«

»

The UK snooping bill and the mystery of the magic pixies

By Simon Davies

Every website-spotter really should visit the new UK Home Office site. As well as being a breathtaking example of atrocious design its pages are now swathed in an urgent orange – as it happens, the exact shade of orange once used by the US government to signal an elevated terrorist alert.

It’s doubtful the orange is coincidental. The Home Office is anxious to sell the need for emergency legislation. Currently it is keen on alerting us to the criminal misuse of new technology  – specifically via mobile phones and the Internet.

In pursuit of this goal the government has published draft legislation that is likely to permanently cement Britain’s standing as the developed world’s most watched society.

the government has published draft legislation that is likely to permanently cement Britain’s standing as the developed world’s most watched society.

The Draft Communications Data Bill purports to make Britain safer by requiring all phone and Internet providers to retain detailed files of all online activity, emails, mobile phone location and every phone call. There will be no exceptions. Whether you send and email or text, visit a gay sexual health website or call your Aunt Mabel in Maidstone, the government will have the right to scrutinize that activity for up to a year afterward.

The surveillance relates to “communications data” (who contacted who, with what technology, in what location and at what time) rather than listening in to the content of a call or reading an email. Communications data surveillance is by far the most intrusive technique. Imagine an informant sitting behind you and noting down everything you do online.

Without any technical data or operational information it’s difficult to figure how the government intends to execute this scheme without creating a major threat to communications security. Perhaps they have technology the independent experts aren’t familiar with – or maybe they have access to magic pixies. As I explain below, we simply don’t know.

Authority already exists under the Regulation of Investigatory Powers Act (RIPA) for government and police to request communications data. In 2010 public authorities made more than half a million such requests,  a figure that rises five percent year on year and which is likely to rise even more once a richer reserve of data is available to authorities.

The government argues that it needs these new mass surveillance powers to catch up with new communications media. It asserts that online social networking, gaming sites, advanced email and mobile systems, Voice over IP and instant messaging have eclipsed the government’s ability to conduct surveillance. They claim the measures are necessary because most investigations are conducted post-fact and this requires the creation of a distributed national archive of everyone’s activity “just in case it is needed”.

As things stand – and without wishing to appear sensational – the government’s approach is methodologically similar to the reasoning of the Stasi. Then the justification was the “class enemy”; now it is criminality. The level and process of mass infiltration is the same in both cases. That’s why countries such as Romania, Germany and the Czech Republic have already ruled the technology unlawful.

The scheme however is much more than just a mammoth threat to civil liberties. By seeking to access major communications systems such as Gmail, which use encryption, the government is proposing to break the security of the Internet at a scale that the most ambitious dictator could scarily have dreamed of.

the government is proposing to break the security of the Internet at a scale that the most ambitious dictator could scarily have dreamed of.

“https encryption” which the new system will seek to crack is also used by entities such as banks.

These plans were originally drawn up in the autumn years of the previous Labour administration but were shelved shortly before the general election. Labour was right to sense an election risk. It was, after all, proposing to reach deep into the private life of everyone in the nation. The government had laid out its cards that it wanted to know everything you do across the communications spectrum. Labour strategists with long memories recalled the bitter campaign of resistance in the early 2000’s against email and phone snooping under RIPA. And with the Tories rapidly building a civil liberties platform Labour needed to narrow the divide.

Back then the scheme was known as the “Interception Modernisation Programme”. It was an idea that a London School of Economics report described (and I’m paraphrasing here) as a complete and utter technological farce without any evidential basis. The report went on to warn that such a scheme would inevitably “result in a level of surveillance never seen before”.

In an attempt to escape such savage attention and shake off the dogs of civil liberties the scheme was dusted off and renamed the “Communications Capabilities Development Programme”. The two are one and the same scheme.

However the public justification for the original scheme was as disreputable as the rhetoric for the current iteration. Neither offer any evidential foundation about risks of the “threat” that the scheme claims to target or the likely benefits to be realized as part of the “balance” (sacrifice of rights) that must be made

Indeed the most entertaining common feature of the most intrusive surveillance scheme of modern times is the extent to which Home Secretaries on both sides of the House – while extolling the scheme – have fallen over themselves to establish their deep regard for privacy and liberties.

The government has tried to assuage civil liberties concerns by arguing that only terrorists and criminals have cause to fear – with a repeated emphasis on pedophiles. The pedophiles were only recently wheeled in as a sort of PR patch. They certainly weren’t in evidence in 2009.

The government may have a rough road ahead. Nearly 200,000 people have signed a petition by campaign group 38 Degrees opposing the scheme. In the meantime more is becoming known about the realities of the scheme. It’s becoming clear that on the basis of what we know about existing requests. It’s clear that they have relatively little to do with crime prevention and much more to do with government administration and tax collection.

The introduction to the draft legislation plays down the intrusiveness of the new measures, and infers it should be self evident that safeguards should be at a lower level for communications data than for traditional phone intercept requests.

The argument is flawed.  The “traffic data” generated by mobile calls alone provides a wealth of information on who you know and where you’ve been. Police and other agencies have for more than fifteen years used systems such as Harlequin’s WatCall software to convert lists of phone calls, obtained automatically (without any judicial oversight) from phone companies, into “friendship networks” that can be matched with information in police intelligence computers. Meanwhile, the traffic data also contains information on the areas from which calls were made and the phones that are active in that specific location. The data can be retrieved retrospectively or – depending on the sophistication of the technology – in real time. When this data is combined with analysis of Internet activity the result is a devastatingly detailed profile of a person’s movements, associations, interests and transactions.

The legislation – despite a length of 36,000 words – is silent on the details of exactly how this plan will work, its limits or the technology behind it. The type of data available, who will gain access to it, for what purposes and in what circumstances are left to the order-making powers of the Home Secretary. Ironically the most specific detail in the legislation can be found in the 59-clause section that sets out precisely how all the important detail will be determined after the bill passes.

The absence of detail is a disappointment, particularly in light of the agenda of transparency and openness being relentlessly peddled by the Home Office. Indeed if you browse the new Home Office website, dominated by the exact shade of burned orange used by the US Government to denote an imminent terrorist threat, you can hardly pass by a page without being told of a new spirit of accountability and openness and a new vibrant spirit of cooperation.

Dr Gus Hosein, Executive Director of the rights watchdog Privacy International, was scathing in his criticism: “In the UK, we’ve historically operated under the presumption that the government has no business peering into the lives of citizens unless there is good reason to – that people are innocent until proven guilty. This legislation would reverse that presumption and fundamentally change the relationship between citizen and state, and their relationship with their internet and mobile service providers.”