Scrambling for safety?

This afternoon I was at ‘Scrambling for Safety’ – a fascinating conference, focussing on the proposed ‘Communications Capabilities Development Programme’, aptly if not entirely accurately dubbed the ‘snoopers’ charter’ by the media. The conference was organised by Privacy International, the Open Rights Group, the Foundation for Information Policy Research and Big Brother Watch – and had a truly stellar line-up, from Ross Anderson and Shami Chakrabati to MPs David Davis, Julian Huppert and Tom Brake, David Smith from the ICO, Professor Douwe Korff, former Chief Police Officer Sir Chris Fox QPM, noted cryptographer Whit Diffie and industry expert and rep Trefor Davies. Some of the best and most expert people from many different areas in the field.

Overall, it was a remarkable conference – I’m not going to try to summarise what people said, just to pick out some of the key things I took away from the event. Some lessons, some observations, so confirmations of what we already knew – and, sadly, some huge barriers that will need to be overcome if we are to be successful in beating this hugely misguided and highly dangerous project.

  1. There are a LOT of people from all fields who are deeply concerned with this. The number of people – and the kind of people – who took their time to attend, at short notice, was very impressive.
  2. This problem really does matter – I know I go on about privacy and related subjects a lot, but when I attend an event like this, and listen to these kinds of people talk, it reminds me how much is at stake.
  3. The work of Privacy International, the Open Rights Group and Big Brother Watch needs to be applauded and supported! Getting this kind of an event to work in such a way was brilliant work – and Gus Hosein (PI), Eric King (PI), Jim Killock (ORG), Nick Pickles (BBW) and their colleagues did an excellent job.
  4. David Davis is a really impressive – and I say that as someone generally diametrically opposed to his political views. On this subject, he really does get it, and in a way that almost no other politician in this country gets it.
  5. As David Davis said, it really isn’t a party political issue – I’ve blogged before about this (here) but what happened at Scrambling for Safety made it even clearer than before. All the parties have their problems…
  6. …and one of them was made crystal clear, by the very, very disappointing performance of Tom Brake MP, a Lib Dem MP and spokesperson on the issue. He seemed to offer nothing but a repeat of exactly the kind of propaganda spouted by apologists for the security lobby ad nauseam over the last decade or more. In fact, he said pretty much everything that Gus Hosein, in his opening to the conference, said that official spokespeople would say by way of misdirection and obfuscation. If Tom Brake is a representative of the ‘better-informed’ of MPs, we really are in trouble. It wasn’t just that his performance seemed that of a ‘yes-man’ or ‘career politician’, but that he simply didn’t seem to understand the issues, concerns, or even the technology involved.
  7. Julian Huppert, also from the Lib Dems, was far more impressive – but of course he has no ‘official’ position. That seems to be the problem: anyone who understands this kind of thing is not ‘allowed’ to be involved in the decision-making process: or perhaps once they do get involved in any ‘official’ capacity, they lose (or have stripped away from them) the capacity for independent thought…
  8. The police are NOT the enemy here – in fact, former Chief Constable Sir Chris Fox was one of the most impressive speakers, putting a strong case against this kind of thing from the perspective of the police. In the end, the police don’t really want this kind of thing any more than privacy advocates do. This kind of universal surveillance, he said, could overwhelm the police with data and detract from the kind of real police work that can actually help combat terrorism. Sir Chris was supported by another police officer, one of the audience, a former Special Branch officer, who confirmed all Sir Chris’s comments.
  9. Sir Chris Fox also made what I thought was probably the most important observation about the whole counter-terrorism issue: that we have to accept there WILL be more terrorist incidents – but that this is balanced by the benefits we have from living in a free society.
  10. The problem of ignorance matters on all levels – and in many different directions: technological, legal, practical, political. That’s the real problem here. People are pushing policies that they don’t understand, to deal with problems with which they have no real experience or knowledge…. politicians, civil servants, etc, etc, etc
  11. I was very interested that Ross Anderson (who was excellent, as always) expects us to be able to defeat the CCDP – because once people understand what is at stake, they won’t accept it. He did, however, suggest that once we’ve defeated this, the next stage will be harder to defeat – that the security lobby will try to work through the providers directly, asking (for example) Google, Facebook etc to install ‘black boxes’ on their own systems, rather than through ISPs… and some of these providers will just do it… that’s harder to know about, and harder to combat.
  12. Last, but far from least, David Davis made the point that though people who know and understand these issues are few and far between (though very well represented at the conference!), they can punch above their weight – the very fact that ‘we’ know how to use social media etc means that we can have more of an impact than our numbers might suggest.

