DRIP: a shabby process for a shady law.

[An earlier version of this post appeared at The Justice Gap, here]

Thursday’s announcement by David Cameron and Nick Clegg that the coalition was going to expedite emergency surveillance legislation is something that should concern all of us, not just privacy activists. The speed with which the Data Retention and Investigatory Powers bill (‘DRIP’) is being brought into play, the lack of consultation and the breadth of its powers should matter to everyone. There is a reason that legislation usually requires time and careful consideration – and with a contentious issue like surveillance this is especially true. This is a shabby process, for what seems to be a very shady law. And, as David Davis MP has suggested, the ‘emergency’ is theatrical, not real. The need for new legislation was entirely predictable – and politicians and civil servants should have known this.

A predictable emergency

The trigger for the legislation was the ruling by the ECJ, on 8th April, that the Data Retention Directive was invalid – more than three months ago – but the signs that new legislation was needed have been there for far longer. The ruling by the ECJ exceeded the expectations of privacy advocates – but not that significantly, and the declaration that the directive was invalid should have been an outcome that civil servants and politicians were prepared for. Indeed, the Data Retention Directive has been subject to significant challenge since its inception in 2005. Peter Hustinx, the European Data Protection Supervisor in 2010 called it:

“…without doubt the most privacy invasive instrument ever adopted by the EU in terms of scale and the number of people it affects.”

Across Europe there have been protests and legal challenges to data retention throughout its history, from 30,000 people on the streets of Germany in 2007 to the declaration that data retention itself was unconstitutional in Romania. The challenge that eventually brought down the directive began in 2013.

The signs have been there in the UK too, and for far longer than three months. The Communications Data Bill – more commonly and appropriately known as the Snoopers’ Charter – was effectively abandoned well over a year ago, after a specially set-up parliamentary committee, after taking detailed evidence, issued a damning report. At that stage, even before the revelations of Edward Snowden reared their ugly head, the need for further legislation was evident.

So why, given all these warnings, has this emergency been manufactured, and why is legislation being pushed through so quickly? Is it that those behind the bill are concerned that if it received full and detailed scrutiny, the full scale and impact of the bill will become evident and, like the Snoopers’ Charter before it, it will fail? It is hard not to think that this has played some part in the tactics being employed here. What would there be to lose by delaying this a few months?

Companies like data too…

The suggestion that if the legislation isn’t pushed through this quickly then companies will suddenly start deleting all their communications data is naïve to say the least. Firstly, it’s hardly in most communications providers’ interest to delete all that data – actually, rather the opposite. Back in 2007, Google attempted to use the existence of data retention legislation as an excuse not to delete search logs – companies generally like having more data, as they (just like the authorities) believe they can get value from it. Moreover, businesses don’t often change their practices at the drop of a hat, even if they want to. They might, however, if they’re required to by law – and that may well be the real key here. Legal challenges to specific practices by specific companies in terms of data retention may well be in the offing – but this would take time, far more time than the few days – less than a week – that MPs are being given to pass this legislation.

Fundamental Rights

The underlying point here is that there is a reason that the Data Retention Directive was declared invalid by the ECJ, and a reason that both privacy advocates and academics have been concerned about it from the very beginning. The mass collection of communications data breaches fundamental rights – and DRIP, just like the Communications Data Bill before it, does authorise the mass collection of this data. It has the same fundamental flaws as that bill – and a few extras to boot. With the very limited time available to review the bill so far, it appears to extend rather than limit the powers available through the contentious Regulation of Investigatory Powers Act (RIPA) rather than limit them or modernise them (see for example the analysis by David Allen Green in the FT here – registration needed), and attempt to extend powers outside the UK in a way that is at the very least contentious – and in need of much more scrutiny and consideration.

Most importantly, it still works on the assumption that there is no problem with collecting data, and that the only place for controls or targeting is at the accessing stage. This is a fundamentally flawed assumption – morally, legally and practically. At the moral level, it treats us all as suspects. Legally it has been challenged and beaten many times – consistently in the European Court of Human Rights, in cases from as far back as Leander in 1987, and now in the ECJ in the declaration of invalidity of the Data Retention Directive. Practically, it means that data gathered is vulnerable in many ways – from the all too evident risks of function creep that RIPA has demonstrated over the years (dog-fouling, fly-tippers etc) to vulnerability to leaking, hacking, human error, human malice and so forth. Moreover, it is the gathering of data that creates the chilling effect – impacting upon our freedom of speech, of assembly and association and so forth. This isn’t just about privacy.

Safeguards?

Nick Clegg made much of the concessions and safeguards in the new bill, emphasising that this isn’t a Snoopers’ Charter Mark 2, but it is hard to be enthusiastic about them at this stage. There is a sunset clause, meaning that DRIP will expire in December 2016 – but there is nothing in the bill itself to say that it won’t be replaced by similar ‘emergency’ legislation, railroaded through parliament in a similar way. Moreover, December 2016 is well after the election – and the Lib Dems are currently unlikely to still have any influence at that stage. Julian Huppert in particular, my MP in Cambridge, is in a very precarious position. Without him, it’s hard to see much Lib Dem resistance to either the Tories or the Labour Party who set the ball rolling on mass surveillance state in the Blair years.

The rest of the safeguards are difficult to evaluate at this stage – they were originally said to be contained in secondary legislation that was not published with the bill itself, but when that secondary legislation was actually released, at around 4pm on Friday afternoon, it contained almost none of what had been promised. For example, the suggestion that the number of bodies able to use RIPA was to be restricted, was entirely absent. This list doesn’t just include the police and intelligence services, but pretty much all local authorities, and bodies like the food standards agency and the charities commission – another part of the function creep of RIPA. The breadth and depth of the surveillance that this bill, in combination with RIPA, would not only allow but effectively normalise, is something that should be of the deepest concern to anyone who takes civil liberties seriously.

The shabbiest of processes

This is just one part of the shabbiness of the process. Two more crucial documents,  ‘Impact Assessments’ performed by the Home Office concerning the data retention and interception aspects of the bill, were also released – but without even a mention, so that the first that was heard of them by most concerned people was early on Saturday morning, when vigilant investigators found them all but hidden on the Home Office website. Two documents, full of technical details looking at why the laws were ‘needed’ and what the risks and benefits of the laws would be, the alternatives and so forth, pretty much hidden away. These, together with the Bill itself and the Regulations, combine to produce something with a serious level of both legal and technical complexity – something that needs very careful study and expert analysis. And to do this analysis, we are given essentially one weekend, and no warning.

How serious this is was highlighted by a brief twitter conversation between David Allen Green and MP Julian Huppert this morning:

Screen Shot 2014-07-12 at 18.53.05

 

David Allen Green (@JackofKent) is asking a straight and direct, technical and legal question – and Julian Huppert can’t answer it. Julian is perhaps the most technically expert of the entire House of Commons – if he doesn’t understand the bill, its impact and how it changes the current situation, how much less can other MPs? And yet they are expected to debate the bill on Monday, and pass it almost immediately. This is patently wrong – and highlights exactly why parliament generally has significant time for analysis and for debate, and parliamentary committees call experts to give testimony, to tease out these kinds of answers. Julian Huppert should not be criticised for not knowing the answer to the question – but he should be criticised for supporting a bill without allowing the time for these questions to be asked, investigated and answered. They need to be.

This is an wholly unsatisfactory state of affairs. Indeed, the whole thing is highly unsatisfactory, and in a democratic society, it should be unacceptable. That our MPs seem willing to accept it speaks volumes.

——————–

The key documents can be found here:- study them if you have time!

The draft bill

The draft regulations

The impact assessment for interception

The impact assessment for data retention.

Surveillance: ten ways to fight back!

