spying on "Muslim neighbrhoods" throughout New York (with help from the CIA), sending undercover agents and informants into Muslim groups and organizations:

The Demographics Unit is at the heart of a police spying program, built with help from the CIA, which assembled databases on where Muslims lived, shopped, worked and prayed. Police infiltrated Muslim student groups, put informants in mosques, monitored sermons and catalogued every Muslim in New York who adopted new, Americanized surnames.

Police hoped the Demographics Unit would serve as an early warning system for terrorism. And if police ever got a tip about, say, an Afghan terrorist in the city, they'd know where he was likely to rent a room, buy groceries and watch sports.

How useful has it been? Apparently not at all. Not a single lead has come out of the program. Not one.

I know this is a crazy thought, but perhaps violating the privacy of tons of people just because of the color of their skin or their religion, isn't the best (or even "a") way to stop terrorists.

Wired has a troubling story of how the Senate Armed Services Committee is pushing a bill that would likely kill off an open source NoSQL project that came out of the NSA called Accumulo. Like many other such NoSQL efforts, the NSA basically took some Google white papers about its BigTable distributed database setup, and built its own open source version, with a few improvements... and then open sourced the whole thing and put it under the Apache Foundation. It's kind of rare to see such a secretive agency like the NSA open source anything, but it does seem like the kind of thing that ought to be encouraged.

Unfortunately, the Senate Armed Services Committee sees things very differently. As part of a 600-page bill that's being floated, it actually calls out Accumulo by name, and suggests that it violates a policy that says the government shouldn't build its own software when there are other competing commercial offerings on the market. The reasoning is basically that the government shouldn't spend resources reinventing the wheel if it can spend fewer resources using existing code. You can see the basic reasoning behind that, but applying it here makes little sense. As the article notes, here we're talking about software that's already been developed and released -- not a new effort to rebuild existing software. In fact, those who follow this stuff closely note that Accumulo did "break new ground" with some of its features when it was being built. To then kill it afterwards seems not just counterproductive, but could also create a chilling effect for government open source efforts, which seem like something we should be encouraging, not killing.

What's really odd is the close interest that the Senate seems to be paying to this. The discussion is very specific, naming Accumulo and some of the competing offerings on the market. They're specifically calling out this one product. Of course, as Julian Sanchez notes, there's a bit of irony in the fact that the very same Senate appears to have absolutely no interest in finding out how often the NSA spies on Americans... but sure is concerned about what database it uses to store all of the information it's getting.

Of course... all of this raises a separate issue in my mind: can the NSA even open source Accumulo? I though that creations of the federal government were automatically public domain, rather than under copyright. And, thus, putting it under a specific license might, in fact, present limitations that the government can't actually impose on the software.... Thus, shouldn't the software code actually be completely open as a public domain project? The government should be able set up an Apache-like setup, but one without any restrictions on the code.

The American Enterprise Institute (AEI) recently held an event about cybersecurity and cybersecurity legislation. The keynote speech was from NSA boss General Keith Alexander. He of course talked about why he supports cybersecurity legislation, such as CISPA and other proposals that will make it easier for the NSA access private content from service providers -- much of which, reports claim, they're already capturing and storing. Alexander has claimed that the NSA doesn't have "the ability" to spy on American emails and such, and reiterates that claim during the Q&A in this session, insisting that the Utah data center doesn't hold data on Americans' emails (and makes a joke about just how many emails that would be to read). That's nice for him to say, but so many people with knowledge of the situation claim the opposite.

In fact, in a story that has received almost no attention, the EFF was able to get three whistleblowers to speak out on the NSA's massive spying infrastructure:

In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the "secret room" at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.