This last point is the one that I came away with the most. We really NEED to punch above our weight – there’s a huge job to do. There was a great deal of energy, enthusiasm and expertise evident at Scrambling for Safety, but even by the end of the afternoon it was losing a bit of focus. We need to be focussed, coordinated and ‘clever’ in how we do this. Surveillance must be kept in the headlines – and we mustn’t let the kind of misdirection and distraction that politicians and their spin-doctors use far too often distract us from fighting against this.

What’s more, again as David Davis said, we don’t just need to stop this CCDP, we need to reverse the trend. The powers in RIPA, the data retention already done under the Data Retention Directive, are already too much – they need to be cut back, not extended or ‘modernised’. It will be a huge task – but one worth doing.

Doin’ it for the kids?

I was watching CBBC with my daughter this morning – waiting for the wonderful Horrible Histories to begin – when on came ‘Newsround’, the children’s news programme. On it there was a short item that sent chills down my spine: a plan (which I was later informed has already come into practice in Brazil) to put RFID chips into school uniforms, to monitor truancy and tardiness.

The idea is ‘clever’ – the chips automatically send text messages to their parents when the kids enter school or if they’re more than 20 minutes late. Given the current issues with truancy – including the recent suggestion that child benefit should be docked for persistent truants – it may well be a very attractive idea for the government and even for schools, particularly if schools are being ‘rated’ for truancy levels. And yet there’s something deeply disturbing about it – not least the way that it was reported on Newround, in a matter-of-fact way, as though this sort of thing was just a welcome and natural development of technology, without a word or hint of the ‘dark side’ of it.

When I tweeted about it, I got some immediate and very interesting responses. A number of people told me about the existing systems that require fingerprinting to get school meals – apparently one in seven schools in the UK insist on it, according to a report in the Guardian last year. That in itself is pretty chilling – and the Guardian report details many other examples of intrusive control in schools, from the ever growing number of CCTV cameras to the desire to be able to take kids phones and so forth. There are, of course, metal detectors and even armed police in some US schools, but it hasn’t come to that yet in the UK. That doesn’t mean that it won’t – or at least that similarly draconian levels of control, perhaps using more ‘civilised’ and ‘British’ methods than armed police.

Draconian control rarely ‘works’

What’s wrong with all this? Where to start…. One of my twitter responses, from the excellent @daraghobrien, predicted ‘a brisk trade in jumper swapping or storing uniform items in bags for truanting friends’, with his tongue only partly in his cheek – and there are many more equally enterprising possibilities, such as sabotaging a bit of uniform to take in any number of chips onto a single garment, allowing one person to ‘check in’ for all their mates.

Attempts at control like this rarely have the desired effect. Kids are ingenious and enterprising enough to find ways to mess with any system the grown-ups are likely to put in – which would doubtless result in further escalations, and perhaps the suggestion of another excellent privacy tweeter, @cybermatron: ‘My estimate still is that our kids will be microchipped at birth within the next 20 years. For their own protection, of course‘.

Is that where we’re headed? If we think that we can solve behavioural problems by closer monitoring and control, it’s hard not to come to that kind of conclusion. I’ve written about connected issues before (my blog a couple of months back Do you want a camera in your kid’s bedroom?? for example): there seems to be a tendency to try to use technology – and in particular privacy-intrusive technology – to try to solve problems for which it is entirely unsuited. There also seems to be a fundamental misunderstanding of kids.

