A week ago, we noted that a group of UK Lords were trying to rush through the "Snooper's Charter" that had previously been rejected by the UK. The bill, of course, was about giving the government tremendous levels of access to everyone's electronic data with little oversight. Thankfully, despite having little notice, the attempt caused a flurry of attention and the Lords were forced to back off the plan. It seemed like another good "win" for supporters of privacy and democracy.
Many people still expected the UK government to try again, but few expected it would happen so soon. Yes, less than a week after having the last attempt rejected vocally, the same group of Lords are trying yet again:
On Saturday, ahead of a “report stage” debate on Monday (the Counter-Terrorism and Security Bill is almost fully baked), Lords West, Blair, Carlile and King introduced a new amendment that appears to be almost identical to the last, and to the Communications Data Bill before it.
Again, this new amendment would force “telecommunications operators” – which these days includes the likes of Facebook and Skype, as well as traditional telcos – to store communications metadata for up to a year and hand it over to U.K. authorities when requested. This data retention regime may require the providers to install “specified equipment or systems.”
As David Meyer at GigaOm notes, just as with the last time, this bill lets any "relevant public authority" get access to the data, meaning that such data will be widely accessed and almost certainly widely abused as well. It appears that there are only very minor cosmetic changes between what was proposed and rejected last week and what has been proposed this week. Of course, it won't surprise you to learn the backgrounds of those pushing for this information:
The four peers in question all come from the security establishment — a former Metropolitan Police commissioner (Blair), a former secretary of defense (King), a former minister for security and counter-terrorism (West), and a former government anti-terror adviser (Carlile).
Meyer also quotes Lord King saying that he doesn't know about or understand the various new social media services like WhatsApp and SnapChat, "but what is absolutely clear is that the terrorists and jihadists do" -- which is why he thinks the Snooper's Charter is needed. In other words, he admits his own ignorance, but doesn't seem to care, because he is ruled by irrational fear. That does not seem like a particularly intelligent way to govern or to legislate.
The UK legislators, law enforcement agencies and intelligence services looking to expand the government's surveillance programs got a big boost from the attack on Charlie Hebdo. This violent attempt to place extremist religious ideology ahead of free speech was twisted by many into justification for expanded government powers. Prime Minister David Cameron even went so far as to suggest that no citizen's communications should be beyond the government's reach.
This unexpected boost has propelled a raft of new amendments to the UK's so-called "Snooper's Charter," a once-rejected bill (Communications Data Bill) that would hand over ISP subscriber data to the goverment without a warrant. The amendments try to paper over the obvious flaws in the proposed legislation, limiting the use of this data to law enforcement and intelligence services only. (The previous version allowed several other government agencies to dip their toes into the data stream.)
The privacy protections are still insufficient and the wording is still vague, but those supporting this bill are hoping the recent terrorist attack -- combined with a very short time frame -- will help them guide this past the opposition, as the EFF points out.
Directly after the Charlie Hebdo massacre, we cautioned the public and politicians to be "wary of any attempt to rush through new surveillance and law enforcement powers." With depressing predictability, we've already seen that happen acrossthecontinent. Nowhere, however, has the attempt to bypass democratic debate been more blatant than in the United Kingdom, where a handful of unelected peers has taken the language of an old and discredited Internet surveillance proposal, and attempted to slam it, at outrageously short notice, into the wording of a near-complete counter-terrorism bill.
The result is that, unless you take action to warn Britain's House of Lords in time for the debate on Monday, there is a good chance that Britain will pass the infamous Snooper's Charter into law with barely any oversight.
Over the weekend, EFF supporters have taken action, and as the amended snooping bill hits the floor today, hopefully it will be met with increased resistance. But its supporters have done everything they can to prevent any examination of the proposed amendments by dropping the new wording off on Thursday and pushing for a simple "up/down" vote on Monday. This rush job indicates the amended bill won't stand up to scrutiny -- something its supporters are hoping to avoid by giving those voting a brief chance to glance at the new wording before being asked to push the bill forward.
The EFF has provided contact information for UK legislators, noting that certain methods may be more effective given the shortened time frame.
If you're a British citizen, you need to tell the members of the House of Lords that their right to analyze and discuss this legislation is being bypassed. We've set up an action alert for UK Internet users, so that you can send messages to the Twitter accounts of UK peers (you would be surprised how many British Lords use Twitter). You can also write to members of the House of Lords through the free service WriteToThem.com, but given the time frame, tweeting or phone calls are much better.
Twisting an attack on free speech into a call for more surveillance is most governments' standard MO. The UK is no exception. But this is never the right response to terrorist activity, especially when the end result will be a chilling effect on free speech -- making this bill's outcome indistinguishable from the attackers' aims.