The-Day-We-Fight-Back-2-e1391612024967

Today, 11th February 2014, is ‘The Day We Fight Back” – a day of campaigning against mass surveillance. It’s a day where campaigners are trying to raise awareness of the issue – and begin fighting against it. The big question is how can we fight back – what can we actually do. It often seems as though privacy is dead, and that there’s nothing we can do about it. I don’t think so – there are lots of things we can do, lots of things we must do. Here are just ten….

1     Support The Day We Fight Back

One of the most important things in the whole fight is to raise awareness – and to take advantage of opportunities to spread the message that surveillance is a big issue. Days like The Day We Fight Back help to do that. Check out the website here. Tweet about it. Blog about it. Talk about it with your friends and colleagues. Make it something that people notice.

2     Lobby your politicians – or unseat them!

Let the politicians know that you care about this – because, ultimately, they are supposed to be your representatives. It may not feel as though they listen to you much – but if enough people tell them the same thing, if enough people bother them, then they may finally get up off their backsides and do something. And if they don’t, use your vote against them. Politicians make a difference here – or rather they could, if they could be bothered. Most of them don’t understand what’s going on – try to educate them! Help them to understand, and don’t let them get away with bland, meaningless reassurances.

3     Don’t let the corporations off the hook!

The Snowden revelations were shocking, revealing a degree of governmental surveillance that surprised many people, and made a lot of people angry with their governments – but we shouldn’t be fooled into thinking this is just about governments, or just about specific agencies like the NSA and GCHQ. The malaise is far deeper than that – and corporations are in it right up to their necks. In many ways corporate surveillance is worse than governmental surveillance – it can have real impact on people, messing with their credit ratings and insurance premiums, affecting their job prospects, the prices they pay for things and more.

The NSA and GCHQ to a great extent piggyback on the surveillance that the corporates do, utilise the tools that the corporates create, mine the data that the corporates hold – if the corporates weren’t doing it, the agencies couldn’t tap into it. What’s more, corporations actively lobby to undermine privacy law, obfuscate over their privacy policies and do a lot more to undermine the whole concept of privacy. We shouldn’t accept that – let alone allow themselves to portray themselves as the good guys in this story. They’re not. Right now, they’re the henchmen and sidekicks of the NSA and GCHQ – if they want our support, they need to start supporting us.

4     Don’t just demand transparency – demand less surveillance!

There’s a lot of talk of transparency, particularly in relation to governmental requests for data from the likes go Google, Facebook, Twitter etc. Transparency is great – but it’s not nearly enough. We shouldn’t let ourselves be fobbed off with talk of transparency – we need less surveillance. We need to demand that surveillance is cut back – not just that there is better accountability and transparency. Accountability often ends up in farces like the UK’s Intelligence and Security Committee’s hearing with the heads of MI5, MI6 and GCHQ – no real scrutiny at all, just a bit of lip service and a lot of back-slapping. It’s not enough. Not nearly enough.

5     Join or support civil society

Civil society groups all over the world are key players in this – and they need your support. Here in the UK, the Open Rights Group, Privacy International and Big Brother Watch have been in the forefront of the campaigns against surveillance. In the US the Electronic Frontier Foundation have been crucial. In the Netherlands Bits of Freedom have done wonders. These, however, are not groups with the scale or resources of the governments and corporations that are behind the surveillance – so they need every bit of support they can get.

6     Challenge the media!

The mainstream media, for the most part, have not played the part that they could in the fight against mass surveillance. The Guardian has been an honourable exception – and their role in making sure that the Snowden story has seen the light of day has been, for me, one of the most important pieces of journalism for many years – but generally the whole issue has been the subject of far less attention than it should have had. That’s sadly common – because reporting of almost all technology matters is pretty disappointing. We need to challenge that – and shame the media into doing a better job. When they misreport stories about surveillance they should be challenged – using the social media, for example. And, perhaps even more importantly, when they report on technology without seeing the privacy aspects we should challenge that too. One key example right now is the subject of ‘Smart Meters’ – they have deep problems in relation to privacy, but when you see a report in much of the media it only talks of the advantages, not the risks. That’s not good enough.

7     Educate yourself

Part of the reason that surveillance has grown, almost without our noticing, is that far too many of us – and I’m certainly one of them – have not kept ourselves up to date. This year is supposed to be the ‘Year of Code’ – and though that campaign is pretty farcical it does highlight the fact that most of us don’t really know how the tech we use works. If we don’t know how it works, it’ll be much harder for us to protect ourselves. I’m making a commitment right now that I’m going to learn cryptography – and that I’m going to use it.

8     Use and support privacy friendly tech

That brings the next point. There are a lot of privacy-friendly tools out there and we should use them. Search with duckduckgo or startpage rather than Google. Use Ghostery or Abine’s DoNotTrackMe to monitor or block those who are tracking you – remembering that commercial trackers can be hijacked by the authorities. These are just a few of the tools available – and there are more coming all the time – but they need to be used in order to succeed. They need support if they are to grow.

9     Keep your eye on the news

There are more stories about surveillance and other invasions of privacy appearing all the time – keep your eye on the news for them, and let other people know about them. It’s hard to keep up, but don’t give up. Don’t expect to know everything, but if we don’t keep up with the news we aren’t going to be in a position to fight. Information is power – which is a great deal of what surveillance is about. We need to be informed in order to fight back

10     Make sure the fightback isn’t just for a day

This is the most important thing of all. Campaigns for one day are pretty meaningless – and the authorities will generally let them ride, possibly with a few little comments but almost no action. Political pronouncement and political action needs long-term campaigning. Shifts in attitudes don’t happen in a day – so we need to keep this campaign going…. and expect it to be a long, attritional fight. It won’t be easy – but it’s worth it.

Surveillance and Consent

I was fortunate enough to speak at the Internet and Human Rights Conference at the Human Rights Law Centre at the University of Nottingham on Wednesday. My talk was on the topic of internet surveillance – as performed both by governments and by commercial entities. This is approximately what I said – I very rarely have fully written texts when I talk or lecture, and this was no exception. As you can see, I had one ‘official’ title, but the talk had a number of alternative titles…

Surveillance and Consent

Or

Big Brother is watching you – and so are his commercial partners

Or

What Edward Snowden can teach us about the commercial Internet

Or

To what do we consent, when we enter the Internet?

In particular, do we consent to surveillance? If we do, by whom? When? And on what terms? There are three parts to this talk:

1) Government surveillance and consent

2) Commercial surveillance and consent

3) Forging a (more) privacy friendly future?

1: Government surveillance and consent.

Big Brother is Watching You. He really is. Some of us have always thought so – even if we’ve sometimes been called conspiracy theorists when we’ve articulated those thoughts. Since the revelations of Edward Snowden this summer, we’ve been taken a bit more seriously – and quite rightly so.

The first and perhaps most important question to ask is why the authorities perform surveillance? Counter-terrorism? That’s the one most commonly mentioned. Detection and enforcement of criminal law? Crime prevention? Prevention of disorder? Dealing with child abuse images and tracking down paedophiles? Monitoring of social trends? There are different degrees to all these areas – and potentially some very slippery slopes. Some of the surveillance is clearly beneficial – but some is highly debatable. When looking in the area of crime and disorder this is particularly true when one considers police tactics in the past, from dealing with the anti-nuclear movements in the sixties, seventies and eighties to the shocking revelation about the infiltration of environmental activists more recently. Even this summer, the government admitted that it monitored people’s social media activities in order to ‘head off’ the badger cull protests. Was that right? Are other forms of ‘social control’ through surveillance acceptable? They should at least raise questions.

When looking at government surveillance, we need to ask what is acceptable? Where do we draw the line? Who draws that line? How much of this do we consent to? There are a number of different ways to look at this.

Societal consent?