Kids need freedom

Why have do so many adults seem to have forgotten what it was like to be a kid? What they liked to do when they were a kid? Kids need freedom to grow, to learn, to play. They need privacy – as a father of a five year old, I’ve already learned a lot about that. There are things that my daughter needs to keep to herself, or to talk to her friends about without her parents or her teachers knowing. We all know that, if only we think back to our own childhoods – and not just ‘bad’ things, but good things, personal things. If we go along the route of total surveillance, of attempting total control, we deny ordinary children that freedom, without even solving the problems that we want to solve!

Making surveillance and control ‘acceptable’

Perhaps just as importantly, if this kind of thing becomes the norm – and the ‘matter-of-fact’ way it was reported makes that far more likely – are we teaching kids that surveillance is acceptable? Numbing them? Chilling them? From a government perspective, if they can get kids ‘used’ to surveillance from as early as possible and there’ll be much less resistance when the government wants to bring in even more draconian measures – like the new CCDP programme of total internet surveillance currently under discussion. This is wrong in so many ways….

Can we stop it?

My daughter’s five years old – in year 1 – and hasn’t yet had to deal with any of these things. I don’t want her to have to – so if I hear anything from her school suggesting anything even slightly in this direction, I’ll be speaking out at every opportunity. We all should be – and telling all our politicians, our educators, our police, that it’s wholly unacceptable. Whether that will be enough is far from clear.

After I watched the bulletin on Newsround, I watched Horrible Histories – and wondered, not for the first time, how our period in history will be remembered in years to come. Horrible Histories has ‘Rotten Romans’, ‘Terrible Tudors’ and ‘Vile Victorians’ – and the sketches on the TV show point out the crazy, extreme and terrible things that have happened in each of those ages. How will they show the kind of thing we’re planning to do to our kids? I shudder to think…



The politics of privacy

Why is it that despite what looks like very strong public hostility, together with a powerful media opposition, the proposed UK government surveillance programme, the Communications Capabilities Development Programme (a description of which can be found on the Open Rights Group wiki here) is currently very likely to go ahead? The problem is a deep one, connected with the party politics of the UK. All three major political parties are deeply conflicted over the issues – and that conflict may well allow the proposal to be pushed through regardless of the opposition of the people and of the media.


The Tories, as very much the senior party in the Coalition, are to a great extend right behind the programme: after all, they’re the ones proposing it. In some ways the programme fits directly into some traditional Tory agendas: ‘Law and Order’ has long been central to Conservative politics, from the more extreme ‘hang ’em and flog ’em’ sections of the party to the slightly more rational ‘prison works’ mantra of Michael Howard et al. Moreover, a certain kind of old-fashioned patriotism could be said to fit in with the anti-terrorist agenda – and it’s easy to see the ‘if you’ve got nothing to hide, you’ve got nothing to fear’ argument used by those who essentially see criminals and terrorists as basically ‘evil’, distinct from and a threat to good, ordinary people.

On the other hand, there is another strong, traditional thread in Conservatism that goes directly against the idea of surveillance on this kind of scale and in this kind of way – and it should be no surprise that one of the most eloquent and consistent speakers against the programme has been David Davis. Civil liberties should be central to Conservative philosophy – and in particular the kind of civil liberties that protect against intrusion into privacy. An Englishman’s home is his castle, after all! What’s more, the kind of programme envisaged smacks of ‘big government’, and the ‘nanny state’, things that a Tory should instinctively reject. David Davis expresses this view very well – and I’m sure what he says resonates with a lot of Tory MPs and Tory supporters.

For the Tories, this civil libertarian attitude needs fostering and supporting.


Labour may well be even more conflicted over the issue than the Tories. On the one hand Labour is supposed to stand up for the little people against oppression and control, and there is a strong association between the left wing and the ideas of freedom that this kind of a programme deeply undermines.Anyone who remembers the Thatcher years knows all too well how the forces of the police and even military intelligence were used against the unions (and not just during the miners’ strike) and against ‘left wing’ groups such as CND – the recent scandal of long term police infiltration into environmental groups (including long term relationships between undercover officers and and activists) fits into this pattern.