So it's interesting to pay attention to what Alexander has to say in pushing for cybersecurity legislation. You can watch the full video below, if you'd like: Much of what he talks about online involves basic malware and hack attacks. These are definitely issues -- but are they issues that we need the military (which the NSA is a part of) to step in on? His "quote" line is that these attacks represent the "greatest transfer of wealth in history." That is a pretty broad statement, and there's almost no evidence to support it. He points to studies from Symantec and McAfee on the "costs" of dealing with security issues -- but remember, those are two of the biggest sellers of security software, and have every incentive in the world to inflate the so-called "costs." Also, seriously? The "greatest transfer of wealth in history"? Has he paid absolutely no attention to what's happened on Wall Street and the financial world over the past decade? Does anyone honestly believe that the amount of money "transferred" due to hack attacks is greater than the amount of money transferred due to dodgy financial deals and the mortgage/CDO mess? That doesn't pass the laugh test.

He does insist that worse attacks are coming, but provides no basis for that (or, again, why the NSA needs your info). In fact, according to a much more believable study, the real risks are not outside threats and hackers, but internal security screwups and disgruntled inside employees. None of that requires NSA help. At all.

But it sure makes for a convenient bogeyman to get new laws that take away privacy rights.

Alexander, recognizing the civil liberties audience he was talking to, admits that the NSA neither needs nor wants most personal info, such as emails, and repeatedly states that they need to protect civil liberties (though, in the section quoted below, you can also interpret his words to actually mean they don't care about civil liberties -- but that's almost certainly a misstatement on his part):

One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed. It doesn't require the government to read their mail -- or your mail -- to do that. It requires them -- the internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it.

It's like a missile, coming in to the United States.... there are two things you can do. We can take the "snail mail" approach and say "I saw a missile going overhead, looks like it's headed your way" and put a letter in the mail and say, "how'd that turn out?" Now, cyber is at the speed of light. I'm just saying that perhaps we ought to go a little faster. We probably don't want to use snail mail. Maybe we could do this in real time. And come up with a construct that you and the American people know that we're not looking at civil liberties and privacy, but we're actually trying to figure out when the nation is under attack and what we need to do about it.

Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there's a great approach there.

Now all that's interesting, because if that's true, then why is he supporting legislation that would override any privacy rules that protect such info? If he really only needs limited information sharing, then why isn't he in favor of more limited legislation that includes specific privacy protections for that kind of information? He goes back to insisting they don't care about this info later on in the talk, but never explains why he doesn't support legislation that continues to protect the privacy of such things:

The key thing in information sharing that gets, I think, misunderstood, is that when we talk about information sharing, we're not talking about taking our personal emails and giving those to the government.

So make that explicit. Rather than supporting cybersecurity legislation that wipes out all privacy protections why not highlight what kind of information sharing is blocked right now and why it's blocked? Is it because of ECPA regulations? Something else? What's the specific problem? Talking about bogeymen hackers and malicious actors makes for a good Hollywood script, but there's little evidence to support the idea that it's a real threat here -- and in response, Alexander is asking us all to basically wipe out all such privacy protections... because he insists that the NSA doesn't want that kind of info. And, oh yeah, this comes at the same time that three separate whistleblowers -- former NSA employees -- claim that the NSA is getting exactly that info already.

So, this speech is difficult to square up with that reality. If he really believes what he's saying, then why not (1) clearly identify the current regulatory hurdles to information sharing, (2) support legislation that merely amends those regulations and is limited to just those regulations and (3) support much broader privacy protections for the personal info that he insists isn't needed? It seems like a pretty straightforward question... though one I doubt we'll get an answer to. Ever. At least not before cybersecurity legislation gets passed.

We're still completely perplexed at how anyone in Congress could recognize that the NSA has refused to tell Congress how often it's violated the privacy of Americans without a warrant under the FISA Amendments Act (FAA) -- and then still vote to renew it. What kind of "oversight" is that? As Julian Sanchez recently wrote, it's no oversight at all. As he notes, the law requires the NSA to "prevent" the spying on folks when both parties in communication are in the US -- but here, the NSA is admitting that it has no mechanism to actually do that. Either (a) it's lying or (b) it's admitting that it cannot do what the law requires.

If we care about the spirit as well as the letter of that constraint being respected, it ought to be a little disturbing that the NSA has admitted it doesn’t have any systematic mechanism for identifying communications with U.S. endpoints. Similar considerations apply to the “minimization procedures” which are supposed to limit the retention and dissemination of information about U.S. persons: How meaningfully can these be applied if there’s no systematic effort to detect when a U.S. person is party to a communication?