Do we, as a societies, consent to this kind of surveillance? It is not at all clear that we do, even in the UK, if the furore that lead to the defeat of the Snoopers Charter is anything to go by, or the reaction to Edward Snowden’s revelations in most of the world (though not so much in the UK) is any guide. Do we, as societies, understand the level of surveillance that our governments are performing? It doesn’t seem likely given the surprise shown as more and more of the reality of the situation is revealed. Can we, as societies, understand all of this? Perhaps not fully, but certainly a lot more than we currently do.

Parliamentary consent?

Do we effectively consent by delegating our decisions to our political representatives? By electing them, are we consenting to their decision-making, both in general and in the particular area of internet surveillance? This is a big political question in any situation – but anyone who has observed MPs, even supposedly expert MPs, knows that the level of knowledge and understanding of either the internet or surveillance is appalling. Labour’s Helen Goodman, the Tories’ Clare Perry, the Lib Dems’ Tom Brake, all of whom have been (and still are) in positions of power and responsibility within their own parties in relation to the internet have a level of understanding that would be disappointing in a secondary school pupil.

The Intelligence and Security Committee, who made their first public appearance in November, demonstrated that they were pretty much entirely incapable of providing the scrutiny necessary to represent us – and to hold Big Brother to account on our behalf. Most of the Home Affairs Committee – and the chair, Keith Vaz, in particular, demonstrated this even more dramatically this Tuesday, when questioning Guardian Editor Alan Rusbridger. Keith Vaz’s McCarthy-esque question to Rusbridger ‘do you love your country’ was sadly indicative of the general tone and level of much of the questioning.

There are some MPs who could understand this, but they are few and far between – Lib Dem Julian Huppert, Labour’s Tom Watson, the Tories’ David Davis are the best and perhaps only real examples, but they are mavericks. None are on the front benches, and none seem to have that much influence on their political bosses. Parliament, therefore, seems to offer little help. Whether it could ever offer that help – whether we could ever have politicians with enough understanding of the issues to act on our behalf in a meaningful way, is another question. I hope so – but I may well be pipe dreaming.

Automatic or assumed consent?

Perhaps none of this matters. Could it this kind of government surveillance something we automatically consent to when we use the Internet? Simply by using the net, do we automatically consent to being observed? Is this the price that we have to pay – and that we can be assumed to be willing to pay – in order to use the internet? Scott McNealy’s infamous quote – you have zero privacy anyway, get over it – may be old enough to represent common knowledge. Can we assume that everyone knows they have no privacy? Would that be reasonable, even if it were true? It isn’t true of the public telephone system – wholesale wiretapping isn’t acceptable or accepted, not even of the metadata.

I don’t think any of these – societal, parliamentary or ‘assumed’ really work, or would be sufficient even if they did – because amongst other things because we simply haven’t known what was going on. Our consent, such as it existed, could not have been informed consent, in either of the two ways that can be understood. We did not have the information. We were deliberately kept in the dark. And experience suggests that when we do know more, we tend to object more – as events like the defeat of the Snoopers’ Charter demonstrate.

Do we know what we are consenting to?

Do we understand what the implications of this surveillance actually are? This isn’t just about privacy, no matter how much people like Malcolm Rifkind tries to frame it that way. It isn’t just about individual either – sometimes through this kind of framing it can seem as though asking for privacy is an act of selfishness, and that we should be ashamed of ourselves, and sacrifice our privacy for the greater good – for security.

This is quite wrong – and in many ways framing it in this way is deliberately deceptive. There is a significant impact on many kinds of human rights, not just on privacy. Freedom of expression is chilled – both by overt surveillance through the panopticon effect and through covert surveillance through the imbalance of power that allows control to be exerted. Freedom of association and assembly are deeply affected – both online through the disruption and chilling of online communities, and offline through the disruption of the organisation of ‘real world’ protest and so forth. There’s more too – profiling can allow for discrimination. Indeed, as we shall see, discrimination of a different form is fundamental to commercial surveillance – so can be easily enabled in other ways. Ultimately, too, it can even impact upon freedom of thought – as profiling develops, it could allow the profiler to know what you want even before you do.

So even if we have given consent before, that consent is not really valid. The internet is not like old-fashioned communications. We do more online than we ever did through other forms of communication The nature of the surveillance itself has changed – and the impact of it. Any old consent that did exist should be revoked. If Big Brother wants to keep watching us, He needs to ask again.

2: Commercial surveillance and consent

This is an issue much closer to the common legal understanding of consent – and one that has been much debated. It’s one of the key subjects of the current discussions over the reform of the data protection regime. Edward Snowden, however, has thrown a bit of a spanner into that debate, and those discussions.

To understand what this means, we need to understand commercial surveillance better. Who does ‘commercial’ surveillance? What do I mean by commercial surveillance? Surveillance where money is the motivation – or, to be more precise, where commercial benefit is the motivation. This means things like behavioural tracking – for various purposes – but it also means profiling, it means analysis, all of which are done extensively by all the big players on the Internet, with little or no real idea of consent.

Does commercial surveillance matter?

Commercial surveillance does not often seem to be something people (other than a few privacy geeks like me) care about that much. It’s just about advertising, isn’t it? Doesn’t do anyone any harm? Opt-out’s OK, those paranoid privacy geeks can avoid it if they want, for the rest of us it’s what pays for the net, right? For people like me, there are big concerns – and in some ways it might matter more for most people than surveillance by the NSA and GCHQ. The idea – the one that’s being sold to us – is that it’s about ‘tailoring’ or ‘personalisation’ of your web experience. We can get more relevant content and and more appropriate advertising…

…but that also means that it can have a real impact on real people, from price and service discrimination to an influence on such things credit ratings, insurance premiums and job prospects. Real things that matter to almost all of us. There’s even the possibility of political manipulation – from personalised political advertising to detailed targeting of key ‘swing’ voters, putting even more political influence into the hands of those with the deepest pockets – for it is the deepest pockets that allow access to the ‘biggest’ data, and the most sophisticated profiling and targeting systems.

What Edward Snowden could teach us…

Some parts of the revelations from Edward Snowden should make us think again. PRISM, in particular, should change people’s attitudes to commercial surveillance. This is what Edward Snowden has to teach us. Look at the purported nature of the PRISM program. ‘Direct access’ to the servers of the big Internet companies – including Google and Facebook. Who does commercial surveillance more than Google and Facebook? What’s more, the interaction between governments and businesses is much closer than it might immediately seem. They share technology – and businesses have even let governments subvert their technology, building backdoors, undermining encryption systems and so forth. They share techniques – and even share data, whether willingly or otherwise.

Shared techniques…

Behavioural profiling is just what governments want to do. Behavioural analysis is just what governments want to do. Behavioural targeting is just what governments want to do Is identifying potential customers any different from identifying potential suspects? Is identifying potential markets any different from identifying potential protest groups (such as those involved in the aforementioned badger cull protest)? Or potential dissidents? Is predicting political trends and political risks any different from predicting market trends? Is ‘nudging’ a market that different from manipulating politics? The Internet companies have built engines to do all the authorities’ work for them (well, OK, most of the authorities’ work for them). They just need to tap into those engines. Tailor them a bit. It’s perfect surveillance, and we’ve helped build it. We’ve ‘consented’ to it.

Who is undermining privacy?

So who is undermining privacy? The spooks with their secret surveillance… ….or the business leaders telling us to share everything and that, as Mark Zuckerberg put it, ‘privacy is no longer a social norm’? This ‘de-normalisation’ of privacy – apologies for the word, which I suspect doesn’t really exist – amounts to an attempt to normalise surveillance. The extent to which this desired and pushed-for ‘de-normalisation’ has contributed to the increasing levels of surveillance is essentially a matter for conjecture, but it’s hard not to see a connection.

Paranoid privacy geeks like me have been warning about for a while – but just because we’re paranoid, it doesn’t mean we’re wrong. In this case, it’s looking increasingly as though we were right all along – and that the situation is even worse than we thought.