…and yet there are three strong factors that make Labour far from certain to oppose the programme. Firstly, there’s an authoritarian streak on the left – it would be unfair to suggest it might be a touch ‘Stalinist’, but there’s a certain degree of a ‘command and control’ attitude from some, and a sense that government needs to take a grip of things in this kind of a way. Secondly, there’s the long term need of the Labour Party to counter the Tory argument that Labour are ‘soft’ on crime – this attitude verged on paranoia during the last Labour administration, and is still clear in the current Labour party. Thirdly, there’s the deep problem surrounding the ‘War on Terror’ and the Labour Party’s role in it: Tony Blair and Gordon Brown were more than complicit in the ‘War on Terror’, they drove it forward. These three factors produced a series of desperately authoritarian Home Secretaries, each bringing in more draconian and anti-civil libertarian measures than the last. David Blunkett, Charles Clarke and John Reid presided over some of the most appalling pieces of policy in living memory, from the push towards ID cards to the data retention measures that ultimately lie behind the current programme.

For Labour, the challenge is to break with the past – to admit (or at least recognise) that mistakes were made by the last administration, and to be brave enough to say that Blair and Brown got this wrong. That last part it really hard to do for politicians at the best of times…

The Lib Dems

In one way, the Lib Dems should be the least conflicted. These measures are pretty fundamentally ‘illiberal’, and the Liberal Democrats as a party should be simply and directly against them. A few short weeks before the last general election I heard Nick Clegg speak excellently at the Privacy International 25th Birthday Party, talking directly about the rise of the ‘database state’ under Labour and how directly opposed to such things he was both personally and politically. For the Lib Dems, there really shouldn’t be an issue – and if they were currently in opposition, against a majority Tory government, I’d be willing to bet a lot of money that as a party they’d oppose the measure.

…but they’re not in opposition. They’re part of the coalition, and that brings with it several pieces of baggage. First of all, they have to work with the Tories – and in particular, Nick Clegg has to work with David Cameron. Secondly, they have to appear ‘governmental’ – and Nick Clegg wants to look ‘statesmanlike’, which many politicians seem to think means doing the wrong, illiberal and unpopular thing, to appear more ‘responsible’. Thirdly, if they come out against this, many of their supporters may ask why they didn’t come out against other policies – student fees, privatising the NHS, welfare, legal aid etc – which were just as much against ‘liberal’ principles. To an extent they’re hoist with their own petard. They’re part of this government now, and may feel they have to ‘see it through’. There have already been so many ‘betrayals’, one more hardly makes any difference….

Three parties, alike in turmoil

So all three parties have their internal conflicts – which makes them ripe for the ‘security lobby’ to exploit. It should, however, also give us all a bit of an opportunity to bring about opposition. The excellent Privacy International, the Open Rights Group, Big Brother Watch and others are already working hard to oppose the current measures. One key could be to contact MPs directly – using for example. Whoever your MP might be – from whichever party – there is a way to try to convince them. If you’re writing to a Tory, emphasise the civil liberties aspects, talk about an Englishman’s Home. If you’re writing to a Labour MP, remember the way that surveillance undermines democracy, works against unions and progressive activism. If you’re writing to a Lib Dem, talk about traditional liberalism and liberty – and remind them that one betrayal need not lead to another.

I’d like to think that all this is possible – that we can harness the ‘good’ side of each of the parties, and not let ourselves be railroaded into something that, ultimately, I don’t think that many people, whatever their political persuasion, either want or believe that we really need. The politics of privacy are complex – one of the things that I have found particularly refreshing since I started working in the field is that is can unite people with otherwise very different political perspectives. Let’s hope that we can unite in this way successfully this time.

If you build it, they will come…

The proposed new surveillance programme – the Communications Capabilities Development Programme – in the UK has many disturbing aspects – from the whole idea that ‘security’ justifies almost any infringement of privacy to the re-emergence of the fundamentally flawed ‘if you’ve got nothing to hide you’ve got nothing to fear’ argument. The response on the internet has been impressive – I’ve read great blogs and tweets and heard excellent arguments from many directions.

