One of the most important statements in the report of the Joint Committee on the Draft Investigatory Powers Bill is also one that may seem, on the surface at least, to be little more than a matter of presentation.
“We do not believe that ICRs are the equivalent of an itemised telephone bill. However well-intentioned, this comparison is not a helpful one.”
The committee had to make this statement because a number of the advocates for the Bill – and for the central place that Internet Connection Records play in the Bill – have been using this comparison. Many of the witnesses to both this committee and the two other parliamentary committees that have scrutinised and reported on the Bill (the Science and Technology Committee and the Intelligence and Security Committee) have been deeply critical of the comparison. The criticisms come from a number of different directions. One is the level of intrusion: this is Big Brother Watch, in the IP Bill Committee report:
“A telephone bill reveals who you have been speaking to, when and for how long. Your internet activity on the other had reveals every single thing you do online.”
Some criticised the technological complexity. This is from Professors John Naughton and David Vincent’s evidence to the IP Bill Committee:
“The Secretary of State said that an Internet Connection Record was “simply the modern equivalent of an itemised phone bill”. It is a deeply misleading analogy, because—whatever it turns out to be—an ICR in the current technological context will be significantly more complex and harder to compile than an itemised bill.”
Others, including myself, made the point that the way that people actually use the internet – and the way that the current communications systems function – simply does not fit the whole idea. Andrews & Arnold Limited put it like this:
“If the mobile provider was even able to tell that [a person] had used Twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to Twitter 24 hours a day, and probably Facebook as well. is is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.”
This is Richard Clayton:
“The ICR data will be unable to distinguish between a visit to a jihadist website and visiting a blog where, unbeknown to the visitor (and the blog owner) the 329th comment (of 917) on the current article contains an image which is served by that jihadist site. So an ICR will never be evidence of intent—it merely records that some data has owed over the Internet and so it is seldom going to be ‘evidence’ rather than just ‘intelligence”.”
The Home Secretary, however, effectively dismissed these objections – but at the same time highlighted why the mistaken comparison is more important, and more revealing than just a question of presentation.
“As people move from telephony to communications on the internet, the use of apps and so forth, it is necessary to take that forward to be able to access similar information in relation to the use of the internet. I would say it is not inaccurate and it was a genuine attempt to try to draw out for people a comparison as to what was available to the law enforcement agencies now—why there is now a problem—because people communicate in different ways, and how that will be dealt with in the future.”
There were two ways to interpret the initial comparison. One interpretation was that it was a deliberate attempt to oversimplify, to sell the idea to the people, all the time knowing that it was an inappropriate comparison, one that simultaneously downplayed the intrusiveness of the records, underestimated the difficulty there would be in creating them and overestimated their likely effectiveness in assisting the police and the security services. The other was that those advocating the implementation of internet connection records genuinely believed that the comparison was a valid and valuable one. The evidence of the Home Secretary – and indeed of others backing the bill – seems to suggest that the second of these interpretations is closer to the truth. And though the first may seem the more worrying, as it might suggests a level of deception and dissembling that should disturb anyone, it is the second that should worry us more, as it betrays a far more problematic mindset, and one that sadly can be seen elsewhere in the debate over surveillance and indeed over regulating, policing and controlling the internet in other ways.
It suggests that rather than facing up to the reality of the way the internet works, those in charge of the lawmaking (and perhaps even the policing itself) are trying to legislate as though the internet were the kind of communication system they are used to. The kind they already understand. They’re not just comparing the internet to a telephone system, they’re acting as though it is a telephone system, and trying to force everything to fit that belief. With the concept of Internet Connection Records, they’re saying to the providers of modern, complex, interactive, constantly connecting, multifaceted systems that they’ve got to create data as though their modern, complex, interactive constantly connecting and multifaceted systems were actually old-fashioned telephone systems.