Normally, this should be the point at which Congress steps in and says "no more" to the NSA. Instead, it shuns those who even ask the basic questions -- and as in the case of Rep. Dan Lungren, pretends that as long as no one proves to them that the NSA is abusing its power, there's simply no reason to demand evidence. That's not oversight. That's willful ignorance.

And... given that they're choosing to ignore their own oversight obligations over the NSA's spying on Americans, it should come as no surprise that the House Intelligence Committee unanimously voted to extend the FAA for five more years. Why not? It's not like Congress is actually going to make sure that the NSA is playing by the rules. The NSA apparently just needs to say that it would be too much work to do what the law requires and Congress says, "here, have a gift of five more years to spy on Americans against the specifics of the law." And, once again, as Sanchez points out, there are plenty of ways that the NSA could at least estimate how many Americans they're spying on.

But why would it do that? As Sanchez also points out, the NSA seems to redact anything even remotely embarrassing from its reports... including data on how often it failed to follow the law:

More generally, these reports contain a good deal of redacted statistical information that there is simply no plausible excuse for keeping secret. A table of “statistical data relating to compliance incidents,” for example, is included—but entirely blacked out. Are we to believe that the national security of the United States would be imperiled if the public knew the number of times the NSA had difficulty following the law? The reviewers conclude that the “number of compliance incidents remains small, particularly when compared with the total amount of activity”—but is there any legitimate reason for barring the public from knowing what counts as a “small” number, or just how massive the “total amount of activity” truly is?

How do folks in Congress who vote for this kind of thing defend such actions? They can't say that it's to protect Americans, when they refuse to even seek to get the data on whether or not Americans are being illegally spied upon.

For quite some time now, we've been reporting on Senators Wyden and Udall's repeated attempts to get the government to explain how many American citizens the NSA spied on under the FISA Amendments Act (which is supposed to be used to spy on foreigners, but appears to have been used much more broadly). It's quite clear that Wyden and Udall, in their roles on the Senate Intelligence Committee, believe there is some information that the public needs to know about, but which is not public. So they keep asking the same basic question over and over again. As we noted last week, since most of the rest of Congress does not have this information, and yet is expected to vote on the renewal of the FISA Amendments Act, something is seriously wrong.

What's never made sense is why the feds simply refuse to admit how many Americans they've spied on under the law. In the past, the Director of National Intelligence has basically told Wyden and Udall that he wouldn't answer because he didn't want to. But the latest answer really takes the insanity to stunning new levels. As initially revealed at Wired, the NSA has refused to answer claiming that, not only would it be too much work to figure it out, but that figuring it out would violate the privacy of Americans.

Yes, I'm going to repeat that, because it's insane. The NSA claims that figuring out how many Americans it spied on would violate their privacy. Here's the specific language from the letter:

The NSA IG provided a classified response on 6 June 2012. I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA's mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons..

At this point, you have to just wonder if the NSA is flat out mocking Wyden and Udall and basically taunting them to make it clear that the NSA doesn't believe anyone has oversight powers concerning the agency. And, of course, there is the other explanation: that the NSA has spied on more or less everyone who owns a mobile phone (which has been suggested by some reports).

Either way, it certainly sounds like the NSA really doesn't care what the law actually says, so long as it gets to keep spying on people.

We've been covering the fight that Senators Ron Wyden and Marc Udall have been in with the administration (and other members of Congress) concerning the FISA Amendments Act, in which the two Senators seem to be suggesting that a loophole in the law has allowed the feds to collect massive amounts of data on Americans without getting warrants. While they are unable to make the details clear, it sure sounds like the feds may be twisting the language of the Act, which was supposed to clear away some obstacles to collecting data on foreigners, such that they're collecting massive amounts of data on Americans. When Wyden & Udall asked officials just how many Americans had their data collected via this program, they were told it was impossible to answer that question. That alone should raise serious alarm bells.