Is this what we consented to when we signed up for Facebook? Is this what we consent to each time we do a Google search? Is this what we expect when we watch a YouTube video or play a game of Words with Friends? I don’t think so. With new information there should come new understanding – and a reassessment of the situation. We need to decide.

3: A (more) privacy-friendly future?

A three-way consensus is needed. People, businesses and governments need to come to an agreement about what the parameters are, about what it acceptable. About what we consent to. All three groups have power – but at the moment only the authorities seem to be really wielding theirs.

Imagine what would happen if Facebook’s Mark Zuckerberg, Google’s Sergey Brin, Apple’s Tim Cook and their fellows from Microsoft, eBay, Twitter etc all came together and said to the US government ‘No’! Would they be locked up? Would their companies be viciously punished? It seems unlikely – they are much more powerful than they realise. We often talk about the power of the corporate lobbyists – this power could be wielded in a positive way, not just a negative way…

…but it only will if there’s a profit in it for the companies concerned. And that’s where we come in.

We have a key part to play. We need to keep making noises. We need to keep informing people, keep lobbying. Make sure that the companies know that we care about privacy – and not just in relation to governments. Then the companies might start to make a move that helps us.

There are some signs that this might be the case – from the noises from Zuckerberg and so on about how upset they are about the NSA to the current crop of ‘Outlook.com’ advertisements that proclaim loudly how they don’t scan your emails the way that Google do – though it is difficult to tell whether this is just lip service. They talk a lot about transparency, not so much about a reduction in actual surveillance by government – let alone by themselves. If they can wield this power in our favour it could help a lot – but it will only be wielded in this positive way if we make them. So we must be clear that we do not consent to the current situation. We do not consent to surveillance.

Guest post: Go home, Superman!!

[Guest post by @Super__Cyan]

Superman 1

Would the Home Office dare do this to the Man of Steel? After all, he is an illegal alien. Maybe the Home Office would be more inclined if he looked like this?

Superman 2

(For those who do not know, this is Superman from Earth-Tangent)

This is just to point out the growing concern that officials of the Home Office are conducting ‘racist and intimidatory profiling’ see also this storify by @anyapalmer. This is not to discuss stop and search powers, more on general stop and search powers by yours truly can be seen here. Two things are worth some attention, first this image from the @ukhomeoffice twitter account:

Superman Home Office

And this page on the Home Office’s site which has the interesting headline of ‘Immigration offenders arrested in Home Office operations.’

Are there any human rights issues with these? Possibly, the image of the person being taken away could raise issues of privacy, and as we know that same old Article 8 of the European Convention of Human Rights might be engaged where it stipulates that:

  1. Everyone has the right to respect for his private and family life, his home and his correspondence.
  2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Private life, the European Court of Human Rights (ECtHR) in Von Hannover v Germany 59320/00 [2004] ECHR 294 has pointed out that this includes a person’s picture (para 50). Let’s just assume for the sake of this post that the Home Office officials have lawful authority for taking those pictures, because if they didn’t that would be illegal. So if the officials have lawful authority, what then? Is the Article 8 issue now exhausted?

Not quite, because the subsequent use of those pictures can still leave the Article 8 issue live. This can be seen in Peck v United Kingdom 44647/98 [2003] ECHR 44 here the applicant was filmed by a CCTV attempting to commit suicide by cameras operated by Brentwood Borough Council in a public street. A few months later, the Council issued two photographs taken from the CCTV footage for publication in an article about the preventative benefits of CCTV. The applicant’s face was not specifically masked. Extracts from the CCTV footage were also shown on regional television in which the applicant’s face had been masked at the Council’s request.

The ECtHR pointed out that the Independent Television Commission considered the masking of the applicant was not adequate because the applicant’s distinctive features (para 16). Many of the applicants friends and family who saw the ‘Crime Beat’ programme recognised the applicant (para 21) including people who knew him, like colleagues (para 54). So the important questions would be, from that image, could the individual be identified? Is the obfuscation adequate? Because on the on the @ukhomeoffice ‘Photos and videos’ page there is an image of an official whose obfuscation is telling.

The ECtHR reaffirmed the position that interaction even within the public context falls within the ambit of Article 8 (para 57). Also reiterating that using photographic equipment that records in a permanent nature gives rise to considerations regarding interference with Article 8 (para 59). But here the applicant was not arguing against the use of CCTV footage but the that it was the disclosure of that record of his movements to the public in a manner in which he could never have foreseen which gave rise to such an interference (para 60). The ECtHR concluded that the Council’s disclosure constituted a serious interference with the applicant’s Article 8 rights (para 61). This could be the case also for the present image.

After determining whether this was in accordance with the law and pursued a legitimate aim (which was satisfied para 64-67) the ECtHR also pointed out that ‘the applicant was not charged with, much less convicted of, an offence. The present case does not therefore concern disclosure of footage of the commission of a crime’ (para 79). Drawing analogies with Peck and the image tweeted by the Home Office is that the person is arrested on ‘suspicion’ so there are some similarities. The ECtHR criticised the Council for not taking the utmost care in ensuring the media masked those images and stated:

In sum, the Court does not find that, in the circumstances of this case, there were relevant or sufficient reasons which would justify the direct disclosure by the Council to the public of stills from the footage in its own CCTV News article without the Council obtaining the applicant’s consent or masking his identity, or which would justify its disclosures to the media without the Council taking steps to ensure so far as possible that such masking would be effected by the media. The crime-prevention objective and context of the disclosures demanded particular scrutiny and care in these respects in the present case (para 85).

For reasons such as these the ECtHR found the United Kingdom in violation of Article 8. This is not intended to suggest that this would be the likely outcome regarding the present images the Home Office has tweeted, but none the less great caution should be taken when releasing images of individuals to the public.

There is another issue that may be applicable here, and again it’s something to do with Europe, and something to do with human rights, a recipe for disaster! This time Article 6(2) of the ECHR may be relevant which states that:

Everyone charged with a criminal offence shall be presumed innocent until proved guilty according to law.

This disallows premature declarations of guilt by public officials. In Allenet de Ribemont v. France 15175/89 [2007] ECHR 112 emphasised that not being charged but being arrested falls within the ambit of being “charged with a criminal offence” (para 37). Kouzmin v. Russia (link in French) points out that public official does not need to be an already elected representative or employee of the public authorities at the material time. It may include persons of recognised public standing, from having held a public position of importance in the past or from running for elected office (para 59-69). It seems pretty sure the Home Office’s twitter account would satisfy this as it is a public authority (para 49).

The ECtHR in Ismoilov and Others v Russia 2947/06 [2008] ECHR 348 stressed that:

A fundamental distinction must be made between a statement that someone is merely suspected of having committed a crime and a clear declaration, in the absence of a final conviction, that an individual has committed the crime in question. The Court emphasises the importance of the choice of words by public officials in their statements before a person has been tried and found guilty of a particular criminal offence.(para 166)

So essentially the Strasbourg Court is saying that poor choice of words could violate Article 6(2). The hashtag used in the tweet with the images states ‘suspected #immigrationOFFENDER.’ Offenders are those that have been convicted of an offence, a sex offender is someone who has been found guilty of a sexual offence, see generally F & Anor, R (on the application of) v Secretary of State for the Home Department [2010] UKSC 17. Obviously the word suspected demonstrates the suspicion the individual is under, but adding ‘offender’ in the hashtag is certainly poor choice of words, it may have been more appropriate to tweet ‘suspected of #immigrationOFFENCES.’ As pointed out the headline on the website does not, however help the case for the Home Office as it clearly states of ‘Immigration offenders arrested in Home Office operations.’ Only if one reads the body of the text will they discern that those arrested are suspected of an offence, this is sadly only after the website states ‘immigration offenders’ twice before even mentioning ‘suspected.’