The problem is that the internet is not an old-fashioned telephone system. Pretending that it is won’t work. The problems highlighted – in particular the technical difficulties and the inevitable ineffectiveness – won’t go away no matter how much the Home Office wish for them to do so. It is a little disappointing to me that the report of the committee was not strong enough to say this directly – instead they emphasise that the government needs to explain how it will address the issues that have been raised.
Sadly it seems almost certain that the government will continue to push this idea. The future seems all too easy to predict. A few years down the line they will still be trying to get the idea to work, still trying to make it useful, still trying to prove to themselves that the internet is just like a telephone system. Many millions will have been spent, huge amounts of effort and expertise will have been wasted on a fruitless, irrelevant and ultimately self-defeating project – money, effort and expertise that could, instead, have been put into finding genuinely effective ways to police the internet as it is, rather than as they wish it still was.
Paul Bernal's Blog 
I think the Home Secretary genuinely believes that an itemised phone bill is a good (or, at least, good enough) analogy for ICRs. But that’s because she’s not particularly technically literate. I very much doubt if the same is true of those who actually drew up the proposals and submitted them for inclusion in the legislation. They know, full well, what they are asking for, and also know that to get it past the parliamentary and executive gatekeepers they need to sell the idea in simple terms.
You may be right – but at a ’round table’ event organised by the Home Office I met and spoke with one of the people who helped with the drafting and we discussed the comparison in particular. He did seem to genuinely believe the idea. The security service people are another matter, of course!
I doubt very much that the politicians sitting around the table, or indeed helped draft the bill have any real knowledge of its intent.
They are only ever told half the story, and the half thats chosen is likely to be filled with the propaganda the people actually running the show want/need them to disseminate.
Theresa May will be likely more informed but even she will only be a puppet for the Puppet Masters who plan the whole show.
The reality is likely to be that our politicians, when in power are in a way manipulated and coerced in much the same way the rest of us are.
Politicians who reach Ministerial levels of government tend to have been groomed for their roles since childhood. That goes for all Parties.
However, once in a while we get the odd anomaly when someone like Jeremy Corbyn finds himself at the table which is not the norm.
Thats why the establishment hate him, he could do some damage to their agenda. Stir up trouble and dissent.
I’d like to think Corbyn would (in the context of these issues) but I doubt it very much.
“Sadly it seems almost certain that the government will continue to push this idea. The future seems all too easy to predict. A few years down the line they will still be trying to get the idea to work, still trying to make it useful, still trying to prove to themselves that the internet is just like a telephone system. Many millions will have been spent, huge amounts of effort and expertise will have been wasted on a fruitless, irrelevant and ultimately self-defeating project – money, effort and expertise that could, instead, have been put into finding genuinely effective ways to police the internet as it is, rather than as they wish it still was.”
Excellent blog post. I used to think that austerity might help such people see sense when it comes to their drive to waste our money. You have put it very succinctly, it obviously won’t. What a tight coupling there is between self-delusion and mass delusion on this topic.
However, I’m not sure these efforts will fail, perhaps the efforts will succeed in effectively breaking the internet. It already must interfere with the governance structure of RFCs.
Well, I don’t know, perhaps RFCs (the process) was never so benign and I was had in by the term. But I think not.
This, in itself, is pretty tragic.
Hi Paul
I agree with the other posters. It’s not so long ago since I read that politicians were asking their kids for advice about these things and being told by them that their ideas wouldn’t work. You are dealing with politicians here who don’t spend hours looking at a screen, but are preoccupied with power and money. You are dealing with security services who see no problem with surveillance as they spend their own lives being watched and civil servants who are also closely watched.
This is even more divisive:
UK government moves to clamp down on Internet, citing child pornography
Simultaneously, there are plans for banks to police their customers’ use of the internet, with credit card payments to adult sites blocked if they are considered accessible to anyone under 18. http://www.wsws.org/en/articles/2013/11/25/goog-n25.html
I’m sure we all loath child porn but the criminally insane HSBC supporting Cameron’s child protection plans by monitoring our surfing?