Whilst Parliament swallowed Theresa May’s tired arguments that "terrorist plots will go undetected" and "these are powers and capabilities that exist today", she failed to make a compelling argument that holding everyone's data is necessary and proportionate. Frankly, the Government was evasive and duplicitous, and they were in a hurry to cover their tracks.
Tom Watson MP described the process as "democratic banditry, resonant of a rogue state. The people who put this shady deal together should be ashamed."
And the European Court's decision was very clear: blanket data retention is unlawful and violates the right to privacy.
The courts will have the final say on whether DRIP breaches human rights. And no matter what David Cameron believes, the UK has international obligations. The European Convention on Human Rights, the European Charter of Fundamental Rights and our own Human Rights Act -- all exist to defend our rights and are where we will be able to challenge DRIP.
As the controversial Data Retention and Investigation Powers Bill (DRIP) slips its way through the House of Commons and into the House of Lords, the outspoken boss of broadband ISP Andrews & Arnold (AAISP), Adrian Kennard, has promised to use "all practical legal means" in order to protect their customers from state sponsored Internet snooping.
Now, that may just be one ISP, but the example of iiNet in Australia, which has been fighting on behalf of its users there for years, shows what can be done. It would be nice if more UK ISPs did the same, but even if they don't, it's likely that others will join the fight against DRIP and its undemocratic passage through the UK Parliament, given the outrage this has caused -- in some quarters, at least.
You may recall the stories from the past couple years about the so-called "snooper's charter" in the UK -- a system to further legalize the government's ability to spy on pretty much all communications. It was setting up basically a total surveillance system, even beyond what we've since learned is already being done today. Thankfully, that plan was killed off by Deputy Prime Minister Nick Clegg.
However, Prime Minister David Cameron is back to pushing for the snooper's charter -- and his reasoning is as stupid as it is unbelievable. Apparently, he thinks it's necessary because the fictional crime dramas he watches on TV show why it's necessary. I am not joking, even though I wish I was:
In the most serious crimes [such as] child abduction communications data... is absolutely vital. I love watching, as I probably should stop telling people, crime dramas on the television. There's hardly a crime drama where a crime is solved without using the data of a mobile communications device.
What we have to explain to people is that... if we don't modernise the practice and the law, over time we will have the communications data to solve these horrible crimes on a shrinking proportion of the total use of devices and that is a real problem for keeping people safe.
Yes, he just said that. Because fictional characters on crime drama TV shows make use of data, that's somehow proof that it's necessary. Perhaps someone can send Cameron a copy of Enemy of the State or any other fictional work showing how the government can abuse such information. Or, better yet, let's have our side stick with reality, and we can just point to real historical events of governments abusing such information.
The five biggest internet companies in the world, including Google and Facebook, have privately delivered a thinly veiled warning to the home secretary, Theresa May, that they will not voluntarily co-operate with the "snooper's charter".
In a leaked letter to the home secretary that is also signed by Twitter, Microsoft and Yahoo!, the web's "big five" say that May's rewritten proposals to track everybody's email, internet and social media use remain "expensive to implement and highly contentious".
In the letter, originally posted online by the Guardian, but now taken down for some reason, the Internet companies write:
Although it seems that the revised Bill will address some of the concerns we and others raised in evidence to that [Parliamentary] Committee, we expect that the core premise of the Bill -- to create a new form of retention order for the data of UK-based users of communications services -- will remain highly contentious.
However, we also do not want there to be any doubt about the strength of our concerns in respect of the idea the UK government would seek to impose an order on a company in respect of services which are offered by service providers outside the UK.
The letter rather pointedly invokes efforts to promote online freedom around the world:
The UK Foreign and Commonwealth Office in particular has played a leading role in promoting the value of freedom of expression on the Internet on the global stage. This freedom of expression is intimately linked to the fact that the Internet services are offered globally unlike traditional media channels, which may be under different degrees of state control in many parts of the world. Key to being able to offer a global Internet service is the understanding that the service provider can work primarily within the legal framework of its home jurisdiction.
It then paints a picture of what might happen if other countries brought in their own Snooper's Charter:
Service providers like ours can and do make reasonable accommodations to reflect local concerns and legal requirements including in the UK. But this is very different from a chaotic world within which every country seeks to impose potentially conflicting requirements on a global service provider in sensitive areas like the retention of personal data.
As the Guardian article explains:
The companies also detail an alternative approach to extend existing arrangements for them to meet the requests for personal data from the police and security services, including a new UK-US bilateral initiative to make the process faster and more efficient.
The letter concludes:
The Internet is still a relatively young technology. It brings enormous benefits to citizens everywhere and is a great force for economic and social development. The UK has rightly positioned itself as a leading digital nation. There are risks in legislating too early in this fast-moving area that can be as significant as the risks of legislating too late. We would urge you to follow the approach we have outlined above and see how far the needs of UK law enforcement can be met by improving existing legal instruments and treaties before making significant legislative changes.