Calling someone a ‘bribe-taker’ was enough to violate Article 6(2) in the case of Butkevičius v Lithuania so it is not that farfetched to suggest ‘immigration offender’ may as the ECtHR said ‘encourage the public to believe him guilty and prejudged the assessment of the facts by the competent judicial authority’ (para 53). Similar sentiments by Richard A. Edwards and Associate Professor @NoelleQuenivet regarding the presumption of innocence can be found here and an excellent post from the aspect of data protection here by @bainesy1969. I suppose this may all hinge on whether the individual is identifiable, but the ECtHR in Butkevičius v Lithuania noted that:

‘[Article 6(2)] will be violated if a statement of a public official concerning a person charged with a criminal offence reflects an opinion that he is guilty before he has been proved so according to law’ (para 49)

This implies a violation is possible irrespective identification. Regardless, the Home Office could not have trolled harder, as at the bottom of its site it asks:

Superman home office question

Perhaps the better question would be ‘Is there anything right with this page?’

Guest Post: Asking the wrong questions?

[Guest post by @Super__Cyan]

Wrong Question

Has the Stop and Search Consultation made a glaring oversight regarding a particular question asked? Does it overlook the crucial question, that being whether the power itself to stop and search without reasonable grounds is sufficient to satisfy the United Kingdom’s obligations under the European Convention on Human Rights?

The key question is Q6, in relation to s.60 Criminal Justice and Public Order Act 1994 (particularly s.60(5)) which notes that:

“To what extent do you agree or disagree that the ‘without reasonable grounds’ stop and search powers described in the paragraphs above are used by police in a way which effectively balances public protection with individual freedoms?(page 8)

This issue arises because it asks about the use of that power rather than the power itself. The question implies that such a power may be acceptable on the condition that it effectively balances public protection with individual freedom. Is the very premise of that question missing the point? To answer it in the positive or negative would accept from the outset the use of stop and search without reasonable grounds as being acceptable.

Did the United Kingdom forget about Gillan and Quinton? Gillan and Quinton v United Kingdom concerned the lawfulness of stop and search powers under terrorism legislation. The applicants primarily argued that these laws violated their Article 8 rights. Article 8 of the European Convention of Human Rights (ECHR) stipulates that:

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

The European Court of Human Rights (ECtHR) concluded that stop and searches in the present case interfered with Article 8 (at para 65). The argument is that stop and search powers under s.60 (although are slightly different in form to s.44) apply a fortiori and therefore would too amount to an interference with Article 8. Once interference has been established it is necessary to move on to Article 8(2), as interference has to first be ‘in accordance with the law’ which requires some basis in domestic law for the power exercised.

This requirement can be further subdivided into what the ECtHR regards as ‘the quality of the law’(para 63) which needs to be compatible with the rule of law this requires the law to be accessible to the person concerned and foreseeable as to its effects (para 50). Publication (para 52-53) of the relevant law goes a long way in satisfying the ‘accessibility’ requirement which is the case with s.60. The foreseeable rule requires the law to be formulated with sufficient precision to enable any individual – if need be with appropriate advice – to regulate their conduct (para 56). It is difficult to envisage how someone can regulate their conduct if a search can occur irrespective of conduct and on grounds that do not need to exist or even be aired.

In Gillan the ECtHR stressed the importance of laws being in accordance with the law to protect against arbitrary interferences by public authorities (para 77). When rightly finding a violation of Article 8 the ECtHR noted that:

Not only is it unnecessary for him to demonstrate the existence of any reasonable suspicion; he is not required even subjectively to suspect anything about the person stopped and searched.(para 83)

The ECtHR was also struck by the statistical evidence showing the abuse and misuse of the s.44 powers and accepted there was a clear risk of arbitrariness in the grant of such a broad discretion to the police officers (para 84-85). Possibly the most essential sentence of the judgment is as follows:

[I]n the absence of any obligation on the part of the officer to show a reasonable suspicion, it is likely to be difficult if not impossible to prove that the power was improperly exercised. (para 86)

The ECtHR concluded that the relevant provisions were not in accordance with the law, which ultimately meant the stop and search powers failed at the first legal hurdle under Article 8(2). Academics have tended to agree with the ECtHR: Gray, providing a comparative perspective with Australia has argued that the police should be required to show ‘reasonable suspicion’ as a basis for conducting a search, rather than arbitrarily conducting searches on anyone they choose. This would, to a far greater degree effectively balance public protection with individual freedoms. J. Miller, N. Bland and P. Quinton recommended that s.60 needs to be considered carefully given their likely impact on community confidence and inefficiency at producing arrests. They also demonstrated that these searches are actually far less successful at producing arrests.

They also pointed out that officers were ‘more ready to search people under this power where evidence was not strong’: this clearly demonstrates the risk of arbitrariness the ECtHR were all too concerned about (for instance, searching more white people just to even up the number of searches on black and Asians. More recently Her Majesty’s Inspectorate of Constabulary raised concern regarding s.60 as they uttered ‘establishing a belief that is ‘reasonable‘is therefore of utmost importance.

What’s the conclusion? Well, perhaps question six should be redrafted to an extent which would give respondents the opportunity from the outset to consider whether the law itself is efficient because as pointed out there are serious concerns regarding stop and search without reasonable grounds in terms of legality and efficiency. Forcing them to accept question six in its current form is not a healthy way to debate such a serious issue. Furthermore, it would be better this way to urge Parliament to alter this provision rather than testing their luck in the courts. So it is suggested question six could be more appropriate and useful if it was redrafted to:

“To what extent do you agree or disagree that the ‘without reasonable grounds’ stop and search powers described in the paragraphs above effectively balances public protection with individual freedoms?(Please give reasons)”

And as Dr Lanning would say:

Communications Surveillance, Protest and Control…

Protest against the badger cull in Bristol

What is the real reason that certain of the authorities are so keen on universal surveillance of communications data? Is it the fight against terrorism? It doesn’t seem very likely. It’s a supremely ineffective method of dealing with terrorism at best – even the examples quoted by the security services as ‘proof’ that it works have pretty much all been swiftly debunked (see for example here). In practice, it seems, targeted, intelligence-driven, almost ‘traditional’ methods seem to do the job far better. So why do the authorities all around the globe seem to be so enthusiastic about communications surveillance? One word: control

Control is the key

Despotic regimes have always wanted to have as complete a level of surveillance as possible – they want to know what is going on, who is meeting who, what they’re talking about, what they’re planning. That way, they can get control over their people. They can find subversives and dissidents, they can infiltrate those who resist or plot against them, they can snuff out the plans of their enemies before they gather sufficient momentum to have a real effect. That’s been fundamental to pretty much every oppressive regime throughout history – and the capabilities of the internet, and in particular of internet surveillance, offer possibilities beyond the dreams of the despots of yesteryear. However, it’s not just despots who like surveillance – or rather, it’s not just those that we usually label as ‘despots’ who like it. It’s anyone who wants more control – or who thinks that things are going out of control. It’s those concerned with ‘public order’. It’s those concerned with ‘protest’. That, sadly, means it’s all of our governments today – even that in the UK.

Snooping on the badger-cull protestors

News came out this week that ‘Whitehall chiefs scan Twitter to head off badger protests‘. As reported to the BBC,  ‘[t]he Department for Rural Affairs uses “horizon scanning” software to gain an “early warning” of public protests.’ Relatively speaking, this is a primitive form of snooping – and a legal one, since it scans public messages on social media services such as twitter. This isn’t a secret plan like PRISM, but an official and key part of the government’s communication plan – but it reveals a good deal about how the government (and other authorities) see the potential of communications surveillance. If they can find out what people are thinking and planning, they can nip protests in the bud.