One of the key areas of focus has been the question of whether the police, intelligence services or other authorities will have to obtain a warrant to get access to the data gathered – but while that is a crucial issues, and will rightly get a lot of attention, in one key way it is missing the point. It presupposes that it’s OK to gather the information, to monitor our communications etc, so long as access to that information is subject to appropriate due process, and held securely.

Can data ever be genuinely securely held?

That last point gives a clue to the fundamental problem. Held securely. Can data ever be held really securely? Whether that is even theoretically possible is a moot point: experience shows that it is, on a practical level, never the case. Where data is held, it is always vulnerable What is often forgotten is quite how many ways data can be (and is) vulnerable. People think about hacking – and this kind of database practically screams out ‘hack me’ – but other vulnerabilities are both more regular and potentially more dangerous. Human error. Human malice. Weaknesses in systems. Technical and technological errors. The use of insufficiently trustworthy subcontractors. Complacency. Changes of personnel. Disgruntled employees. Drives for cost-cutting. The possibilities are almost endless…

Even those who you would most expect to keep data secure have failed again and again. The HMRC child benefit disc loss in 2007 is notorious, but the MOD lost the entire database of current and past members of the armed forces – including addresses, bank details etc – simply by leaving a laptop in a car park. Swiss Banks, who should be the most careful about their data, lost huge amounts through the ‘work’ of a subcontractor doing systems work – data which was then sold to the German tax authorities to seek out tax evaders.

Risk from function creep

Perhaps even more dangerously, once the data exists, there’s an often almost overwhelming imperative to find a use for it – making ‘function creep’ all but inevitable. Cameras set up to prevent serious crime end up being used to monitor dog fouling, or even check out whether parents really live in the catchment areas for schools – and even ‘single purpose’ cameras like those monitoring the Congestion Charge in London will almost certainly soon be accessible to the police. When Swedish foreign minister Anna Lindh was murdered in 2003 a DNA database designed and set up for purely medical research was accessed in the hunt for her killer – without consent from those on the database. These are just some of the many examples of function creep – there are many more.

Risks from change of situation – or change of government

One thing I’ve seen when teaching about data security has been that those who’ve experienced life under oppressive regimes are often the clearest about why allowing governments access to information is a serious risk. I remember one particular class I taught, where most of the students were British, and seemed generally OK with allowing full police access to information. One student, however, came from Kazakstan, and after listening for a while he stood up and basically told everyone they were mad. He wouldn’t like the government to have any of this data – he’s seen what happens when they do. I’ve heard the same from many people from other former communist countries in Eastern Europe in particular.

We in the West have a tendency to be far too complacent about what our governments might do. We may trust our government now (though of course many of us don’t) but setting systems like this in place, building databases of information, is effectively providing them for all subsequent governments and authorities, whatever their complexion.

What’s more, when the situation changes, when emergencies become more acute, even a ‘good’ government ends up doing ‘bad’ things – and ‘popular opinion’ will often ‘support’ those kinds of bad things, as the Anna Lindh case illustrated quite disturbingly.

Risk from private/public ‘cooperation’

It would be highly surprising if the data gathered and held in this kind of situation was purely done by ‘public servants’. Whether the form is some kind of private/public partnership, the use of subcontractors or freelancers, or even by requiring the ISPs etc to do the actual data gathering, holding and analysing is far from clear, but the private sector will almost certainly be involved in one way or another. That brings in a whole new raft of potential vulnerabilities. Private sector companies are both naturally and generally appropriately driven by profit rather than security – and this can mean cutting the costs to the bone, particularly if competitive tendering is involved. It might also mean conflict of jurisdiction – if the ultimate owner of a company is in the US, for example, the PATRIOT Act could come into play. What happens if a private company goes into administration? What happens if the ownership changes? Each event introduces another vulnerability.

What does this all mean?