This is a pretty significant move, underlined by the fact that traditional rivals have come together to form a common front against the UK government. If companies like Facebook, Google, Microsoft, Yahoo and Twitter refuse to cooperate with the UK's surveillance plans, it will make the scheme much more difficult to operate, particularly when it comes to spying on encrypted data streams.
If you would believe the UK government, there are two types of people. In the one category, you have law abiding citizens whose every movement, communication and social network activity must be monitored and digitally analyzed to keep them at bay, for their own good. In the other category, you have murderers, pedophiles and terrorists. If you object to belonging to the first category, you must therefore be part of the other, or at least a partner in crime of the scoundrels identified in category two. This would be so according to the unbelievably backward rhetoric of parts of the UK government not too long ago. To make sure society runs smoothly, the government devised the Communication Data Bill, aka. “Snooper’s Charter”, which would enable mass surveillance of digital communications.
As Glyn Moody noted, the Snooper’s Charter has been declared effectively dead after Liberal Democrat leader Nick Clegg announced his party would not support the Bill after some heavy scrutiny by two critical parliamentary committees. The debate on digital surveillance is far from over, however, as several sectors of law enforcement will continue to push for ubiquitous interception, because it is ‘useful’. Of course, conveniently forgetting about proportionality when dreaming up laws to use or control digital technology has become an all too common thread worldwide.
The UK Open Rights Group, an EFF sister organization, has released a report and a series of particularly funny videos to put an end to the Snooper’s Charter, and also to inform policy makers and the public at large about how the discussion about digital surveillance should be held (disclaimer: I helped compile this report).
In the report, twelve experts from different fields explain clearly how and why digital surveillance has come about, what its intent is, and why mass surveillance such as that proposed by the Snooper’s Charter is probably the worst possible next step to take, considering the ability of current technology to effectively monitor everyone and everything.
Journalist and surveillance expert Duncan Campbell puts the Snooper's Charter in historical perspective and explains:
“The manner in which the new Bill has been introduced and managed, fall full square within long British historical precedents that position privacy rights as an irritant to be managed by a combination of concealment, secrecy, information management, and misinformation.”
One of the most notable features of the Snooper’s Charter is the de facto centralized search engine – or “Filter” – which scours several public and private datasets to analyze communications in-depth. Cambridge University computer scientist Richard Clayton explains:
“It is fundamentally inherent to this proposal that Filter data should be collected on everyone’s activity and that this data should be made available en masse from the private companies, the Internet Services Providers and telephone companies that provide services, to government systems for the correlation processing.”
Information privacy rights advocate Caspar Bowden does not mince any words:
“It ought to be obvious that continuously recording the pattern of interactions of every online social relationship, and analyzing them with the “Filter”, is simply tyrannical.”
Rachel Robinson from “Liberty”, the National Council for Civil Liberties, considers what this type of surveillance will likely lead to:
“If the present proposals for the collection of communications data become law, proposals for other types of blanket or random surveillance irrespective of suspicion “just in case” are a logical next step.”
Professor Peter Sommer explains one of the underlying problems:
“Legislators need knowledge of the technical capabilities of surveillance technologies” because: “The legal words need to reflect the reality of how the technology works.”
Joss Wright, computer scientist at the Oxford Internet Institute, notes a fundamental and frequently repeated mistake in thinking about regulating internet technology:
“Equating the Internet with historical technologies when making policy is not simply wrong, it is dangerously misleading.”
Together with Professor Emmenthal below, policy makers should finally start realizing that “technology’s interaction with the social ecology is such that technical developments frequently have environmental, social, and human consequences that go far beyond the immediate purposes of the technical devices and practices themselves […]” (Kranzberg, 1986). Fortunately, the Open Rights Group established 10 clear recommendations to continue the discussion on digital surveillance law, which will also be applicable in other countries.
Since the UK government published the draft version of its Communications Data Bill -- better known as the "snooper's charter" -- with plans to store data about every British citizen's emails, mobile calls and visits to Web sites, there has been almost total opposition to it from everyone else. Indeed, there has been growing resistance even within the UK government's ranks, largely from the smaller of the coalition partners, the Liberal Democrats. Here's what the party's leader and Deputy Prime Minister, Nick Clegg, has been up to, as described by one of the Liberal Democrat MPs, Julian Huppert:
Nick refused to allow the Bill to go ahead, and forced the Home Office to publish the Bill as a draft, allowing us all to see what the Home Office were planning. Nick appointed Paul Strasburger and I onto a Committee to scrutinise it in detail. We went through the evidence, heard from many experts and published a cross-party report. This was damming of the Home Office proposals -- it unanimously describe some of the Home Office information as 'fanciful and misleading'.
Following Nick's intervention and our report, the Home Office was given the chance to rethink. To build a proper case and look for proposals which were proportionate to the problem.