Pretty much all of this, of course, is legal, and much of it is justifiable in ‘public order’ terms – but as anyone who saw the recent and deeply shocking revelations that the McLibel leaflet was co-written by an undercover police officer who had infiltrated an environmental campaign group would know, the tactics and techniques used by ‘law enforcement’ to deal with protestors and related groups can often stretch not just the law but our imaginations. Ideas presented and proposed for good or at least defensible reasons can easily morph into something much more sinister. Give the authorities leeway, and they use it…

The real use of communications surveillance…

…which is what, it seems likely, is one of the keys behind the enthusiasm for all kinds of communications surveillance, from the Snoopers’ Charter in the UK to PRISM and so forth in the US, to all the massive new programme in India etc. They know that if they have full surveillance capabilities their ability to control what is happening will be magnified enormously. Not only can they effectively unmask protestors, they can find out who their friends are, what websites they visit, where they’re planning to meet and so on. If they take it a few steps further, they can  block them from communicating with each other, shut down their blogs – or warn them off with anonymous threatening emails, or leak their details to their enemies.

Does this sound far-fetched? Perhaps, but not nearly as far fetched as the McLibel story, let alone the other horrendous details surrounding police infiltration of environmental and anti-racist groups. What’s more, most of the surveillance systems planned are designed for precisely this kind of surveillance – linking into Facebook, Google etc is far better at this that it is at fighting terrorism, paedophilia etc. Terrorists and paedophiles don’t do their planning on Facebook etc – but those organising legal, peaceful protests like that against the badger cull DO. Terrorists and paedophiles do everything they can to keep ‘dark’ – and they learn how to do so, what technology to use to bypass the authorities. Peaceful protesters don’t – they don’t often feel that they need to, and they don’t have the capabilities. They’re the obvious targets of this kind of thing: universal internet surveillance isn’t so much about fighting the big things as it is about keeping ‘public order’.

Whether that is an acceptable thing is another story. Public order IS important – but so is the right to protest, and not just in countries like Turkey. Protest is fundamental to our democracy, to our freedom of expression, to our ability to hold our governments to account. It’s important everywhere, and letting the authorities design and operate systems to stifle and control it is something about which we should be very wary.

That’s what makes you bigoted…

…with apologies to One Direction, and anyone with any taste in music….

———————————————–

You’re insecure
I know what for
You turn your head as you walk through the do-o-or
Don’t need to stop
You know what’s what
Being the way that you are is enough
 
Everyone else in the room offends you
Everyone not like you
 
Oh you darken my world like nobody else
The way you talk of my life gets me overwhelmed
And when you scowl at my face it ain’t hard to tell
You don’t know, oh oh, you don’t know you’re bigoted
 
If only you could see things the way we can see
You’d understand why we want this so desperately
Right now I’m looking at you and you don’t believe
You don’t know, oh oh, you don’t know you’re bigoted
That’s what makes you bigoted
 
Na na na na na na na na na
Na na na na na na na
Na na na na na na na na na
Na na na na na na na
 
So c-come on
You’ve got it wrong
To prove I’m right I put it in a song
I do know why
I know just why
You turn away when I look into your eye eye eyes
 
Everyone else in the room offends you
Everyone not like you
 
Oh they mess up your world like nobody else
The way that they flip their hair gets you overwhelmed
And when you scowl at each face it ain’t hard to tell
You don’t know, oh oh, you don’t know you’re bigoted
 
If only you could see things the way we can see
You’d understand why we want things so desperately
Right now I’m looking at you and you don’t believe
You don’t know, oh oh, you don’t know you’re bigoted
 
You don’t know, oh oh, you don’t know you’re bigoted
You don’t know, oh oh, you don’t know you’re bigoted
 
That’s what makes you bigoted
 
———————————————–

Sorry…… and if you want to see the real One Direction song this is based on, watch this….

A few words on equality…

Back in the 80s, I was a young accountant working in the City, for what was then one of the very biggest firms of accountants in the UK. This was the height of Thatcherism, where greed and selfishness were pretty much de rigueur – when an incident happened to me that has had a permanent effect on me. I was an auditor, working in the financial sector – so yes, the heart of that selfishness and greed – and was told, along with all my cohorts, that if I had a good ‘busy season’, I’d be promoted. Well, I had a good busy season – indeed, a great busy season – which was fully acknowledged by the firm, but I still didn’t get promotion. They told me that no-one had got promotion – we were going through a merger at the time, so we all pretty much accepted it… at least until we discovered that it wasn’t true, and that one person had got that promotion. As might be imagined, I was pretty annoyed – and being the kind of person I was, I started digging a bit deeper.

This was a big firm of accountants, and the people in my cohort all knew each other pretty well. We’d joined together, been on endless training courses, suffered through exams and through being used for the most basic and menial of work – this was the 80s, and ‘driving people hard’ was the way things worked. Anyway, we knew each other pretty well, and were willing to share a good deal. So I asked everyone I knew – from what I remember, about 40 people were willing to talk about it – how much they were earning, and how highly they were rated. We were all officially at the same ‘grade’, but I was astonished by the results I found. Every single woman earned less than every single man. Every single one. The highest paid woman was earning less than the lowest paid man.

Of course my evidence wasn’t scientific, my sample was far from random, but still to me that was pretty shocking. I knew about sexism, of course, but the firm I worked for liked to portray itself as modern and very equal. This was about as far from the image that was portrayed as it could be.

As I said, I was already annoyed by the firm – this turned the annoyance into anger, so I arranged a meeting with one of the partners. Not one of the older partners, who I might expect to be ‘old-fashioned’, but one of the younger, ‘nicer’ partners, one that I had worked for quite a lot over the previous couple of years. He already knew that I wasn’t happy – and he was trying to reassure me that everything was OK, offering me an overseas secondment of my choice and so on – but this was before I confronted him with the information I had discovered. When I told him, the reaction was not what I expected. He just smiled. Why are you bothered, he asked me. You’re a man.

I was taken aback. Hugely. He was entirely serious. He thought I wouldn’t care, because I wasn’t the one suffering. Indeed, he almost seemed to be suggesting that I should be happy about it – I was benefiting from the inequality.

Frankly, it made me sick – and I told him so. I started looking for other jobs immediately – and found an excellent job very soon after, in a very different place – and with a female boss. I even told her this story in my interview when she asked me why I was leaving. She was somewhat shocked, I could tell, but had obviously experienced a fair amount of this kind of thing herself.

As a white, rich, straight, privileged man I rarely suffer from anything like this directly – but the idea that I shouldn’t care when others suffer is deeply sad. What’s more, the idea that an unequal society is better even for those at the top is something that I find very difficult to accept. As a straight white man, I still benefit in human terms if everyone is happier, if everyone has an opportunity to flourish, if everyone is treated well. Society itself is better, stronger, more positive in those terms. I don’t need to ‘crush the opposition’ in order to thrive myself – the opposite! I’m not competing with or fighting against women, against gay people, against immigrants etc – I’m part of a society with them.

Why am I writing this now? Well, the subject of marriage equality is before parliament again – and I keep hearing tired old arguments against letting gay people marry. I’m a straight married man – and I can’t see for the life of me how allowing gay people to marry would do anything to damage my marriage. I’m not threatened by gay marriage – and it takes a pretty strange and depressing attitude to think so. Does it have any impact on me? Well, insofar as a more equal society, one where more people have more chance to be happy, is a happier society, yes it does have an impact on me. A positive impact.

So, though I’m not gay, I thoroughly support the idea of gay marriage. I thoroughly support any moves to equality. I want everyone to have every opportunity to be happy. I’m not threatened by other people’s happiness. The opposite. It helps me. It helps all of us.

Even wankers have rights….

Abu QatadaIt’s easy to allow people we like to have rights. Indeed, it’s more than easy – we want to do it. We want to hear what people we agree with have to say. We want to give our friends privacy – and are angry when people intrude upon them and take advantage of them. We demand that our friends get access to justice and fair trials. That, however, misses the main point of rights. The key test isn’t whether we accord our friends and allies rights, it’s whether we accord them to our enemies, to people we disagree with. It’s whether we understand that it’s not just ‘good’ people that have rights – but everyone. Even the worst people. Even the people we think are complete wankers – or far worse.