Wyden and Udall have now put a hold on the new FISA Amendment Acts extension effort, saying that they don't want to hold back the important parts of the law, but are very worried about how it's being abused to spy on tons of Americans, despite that being against the clear intent. It does seem like a fair question to ask: just how many Americans have had their data surveilled under the law?

We are particularly concerned about a loophole in the law that could allow the government to effectively conduct warrantless searches for Americans' communications. Since we do not know how many Americans have had their phone calls and emails collected under this law, we believe that it is particularly important to have strong rules in place to protect the privacy of these Americans. We are disappointed that this bill does not attempt to add these protections.

The central provision in the FISA Amendments Act added a new section 702 to the original FISA statute. Section 702 was designed to give the government new authorities to collect the communications of people who are reasonably believed to be foreigners outside the United States. Because section 702 does not involve obtaining individual warrants, it contains language specifically intended to limit the government's ability to use these new authorities to deliberately spy on American citizens.

We have concluded, however, that section 702 currently contains a loophole that could be used to circumvent traditional warrant protections and search for the communications of a potentially large number of American citizens. We have sought repeatedly to gain an understanding of how many Americans have had their phone calls or emails collected and reviewed under this statute, but we have not been able to obtain even a rough estimate of this number.

The Office of the Director of National Intelligence told the two of us in July 2011 that ``it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed'' under the FISA Amendments Act. We are prepared to accept that it might be difficult to come up with an exact count of this number, but it is hard for us to believe that it is impossible to even estimate it.

It really is incredible just how much it seems that the federal government is doing everything it can to avoid the basic checks and balances that are supposed to keep excessive behavior in check. Considering the bill is supposed to protect, not expose, Americans, it's scary that the government refuses to even estimate how many Americans are spied upon in this manner. Given the continued efforts and statements of Wyden and Udall, it seems evident that they're aware that the feds are treating this law in a very different manner than the public believes -- but they're held back from saying anything specific, due to much of the info being classified.

Even worse, however, is the attitude of Senate colleagues, who seem ready to push this extension through no matter what, so they can declare that they're helping to keep the country secure, without even bothering to understand the massive loopholes and likely abuse by the feds under the law. From what's been said, it appears that many in the Senate seem to take it at face value that the bill is only used for collecting info on foreigners, and thus they're voting from a position of ignorance. At the very least, they should be willing to speak out and demand the same data that Wyden and Udall are asking for: an estimate as to how many Americans have had data exposed under this bill. If it really is supposed to only focus on foreigners, but millions of Americans have had their info accessed, that seems like a problem that should be addressed, rather than one that should be swept under the rug, as most in the Senate seem interested in doing.

Not content with inventing the Web and then giving it away, Tim Berners-Lee remains highly active in warning about the threats the Internet and its users face. Most recently he has taken on the British government's disproportionate plans to store information about every email sent and Web page visited in the UK:

Sir Tim Berners-Lee, who serves as an adviser to the government on how to make public data more accessible, says the extension of the state's surveillance powers would be a "destruction of human rights" and would make a huge amount of highly intimate information vulnerable to theft or release by corrupt officials. In an interview with the Guardian, Berners-Lee said: "The amount of control you have over somebody if you can monitor internet activity is amazing."

What's particularly useful about his latest intervention is not just the authority with which he speaks on this subject, but the specificity of his warning:

"The idea that we should routinely record information about people is obviously very dangerous. It means that there will be information around which could be stolen, which can be acquired through corrupt officials or corrupt operators, and [could be] used, for example, to blackmail people in the government or people in the military. We open ourselves out, if we store this information, to it being abused."

That is, even leaving aside concerns about crucially important issues such as privacy and total surveillance, the UK plans are an awful idea from a purely practical viewpoint: they will actually make the UK less safe for all the reasons that Berners-Lee lists. Because of this fundamental flaw, he emphasizes:

"the most important thing to do is to stop the bill as it is at the moment"

Let's hope the UK government listens to its own adviser, at least.

Follow me @glynmoody on Twitter or identi.ca, and on Google+