Ultimately, if we let the data be gathered and held, it is vulnerable. Those who want to ‘abuse’ it will come.

The only way for data not to be vulnerable is for it not to exist.

Though the idea of warrants/due process in terms of the use of the data is highly important, it would be better to put controls in place at the data gathering stage as well, or else we’re building a database that is just ripe for abuse.

We need to worry not just about the data use, but the gathering of data in the first place.

What that would mean is a very different approach to data collection: targeted rather than general data gathering. If you have to go through a process to justify gathering data, then you can only gather it in a targeted way. It also means that we should demand deletion of data after a period unless further procedures are passed to justify that further holding: more due process needed.

The very whisper of the words ‘terrorist’ or ‘paedophile’ should not be enough to make us forget the basics not just of civil liberties but of technological logic. Any kind of solution that allows data to be gathered without a warrant, and on a ‘universal’ basis, even if it has good controls at the ‘data use’ stage, is fundamentally flawed, and should be avoided.

Why does the government always get it wrong?

Why is digital policy so bad?

The most recent pronouncement from the UK government – reinstating in an updated and worsened way the idea of near-universal surveillance of emails, texts, phone calls and web-browsing – is horrific in many ways (which I will blog about separately) but it shouldn’t come as that much of a surprise. This government, and the last government, and the one before that, have an abysmal record in their dealings with the digital world. They get it wrong in almost every way, almost every time.

They get it wrong at a policy level – this new surveillance plan is just one example. They messed up equally badly with my erstwhile favourite bugbears Phorm was another – not only did the Home Office mess up there, but BERR too – in thinking a nice business plan and some heavy lobbying was more important than people’s privacy.

They get it wrong in their law-making: the Digital Economy Act is up there with the Dangerous Dogs Act as the worst piece of law in recent history.

They even get it wrong on a detailed, practical level: make no mistake, the ill-conceived and inhumane O’Dwyer and McKinnon extraditions are political as well as judicial issues, and have the same origins as the problems at the policy and law-making levels. The problems are deep – but no so deep, I hope, as to be insurmountable.

1     Governments don’t understand the internet

The first and most important problem is that governments, and the politicians that run them, simply don’t understand the internet. They just don’t get it. For their own purposes, they largely think of it either as some kind of global PR network – which is why twitter hashtags like #tweetlikeanmp are so sadly apt and accurate.

For other purposes, they think of it either as a distribution network for digital products (which should therefore be governed largely by the entertainment industry) or a secret network for subversives and terrorists (which should therefore be under constant and universal surveillance).

Governments all over the world seem to think largely in those terms – hence Obama’s new ‘bill of rights for the internet’ refers to people only as ‘consumers’, not as citizens. They simply don’t get that the net has a social aspect, a communicative aspect, a creative aspect, an interactive aspect, a community aspect – and that many (most?) of the people who spend time on the internet are contributing in all those different ways.

They know the words – even in the Westminster Bubble they’ve heard of ‘social networking’ – but they don’t understand it in any real way. They don’t understand how things develop on the net, how the community is the lifeblood of the net, not the big companies who lobby them so effectively.

2      Governments don’t understand the entertainment industry

Then again, that’s not very surprising, because there’s very little evidence that those involved in the entertainment industry really understand how their own industry works. This is the industry, remember, that has opposed pretty much every technological development over the last half-century or more, believing that it was going to ‘kill’ the industry. They opposed the use of home cassette recorders, CDs, the VCRs etc well before fighting the ‘evil’ of piracy – rather than embracing and supporting the new technologies and finding a way to harness the great advantages that the technology begins.

They also say things that everyone knows are not true – copyright infringement isn’t theft, and people know that. Theft means not only taking something but depriving someone else of that thing. Copying a bit of music doesn’t do that – and people who copy music in this way know this all too well. Trying to tell them it is theft won’t convince them – just annoy them, and remind them never to listen to you again.