With the government apparently contemplating a temporary withdrawal from the European Convention on Human Rights in order to be able to deport Abu Qatada, that commitment to rights, that understanding of rights, is being put to the test in a big way right now – and it’s a test that we really must pass.

Freedom of Speech

The test is being played out in a number of ways right now – in ways that show how hard a test it is. The first of them is freedom of speech – about which I’ve written recently. The key is whether we’re willing to let people say (and hear) things we disagree with, things that make us uncomfortable, things that offend us. Old Holborn pushed that limit in one way – ‘hate preachers’ like Abu Hamza push it in another. Do we really ‘believe’ in free speech? Sometimes, as I suggested in my earlier blog, it doesn’t feel as though we do – but it is important!

Privacy

Privacy is another area that can be hard. Again, it’s easy for us to want our friends and those we admire to have privacy – and we get deeply offended (and rightly so) about privacy invasions like the phone hacking of Milly Dowler. What we seem less clear about is when it comes to people we don’t like. The phone hacking saga didn’t make people sit up and take notice when it was ‘just’ celebrities and politicians who were having their phones hacked – in some way people seemed to think that the celebrities and politicians ‘deserved’ it, or at least that they have accept it as part of the price of being celebrities and politicians. There is something to that – but if we believe in privacy, we need to accord that privacy to all, and to understand that invasions of privacy hurt everyone, and that even those we really dislike deserve it. Max Mosley is a case in point for me. I detested everything his father (the Fascist leader Oswald Mosley) stood for, I find the whole hoo-ha around Formula One repellant, and distrust his politics intensely – but the way his privacy was invaded was just plain wrong – and what he does in private, with consenting adults, is his own business. The idea that people’s private lives should be opened up and served to the public just for titillation – and that what ‘interests’ the public is in the public interest, so can override a right to privacy – must be wrong. Even people we dislike have that right – even those we consider complete wankers.

The right to a fair trial

This is where things are playing out right now – and not just with Abu Qatada. The right to a fair trial, to justice, to due process, is a fundamental right, and so it should be. It is in most key human rights documents – as Article 6 of the European Convention on Humand Rights, in the US constitution (in the 5th, 6th and 14th Amendments), and fundamental to the British idea of justice, right back to Magna Carta and beyond. In some ways it may be the most important right of them all. It applies – and should apply – to everyone. That includes Abu Qatada, and it also includes Boston bomb suspect Dzhokhar Tsarnaev – which is why many are watching how the US justice system treats him with eagle eyes.

With Abu Qatada, it is that right to a fair trial that is stopping his deportation – and however ‘bad’ he is, however much of a ‘threat’ he is, we need to be clear that it’s a fundamental issue. As it stands, the concern is that evidence obtained by torture could be used in his trial in Jordan – and that isn’t just a legal nicety. There are clear international conventions against torture (most notably the UN Convention Against Torture, which the UK has signed and ratified) and quite rightly so. Torture is considered abhorrent – and by most people ineffective. If evidence obtained through torture is accepted as a valid part of a judicial process, we’re more than condoning torture – we’re effectively encouraging it. No matter how much of a threat we consider Abu Qatada to be, that’s simply wrong – and it’s also unfair. If we believe in what we say we believe in – in fair trials, in justice – we should be standing up for Abu Qatada’s right to a fair trial, and to justice. Our system does that – which, ultimately, is why it has been so hard for successive governments to deport Abu Qatada. Home Secretaries may rant and rave, but that’s the bottom line. Until we’re sure that Abu Qatada will receive a fair trial, it’s quite right that he should not be deported – and to bend the rules, to consider withdrawing from the ECHR, in order to deport Abu Qatada is more than just wrong, it’s fundamentally wrong.

Do we believe in human rights? 

It’s not so much whether the government actually does manage to temporarily withdraw from the ECHR that matters – as Adam Wagner has said, the chances that they can actually do so are vanishingly small – but the fact that they’re even considering doing so that is very disturbing. To call it a slippery slope is to underestimate the importance of being consistent in our support for human rights for all. We need to accord rights not just to those we like, those we respect, those we consider to be our friends – we need to accord them to those we hate, those whose views we detest, to our enemies. Indeed, the extent to which we do that is a crucial test of our commitment to rights. It may even be the only real test of that commitment. If we fail that test, the results could be catastrophic.

The Snoopers’ Charter: we need a new consultation

The Communications Data Bill – more commonly (and fairly accurately) known as the ‘Snoopers’ Charter’ is due to re-emerge at any moment. We have been expecting it for some time – and yet have seen nothing official, and there has been no sign of a proper public consultation on the subject. That, to me, is wholly inadequate – so I have written to the Home Office, copying in my MP, Dr Julian Huppert. The contents of the letter are below. If you feel strongly about this matter – and I hope you do – you could add to the pressure to have a proper public consultation by using the Open Rights Group’s system, which can be found at:

http://www.openrightsgroup.org/campaigns/snoopers-charter-consultation

Here’s what I wrote – it is fairly long, but still only scratches at the surface of what is wrong with the overall approach to surveillance put forward in this bill:

————————————————————

Dear Home Office

Re: Draft Communications Data Bill

I write to you as a legal academic, specialising in data privacy, and as a member of the public with significant concerns over the progress of the Communications Data Bill. In my opinion we need a consultation – and a public and open consultation – on the Bill for many reasons.

The media storm – and the eventual and significant criticism levelled at the bill by the Parliamentary Committee hastily convened to discuss the bill the first time around should have made it clear to the proponents of the bill that there is a huge public interest in this area. That has a number of implications:

  1. That the criticisms levelled at the bill need to be taken seriously.
  2. That all the interested groups, including advocacy groups and academics – and indeed the public – need to be talked to up front, not after all the work has been done.
  3. That a ‘fait accompli’ is not an acceptable solution
  4. That the level of ‘proof’ provided by those putting the bill forward needs to be much more convincing – and much more open – than what has been provided to date. It is simply not sufficient to say ‘it’s dangerous and something must be done’, or ‘we can’t tell you why, but we need to do this’.

Those of us interested in the Bill have been waiting for the consultation to begin – there have been leaks to the media at intervals suggesting that it would start soon, but so far nothing has been made official or public. That is both unfortunate and ultimately unacceptable. We need that consultation to begin soon, and in an open and public way.

A targeted rather than universal approach to surveillance

Though in my view the Parliamentary Committee did a very good job in scrutinising the bill and in reviewing the huge amount of evidence submitted to it, there are a number of areas that I do not believe were sufficiently considered.

These areas hit at the very essence of the approach adopted by the bill. The whole idea of a ‘gather everything for later scrutiny’ approach misses many of the fundamental risks attached to this kind of surveillance: the risks of data and system vulnerability, of function creep, and of system misuse. Much of the evidence submitted to the committee that scrutinised the Communications Data Bill examined these risks – but the committee did not, in my opinion, see quite how fundamentally they undermined the overall approach of the Bill. Nor, in my opinion, did they look sufficiently into a genuinely alternative approach.

That alternative is to go for a targeted rather then universal surveillance. This kind of approach can significantly reduce all of these risks. Putting both the warranting and the filtration systems before the gathering stage rather than the accessing stage would reduce the amount of data that is vulnerable, make the systems harder to misuse, and reduce the likelihood – or the impact – of function creep. It is closer to the concept at the heart of British justice: that people are innocent until proven guilty.