However, instead of trying to answer the huge range of criticisms of the proposed Bill, the Home Office simply insisted that such an intrusive system of surveillance was needed. As a result:
Nick has just this morning announced that he has killed off the Data Communications Bill, dubbed the "snooper’s charter".
By withdrawing the support of the Liberal Democrats, Clegg makes it practically impossible to pass the Bill, since the UK government will lack the requisite majority to push it through. However, this is by no means the end of the story.
Clegg will be under huge pressure from the Prime Minister, David Cameron, and his Conservative party colleagues, to agree to some slightly watered-down proposals. Cameron will doubtless invoke all the usual reasons -- tackling terrorism, paedophiles, organized crime etc. -- knowing that this plays well with enough of the electorate that Clegg won't be able to ignore it completely. So we can probably expect to see new plans in due course. The question then becomes to what extent they address the huge flaws in the original snooper's charter, and whether they represent an approach that is truly "proportionate to the problem", as the cross-party report puts it. If they don't, the battle will doubtless begin again.
Back in June, Glyn wrote about the so-called "Snooper's Charter" in the UK. It was a draft Communications Bill that had some ridiculous surveillance measures, such as data retention by ISPs on all emails. There was an open comment period, and apparently over 19,000 emails were sent in. And, it turns out, the score was over 19,000... to zero. Yes, not a single comment submitted in support of the bill. From the Joint Parliamentary Committee:
... we have not seen a single email supporting the draft Communications Data Bill, or even agreeing that there may be a case for the security services and law enforcement agencies having greater access to communications data than they do at present.
While many of the emails received were generated from organizations opposed to the bill, you'd think that someone out there would be in favor of it. At the very least, hopefully this leads to a pretty big rethinking of the effort.
The draft bill of the UK's "Snooper's Charter", which would require ISPs to record key information about every email sent and Web site visited by UK citizens, and mobile phone companies to log all their calls, was published back in July. Before it is debated by politicians, a Joint Committee from both the House of Commons and House of Lords is conducting "pre-legislative scrutiny."
Jimmy Wales, the founder of Wikipedia, has sharply criticised the government's "snooper's charter", designed to track internet, text and email use of all British citizens, as "technologically incompetent".
He said Wikipedia would move to encrypt all its connections with Britain if UK internet companies, such as Vodafone and Virgin Media, were mandated by the government to keep track of every single page accessed by UK citizens.
He went on to suggest that other Internet companies would do the same, forcing the UK authorities to resort to what he called "black arts" to break the encryption. As he pointed out: "It is not the sort of thing I'd expect from a western democracy. It is the kind of thing I would expect from the Iranians or the Chinese."
To a certain extent, this is just bluster: Wales has no formal power to instruct Wikipedia to encrypt its connections, and even assuming that happened, it's not certain that companies like Google and Facebook would risk fines or imprisonment for their staff by refusing to hand over encryption keys. But Wales' intervention had a big symbolic importance: he's not only the co-founder of Wikipedia -- which even politicians have heard of and probably use -- he's also one of the UK government's own special tech advisers, appointed back in March.
His comments are, therefore, a real slap in the face, and a useful reminder that by pushing for this kind of total surveillance the UK government is not only making itself look oppressive, but stupid too.
As expected, the UK government has published its Draft Communications Bill (pdf) -- better known as the "snooper's charter," since it requires ISPs to record key information about every email sent and Web site visited by UK citizens, and mobile phone companies to log all their calls (landline information is already recorded).
Since this was only released a few hours ago, people are still trawling through it to find out what delights it holds, but an eagle-eyed David Meyer has already spotted something rather extraordinary: the UK government seems to be proposing to log not just every IP packet, but every physical packet -- and letter, and postcard -- too.
That's thanks to Section 25 of the Draft, which states:
Part 1 [the main requirements to log communications data] applies to public postal operators and public postal services as it applies to telecommunications operators and telecommunications services.
And if you were wondering what "communications data" means when applied to letters and postcards, it includes:
postal data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of a postal service by means of which it is being or may be transmitted
Letters, telephone calls, email and the Web -- this is a level of total surveillance that countries like China, North Korea or Iran can only dream of. What remains unclear is how the UK government will try to gather this incredible flood of information, and whether it can access it in real time. Here's what the site Privacy International thinks will happen:
The government today published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install 'black boxes' in order to collect and store information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information.
That article points out that two important questions on the Internet side of things remain unanswered:
However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be brought under the Regulation of Investigatory Powers Act (RIPA), and how they intend to deal with HTTPS encryption.
When an official was pressed on that last point, he gave a rather disturbing reply:
At this morning's Home Office briefing, Director of the Office for Security and Counter-Terrorism Charles Farr was asked about how the black box technology would handle HTTPS encryption. His only response was: "It will."