It shouldn’t be seen as surprising that it took a company from outside the entertainment industry, Apple, to actually find a way to use the net that worked, and worked well. It shouldn’t be so surprising that governments, lobbied heavily by an industry that itself doesn’t ‘get it’, end up doing such mindlessly stupid things as the Digital Economy Act. Again, this is a worldwide phenomenon – SOPA and PIPA in the US were every bit as ill-conceived as our Digital Economy Act… and ACTA shows signs of being just as bad.

3      Governments don’t understand law…

This may be, perhaps an overblown claim – but an important one, given governments’ role as lawmakers. What I mean is that they often seem to misunderstand how law really works.

I was at the BILETA conference last week, and Professor Chris Reed gave a compelling keynote about how even legal theorists often end up getting laws badly wrong as they still conceive of it under a kind of ‘command and control’ model: a law commands, then people obey. It doesn’t really work like that – even more so, perhaps, on the internet than in the ‘real’ world.

Ultimately, laws without ‘consent’ don’t really work – just as government without ‘consent’ only works with ultimate force, and even then it’s hard to sustain. It doesn’t matter how many times and in how many ways governments bring in ‘anti-piracy’ laws – if people don’t believe that piracy is ‘wrong’, they won’t want to obey. Law without consent just doesn’t do the job.

4      Governments don’t understand privacy….

Most directly, they don’t understand that people want privacy on the internet – because, as I said at the start, they don’t understand the internet. If they don’t ‘get’ the fact that people use the net in so many interesting and interactive ways, for personal, intimate, social and community purposes, then they’ll never understand why people do care about things like privacy, and do care about being under constant surveillance. After all, if the net is just an online shopping mall, and shopping malls have CCTV, then why would people on the net mind being under surveillance?

The problem is, the net isn’t like a shopping mall. It’s something quite different, qualitatively different, and is used in very, very different ways. We all know (I hope!) that when we browse or shop at Amazon we’re being recorded by Amazon – just as when we go to a shopping mall we’re being recorded. We don’t, however, want CCTV in our own homes. We don’t expect our communications to be monitored, we don’t expect our every move to be recorded wherever we go – and, ultimately, I hope we won’t accept it either.

So what should the government and politicians do?

  1. First of all, they need to admit they have a problem – everyone knows that’s the first stage in solving a problem. Governments need to take a long, hard look at themselves.
  2. Secondly, they need to start talking to the right people – and at the right time. Who really does understand the internet? Civil society, hackers, maybe even some academics – understand it much, much more than politicians, and than industry lobby groups. Talk to the people who know first, not last, and don’t just treat them as add-ons at the end. Frankly, the average punter on the net understands it better than some industry representatives…
  3. When the real experts talk, listen! If Ross Anderson tells you that ‘anonymisation’ doesn’t work, believe him!
  4. Put the lobby groups back in their place. The entertainment industry in particular, as noted above – but the advertising industry can be just as bad, just as misleading, just as out of touch. These industry groups need to be listening to others themselves!
  5. Be willing to admit you were wrong. The Labour Party in particular should grasp that nettle – the DEA was a nightmarishly awful piece of legislation and they should be brave enough to admit it and abandon it. It’s hard, because politicians seem to be under the impression that changing your mind is completely unacceptable. It shouldn’t be – if you find out you’re wrong about something, admit it!
  6. Let those within your party who DO understand it take a bigger role. There are good people in most parties – who do a sterling job as back-benchers and on key committees – who should be listened to at the very least. Labour should put Tom Watson in charge instead of Harriet Harman – and the Coalition should replace the desperate Ed Vaizey with Julian Huppert.
  7. Be brave enough to face up to the security pressure groups, both internal and external. At the moment, just the barest whisper of the word ‘terrorism’ seems to make politicians of almost all parties quiver at the knees and sacrifice their own principles and OUR rights.
  8. Start to trust real people a bit more… and then real people might begin to trust you a bit more.

N.B. MPs, please, please, please take what your civil servants tell you with a huge pinch of salt: they’re even more likely than you not to understand the internet, and even more likely than you to be swayed inappropriately by the copyright and security lobbies!