1     Risks of data and system vulnerability.

It is a fundamental truth of computer data that wherever data exists and however it is held it can be vulnerable – to hacking, to accidental loss, to corruption, to misinterpretation, to inappropriate transfers and to many other things. By gathering all the communications data, this approach sets itself up for disaster – it is like painting metaphorical signs saying ‘hack me’ on the databases of information. If you build it, it will be hacked.

What is more, it is not only data that’s vulnerable but systems – if ‘black boxes’ are installed at ISPs, those black boxes will also have the metaphorical ‘hack me’ signs upon them. If you make a back door, the bad people as well as the good people can come in. It doesn’t matter how secure you think your system is, it can be broken into and hacked.

The government doesn’t have an inspiring record in terms of keeping data secure – from the Child Benefit data discs and the MOD laptops to the numerous NHS data breaches – but this is not really so much a reflection of government inadequacy to an underlying truth about data and systems. Stories of hack and data losses are in the news almost every day – and even those with the greatest technical ability and the greatest incentives to keep data secure have been victims, from Swiss banks to pretty much every major technology company. Facebook, Apple, Microsoft and Google have all fallen victim over recent months.

Ultimately, the only data that is not vulnerable is data that doesn’t exist at all. Furthermore, the only systems that can’t be hacked are systems that don’t exist. If targeted rather than universal surveillance is used, then the vulnerability is enormously reduced.

2      Risks of Function Creep

When data is gathered, or systems are built, for a specific purpose, that purpose can very easily end up being changed. This is a phenomenon particularly common in the field of anti-terror legislation and systems. Most people are aware of RIPA having been used for such things as dog fouling and fly-tipping, of CCTV cameras ostensibly for crime prevention actually being used to check children’s addresses for school catchment areas and so forth – but these are not myths or even particularly atypical. This has become something close to a ‘norm’ in this field.

There often appear to be good reasons for this function creep – not many people argued when the CCTV system for the London Congestion Charge started being used for crime prevention, for example – but it is a phenomenon that needs to be acknowledged. There isn’t really a legislative way to deal with it – caveats in laws can be sidestepped, laws can be amended in moments of ‘need’ and so forth. The only way to prevent it, as for data vulnerability, is to not build the systems or gather the data in the first place.

Again, this is a strong argument against universal data gathering – data gathered specifically, in a targeted and warranted way, presents less of a risk of function creep. Similarly, specifically designed and targeted systems are less susceptible to function creep than huge, universal surveillance systems.

3      Risks of System and Data Misuse

Another phenomenon familiar to those who study this field is that systems can be and are misused – whether it is databases searched for information about people against whom the searcher has a grudge, or collusion between the authorities and the press. The Leveson Inquiry should have made it entirely clear that such risks are not mythical – and if anyone believes that either the police and other authorities or the press have completely changed as a result of the exposure of the phone and email hacking then they are being extremely naïve.

The systems and data envisaged in this plan are particularly susceptible to this kind of misuse. The description of this kind of system as a ‘Google for communications data’ is entirely apt, and anyone who uses Google regularly should understand how easily the process of searching morphs from one thing to another. Human beings will use these systems – and human beings have human weaknesses, and those weaknesses lead almost inevitably to this kind of misuse. With universal data gathering built into the system, the database would be ripe for very serious misuse indeed.

Again, there is only one real way to deal with the possibility of system and data misuse – minimise the size and scope of the system and the amount of data involved. That, again, suggests that we need targeted rather than universal surveillance.

The Normalisation of Surveillance – and the Panopticon Chill

These are just a few of the problems that a system like this could bring about. There are many more – and I have written before about how this kind of surveillance impacts not only on privacy but on a whole array of human rights. By suggesting that universal surveillance is something that we should consider normal and acceptable we are ‘normalising’ – which has a whole set of implications.

Jeremy Bentham’s concept of the Panopticon, one with which I am sure you are familiar, is based on the idea that if people know that they’re being observed, they modify their behaviour. He envisaged it for a prison – to help control the behaviour of potentially violent and dangerous prisoners, put them in a position where they know that at any time they might be observed. In effect, this is what this kind of a system does – it tells everyone that whatever they do on the internet can and will be observed.

What will that mean? Well, it creates a kind of ‘chilling effect’ – what I would call the ‘Panopticon Chill’. It means people will be less free with their speech – and feel less free about what they do, where they go, and what they do online. That impacts upon many of our recognised human rights: freedom of expression, freedom of association and freedom of assembly to start with.

There are some who would welcome this kind of Panopticon Chill – some who think that we need to control the internet more. That, however, is to treat us as though we are prisoners in an enormous online jail. Bentham’s idea was not for ordinary peoples, but for potentially violent and dangerous prisoners. Is that how we all want to be treated? Is that the kind of society that we want to live in?

What kind of society do we want to live in?

That is the bottom line for the Communications Data Bill. Putting this kind of bill into place would be to set up precisely the kind of surveillance society that Orwell warned us of in 1984. Is that what we want to do?

There are other huge questions – not least the question of whether it will work at all. As the huge quantity of evidence submitted in the initial consultation revealed, few real experts believe that it will – anyone with expertise will be able to sidestep the system, leaving the rest of us to suffer the downsides of this kind of surveillance without the upsides even existing.

What is more, by promoting such a system in this country we not only give permission for the more oppressive of regimes to do the same (and leaders from Putin in Russia to Assad in Syria will be watching us with eagle eyes) but we would also be kick-starting the surveillance technology industry. Whichever companies win the contracts to supply the tech to enable the Bill will be looking to exploit that technology – who will they sell their systems to? What will the next systems they apply their learning and experience to? The £1.8 billion (and probably more) that the UK government spends on this will reap benefits to dictators and oppressors worldwide in coming decades.

A new draft of the Communications Data Bill?

As I understand it, only people close to the Home Office have yet seen how the Communications Data Bill will look in its new draft. I have been told that I won’t be upset when I see it – but without more information it is hard for me to be optimistic. Unless there is a fundamental change – most importantly a shift from the universal to the targeted approach, and an application of warrants and filters at the gathering rather than the accessing stage – it is hard to imagine that it will be something that I do like, and something that will inspire public trust.

A bill based on targeted rather than universal surveillance is possible. If it is brought about I believe it could not only be more compatible with human rights, send better messages to the rest of the world and be more cost effective – but it could also be more effective and less wasteful of the scarce resources of the police and intelligence services.

It does, however, require a big shift in attitudes. I hope that shift in attitudes is possible – and, at the very least, that we can have this debate in public, on reasonable and sensible terms, and without the feeling that we are being railroaded into a particular solution without any real options being presented.

A proper consultation

That, ultimately, is why we need a proper consultation. I have a perspective to present – and very particular views to put forward. I believe they are worthy of consideration – and I am very much open to discuss them. That discussion has not yet taken place. We need it to happen – and we have a right to have it happen. A proper consultation should happen now – at the drafting stage – not after everything has been already set in stone.

One real key here is that the public has not been properly informed over this debate. Initially, it appeared as though the government wanted to get this bill passed so quickly there wouldn’t even be time for Parliamentary scrutiny – it was only when the issue caused outrage that the committee was set up, and even then the consultation period was very brief and at a time when many academics in particular were not in a position to submit. We need more time – this is a crucial issue, and the public needs to have confidence that an appropriate decision is being made. The debate was characterised at times by language that should have no place in a serious debate, with opponents of the bill being accused of having blood on their hands.

This time around, we need proper consultation, with sufficient time and sufficient opportunity for all stakeholders to have their say. All options need to be considered, and in a way that both encourages and supports public participation, and develops a greater level of trust.

I am copying this letter to my MP, Dr Julian Huppert, who was on the Parliamentary Committee that scrutinised the bill, and to the Open Rights Group as well as making it public on my blog.

Kind regards

Dr Paul Bernal

Lecturer in Information Technology, Intellectual Property and Media Law
UEA Law School
University of East Anglia
Norwich NR4 7TJ
Email: paul.bernal@uea.ac.uk