See also: UK Government Agent That Developed Porn Filter, Arrested for Child Pornography…http://www.liveleak.com/view?i=43f_1394137710
When the materialism worshipping Tories start spouting Puritanism we are in real trouble. This is the party that has managed to demonise the old, the poor, the infirm and anyone in need, calling them all scroungers… yes, I can say with authority that they have reduced pensioners benefits by stealth. We are now expected to believe they care a damn about our kids. I’m waiting for the creation of a ministerial position for the Witchfinder General.
cadxx
it seems that the policy makers are not the facility users, that would be the root problem, it seems to me.
Internet telephony is considered to be the cheapest. You won’t discover any standard, customary calling plans that meet these rates. VoIP plans are additionally incredible for worldwide dialers. There are many plans that offer rates, which are modest, where it’s simple to make international as well as domestic calls. Likewise, calls within the system – that is, starting with one client then onto the next are free.
There may indeed be several “agendas” underway here, intended and otherwise. The latter more often than not wins out in the history of digital information networks.
But I believe both sides (as with net neutrality in general) are right and wrong. Simply put, we want something like the open internet to instill competition. But for those who say the internet is “different” from the telephone system reveals an amazing ignorance of network theory, market history and current reality.
The fact is that the internet sprang from (and scaled across) a competitive PSTN model in the US. There’s an “economic” reason why the IP Stack was able to proliferate so rapidly in conjunction with 802.11. In part it was relatively open systems at the edge (open addressing browser on top of a relatively open compute model) and a core model that scaled from the competitive voice markets in the US in the 1980s-90s.
It was the competitive WAN (horizontal, advanced intelligent networks that drove capacity costs down 99.9% in 10 years) and flat-rate dial up (expanded LATAs or MANs to counter the intelligent and commoditized WAN threat to the RBOC monopolies) that gave the ISPs in the US the ability to scale (protected from those same edge access providers (RBOCs) by FCC edict). On this same platform our competitive wireless infrastructure simultaneously (we had 700 minute/$50 consumption models by 1998) which laid the foundations ultimately for the merger of wifi and 3G/4G giving way to the explosion of the app ecosystem and OTT model which is the basis for so much anguish (both on the web and advertising front and the security front) in today’s markets.
So to say that the internet is not the telecom network is flat out wrong. There are many more similarities than differences. Just look at the big data and advertising exchange models and tell me with a straight face that it is too difficult or too expensive to develop ICRs. Today we do it in enormous scale when we track someone or know what they are doing all the time to influence them with messaging. When’s the last time you completely read through your T&Cs on the 100s of apps on your phone? If you did you would know that you are handing all your sensory and contextual information over to a 3rd party. But don’t worry, it’s all being kept safe somewhere! In any event, that scale today already makes ICRs in the future very easy to pull off.
It’s time we had a frank discussion of the key difference between the 2 models, namely the lack of settlements inherent in the “trusting” IP Stack as it developed in the 1980s-90s. Without settlements there are no incentives or disincentives and we’re left with a balkanized world of loosely connected silos at edge and core, with little coordination in the important stuff, like infrastructures, protocols stacks, centralized procurement models that drive the cost of access to basically nothing, etc….
In fact the existing settlement free peering (lack of settlements) can be shown to sustain monopoly and reduce competition and generativity over time. Without settlements as price signals there is no coordinated and rapid investment. We need both to reduce the digital divide, enhance network effect, and generate ROI on rapidly depreciating capex/opex. But most importantly, settlements are the mechanism to convey value which naturally gravitates to the core and top of all networks to the bottom and edge where most of the “cost” is born. Only this way can we develop sustainable ecosystems of networks.
So the intentional agendas might well be those who want to sustain anonymity and those who want to implement 2-sided billing or revenue takings. I am arguing for neither. I am arguing for relatively open, transparent, low-cost, universally available digital information networks that today could provide unlimited 4K VoD, 2-way HD collaboration and a secure and scalable IoT driving efficiency and prosperity everywhere to all; not just to a select few. The latter result(s) would indeed be unintended as all signs point to none of this happening in the next decade.